Inactive-A AVG detects trojan horse

Status
Not open for further replies.

stephengates

Posts: 7   +0
Hey guys,

Thanks for your helpful article and support. It looks like my computer has a trojan horse that AVG can't get rid of. Not sure if these logs will show that or not. What's the next step for me to take?

Also, you should know that I think I clicked on a fake adobe flash player update which may have started all this. Not sure. Thanks!

Stephen

Logs are in the following order: Malwarebytes, DDS, Atttach

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
LMPC :: LMPC-PC [administrator]

Protection: Enabled

5/24/2013 11:12:01 AM
mbam-log-2013-05-24 (11-12-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216809
Time elapsed: 2 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483
Run by LMPC at 11:18:05 on 2013-05-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8178.4653 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
C:\Program Files (x86)\Common Files\Rockwell\EventServer.exe
C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe
C:\Program Files (x86)\Common Files\Rockwell\FTAEArchiver.exe
C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe
C:\Program Files (x86)\Common Files\Rockwell\FTAE_HistServ.exe
C:\Program Files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe
C:\Windows\system32\hasplms.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe
C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\Common Files\Rockwell\RdcyHost.exe
C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files (x86)\Common Files\Rockwell\RnaDirServer.exe
C:\Program Files (x86)\Common Files\Rockwell\RNADirMultiplexor.exe
C:\Program Files (x86)\Common Files\Rockwell\RnaAeServer.exe
C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmMux.exe
C:\Program Files (x86)\Rockwell Software\RSView Enterprise\ServerFramework.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe
C:\Program Files (x86)\Rockwell Software\RSCommon\RSOBSERV.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\rdpclip.exe
C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMIServer.exe
C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMITagsSCM.EXE
C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMITagsDDM.EXE
C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMITagsBTM.EXE
C:\Program Files (x86)\Rockwell Software\RSView Enterprise\SHDE.EXE
C:\Program Files (x86)\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe
C:\Program Files (x86)\Rockwell Software\RSView Enterprise\RsAlmLogExpServ.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Free SMTP Server\localsrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://dell13-comm.msn.com
uDefault_Page_URL = hxxp://dell13-comm.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [UsbCipHelper] C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\LMPC\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RSLINX~1.LNK - C:\Program Files (x86)\Rockwell Software\RSLinx\RSLINX.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
TCP: Interfaces\{D0D41F40-34B2-4D6F-B3CF-CD34C01FE1E1} : NameServer = 66.172.200.11,66.172.201.11
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages = msv1_0 wvauth
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
x64-Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
x64-RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-4-2 20024]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-5-23 45856]
R1 VirtualBackplane;A-B Virtual Backplane;C:\Windows\System32\drivers\VirtualBackplane.sys [2011-6-2 51200]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-4-5 78208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-2 204288]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-11-20 225720]
R2 FactoryTalk Activation Service;FactoryTalk Activation Service;C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [2012-12-12 1407312]
R2 FTActivationBoost;FactoryTalk Activation Helper;C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [2012-12-21 145888]
R2 FTAE_Archiver;Rockwell Alarm History Archiver;C:\Program Files (x86)\Common Files\Rockwell\FTAEArchiver.exe [2012-12-20 62136]
R2 FTAE_HistServ;Rockwell Alarm Historian;C:\Program Files (x86)\Common Files\Rockwell\FTAE_HistServ.exe [2012-12-20 152248]
R2 FTSysDiagSvcHost;FTSysDiagSvcHost;C:\Program Files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe [2012-12-17 69120]
R2 hasplms;Sentinel Local License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-2 13632]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-7-27 170824]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-24 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-24 701512]
R2 MSSQL$FTVIEWX64TAGDB;SQL Server (FTVIEWX64TAGDB);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe [2010-4-3 42884448]
R2 NmspHost;Rockwell Namespace Services;C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe [2012-12-19 226488]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-4-11 1872568]
R2 PbaDrvSvc_x64;Dell PBA x64 Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [2012-11-23 20480]
R2 RdcyHost;Rockwell Redundancy Services;C:\Program Files (x86)\Common Files\Rockwell\RdcyHost.exe [2012-12-20 226488]
R2 RnaAeServer;Rockwell Alarm Server;C:\Program Files (x86)\Common Files\Rockwell\RnaAeServer.exe [2012-12-20 164024]
R2 RnaAlarmMux;Rockwell Alarm Multiplexer;C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmMux.exe [2012-12-20 708280]
R2 Rockwell HMI Framework;Rockwell HMI Framework;C:\Program Files (x86)\Rockwell Software\RSView Enterprise\ServerFramework.exe [2013-1-5 889016]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-23 1015984]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2012-11-19 1758720]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-4-2 95248]
R3 dcdbas;System Management Driver;C:\Windows\System32\drivers\dcdbas64.sys [2012-9-23 39016]
R3 EventServer;Rockwell Event Server;C:\Program Files (x86)\Common Files\Rockwell\EventServer.exe [2012-12-19 252600]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-2 358456]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-2 791608]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-24 25928]
R3 Rockwell HMI Alarm Logger;Rockwell HMI Alarm Logger;C:\Program Files (x86)\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe [2013-1-5 132792]
R3 SNXPCAMD;SUNIX Multi-I/O Card Driver;C:\Windows\System32\drivers\snxpcamd.sys [2013-4-2 53112]
R3 SNXPPAMD;SUNIX Parallel Port Driver;C:\Windows\System32\drivers\snxppamd.sys [2013-4-2 100728]
R3 SNXPSAMD;SUNIX Serial Port Driver;C:\Windows\System32\drivers\snxpsamd.sys [2013-4-2 97144]
S0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-11-8 254384]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 LogReceiver;LogReceiver;C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [2012-12-27 82616]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-16 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 44896]
S4 SQLAgent$FTVIEWX64TAGDB;SQL Server Agent (FTVIEWX64TAGDB);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 367456]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-24 16:11:06--------d-----w-C:\Users\LMPC\AppData\Roaming\Malwarebytes
2013-05-24 16:11:0325928----a-w-C:\Windows\System32\drivers\mbam.sys
2013-05-24 16:11:03--------d-----w-C:\ProgramData\Malwarebytes
2013-05-24 16:11:03--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-24 16:10:48--------d-----w-C:\Users\LMPC\AppData\Local\Programs
2013-05-23 21:41:36--------d-----w-C:\Users\LMPC\AppData\Roaming\AVG2013
2013-05-23 21:41:04--------d-----w-C:\Users\LMPC\AppData\Roaming\TuneUp Software
2013-05-23 21:41:0045856----a-w-C:\Windows\System32\drivers\avgtpx64.sys
2013-05-23 21:40:58--------d-----w-C:\Program Files (x86)\Common Files\AVG Secure Search
2013-05-23 21:40:58--------d-----w-C:\Program Files (x86)\AVG SafeGuard toolbar
2013-05-23 21:40:28--------d--h--w-C:\$AVG
2013-05-23 21:40:28--------d-----w-C:\ProgramData\AVG2013
2013-05-23 21:40:00--------d-----w-C:\Program Files (x86)\AVG
2013-05-23 21:34:49--------d--h--w-C:\ProgramData\Common Files
2013-05-23 21:34:49--------d-----w-C:\Users\LMPC\AppData\Local\MFAData
2013-05-23 21:34:49--------d-----w-C:\Users\LMPC\AppData\Local\Avg2013
2013-05-23 21:34:49--------d-----w-C:\ProgramData\MFAData
2013-05-23 20:05:32--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
2013-05-23 16:45:45--------d-----w-C:\Program Files (x86)\SysInternals
2013-05-21 13:38:28--------d-----w-C:\Users\LMPC\AppData\Local\{0A01D529-A43A-494C-ADB5-0FB00DB3A468}
2013-05-21 07:50:409460464----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5FDA868-20D1-4AC8-B3D6-E7B9395A4BD1}\mpengine.dll
2013-05-21 01:38:17--------d-----w-C:\Users\LMPC\AppData\Local\{6B509808-A99C-4191-9A32-5C1E97FC35BF}
2013-05-20 21:26:12101376----a-w-C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2013-05-20 13:38:05--------d-----w-C:\Users\LMPC\AppData\Local\{CCB0FDFF-F3CF-4EEF-975C-02CAFD34D73A}
2013-05-20 01:37:54--------d-----w-C:\Users\LMPC\AppData\Local\{7F2BE1C7-4C61-4F83-8ECF-D4232EA35927}
2013-05-19 13:37:42--------d-----w-C:\Users\LMPC\AppData\Local\{FBFB7710-CE86-4666-9092-B856C673430F}
2013-05-19 01:37:31--------d-----w-C:\Users\LMPC\AppData\Local\{1A1966B7-8CD3-480F-B51F-3412E055187C}
2013-05-18 13:37:19--------d-----w-C:\Users\LMPC\AppData\Local\{05134FA1-DC8D-453C-A701-13B208FD5F52}
2013-05-18 01:37:08--------d-----w-C:\Users\LMPC\AppData\Local\{DE700F8B-0FEA-407F-9B23-30A868EFB2D0}
2013-05-17 13:36:56--------d-----w-C:\Users\LMPC\AppData\Local\{7F8999CA-0C50-441B-8347-4EF0692941CE}
2013-05-17 01:36:45--------d-----w-C:\Users\LMPC\AppData\Local\{C46AE467-4907-4855-9B9F-329A3A10AB24}
2013-05-16 21:50:13--------d-----w-C:\Program Files (x86)\Free SMTP Server
2013-05-16 13:36:21--------d-----w-C:\Users\LMPC\AppData\Local\{19EF95DD-3C46-4B23-9C53-CA090B4C8524}
2013-05-16 13:36:08--------d-----w-C:\Users\LMPC\AppData\Roaming\Windows Live Writer
2013-05-16 13:36:08--------d-----w-C:\Users\LMPC\AppData\Local\Windows Live Writer
2013-05-16 12:39:27--------d-----w-C:\Program Files (x86)\MSXML 4.0
2013-05-16 08:33:05--------d-----w-C:\Windows\SysWow64\Wat
2013-05-16 08:33:05--------d-----w-C:\Windows\System32\Wat
2013-05-16 08:11:579728----a-w-C:\Windows\System32\Wdfres.dll
2013-05-16 08:11:57785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
2013-05-16 08:11:5754376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
2013-05-16 08:11:572560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-05-16 08:03:562382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-05-16 08:03:562382848----a-w-C:\Windows\System32\mshtml.tlb
2013-05-16 08:03:1987040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
2013-05-16 08:03:1984992----a-w-C:\Windows\System32\WUDFSvc.dll
2013-05-16 08:03:19744448----a-w-C:\Windows\System32\WUDFx.dll
2013-05-16 08:03:1945056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
2013-05-16 08:03:19229888----a-w-C:\Windows\System32\WUDFHost.exe
2013-05-16 08:03:19198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
2013-05-16 08:03:19194048----a-w-C:\Windows\System32\WUDFPlatform.dll
2013-05-15 21:30:0790624----a-w-C:\Windows\System32\drivers\bowser.sys
2013-05-15 21:30:06983400----a-w-C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 21:30:06265064----a-w-C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 21:30:06144384----a-w-C:\Windows\System32\cdd.dll
2013-05-15 21:30:053717632----a-w-C:\Windows\System32\mstscax.dll
2013-05-15 21:30:053217408----a-w-C:\Windows\SysWow64\mstscax.dll
2013-05-15 21:30:0444032----a-w-C:\Windows\System32\tsgqec.dll
2013-05-15 21:30:0436864----a-w-C:\Windows\SysWow64\tsgqec.dll
2013-05-15 21:30:04158720----a-w-C:\Windows\System32\aaclient.dll
2013-05-15 21:30:04131584----a-w-C:\Windows\SysWow64\aaclient.dll
2013-05-15 17:56:14886784----a-w-C:\Program Files\Common Files\System\wab32.dll
2013-05-15 17:56:14708608----a-w-C:\Program Files (x86)\Common Files\System\wab32.dll
2013-05-15 17:56:13142336----a-w-C:\Windows\System32\poqexec.exe
2013-05-15 17:56:13123904----a-w-C:\Windows\SysWow64\poqexec.exe
2013-05-15 17:56:12395776----a-w-C:\Windows\System32\webio.dll
2013-05-15 17:56:12314880----a-w-C:\Windows\SysWow64\webio.dll
2013-05-15 17:56:1019968----a-w-C:\Windows\System32\drivers\usb8023.sys
2013-05-15 17:56:097680----a-w-C:\Windows\SysWow64\instnm.exe
2013-05-15 17:56:095120----a-w-C:\Windows\SysWow64\wow32.dll
2013-05-15 17:56:0925600----a-w-C:\Windows\SysWow64\setup16.exe
2013-05-15 17:56:09215040----a-w-C:\Windows\System32\winsrv.dll
2013-05-15 17:56:092048----a-w-C:\Windows\SysWow64\user.exe
2013-05-15 17:56:0914336----a-w-C:\Windows\SysWow64\ntvdm64.dll
2013-05-15 17:55:50288088----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-05-15 17:55:501913192----a-w-C:\Windows\System32\drivers\tcpip.sys
2013-05-15 17:55:34503808----a-w-C:\Windows\System32\srcore.dll
2013-05-15 17:55:3443008----a-w-C:\Windows\SysWow64\srclient.dll
2013-05-15 17:53:079460464----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-05-15 14:09:59--------d-----w-C:\Program Files (x86)\MSECache
2013-05-02 18:18:3886016----a-r-C:\Users\LMPC\AppData\Roaming\Microsoft\Windows\Templates\F\LGUTchkdl.dll
2013-05-02 18:18:384608----a-r-C:\Users\LMPC\AppData\Roaming\Microsoft\Windows\Templates\F\LGEUSBAutorun.dll
2013-05-01 21:57:35--------d-----w-C:\Users\LMPC\AppData\Local\Adobe
.
==================== Find3M ====================
.
2013-05-02 07:06:08278800------w-C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19308736----a-w-C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19111104----a-w-C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16474624----a-w-C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:152176512----a-w-C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:081656680----a-w-C:\Windows\System32\drivers\ntfs.sys
2013-04-10 03:30:503153920----a-w-C:\Windows\System32\win32k.sys
2013-04-05 20:19:131488----a-w-C:\Windows\SysWow64\Rsvchost.reg
2013-04-05 20:19:131488----a-w-C:\Windows\SysWow64\RdcyReg.reg
2013-04-05 20:04:100----a-w-C:\Windows\invcol.tmp
2013-04-05 01:08:442312704----a-w-C:\Windows\System32\jscript9.dll
2013-04-05 01:00:301392128----a-w-C:\Windows\System32\wininet.dll
2013-04-05 00:59:241494528----a-w-C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16173056----a-w-C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:47599040----a-w-C:\Windows\System32\vbscript.dll
2013-04-04 22:11:341800704----a-w-C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:02:591427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:171129472----a-w-C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45420864----a-w-C:\Windows\SysWow64\vbscript.dll
2013-04-02 11:04:5391648----a-w-C:\Windows\System32\SetIEInstalledDate.exe
2013-04-02 09:53:230----a-w-C:\Windows\ativpsrm.bin
2013-04-02 09:25:5573656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-02 09:25:55697272----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-29 07:53:48246072----a-w-C:\Windows\System32\drivers\avgidsdrivera.sys
2013-03-21 08:08:24240952----a-w-C:\Windows\System32\drivers\avgtdia.sys
2013-03-19 06:04:065550424----a-w-C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:5848640----a-w-C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58230400----a-w-C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:5643520----a-w-C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:133968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:103913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:506656----a-w-C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33112640----a-w-C:\Windows\System32\smss.exe
2013-02-27 06:02:44111448----a-w-C:\Windows\System32\consent.exe
2013-02-27 05:48:001930752----a-w-C:\Windows\System32\authui.dll
2013-02-27 05:47:1070144----a-w-C:\Windows\System32\appinfo.dll
2013-02-27 04:49:241796096----a-w-C:\Windows\SysWow64\authui.dll
.
============= FINISH: 11:18:19.03 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/5/2013 3:00:50 PM
System Uptime: 5/23/2013 3:32:46 PM (20 hours ago)
.
Motherboard: Dell Inc. | | 0KRC95
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz | CPU 1 | 1568/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 399.102 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP24: 4/26/2013 3:42:15 PM - Scheduled Checkpoint
RP25: 5/14/2013 7:38:45 PM - Scheduled Checkpoint
RP26: 5/15/2013 9:11:00 AM - Installed Microsoft Access database engine 2010 (English)
RP27: 5/15/2013 12:52:43 PM - Windows Update
RP28: 5/16/2013 3:00:14 AM - Windows Update
RP29: 5/16/2013 7:38:54 AM - Windows Update
RP30: 5/17/2013 3:00:12 AM - Windows Update
RP31: 5/17/2013 7:42:13 AM - Windows Update
RP32: 5/18/2013 3:00:10 AM - Windows Update
RP34: 5/23/2013 3:15:14 PM - Windows Defender Checkpoint
RP35: 5/23/2013 4:39:45 PM - Installed AVG 2013
RP36: 5/23/2013 4:40:04 PM - Installed AVG 2013
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
AMD APP SDK Runtime
AMD Catalyst Install Manager
AVG 2013
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Custom
D3DX10
Dell Backup and Recovery Manager
Dell Client System Update
Dell Data Protection | Access
Dell Edoc Viewer
DellAccess
EMBASSY Client Core
ERAS Connector
FactoryTalk Activation Manager 3.60.00 (CPR 9 SR 6)
FactoryTalk Alarms and Events 2.60.00 (CPR 9 SR 6)
FactoryTalk Diagnostics 2.60.00 (CPR 9 SR 6)
FactoryTalk Services Platform 2.60.00 (CPR 9 SR 6)
FactoryTalk View Site Edition Client 7.00.00
FactoryTalk® View Site Edition Client 7.00.00 (CPR 9 SR 6)
FactoryTalk® View Site Edition Server 7.00.00 (CPR 9 SR 6)
FactoryTalk® View Studio Enterprise 7.00.00 (CPR 9 SR 6)
Free SMTP Server
Gemalto
GemPcCCID
Intel(R) Control Center
Intel(R) Network Connections 17.3.63.0
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Access database engine 2010 (English)
Microsoft Application Error Reporting
Microsoft Office Home and Business 2013 - en-us
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Compact 4.0 x64 ENU
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
PBA Driver
Preboot Manager
Private Information Manager
Realtek High Definition Audio Driver
Rockwell Automation Driver Package x64
Rockwell Windows Firewall Configuration Utility 1.00.06
RSLinx Classic 3.60.00 CPR 9 SR 6
RSLinx Enterprise 5.60.00 (CPR 9 SR 6)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
SI TSS
SPBA (WBF) 5.9
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
Sql Server Customer Experience Improvement Program
toolkit32for64bit
Trusted Drive Manager
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
Visual Studio 2010 x64 Redistributables
Wave Crypto Runtime 2.0.9.0 x64
Wave Crypto Runtime 2.0.9.0 x86
Wave Infrastructure Installer
Wave Support Software Installer
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
5/24/2013 10:45:02 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.
5/24/2013 10:44:58 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver HP Officejet Pro 8600 required for printer HP Officejet Pro 8600 (Network) is unknown. Contact the administrator to install the driver before you log in again.
5/24/2013 10:44:56 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Bullzip PDF Printer required for printer Bullzip PDF Printer is unknown. Contact the administrator to install the driver before you log in again.
5/24/2013 10:44:56 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.
5/24/2013 10:44:54 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Fax - HP Officejet Pro 8600 required for printer Fax - HP Officejet Pro 8600 (Network) is unknown. Contact the administrator to install the driver before you log in again.
5/23/2013 5:19:08 PM, Error: TermDD [56] - The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 68.96.134.205.
5/23/2013 5:11:18 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/23/2013 3:33:09 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
5/23/2013 3:33:08 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
5/23/2013 3:33:07 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
5/23/2013 3:33:06 PM, Error: Service Control Manager [7001] - The WvPCR service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
5/23/2013 3:33:06 PM, Error: Service Control Manager [7001] - The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
5/23/2013 3:00:09 PM, Error: TermDD [56] - The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 68.226.76.92.
5/23/2013 10:38:55 AM, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/23/2013 10:38:55 AM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
5/22/2013 9:37:22 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {DAA085E0-F341-11CE-B4B5-C46F03C10000} and APPID {DAA085E0-F341-11CE-B4B5-C46F03C10000} to the user LMPC-PC\LMPC SID (S-1-5-21-1236341281-62204155-2792960718-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/22/2013 10:45:26 AM, Error: Service Control Manager [7034] - The EmbassyService service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

redtarget.gif
I changed your topic title to something more meaningful.

redtarget.gif
What file and it what location is detected by AVG?

redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Broni,

Thanks a lot for your reply!! Really appreciate it. I download both files. However whenever I go to extract the Anti-Rootkit (MBAR) I find there are no files in the extracted folder?! What's up w that?

Ran the RogueKiller scan no problem:

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : LMPC [Admin rights]
Mode : Remove -- Date : 05/24/2013 13:16:48
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 7 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{D0D41F40-34B2-4D6F-B3CF-CD34C01FE1E1} : NameServer (66.172.200.11,66.172.201.11) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{D0D41F40-34B2-4D6F-B3CF-CD34C01FE1E1} : NameServer (66.172.200.11,66.172.201.11) -> NOT REMOVED, USE DNSFIX
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1236341281-62204155-2792960718-1000\$4749e0ce752fdd59af26ab9e312d1adb\n.) [x] -> REPLACED (C:\Windows\system32\shell32.dll)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\n.) [x] -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\@ [-] --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1236341281-62204155-2792960718-1000\$4749e0ce752fdd59af26ab9e312d1adb\@ [-] --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\U\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\U\00000008.@ [-] --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\U\000000cb.@ [-] --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\U\80000000.@ [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1236341281-62204155-2792960718-1000\$4749e0ce752fdd59af26ab9e312d1adb\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\L\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\L\201d3dde [-] --> REMOVED
[Del.Parent][FILE] 76603ac3 : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\L\76603ac3 [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1236341281-62204155-2792960718-1000\$4749e0ce752fdd59af26ab9e312d1adb\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> REMOVED
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 +++++
--- User ---
[MBR] 3c008daef7c7e432535e37f971b5a312
[BSP] 80a79e5c3ed357b0c51d6d811f3eceec : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15544 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31916032 | Size: 461352 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_05242013_02d1316.txt >>
RKreport[1]_S_05242013_02d1315.txt ; RKreport[2]_D_05242013_02d1316.txt
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
  • Press Scan button.[/*]
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.[/*]
 
Broni,

Here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-05-2013 02
Ran by LMPC (administrator) on 24-05-2013 14:20:46
Running from C:\Users\LMPC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZG1YQTI0
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\LogonUI.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\EventServer.exe
(Flexera Software, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\FTAEArchiver.exe
(Flexera Software, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\FTAE_HistServ.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RdcyHost.exe
(Rockwell Automation Inc.) C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\EventClientMultiplexer.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RnaDirServer.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RNADirMultiplexor.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RnaAeServer.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmMux.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\ServerFramework.exe
() C:\Program Files (x86)\Free SMTP Server\localsrv.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\system32\rdpclip.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(AVG Secure Search) C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSCommon\RSOBSERV.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
(Farbar) C:\Users\LMPC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZG1YQTI0\FRST64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2011-07-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [370584 2012-11-08] (Wave Systems Corp.)
HKLM\...\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
MountPoints2: {4f05ca01-b26d-11e2-b98b-90b11c95e01c} - F:\TL_Bootstrap.exe
MountPoints2: {a0d22e8b-b563-11e2-b98b-90b11c95e01c} - F:\TL_Bootstrap.exe
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291648 2012-10-16] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-12-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UsbCipHelper] C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe [434176 2011-10-18] (Rockwell Automation, Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" [1226928 2013-05-23] (AVG Secure Search)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\LMPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RSLINX - Shortcut.lnk
ShortcutTarget: RSLINX - Shortcut.lnk -> C:\Program Files (x86)\Rockwell Software\RSLinx\RSLINX.EXE (Rockwell Automation, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13-comm.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13-comm.msn.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKCU SearchScopes: DefaultScope {D6CF6EEE-73A0-4C3A-A4BC-C9A446E38C86} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll [65024] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll [20992] (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll [20992] (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll [20992] (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll [20992] (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll [20992] (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll [20992] (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll [20992] (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll [20992] (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll [20992] (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll [20992] (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\..\Interfaces\{D0D41F40-34B2-4D6F-B3CF-CD34C01FE1E1}: [NameServer]66.172.200.11,66.172.201.11
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [225720 2012-11-20] ()
R2 FactoryTalk Activation Service; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [1407312 2012-12-12] (Flexera Software, Inc.)
R2 FTActivationBoost; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [145888 2012-12-21] (Rockwell Automation, Inc.)
R2 FTAE_Archiver; C:\Program Files (x86)\Common Files\Rockwell\FTAEArchiver.exe [62136 2012-12-20] (Rockwell Automation, Inc.)
R2 FTAE_HistServ; C:\Program Files (x86)\Common Files\Rockwell\FTAE_HistServ.exe [152248 2012-12-20] (Rockwell Automation, Inc.)
R2 FTSysDiagSvcHost; C:\Program Files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe [69120 2012-12-17] (Rockwell Automation, Inc.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-22] (SafeNet Inc.)
S3 LogReceiver; C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [82616 2012-12-27] (Rockwell Automation, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$FTVIEWX64TAGDB; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1872568 2013-04-19] (Microsoft Corporation)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [20480 2012-11-23] ()
R2 RnaAeServer; C:\Program Files (x86)\Common Files\Rockwell\RnaAeServer.exe [164024 2012-12-20] (Rockwell Automation, Inc.)
R2 RnaAlarmMux; C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmMux.exe [708280 2012-12-20] (Rockwell Automation, Inc.)
S3 Rockwell HMI Activity Logger; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe [153272 2013-01-05] (Rockwell Automation, Inc.)
S3 Rockwell HMI Alarm Logger; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe [132792 2013-01-05] (Rockwell Automation, Inc.)
R2 Rockwell HMI Diagnostics; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe [108728 2013-01-05] (Rockwell Automation, Inc.)
R2 Rockwell HMI Framework; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\ServerFramework.exe [889016 2013-01-05] (Rockwell Automation, Inc.)
R2 Rockwell Tag Server; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe [214712 2013-01-05] (Rockwell Automation, Inc.)
S3 RSLinx; C:\PROGRA~2\ROCKWE~1\RSLinx\RSLINX.EXE [3272224 2013-01-19] (Rockwell Automation, Inc.)
R2 RSLinxNG; C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe [250552 2012-12-27] (Rockwell Automation, Inc.)
S4 SQLAgent$FTVIEWX64TAGDB; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] ()
R2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-23] (AVG Secure Search)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1758720 2012-11-19] (Wave Systems Corp.)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254384 2012-11-08] (Wave Systems Corp.)
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-23] (AVG Technologies)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [3708776 2012-02-07] (Realtek Semiconductor Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 SNXPCAMD; C:\Windows\System32\DRIVERS\snxpcamd.sys [53112 2010-12-02] (SUNIX Co., Ltd.)
R3 SNXPPAMD; C:\Windows\System32\DRIVERS\snxppamd.sys [100728 2010-12-02] (SUNIX Co., Ltd.)
R3 SNXPSAMD; C:\Windows\System32\DRIVERS\snxpsamd.sys [97144 2010-12-02] (SUNIX Co., Ltd.)
R1 VirtualBackplane; C:\Windows\System32\Drivers\VirtualBackplane.sys [51200 2011-06-02] (Rockwell Automation)
S3 pcidnt; \SystemRoot\System32\Drivers\pcidnt.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-05-24 14:20 - 2013-05-24 14:20 - 00000000 ____D C:\FRST
2013-05-24 13:23 - 2013-05-24 13:23 - 00000000 ____D C:\Users\LMPC\Desktop\mbar
2013-05-24 13:21 - 2013-05-24 13:21 - 00000000 ____D C:\Users\LMPC\Documents\mbar-1.05.0.1001
2013-05-24 13:16 - 2013-05-24 13:16 - 00004051 ____A C:\Users\LMPC\Desktop\RKreport[2]_D_05242013_02d1316.txt
2013-05-24 13:15 - 2013-05-24 13:15 - 00003139 ____A C:\Users\LMPC\Desktop\RKreport[1]_S_05242013_02d1315.txt
2013-05-24 13:14 - 2013-05-24 13:16 - 00000000 ____D C:\Users\LMPC\Desktop\RK_Quarantine
2013-05-24 12:35 - 2013-05-24 12:35 - 00000000 ____D C:\Users\LMPC\AppData\Local\AVG SafeGuard toolbar
2013-05-24 11:18 - 2013-05-24 11:18 - 00028497 ____A C:\Users\LMPC\Desktop\dds.txt
2013-05-24 11:18 - 2013-05-24 11:18 - 00013777 ____A C:\Users\LMPC\Desktop\attach.txt
2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\Malwarebytes
2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-24 11:11 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-23 16:41 - 2013-05-23 16:41 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-05-23 16:41 - 2013-05-23 16:41 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\TuneUp Software
2013-05-23 16:41 - 2013-05-23 16:41 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\AVG2013
2013-05-23 16:41 - 2013-05-23 16:40 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-05-23 16:40 - 2013-05-23 16:41 - 00000000 ____D C:\ProgramData\AVG2013
2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ___HD C:\$AVG
2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ____D C:\Program Files (x86)\AVG
2013-05-23 16:34 - 2013-05-24 13:43 - 00000000 ____D C:\ProgramData\MFAData
2013-05-23 16:34 - 2013-05-23 17:02 - 00000000 ____D C:\Users\LMPC\AppData\Local\Avg2013
2013-05-23 16:34 - 2013-05-23 16:34 - 00000000 ____D C:\Users\LMPC\AppData\Local\MFAData
2013-05-23 15:05 - 2013-05-23 15:05 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-05-23 11:45 - 2013-05-23 12:02 - 00000000 ____D C:\Program Files (x86)\SysInternals
2013-05-22 11:48 - 2013-05-22 11:48 - 00000000 ____D C:\Users\LMPC\Desktop\Gen Run Reports - backup
2013-05-21 08:38 - 2013-05-21 08:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{0A01D529-A43A-494C-ADB5-0FB00DB3A468}
2013-05-20 20:38 - 2013-05-20 20:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{6B509808-A99C-4191-9A32-5C1E97FC35BF}
2013-05-20 08:38 - 2013-05-20 08:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{CCB0FDFF-F3CF-4EEF-975C-02CAFD34D73A}
2013-05-19 20:37 - 2013-05-19 20:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{7F2BE1C7-4C61-4F83-8ECF-D4232EA35927}
2013-05-19 08:37 - 2013-05-19 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{FBFB7710-CE86-4666-9092-B856C673430F}
2013-05-18 20:37 - 2013-05-18 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{1A1966B7-8CD3-480F-B51F-3412E055187C}
2013-05-18 08:37 - 2013-05-18 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{05134FA1-DC8D-453C-A701-13B208FD5F52}
2013-05-17 20:37 - 2013-05-17 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{DE700F8B-0FEA-407F-9B23-30A868EFB2D0}
2013-05-17 08:36 - 2013-05-17 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{7F8999CA-0C50-441B-8347-4EF0692941CE}
2013-05-17 07:44 - 2013-05-03 16:15 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-17 03:00 - 2013-05-17 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-17 03:00 - 2013-05-17 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-05-16 20:36 - 2013-05-16 20:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{C46AE467-4907-4855-9B9F-329A3A10AB24}
2013-05-16 16:50 - 2013-05-16 16:50 - 00001065 ____A C:\Users\LMPC\Desktop\Free SMTP Server.lnk
2013-05-16 16:50 - 2013-05-16 16:50 - 00000000 ____D C:\Program Files (x86)\Free SMTP Server
2013-05-16 09:25 - 2013-05-16 09:25 - 00416156 ____A C:\Users\LMPC\Desktop\Email_List_Ver2.ACD
2013-05-16 09:24 - 2013-05-16 09:24 - 00121859 ____A C:\Users\LMPC\Desktop\Email_Ver2.txt
2013-05-16 08:36 - 2013-05-16 12:21 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\Windows Live Writer
2013-05-16 08:36 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\Windows Live Writer
2013-05-16 08:36 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{19EF95DD-3C46-4B23-9C53-CA090B4C8524}
2013-05-16 07:39 - 2013-05-16 07:39 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-05-16 03:13 - 2013-05-16 07:40 - 00292558 ____A C:\Windows\msxml4-KB973688-enu.LOG
2013-05-16 03:11 - 2013-05-16 07:39 - 00300298 ____A C:\Windows\msxml4-KB954430-enu.LOG
2013-05-16 03:11 - 2012-07-25 23:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-05-16 03:11 - 2012-07-25 23:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-05-16 03:11 - 2012-07-25 21:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-05-16 03:11 - 2012-06-02 09:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-05-16 03:03 - 2013-05-05 16:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 03:03 - 2013-05-05 16:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 03:03 - 2013-05-05 14:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 03:03 - 2013-05-05 14:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-16 03:03 - 2012-07-25 22:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-05-16 03:03 - 2012-07-25 22:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-05-16 03:03 - 2012-07-25 22:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-05-16 03:03 - 2012-07-25 22:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-05-16 03:03 - 2012-07-25 22:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-05-16 03:03 - 2012-07-25 21:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-05-16 03:03 - 2012-07-25 21:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-05-16 03:03 - 2012-06-02 09:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-05-16 03:01 - 2013-04-04 20:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 03:01 - 2013-04-04 20:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 03:01 - 2013-04-04 20:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 03:01 - 2013-04-04 20:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 03:01 - 2013-04-04 19:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-16 03:01 - 2013-04-04 19:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 03:01 - 2013-04-04 19:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 03:01 - 2013-04-04 19:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-16 03:01 - 2013-04-04 19:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 03:01 - 2013-04-04 19:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-16 03:01 - 2013-04-04 19:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 03:01 - 2013-04-04 19:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 03:01 - 2013-04-04 19:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 03:01 - 2013-04-04 19:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 03:01 - 2013-04-04 17:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-16 03:01 - 2013-04-04 17:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-16 03:01 - 2013-04-04 17:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-16 03:01 - 2013-04-04 17:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-16 03:01 - 2013-04-04 17:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-16 03:01 - 2013-04-04 17:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-16 03:01 - 2013-04-04 16:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 03:01 - 2013-04-04 16:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-16 03:01 - 2013-04-04 16:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-16 03:01 - 2013-04-04 16:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-16 03:01 - 2013-04-04 16:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-16 03:01 - 2013-04-04 16:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-16 03:01 - 2013-04-04 16:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-16 03:01 - 2013-04-04 16:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 17:29 - 2013-05-15 17:29 - 00000249 ____A C:\Users\LMPC\Documents\Query from Alarm Log.dqy
2013-05-15 16:30 - 2013-04-10 01:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 16:30 - 2013-04-10 01:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 16:30 - 2013-02-15 01:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-05-15 16:30 - 2013-02-15 01:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-05-15 16:30 - 2013-02-15 01:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-05-15 16:30 - 2013-02-14 23:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-05-15 16:30 - 2013-02-14 23:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-05-15 16:30 - 2013-02-14 22:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-05-15 16:30 - 2011-02-22 23:55 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2013-05-15 16:30 - 2011-02-03 06:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 16:29 - 2013-04-12 09:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-05-15 16:29 - 2013-04-09 22:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 16:29 - 2013-03-19 01:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-15 16:29 - 2013-03-19 00:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 16:29 - 2013-03-19 00:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 16:29 - 2013-03-19 00:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-05-15 16:29 - 2013-03-19 00:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-05-15 16:29 - 2013-03-19 00:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-05-15 16:29 - 2013-03-18 23:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-05-15 16:29 - 2013-03-18 22:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-05-15 16:29 - 2013-02-27 01:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 16:29 - 2013-02-27 00:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 16:29 - 2013-02-27 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 16:29 - 2013-02-27 00:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 16:29 - 2013-02-27 00:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 16:29 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 16:29 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 16:29 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 16:29 - 2013-01-24 01:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-05-15 12:56 - 2013-02-11 23:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-05-15 12:56 - 2013-01-04 00:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-05-15 12:56 - 2013-01-03 23:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-05-15 12:56 - 2013-01-03 21:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-05-15 12:56 - 2013-01-03 21:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-05-15 12:56 - 2013-01-03 21:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-05-15 12:56 - 2013-01-03 21:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-05-15 12:56 - 2011-11-17 01:35 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2013-05-15 12:56 - 2011-11-17 00:35 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2013-05-15 12:56 - 2011-04-09 01:58 - 00142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2013-05-15 12:56 - 2011-04-09 00:56 - 00123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-05-15 12:55 - 2013-01-03 01:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-05-15 12:55 - 2013-01-03 01:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-05-15 12:55 - 2012-05-05 03:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2013-05-15 12:55 - 2012-05-05 02:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-05-15 09:09 - 2013-05-15 09:09 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-05-15 09:09 - 2013-05-15 09:02 - 26809448 ____A (Microsoft Corporation) C:\Users\LMPC\Downloads\AccessDatabaseEngine.exe
2013-05-02 16:05 - 2013-05-21 13:26 - 00028984 ____A C:\Users\LMPC\Documents\Alarm and Event History.xlsx
2013-05-01 16:57 - 2013-05-01 16:57 - 00000000 ____D C:\Users\LMPC\AppData\Local\Adobe
2013-05-01 15:12 - 2013-05-01 15:17 - 00000000 ____D C:\Users\LMPC\Documents\Gen Plant Alarm Log
2013-04-26 09:31 - 2013-04-26 09:31 - 00007645 ____A C:\Users\LMPC\Documents\Gen Run Reports04-26-2013 Run 1.xlsx
2013-04-24 18:09 - 2013-04-24 18:09 - 00007645 ____A C:\Users\LMPC\Documents\Gen Run Reports04-24-2013 Run 2.xlsx
2013-04-24 10:58 - 2013-04-24 10:58 - 00007649 ____A C:\Users\LMPC\Documents\Gen Run Reports04-24-2013 Run 1.xlsx
==================== One Month Modified Files and Folders =======
2013-05-24 14:20 - 2013-05-24 14:20 - 00000000 ____D C:\FRST
2013-05-24 14:07 - 2009-07-13 23:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-24 14:07 - 2009-07-13 23:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-24 14:04 - 2009-07-14 00:13 - 00872568 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-24 14:01 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-05-24 13:59 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-24 13:59 - 2009-07-13 23:51 - 00033018 ____A C:\Windows\setupact.log
2013-05-24 13:57 - 2013-04-05 15:30 - 00000206 ____A C:\Windows\ODBC.INI
2013-05-24 13:43 - 2013-05-23 16:34 - 00000000 ____D C:\ProgramData\MFAData
2013-05-24 13:23 - 2013-05-24 13:23 - 00000000 ____D C:\Users\LMPC\Desktop\mbar
2013-05-24 13:21 - 2013-05-24 13:21 - 00000000 ____D C:\Users\LMPC\Documents\mbar-1.05.0.1001
2013-05-24 13:21 - 2013-04-02 04:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-24 13:16 - 2013-05-24 13:16 - 00004051 ____A C:\Users\LMPC\Desktop\RKreport[2]_D_05242013_02d1316.txt
2013-05-24 13:16 - 2013-05-24 13:14 - 00000000 ____D C:\Users\LMPC\Desktop\RK_Quarantine
2013-05-24 13:15 - 2013-05-24 13:15 - 00003139 ____A C:\Users\LMPC\Desktop\RKreport[1]_S_05242013_02d1315.txt
2013-05-24 12:35 - 2013-05-24 12:35 - 00000000 ____D C:\Users\LMPC\AppData\Local\AVG SafeGuard toolbar
2013-05-24 11:18 - 2013-05-24 11:18 - 00028497 ____A C:\Users\LMPC\Desktop\dds.txt
2013-05-24 11:18 - 2013-05-24 11:18 - 00013777 ____A C:\Users\LMPC\Desktop\attach.txt
2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\Malwarebytes
2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-23 17:11 - 2009-07-14 00:08 - 00008124 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-23 17:02 - 2013-05-23 16:34 - 00000000 ____D C:\Users\LMPC\AppData\Local\Avg2013
2013-05-23 16:41 - 2013-05-23 16:41 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-05-23 16:41 - 2013-05-23 16:41 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\TuneUp Software
2013-05-23 16:41 - 2013-05-23 16:41 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\AVG2013
2013-05-23 16:41 - 2013-05-23 16:40 - 00000000 ____D C:\ProgramData\AVG2013
2013-05-23 16:40 - 2013-05-23 16:41 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ___HD C:\$AVG
2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ____D C:\Program Files (x86)\AVG
2013-05-23 16:34 - 2013-05-23 16:34 - 00000000 ____D C:\Users\LMPC\AppData\Local\MFAData
2013-05-23 15:32 - 2010-11-20 22:47 - 00012700 ____A C:\Windows\PFRO.log
2013-05-23 15:05 - 2013-05-23 15:05 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-05-23 15:00 - 2013-04-02 04:24 - 02015444 ____A C:\Windows\WindowsUpdate.log
2013-05-23 14:31 - 2013-04-11 09:46 - 00000000 ____D C:\Users\LMPC\Documents\Gen Run Reports
2013-05-23 12:02 - 2013-05-23 11:45 - 00000000 ____D C:\Program Files (x86)\SysInternals
2013-05-22 11:48 - 2013-05-22 11:48 - 00000000 ____D C:\Users\LMPC\Desktop\Gen Run Reports - backup
2013-05-22 11:00 - 2013-04-11 09:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-05-21 13:26 - 2013-05-02 16:05 - 00028984 ____A C:\Users\LMPC\Documents\Alarm and Event History.xlsx
2013-05-21 08:38 - 2013-05-21 08:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{0A01D529-A43A-494C-ADB5-0FB00DB3A468}
2013-05-20 20:38 - 2013-05-20 20:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{6B509808-A99C-4191-9A32-5C1E97FC35BF}
2013-05-20 08:38 - 2013-05-20 08:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{CCB0FDFF-F3CF-4EEF-975C-02CAFD34D73A}
2013-05-19 20:38 - 2013-05-19 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{7F2BE1C7-4C61-4F83-8ECF-D4232EA35927}
2013-05-19 08:37 - 2013-05-19 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{FBFB7710-CE86-4666-9092-B856C673430F}
2013-05-18 20:37 - 2013-05-18 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{1A1966B7-8CD3-480F-B51F-3412E055187C}
2013-05-18 08:37 - 2013-05-18 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{05134FA1-DC8D-453C-A701-13B208FD5F52}
2013-05-17 20:37 - 2013-05-17 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{DE700F8B-0FEA-407F-9B23-30A868EFB2D0}
2013-05-17 08:37 - 2013-05-17 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{7F8999CA-0C50-441B-8347-4EF0692941CE}
2013-05-17 07:44 - 2011-02-10 09:33 - 00866466 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-05-17 03:00 - 2013-05-17 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-17 03:00 - 2013-05-17 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-05-16 20:36 - 2013-05-16 20:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{C46AE467-4907-4855-9B9F-329A3A10AB24}
2013-05-16 16:53 - 2013-04-05 15:01 - 00000000 ____D C:\Users\LMPC\AppData\Local\VirtualStore
2013-05-16 16:50 - 2013-05-16 16:50 - 00001065 ____A C:\Users\LMPC\Desktop\Free SMTP Server.lnk
2013-05-16 16:50 - 2013-05-16 16:50 - 00000000 ____D C:\Program Files (x86)\Free SMTP Server
2013-05-16 12:21 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\Windows Live Writer
2013-05-16 09:25 - 2013-05-16 09:25 - 00416156 ____A C:\Users\LMPC\Desktop\Email_List_Ver2.ACD
2013-05-16 09:24 - 2013-05-16 09:24 - 00121859 ____A C:\Users\LMPC\Desktop\Email_Ver2.txt
2013-05-16 08:36 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\Windows Live Writer
2013-05-16 08:36 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{19EF95DD-3C46-4B23-9C53-CA090B4C8524}
2013-05-16 07:40 - 2013-05-16 03:13 - 00292558 ____A C:\Windows\msxml4-KB973688-enu.LOG
2013-05-16 07:39 - 2013-05-16 07:39 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-05-16 07:39 - 2013-05-16 03:11 - 00300298 ____A C:\Windows\msxml4-KB954430-enu.LOG
2013-05-16 04:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-05-16 03:34 - 2009-07-13 23:45 - 00347440 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 03:33 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-05-16 03:33 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-05-15 17:29 - 2013-05-15 17:29 - 00000249 ____A C:\Users\LMPC\Documents\Query from Alarm Log.dqy
2013-05-15 09:11 - 2013-04-02 04:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-05-15 09:09 - 2013-05-15 09:09 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-05-15 09:02 - 2013-05-15 09:09 - 26809448 ____A (Microsoft Corporation) C:\Users\LMPC\Downloads\AccessDatabaseEngine.exe
2013-05-05 16:36 - 2013-05-16 03:03 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 16:16 - 2013-05-16 03:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 14:25 - 2013-05-16 03:03 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-05 14:12 - 2013-05-16 03:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-03 16:15 - 2013-05-17 07:44 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-02 02:06 - 2010-11-20 22:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 16:59 - 2013-04-05 15:08 - 00000000 ____D C:\ProgramData\Adobe
2013-05-01 16:57 - 2013-05-01 16:57 - 00000000 ____D C:\Users\LMPC\AppData\Local\Adobe
2013-05-01 16:57 - 2013-04-05 15:05 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\Adobe
2013-05-01 15:17 - 2013-05-01 15:12 - 00000000 ____D C:\Users\LMPC\Documents\Gen Plant Alarm Log
2013-04-26 09:31 - 2013-04-26 09:31 - 00007645 ____A C:\Users\LMPC\Documents\Gen Run Reports04-26-2013 Run 1.xlsx
2013-04-24 18:09 - 2013-04-24 18:09 - 00007645 ____A C:\Users\LMPC\Documents\Gen Run Reports04-24-2013 Run 2.xlsx
2013-04-24 10:58 - 2013-04-24 10:58 - 00007649 ____A C:\Users\LMPC\Documents\Gen Run Reports04-24-2013 Run 1.xlsx
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ZeroAcces. use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

Last Boot: 2013-05-24 00:11
==================== End Of Log ============================
 
And...

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2013 02
Ran by LMPC at 2013-05-24 14:21:00 Run:
Running from C:\Users\LMPC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZG1YQTI0
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Reader X (10.1.7) (Version: 10.1.7)
AMD APP SDK Runtime (Version: 10.0.831.4)
AMD Catalyst Install Manager (Version: 3.0.855.0)
AVG 2013 (Version: 13.0.3184)
AVG 2013 (Version: 13.0.3343)
AVG 2013 (Version: 2013.0.3343)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.1207.217.3953)
Catalyst Control Center Graphics Previews Common (Version: 2011.1207.217.3953)
Catalyst Control Center InstallProxy (Version: 2011.1207.217.3953)
Catalyst Control Center Localization All (Version: 2011.1207.217.3953)
Catalyst Control Center Profiles Desktop (Version: 2011.1207.217.3953)
CCC Help Chinese Standard (Version: 2011.1207.0216.3953)
CCC Help Chinese Traditional (Version: 2011.1207.0216.3953)
CCC Help Czech (Version: 2011.1207.0216.3953)
CCC Help Danish (Version: 2011.1207.0216.3953)
CCC Help Dutch (Version: 2011.1207.0216.3953)
CCC Help English (Version: 2011.1207.0216.3953)
CCC Help Finnish (Version: 2011.1207.0216.3953)
CCC Help French (Version: 2011.1207.0216.3953)
CCC Help German (Version: 2011.1207.0216.3953)
CCC Help Greek (Version: 2011.1207.0216.3953)
CCC Help Hungarian (Version: 2011.1207.0216.3953)
CCC Help Italian (Version: 2011.1207.0216.3953)
CCC Help Japanese (Version: 2011.1207.0216.3953)
CCC Help Korean (Version: 2011.1207.0216.3953)
CCC Help Norwegian (Version: 2011.1207.0216.3953)
CCC Help Polish (Version: 2011.1207.0216.3953)
CCC Help Portuguese (Version: 2011.1207.0216.3953)
CCC Help Russian (Version: 2011.1207.0216.3953)
CCC Help Spanish (Version: 2011.1207.0216.3953)
CCC Help Swedish (Version: 2011.1207.0216.3953)
CCC Help Thai (Version: 2011.1207.0216.3953)
CCC Help Turkish (Version: 2011.1207.0216.3953)
ccc-utility64 (Version: 2011.1207.217.3953)
Custom (Version: 01.00.00.002)
D3DX10 (Version: 15.4.2368.0902)
Dell Backup and Recovery Manager (Version: 1.3.1)
Dell Client System Update (Version: 1.3.0)
Dell Data Protection | Access (Version: 2.3.00001.021)
Dell Edoc Viewer (Version: 1.0.0)
DellAccess (Version: 01.03.00.046)
EMBASSY Client Core (Version: 01.03.00.092)
ERAS Connector (Version: 02.09.05.0330)
FactoryTalk Activation Manager 3.60.00 (CPR 9 SR 6) (Version: 3.60.00)
FactoryTalk Alarms and Events 2.60.00 (CPR 9 SR 6) (Version: 2.60.00)
FactoryTalk Diagnostics 2.60.00 (CPR 9 SR 6) (Version: 2.60.00)
FactoryTalk Services Platform 2.60.00 (CPR 9 SR 6) (Version: 2.60.00)
FactoryTalk View Site Edition Client 7.00.00
FactoryTalk® View Site Edition Client 7.00.00 (CPR 9 SR 6) (Version: 7.00.00)
FactoryTalk® View Site Edition Server 7.00.00 (CPR 9 SR 6) (Version: 7.00.00)
FactoryTalk® View Studio Enterprise 7.00.00 (CPR 9 SR 6) (Version: 7.00.00)
Free SMTP Server
Gemalto (Version: 01.64.01.0010)
GemPcCCID (Version: 2.0.1)
Intel(R) Control Center (Version: 1.2.1.1008)
Intel(R) Network Connections 17.3.63.0 (Version: 17.3.63.0)
Intel(R) Rapid Storage Technology (Version: 11.2.0.1006)
Intel(R) USB 3.0 eXtensible Host Controller Driver (Version: 1.0.6.245)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Access database engine 2010 (English) (Version: 14.0.6029.1000)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Home and Business 2013 - en-us (Version: 15.0.4505.1006)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SkyDrive (Version: 16.4.6012.0828)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 R2 Native Client (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.50.1600.1)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)
Microsoft SQL Server Browser (Version: 10.50.1600.1)
Microsoft SQL Server Compact 4.0 x64 ENU (Version: 4.0.8482.1)
Microsoft SQL Server VSS Writer (Version: 10.50.1600.1)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4505.1006)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4505.1006)
Office 15 Click-to-Run Localization Component (Version: 15.0.4505.1006)
PBA Driver (Version: 1.0.1.7)
Preboot Manager (Version: 03.05.00.026)
Private Information Manager (Version: 07.03.00.016)
Realtek High Definition Audio Driver (Version: 6.0.1.5907)
Rockwell Automation Driver Package x64 (Version: 1.1.11)
Rockwell Windows Firewall Configuration Utility 1.00.06 (Version: 1.00.06.0004)
RSLinx Classic 3.60.00 CPR 9 SR 6 (Version: 3.60.00 CPR 9 SR 6)
RSLinx Enterprise 5.60.00 (CPR 9 SR 6) (Version: 5.60.00)
SI TSS (Version: 2.1.41)
SPBA (WBF) 5.9 (Version: 5.9.7.7232)
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1)
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1)
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1)
toolkit32for64bit (Version: 7.68.85.0013)
Trusted Drive Manager (Version: 5.0.0.304)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Visual Basic for Applications (R) Core - English (Version: 6.5.10.32)
Visual Basic for Applications (R) Core (Version: 6.5.10.32)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Wave Crypto Runtime 2.0.9.0 x64 (Version: 02.00.09.0000)
Wave Crypto Runtime 2.0.9.0 x86 (Version: 02.00.09.0000)
Wave Infrastructure Installer (Version: 07.68.85.0014)
Wave Support Software Installer (Version: 05.15.00.021)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
==================== Restore Points =========================
26-04-2013 20:42:15 Scheduled Checkpoint
15-05-2013 00:38:45 Scheduled Checkpoint
15-05-2013 14:11:00 Installed Microsoft Access database engine 2010 (English)
15-05-2013 17:52:43 Windows Update
16-05-2013 08:00:14 Windows Update
16-05-2013 12:38:54 Windows Update
17-05-2013 08:00:12 Windows Update
17-05-2013 12:42:13 Windows Update
18-05-2013 08:00:10 Windows Update
23-05-2013 20:15:14 Windows Defender Checkpoint
23-05-2013 21:39:45 Installed AVG 2013
23-05-2013 21:40:04 Installed AVG 2013
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (05/24/2013 02:01:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: EmbassyServer.exe, version: 1.3.0.117, time stamp: 0x50ab6eb4
Faulting module name: EmbassyServer.exe, version: 1.3.0.117, time stamp: 0x50ab6eb4
Exception code: 0xc0000005
Fault offset: 0x000000000001711a
Faulting process id: 0x8e0
Faulting application start time: 0xEmbassyServer.exe0
Faulting application path: EmbassyServer.exe1
Faulting module path: EmbassyServer.exe2
Report Id: EmbassyServer.exe3
Error: (05/24/2013 01:59:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/24/2013 00:35:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: EmbassyServer.exe, version: 1.3.0.117, time stamp: 0x50ab6eb4
Faulting module name: EmbassyServer.exe, version: 1.3.0.117, time stamp: 0x50ab6eb4
Exception code: 0xc0000005
Fault offset: 0x000000000001711a
Faulting process id: 0x890
Faulting application start time: 0xEmbassyServer.exe0
Faulting application path: EmbassyServer.exe1
Faulting module path: EmbassyServer.exe2
Report Id: EmbassyServer.exe3
Error: (05/24/2013 00:29:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/23/2013 06:53:51 PM) (Source: Winlogon) (User: )
Description: The Windows logon process has unexpectedly terminated.
Error: (05/23/2013 05:14:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: y, version: 0.0.0.0, time stamp: 0x5038a94a
Exception code: 0xc0000005
Fault offset: 0x000000000000166a
Faulting process id: 0x1348
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Error: (05/23/2013 05:14:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/23/2013 05:11:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_ProfSvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: y, version: 0.0.0.0, time stamp: 0x5038a94a
Exception code: 0xc0000005
Fault offset: 0x0000000000005580
Faulting process id: 0x1b0
Faulting application start time: 0xsvchost.exe_ProfSvc0
Faulting application path: svchost.exe_ProfSvc1
Faulting module path: svchost.exe_ProfSvc2
Report Id: svchost.exe_ProfSvc3
Error: (05/23/2013 05:10:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7323c9f1
Faulting process id: 0x1f90
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Error: (05/23/2013 05:09:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7323c9f1
Faulting process id: 0x2e40
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

System errors:
=============
Error: (05/24/2013 02:01:31 PM) (Source: UmrdpService) (User: )
Description: Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.
Error: (05/24/2013 02:01:26 PM) (Source: UmrdpService) (User: )
Description: Driver HP Officejet Pro 8600 required for printer HP Officejet Pro 8600 (Network) is unknown. Contact the administrator to install the driver before you log in again.
Error: (05/24/2013 02:01:25 PM) (Source: UmrdpService) (User: )
Description: Driver Bullzip PDF Printer required for printer Bullzip PDF Printer is unknown. Contact the administrator to install the driver before you log in again.
Error: (05/24/2013 02:01:23 PM) (Source: UmrdpService) (User: )
Description: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.
Error: (05/24/2013 02:01:23 PM) (Source: UmrdpService) (User: )
Description: Driver Fax - HP Officejet Pro 8600 required for printer Fax - HP Officejet Pro 8600 (Network) is unknown. Contact the administrator to install the driver before you log in again.
Error: (05/24/2013 02:01:03 PM) (Source: Service Control Manager) (User: )
Description: The EmbassyService service terminated unexpectedly. It has done this 1 time(s).
Error: (05/24/2013 01:59:45 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
Error: (05/24/2013 01:59:36 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060
Error: (05/24/2013 01:59:33 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
Error: (05/24/2013 01:59:32 PM) (Source: Service Control Manager) (User: )
Description: The WvPCR service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Microsoft Office Sessions:
=========================
Error: (05/24/2013 02:01:01 PM) (Source: Application Error)(User: )
Description: EmbassyServer.exe1.3.0.11750ab6eb4EmbassyServer.exe1.3.0.11750ab6eb4c0000005000000000001711a8e001ce58b0d42f2adbC:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exeC:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe46384e04-c4a4-11e2-b6b2-90b11c95e01c
Error: (05/24/2013 01:59:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/24/2013 00:35:29 PM) (Source: Application Error)(User: )
Description: EmbassyServer.exe1.3.0.11750ab6eb4EmbassyServer.exe1.3.0.11750ab6eb4c0000005000000000001711a89001ce58a4378265baC:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exeC:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe53118f73-c498-11e2-ad67-90b11c95e01c
Error: (05/24/2013 00:29:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/23/2013 06:53:51 PM) (Source: Winlogon)(User: )
Description:
Error: (05/23/2013 05:14:52 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4y0.0.0.05038a94ac0000005000000000000166a134801ce57f4cee81878C:\Windows\Explorer.EXEc:\windows\system32\y304bbfb2-c3f6-11e2-9834-90b11c95e01c
Error: (05/23/2013 05:14:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/23/2013 05:11:16 PM) (Source: Application Error)(User: )
Description: svchost.exe_ProfSvc6.1.7600.163854a5bc3c1y0.0.0.05038a94ac000000500000000000055801b001ce57f4baa4c50eC:\Windows\system32\svchost.exec:\windows\system32\yaf4d890c-c3f5-11e2-9834-90b11c95e01c
Error: (05/23/2013 05:10:46 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057323c9f11f9001ce580260256ceaC:\Windows\SysWOW64\svchost.exeunknown9dd3b52a-c3f5-11e2-9834-90b11c95e01c
Error: (05/23/2013 05:09:46 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057323c9f12e4001ce58023c45db12C:\Windows\SysWOW64\svchost.exeunknown79f6463a-c3f5-11e2-9834-90b11c95e01c

CodeIntegrity Errors:
===================================
Date: 2013-05-24 14:18:54.096
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-24 14:01:23.632
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-24 13:42:06.474
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-24 13:14:03.937
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-24 13:02:12.333
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-24 12:35:53.217
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-24 12:28:18.238
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-24 12:14:31.615
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-24 11:48:37.334
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-24 11:23:54.314
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 8178.45 MB
Available physical RAM: 6257.21 MB
Total Pagefile: 16355.09 MB
Available Pagefile: 14271.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:450.54 GB) (Free:398.12 GB) NTFS (Disk=0 Partition=3)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows Vista) (Size: 466 GB) (Disk ID: F7A36B7E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Re-run FRST one more time and post new log.
 

Attachments

  • fixlist.txt
    798 bytes · Views: 3
Broni,

Sorry for the delayed response! I was on my honeymoon last week. Thanks for all your help.

Here is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2013 03
Ran by LMPC at 2013-06-03 08:36:16 Run:1
Running from C:\Users\LMPC\Desktop
Boot Mode: Normal
==============================================
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f05ca01-b26d-11e2-b98b-90b11c95e01c} => Key deleted successfully.
HKCR\CLSID\{4f05ca01-b26d-11e2-b98b-90b11c95e01c} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0d22e8b-b563-11e2-b98b-90b11c95e01c} => Key deleted successfully.
HKCR\CLSID\{a0d22e8b-b563-11e2-b98b-90b11c95e01c} => Key not found.
HKCR\PROTOCOLS\Handler\osf => Key deleted successfully.
HKCR\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
"C:\Program Files\Windows Defender" => Deleting junctions and unlocking files completed successfully.
==== End of Fixlog ====
 
When you said "Re-run FRST one more time and post new log." I wasn't sure if you meant to to another "fix" or a "scan" so I included both.

Also, FYI I ran an AVG scan again and it's saying that no threats were detected.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2013 03
Ran by LMPC at 2013-06-03 08:43:22 Run:2
Running from C:\Users\LMPC\Desktop
Boot Mode: Normal
==============================================
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f05ca01-b26d-11e2-b98b-90b11c95e01c} => Key not found.
HKCR\CLSID\{4f05ca01-b26d-11e2-b98b-90b11c95e01c} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0d22e8b-b563-11e2-b98b-90b11c95e01c} => Key not found.
HKCR\CLSID\{a0d22e8b-b563-11e2-b98b-90b11c95e01c} => Key not found.
HKCR\PROTOCOLS\Handler\osf => Key not found.
HKCR\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
"C:\Program Files\Windows Defender" => Deleting junctions and unlocking files completed successfully.
==== End of Fixlog ====


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2013 03
Ran by LMPC (administrator) on 03-06-2013 08:43:47
Running from C:\Users\LMPC\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\LogonUI.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\EventServer.exe
(Flexera Software, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\FTAEArchiver.exe
(Flexera Software, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\FTAE_HistServ.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RdcyHost.exe
(Rockwell Automation Inc.) C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\EventClientMultiplexer.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RnaDirServer.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RNADirMultiplexor.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RnaAeServer.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmMux.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\ServerFramework.exe
() C:\Program Files (x86)\Free SMTP Server\localsrv.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\system32\rdpclip.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(AVG Secure Search) C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSCommon\RSOBSERV.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(AVG Secure Search) C:\Windows\TEMP\{8A038460-7D8B-4377-A015-2C636C72CEFA}.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2011-07-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [370584 2012-11-08] (Wave Systems Corp.)
HKLM\...\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKCU\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe -update activex [697272 2013-04-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291648 2012-10-16] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-12-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UsbCipHelper] C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe [434176 2011-10-18] (Rockwell Automation, Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" [1226928 2013-05-23] (AVG Secure Search)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\LMPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RSLINX - Shortcut.lnk
ShortcutTarget: RSLINX - Shortcut.lnk -> C:\Program Files (x86)\Rockwell Software\RSLinx\RSLINX.EXE (Rockwell Automation, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13-comm.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13-comm.msn.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKCU SearchScopes: DefaultScope {D6CF6EEE-73A0-4C3A-A4BC-C9A446E38C86} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\..\Interfaces\{D0D41F40-34B2-4D6F-B3CF-CD34C01FE1E1}: [NameServer]66.172.200.11,66.172.201.11
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [225720 2012-11-20] ()
R2 FactoryTalk Activation Service; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [1407312 2012-12-12] (Flexera Software, Inc.)
R2 FTActivationBoost; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [145888 2012-12-21] (Rockwell Automation, Inc.)
R2 FTAE_Archiver; C:\Program Files (x86)\Common Files\Rockwell\FTAEArchiver.exe [62136 2012-12-20] (Rockwell Automation, Inc.)
R2 FTAE_HistServ; C:\Program Files (x86)\Common Files\Rockwell\FTAE_HistServ.exe [152248 2012-12-20] (Rockwell Automation, Inc.)
R2 FTSysDiagSvcHost; C:\Program Files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe [69120 2012-12-17] (Rockwell Automation, Inc.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-22] (SafeNet Inc.)
S3 LogReceiver; C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [82616 2012-12-27] (Rockwell Automation, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$FTVIEWX64TAGDB; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1872568 2013-04-19] (Microsoft Corporation)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [20480 2012-11-23] ()
R2 RnaAeServer; C:\Program Files (x86)\Common Files\Rockwell\RnaAeServer.exe [164024 2012-12-20] (Rockwell Automation, Inc.)
R2 RnaAlarmMux; C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmMux.exe [708280 2012-12-20] (Rockwell Automation, Inc.)
S3 Rockwell HMI Activity Logger; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe [153272 2013-01-05] (Rockwell Automation, Inc.)
S3 Rockwell HMI Alarm Logger; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe [132792 2013-01-05] (Rockwell Automation, Inc.)
R2 Rockwell HMI Diagnostics; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe [108728 2013-01-05] (Rockwell Automation, Inc.)
R2 Rockwell HMI Framework; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\ServerFramework.exe [889016 2013-01-05] (Rockwell Automation, Inc.)
R2 Rockwell Tag Server; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe [214712 2013-01-05] (Rockwell Automation, Inc.)
S3 RSLinx; C:\PROGRA~2\ROCKWE~1\RSLinx\RSLINX.EXE [3272224 2013-01-19] (Rockwell Automation, Inc.)
R2 RSLinxNG; C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe [250552 2012-12-27] (Rockwell Automation, Inc.)
S4 SQLAgent$FTVIEWX64TAGDB; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] ()
R2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-23] (AVG Secure Search)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1758720 2012-11-19] (Wave Systems Corp.)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254384 2012-11-08] (Wave Systems Corp.)
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-23] (AVG Technologies)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [3708776 2012-02-07] (Realtek Semiconductor Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 SNXPCAMD; C:\Windows\System32\DRIVERS\snxpcamd.sys [53112 2010-12-02] (SUNIX Co., Ltd.)
R3 SNXPPAMD; C:\Windows\System32\DRIVERS\snxppamd.sys [100728 2010-12-02] (SUNIX Co., Ltd.)
R3 SNXPSAMD; C:\Windows\System32\DRIVERS\snxpsamd.sys [97144 2010-12-02] (SUNIX Co., Ltd.)
R1 VirtualBackplane; C:\Windows\System32\Drivers\VirtualBackplane.sys [51200 2011-06-02] (Rockwell Automation)
S3 pcidnt; \SystemRoot\System32\Drivers\pcidnt.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-06-03 08:35 - 2013-06-03 08:35 - 01916716 ____A (Farbar) C:\Users\LMPC\Desktop\FRST64.exe
2013-06-02 02:00 - 2013-06-02 02:00 - 00000352 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
2013-05-24 14:20 - 2013-06-03 08:36 - 00000000 ____D C:\FRST
2013-05-24 13:23 - 2013-05-24 13:23 - 00000000 ____D C:\Users\LMPC\Desktop\mbar
2013-05-24 13:21 - 2013-05-24 13:21 - 00000000 ____D C:\Users\LMPC\Documents\mbar-1.05.0.1001
2013-05-24 13:16 - 2013-05-24 13:16 - 00004051 ____A C:\Users\LMPC\Desktop\RKreport[2]_D_05242013_02d1316.txt
2013-05-24 13:15 - 2013-05-24 13:15 - 00003139 ____A C:\Users\LMPC\Desktop\RKreport[1]_S_05242013_02d1315.txt
2013-05-24 13:14 - 2013-05-24 13:16 - 00000000 ____D C:\Users\LMPC\Desktop\RK_Quarantine
2013-05-24 12:35 - 2013-05-24 12:35 - 00000000 ____D C:\Users\LMPC\AppData\Local\AVG SafeGuard toolbar
2013-05-24 11:18 - 2013-05-24 11:18 - 00028497 ____A C:\Users\LMPC\Desktop\dds.txt
2013-05-24 11:18 - 2013-05-24 11:18 - 00013777 ____A C:\Users\LMPC\Desktop\attach.txt
2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\Malwarebytes
2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-24 11:11 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-23 16:41 - 2013-05-23 16:41 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-05-23 16:41 - 2013-05-23 16:41 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\TuneUp Software
2013-05-23 16:41 - 2013-05-23 16:41 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\AVG2013
2013-05-23 16:41 - 2013-05-23 16:40 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-05-23 16:40 - 2013-06-02 02:00 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-05-23 16:40 - 2013-05-23 16:41 - 00000000 ____D C:\ProgramData\AVG2013
2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ___HD C:\$AVG
2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ____D C:\Program Files (x86)\AVG
2013-05-23 16:34 - 2013-06-03 08:42 - 00000000 ____D C:\ProgramData\MFAData
2013-05-23 16:34 - 2013-05-23 17:02 - 00000000 ____D C:\Users\LMPC\AppData\Local\Avg2013
2013-05-23 16:34 - 2013-05-23 16:34 - 00000000 ____D C:\Users\LMPC\AppData\Local\MFAData
2013-05-23 15:05 - 2013-05-23 15:05 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-05-23 11:45 - 2013-05-23 12:02 - 00000000 ____D C:\Program Files (x86)\SysInternals
2013-05-22 11:48 - 2013-05-22 11:48 - 00000000 ____D C:\Users\LMPC\Desktop\Gen Run Reports - backup
2013-05-21 08:38 - 2013-05-21 08:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{0A01D529-A43A-494C-ADB5-0FB00DB3A468}
2013-05-20 20:38 - 2013-05-20 20:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{6B509808-A99C-4191-9A32-5C1E97FC35BF}
2013-05-20 08:38 - 2013-05-20 08:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{CCB0FDFF-F3CF-4EEF-975C-02CAFD34D73A}
2013-05-19 20:37 - 2013-05-19 20:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{7F2BE1C7-4C61-4F83-8ECF-D4232EA35927}
2013-05-19 08:37 - 2013-05-19 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{FBFB7710-CE86-4666-9092-B856C673430F}
2013-05-18 20:37 - 2013-05-18 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{1A1966B7-8CD3-480F-B51F-3412E055187C}
2013-05-18 08:37 - 2013-05-18 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{05134FA1-DC8D-453C-A701-13B208FD5F52}
2013-05-17 20:37 - 2013-05-17 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{DE700F8B-0FEA-407F-9B23-30A868EFB2D0}
2013-05-17 08:36 - 2013-05-17 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{7F8999CA-0C50-441B-8347-4EF0692941CE}
2013-05-17 07:44 - 2013-05-03 16:15 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-17 03:00 - 2013-05-17 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-17 03:00 - 2013-05-17 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-05-16 20:36 - 2013-05-16 20:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{C46AE467-4907-4855-9B9F-329A3A10AB24}
2013-05-16 16:50 - 2013-05-16 16:50 - 00001065 ____A C:\Users\LMPC\Desktop\Free SMTP Server.lnk
2013-05-16 16:50 - 2013-05-16 16:50 - 00000000 ____D C:\Program Files (x86)\Free SMTP Server
2013-05-16 09:25 - 2013-05-16 09:25 - 00416156 ____A C:\Users\LMPC\Desktop\Email_List_Ver2.ACD
2013-05-16 09:24 - 2013-05-16 09:24 - 00121859 ____A C:\Users\LMPC\Desktop\Email_Ver2.txt
2013-05-16 08:36 - 2013-05-16 12:21 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\Windows Live Writer
2013-05-16 08:36 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\Windows Live Writer
2013-05-16 08:36 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{19EF95DD-3C46-4B23-9C53-CA090B4C8524}
2013-05-16 07:39 - 2013-05-16 07:39 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-05-16 03:13 - 2013-05-16 07:40 - 00292558 ____A C:\Windows\msxml4-KB973688-enu.LOG
2013-05-16 03:11 - 2013-05-16 07:39 - 00300298 ____A C:\Windows\msxml4-KB954430-enu.LOG
2013-05-16 03:11 - 2012-07-25 23:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-05-16 03:11 - 2012-07-25 23:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-05-16 03:11 - 2012-07-25 21:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-05-16 03:11 - 2012-06-02 09:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-05-16 03:03 - 2013-05-05 16:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 03:03 - 2013-05-05 16:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 03:03 - 2013-05-05 14:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 03:03 - 2013-05-05 14:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-16 03:03 - 2012-07-25 22:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-05-16 03:03 - 2012-07-25 22:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-05-16 03:03 - 2012-07-25 22:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-05-16 03:03 - 2012-07-25 22:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-05-16 03:03 - 2012-07-25 22:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-05-16 03:03 - 2012-07-25 21:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-05-16 03:03 - 2012-07-25 21:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-05-16 03:03 - 2012-06-02 09:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-05-16 03:01 - 2013-04-04 20:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 03:01 - 2013-04-04 20:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 03:01 - 2013-04-04 20:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 03:01 - 2013-04-04 20:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 03:01 - 2013-04-04 19:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-16 03:01 - 2013-04-04 19:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 03:01 - 2013-04-04 19:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 03:01 - 2013-04-04 19:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-16 03:01 - 2013-04-04 19:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 03:01 - 2013-04-04 19:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-16 03:01 - 2013-04-04 19:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 03:01 - 2013-04-04 19:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 03:01 - 2013-04-04 19:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 03:01 - 2013-04-04 19:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 03:01 - 2013-04-04 17:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-16 03:01 - 2013-04-04 17:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-16 03:01 - 2013-04-04 17:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-16 03:01 - 2013-04-04 17:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-16 03:01 - 2013-04-04 17:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-16 03:01 - 2013-04-04 17:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-16 03:01 - 2013-04-04 16:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 03:01 - 2013-04-04 16:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-16 03:01 - 2013-04-04 16:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-16 03:01 - 2013-04-04 16:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-16 03:01 - 2013-04-04 16:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-16 03:01 - 2013-04-04 16:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-16 03:01 - 2013-04-04 16:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-16 03:01 - 2013-04-04 16:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 17:29 - 2013-05-15 17:29 - 00000249 ____A C:\Users\LMPC\Documents\Query from Alarm Log.dqy
2013-05-15 16:30 - 2013-04-10 01:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 16:30 - 2013-04-10 01:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 16:30 - 2013-02-15 01:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-05-15 16:30 - 2013-02-15 01:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-05-15 16:30 - 2013-02-15 01:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-05-15 16:30 - 2013-02-14 23:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-05-15 16:30 - 2013-02-14 23:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-05-15 16:30 - 2013-02-14 22:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-05-15 16:30 - 2011-02-22 23:55 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2013-05-15 16:30 - 2011-02-03 06:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 16:29 - 2013-04-12 09:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-05-15 16:29 - 2013-04-09 22:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 16:29 - 2013-03-19 01:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-15 16:29 - 2013-03-19 00:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 16:29 - 2013-03-19 00:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 16:29 - 2013-03-19 00:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-05-15 16:29 - 2013-03-19 00:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-05-15 16:29 - 2013-03-19 00:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-05-15 16:29 - 2013-03-18 23:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-05-15 16:29 - 2013-03-18 22:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-05-15 16:29 - 2013-02-27 01:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 16:29 - 2013-02-27 00:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 16:29 - 2013-02-27 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 16:29 - 2013-02-27 00:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 16:29 - 2013-02-27 00:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 16:29 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 16:29 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 16:29 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 16:29 - 2013-01-24 01:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-05-15 12:56 - 2013-02-11 23:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-05-15 12:56 - 2013-01-04 00:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-05-15 12:56 - 2013-01-03 23:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-05-15 12:56 - 2013-01-03 21:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-05-15 12:56 - 2013-01-03 21:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-05-15 12:56 - 2013-01-03 21:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-05-15 12:56 - 2013-01-03 21:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-05-15 12:56 - 2011-11-17 01:35 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2013-05-15 12:56 - 2011-11-17 00:35 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2013-05-15 12:56 - 2011-04-09 01:58 - 00142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2013-05-15 12:56 - 2011-04-09 00:56 - 00123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-05-15 12:55 - 2013-01-03 01:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-05-15 12:55 - 2013-01-03 01:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-05-15 12:55 - 2012-05-05 03:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2013-05-15 12:55 - 2012-05-05 02:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-05-15 09:09 - 2013-05-15 09:09 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-05-15 09:09 - 2013-05-15 09:02 - 26809448 ____A (Microsoft Corporation) C:\Users\LMPC\Downloads\AccessDatabaseEngine.exe
==================== One Month Modified Files and Folders =======
2013-06-03 08:42 - 2013-05-23 16:34 - 00000000 ____D C:\ProgramData\MFAData
2013-06-03 08:36 - 2013-05-24 14:20 - 00000000 ____D C:\FRST
2013-06-03 08:35 - 2013-06-03 08:35 - 01916716 ____A (Farbar) C:\Users\LMPC\Desktop\FRST64.exe
2013-06-03 08:21 - 2013-04-02 04:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-03 08:13 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-06-02 02:00 - 2013-06-02 02:00 - 00000352 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
2013-06-02 02:00 - 2013-05-23 16:40 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-05-24 14:07 - 2009-07-13 23:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-24 14:07 - 2009-07-13 23:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-24 14:04 - 2009-07-14 00:13 - 00872568 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-24 13:59 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-24 13:59 - 2009-07-13 23:51 - 00033018 ____A C:\Windows\setupact.log
2013-05-24 13:57 - 2013-04-05 15:30 - 00000206 ____A C:\Windows\ODBC.INI
2013-05-24 13:23 - 2013-05-24 13:23 - 00000000 ____D C:\Users\LMPC\Desktop\mbar
2013-05-24 13:21 - 2013-05-24 13:21 - 00000000 ____D C:\Users\LMPC\Documents\mbar-1.05.0.1001
2013-05-24 13:16 - 2013-05-24 13:16 - 00004051 ____A C:\Users\LMPC\Desktop\RKreport[2]_D_05242013_02d1316.txt
2013-05-24 13:16 - 2013-05-24 13:14 - 00000000 ____D C:\Users\LMPC\Desktop\RK_Quarantine
2013-05-24 13:15 - 2013-05-24 13:15 - 00003139 ____A C:\Users\LMPC\Desktop\RKreport[1]_S_05242013_02d1315.txt
2013-05-24 12:35 - 2013-05-24 12:35 - 00000000 ____D C:\Users\LMPC\AppData\Local\AVG SafeGuard toolbar
2013-05-24 11:18 - 2013-05-24 11:18 - 00028497 ____A C:\Users\LMPC\Desktop\dds.txt
2013-05-24 11:18 - 2013-05-24 11:18 - 00013777 ____A C:\Users\LMPC\Desktop\attach.txt
2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\Malwarebytes
2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-23 17:11 - 2009-07-14 00:08 - 00008124 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-23 17:02 - 2013-05-23 16:34 - 00000000 ____D C:\Users\LMPC\AppData\Local\Avg2013
2013-05-23 16:41 - 2013-05-23 16:41 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-05-23 16:41 - 2013-05-23 16:41 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\TuneUp Software
2013-05-23 16:41 - 2013-05-23 16:41 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\AVG2013
2013-05-23 16:41 - 2013-05-23 16:40 - 00000000 ____D C:\ProgramData\AVG2013
2013-05-23 16:40 - 2013-05-23 16:41 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ___HD C:\$AVG
2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ____D C:\Program Files (x86)\AVG
2013-05-23 16:34 - 2013-05-23 16:34 - 00000000 ____D C:\Users\LMPC\AppData\Local\MFAData
2013-05-23 15:32 - 2010-11-20 22:47 - 00012700 ____A C:\Windows\PFRO.log
2013-05-23 15:05 - 2013-05-23 15:05 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-05-23 15:00 - 2013-04-02 04:24 - 02015444 ____A C:\Windows\WindowsUpdate.log
2013-05-23 14:31 - 2013-04-11 09:46 - 00000000 ____D C:\Users\LMPC\Documents\Gen Run Reports
2013-05-23 12:02 - 2013-05-23 11:45 - 00000000 ____D C:\Program Files (x86)\SysInternals
2013-05-22 11:48 - 2013-05-22 11:48 - 00000000 ____D C:\Users\LMPC\Desktop\Gen Run Reports - backup
2013-05-22 11:00 - 2013-04-11 09:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-05-21 13:26 - 2013-05-02 16:05 - 00028984 ____A C:\Users\LMPC\Documents\Alarm and Event History.xlsx
2013-05-21 08:38 - 2013-05-21 08:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{0A01D529-A43A-494C-ADB5-0FB00DB3A468}
2013-05-20 20:38 - 2013-05-20 20:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{6B509808-A99C-4191-9A32-5C1E97FC35BF}
2013-05-20 08:38 - 2013-05-20 08:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{CCB0FDFF-F3CF-4EEF-975C-02CAFD34D73A}
2013-05-19 20:38 - 2013-05-19 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{7F2BE1C7-4C61-4F83-8ECF-D4232EA35927}
2013-05-19 08:37 - 2013-05-19 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{FBFB7710-CE86-4666-9092-B856C673430F}
2013-05-18 20:37 - 2013-05-18 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{1A1966B7-8CD3-480F-B51F-3412E055187C}
2013-05-18 08:37 - 2013-05-18 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{05134FA1-DC8D-453C-A701-13B208FD5F52}
2013-05-17 20:37 - 2013-05-17 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{DE700F8B-0FEA-407F-9B23-30A868EFB2D0}
2013-05-17 08:37 - 2013-05-17 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{7F8999CA-0C50-441B-8347-4EF0692941CE}
2013-05-17 07:44 - 2011-02-10 09:33 - 00866466 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-05-17 03:00 - 2013-05-17 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-17 03:00 - 2013-05-17 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-05-16 20:36 - 2013-05-16 20:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{C46AE467-4907-4855-9B9F-329A3A10AB24}
2013-05-16 16:53 - 2013-04-05 15:01 - 00000000 ____D C:\Users\LMPC\AppData\Local\VirtualStore
2013-05-16 16:50 - 2013-05-16 16:50 - 00001065 ____A C:\Users\LMPC\Desktop\Free SMTP Server.lnk
2013-05-16 16:50 - 2013-05-16 16:50 - 00000000 ____D C:\Program Files (x86)\Free SMTP Server
2013-05-16 12:21 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\Windows Live Writer
2013-05-16 09:25 - 2013-05-16 09:25 - 00416156 ____A C:\Users\LMPC\Desktop\Email_List_Ver2.ACD
2013-05-16 09:24 - 2013-05-16 09:24 - 00121859 ____A C:\Users\LMPC\Desktop\Email_Ver2.txt
2013-05-16 08:36 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\Windows Live Writer
2013-05-16 08:36 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{19EF95DD-3C46-4B23-9C53-CA090B4C8524}
2013-05-16 07:40 - 2013-05-16 03:13 - 00292558 ____A C:\Windows\msxml4-KB973688-enu.LOG
2013-05-16 07:39 - 2013-05-16 07:39 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-05-16 07:39 - 2013-05-16 03:11 - 00300298 ____A C:\Windows\msxml4-KB954430-enu.LOG
2013-05-16 04:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-05-16 03:34 - 2009-07-13 23:45 - 00347440 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 03:33 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-05-16 03:33 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-05-15 17:29 - 2013-05-15 17:29 - 00000249 ____A C:\Users\LMPC\Documents\Query from Alarm Log.dqy
2013-05-15 09:11 - 2013-04-02 04:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-05-15 09:09 - 2013-05-15 09:09 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-05-15 09:02 - 2013-05-15 09:09 - 26809448 ____A (Microsoft Corporation) C:\Users\LMPC\Downloads\AccessDatabaseEngine.exe
2013-05-05 16:36 - 2013-05-16 03:03 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 16:16 - 2013-05-16 03:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 14:25 - 2013-05-16 03:03 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-05 14:12 - 2013-05-16 03:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-06-03 00:49
==================== End Of Log ============================
 
Thanks :) Ok, MBAR did run! It found 3 Malware items. I clicked "cleanup" and it says that it successfully cleaned up the system!

Anything else I should do? Thanks for all your help! Amazed at the amount of help you provided!
 
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.
Back