TechSpot

AVG detects trojan horse

Inactive-A
By stephengates
May 24, 2013
  1. Hey guys,

    Thanks for your helpful article and support. It looks like my computer has a trojan horse that AVG can't get rid of. Not sure if these logs will show that or not. What's the next step for me to take?

    Also, you should know that I think I clicked on a fake adobe flash player update which may have started all this. Not sure. Thanks!

    Stephen

    Logs are in the following order: Malwarebytes, DDS, Atttach

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.05.24.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    LMPC :: LMPC-PC [administrator]

    Protection: Enabled

    5/24/2013 11:12:01 AM
    mbam-log-2013-05-24 (11-12-01).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 216809
    Time elapsed: 2 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16483
    Run by LMPC at 11:18:05 on 2013-05-24
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8178.4653 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Common Files\SPBA\upeksvr.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
    C:\Program Files (x86)\Common Files\Rockwell\EventServer.exe
    C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe
    C:\Program Files (x86)\Common Files\Rockwell\FTAEArchiver.exe
    C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe
    C:\Program Files (x86)\Common Files\Rockwell\FTAE_HistServ.exe
    C:\Program Files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe
    C:\Windows\system32\hasplms.exe
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe
    C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe
    C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
    C:\Program Files (x86)\Common Files\Rockwell\RdcyHost.exe
    C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe
    C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
    C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
    C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe
    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Rockwell\EventClientMultiplexer.exe
    C:\Program Files (x86)\Common Files\Rockwell\RnaDirServer.exe
    C:\Program Files (x86)\Common Files\Rockwell\RNADirMultiplexor.exe
    C:\Program Files (x86)\Common Files\Rockwell\RnaAeServer.exe
    C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmMux.exe
    C:\Program Files (x86)\Rockwell Software\RSView Enterprise\ServerFramework.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
    C:\dell\DBRM\Reminder\DbrmTrayicon.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe
    C:\Program Files (x86)\Rockwell Software\RSCommon\RSOBSERV.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\LogonUI.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\Common Files\SPBA\upeksvr.exe
    C:\Windows\system32\rdpclip.exe
    C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMIServer.exe
    C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMITagsSCM.EXE
    C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMITagsDDM.EXE
    C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMITagsBTM.EXE
    C:\Program Files (x86)\Rockwell Software\RSView Enterprise\SHDE.EXE
    C:\Program Files (x86)\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe
    C:\Program Files (x86)\Rockwell Software\RSView Enterprise\RsAlmLogExpServ.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
    C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Free SMTP Server\localsrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\notepad.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://dell13-comm.msn.com
    uDefault_Page_URL = hxxp://dell13-comm.msn.com
    mWinlogon: Userinit = userinit.exe
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
    TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [UsbCipHelper] C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\LMPC\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RSLINX~1.LNK - C:\Program Files (x86)\Rockwell Software\RSLinx\RSLINX.EXE
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: DisableCAD = dword:1
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
    LSP: mswsock.dll
    TCP: Interfaces\{D0D41F40-34B2-4D6F-B3CF-CD34C01FE1E1} : NameServer = 66.172.200.11,66.172.201.11
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    LSA: Authentication Packages = msv1_0 wvauth
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
    x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
    x64-Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
    x64-RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-4-2 20024]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-5-23 45856]
    R1 VirtualBackplane;A-B Virtual Backplane;C:\Windows\System32\drivers\VirtualBackplane.sys [2011-6-2 51200]
    R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-4-5 78208]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-2 204288]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
    R2 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-11-20 225720]
    R2 FactoryTalk Activation Service;FactoryTalk Activation Service;C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [2012-12-12 1407312]
    R2 FTActivationBoost;FactoryTalk Activation Helper;C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [2012-12-21 145888]
    R2 FTAE_Archiver;Rockwell Alarm History Archiver;C:\Program Files (x86)\Common Files\Rockwell\FTAEArchiver.exe [2012-12-20 62136]
    R2 FTAE_HistServ;Rockwell Alarm Historian;C:\Program Files (x86)\Common Files\Rockwell\FTAE_HistServ.exe [2012-12-20 152248]
    R2 FTSysDiagSvcHost;FTSysDiagSvcHost;C:\Program Files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe [2012-12-17 69120]
    R2 hasplms;Sentinel Local License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-2 13632]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-7-27 170824]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-24 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-24 701512]
    R2 MSSQL$FTVIEWX64TAGDB;SQL Server (FTVIEWX64TAGDB);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe [2010-4-3 42884448]
    R2 NmspHost;Rockwell Namespace Services;C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe [2012-12-19 226488]
    R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-4-11 1872568]
    R2 PbaDrvSvc_x64;Dell PBA x64 Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [2012-11-23 20480]
    R2 RdcyHost;Rockwell Redundancy Services;C:\Program Files (x86)\Common Files\Rockwell\RdcyHost.exe [2012-12-20 226488]
    R2 RnaAeServer;Rockwell Alarm Server;C:\Program Files (x86)\Common Files\Rockwell\RnaAeServer.exe [2012-12-20 164024]
    R2 RnaAlarmMux;Rockwell Alarm Multiplexer;C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmMux.exe [2012-12-20 708280]
    R2 Rockwell HMI Framework;Rockwell HMI Framework;C:\Program Files (x86)\Rockwell Software\RSView Enterprise\ServerFramework.exe [2013-1-5 889016]
    R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-23 1015984]
    R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2012-11-19 1758720]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-4-2 95248]
    R3 dcdbas;System Management Driver;C:\Windows\System32\drivers\dcdbas64.sys [2012-9-23 39016]
    R3 EventServer;Rockwell Event Server;C:\Program Files (x86)\Common Files\Rockwell\EventServer.exe [2012-12-19 252600]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-2 358456]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-2 791608]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-24 25928]
    R3 Rockwell HMI Alarm Logger;Rockwell HMI Alarm Logger;C:\Program Files (x86)\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe [2013-1-5 132792]
    R3 SNXPCAMD;SUNIX Multi-I/O Card Driver;C:\Windows\System32\drivers\snxpcamd.sys [2013-4-2 53112]
    R3 SNXPPAMD;SUNIX Parallel Port Driver;C:\Windows\System32\drivers\snxppamd.sys [2013-4-2 100728]
    R3 SNXPSAMD;SUNIX Serial Port Driver;C:\Windows\System32\drivers\snxpsamd.sys [2013-4-2 97144]
    S0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-11-8 254384]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 LogReceiver;LogReceiver;C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [2012-12-27 82616]
    S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-16 1255736]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 44896]
    S4 SQLAgent$FTVIEWX64TAGDB;SQL Server Agent (FTVIEWX64TAGDB);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 367456]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-05-24 16:11:06--------d-----w-C:\Users\LMPC\AppData\Roaming\Malwarebytes
    2013-05-24 16:11:0325928----a-w-C:\Windows\System32\drivers\mbam.sys
    2013-05-24 16:11:03--------d-----w-C:\ProgramData\Malwarebytes
    2013-05-24 16:11:03--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-24 16:10:48--------d-----w-C:\Users\LMPC\AppData\Local\Programs
    2013-05-23 21:41:36--------d-----w-C:\Users\LMPC\AppData\Roaming\AVG2013
    2013-05-23 21:41:04--------d-----w-C:\Users\LMPC\AppData\Roaming\TuneUp Software
    2013-05-23 21:41:0045856----a-w-C:\Windows\System32\drivers\avgtpx64.sys
    2013-05-23 21:40:58--------d-----w-C:\Program Files (x86)\Common Files\AVG Secure Search
    2013-05-23 21:40:58--------d-----w-C:\Program Files (x86)\AVG SafeGuard toolbar
    2013-05-23 21:40:28--------d--h--w-C:\$AVG
    2013-05-23 21:40:28--------d-----w-C:\ProgramData\AVG2013
    2013-05-23 21:40:00--------d-----w-C:\Program Files (x86)\AVG
    2013-05-23 21:34:49--------d--h--w-C:\ProgramData\Common Files
    2013-05-23 21:34:49--------d-----w-C:\Users\LMPC\AppData\Local\MFAData
    2013-05-23 21:34:49--------d-----w-C:\Users\LMPC\AppData\Local\Avg2013
    2013-05-23 21:34:49--------d-----w-C:\ProgramData\MFAData
    2013-05-23 20:05:32--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
    2013-05-23 16:45:45--------d-----w-C:\Program Files (x86)\SysInternals
    2013-05-21 13:38:28--------d-----w-C:\Users\LMPC\AppData\Local\{0A01D529-A43A-494C-ADB5-0FB00DB3A468}
    2013-05-21 07:50:409460464----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5FDA868-20D1-4AC8-B3D6-E7B9395A4BD1}\mpengine.dll
    2013-05-21 01:38:17--------d-----w-C:\Users\LMPC\AppData\Local\{6B509808-A99C-4191-9A32-5C1E97FC35BF}
    2013-05-20 21:26:12101376----a-w-C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
    2013-05-20 13:38:05--------d-----w-C:\Users\LMPC\AppData\Local\{CCB0FDFF-F3CF-4EEF-975C-02CAFD34D73A}
    2013-05-20 01:37:54--------d-----w-C:\Users\LMPC\AppData\Local\{7F2BE1C7-4C61-4F83-8ECF-D4232EA35927}
    2013-05-19 13:37:42--------d-----w-C:\Users\LMPC\AppData\Local\{FBFB7710-CE86-4666-9092-B856C673430F}
    2013-05-19 01:37:31--------d-----w-C:\Users\LMPC\AppData\Local\{1A1966B7-8CD3-480F-B51F-3412E055187C}
    2013-05-18 13:37:19--------d-----w-C:\Users\LMPC\AppData\Local\{05134FA1-DC8D-453C-A701-13B208FD5F52}
    2013-05-18 01:37:08--------d-----w-C:\Users\LMPC\AppData\Local\{DE700F8B-0FEA-407F-9B23-30A868EFB2D0}
    2013-05-17 13:36:56--------d-----w-C:\Users\LMPC\AppData\Local\{7F8999CA-0C50-441B-8347-4EF0692941CE}
    2013-05-17 01:36:45--------d-----w-C:\Users\LMPC\AppData\Local\{C46AE467-4907-4855-9B9F-329A3A10AB24}
    2013-05-16 21:50:13--------d-----w-C:\Program Files (x86)\Free SMTP Server
    2013-05-16 13:36:21--------d-----w-C:\Users\LMPC\AppData\Local\{19EF95DD-3C46-4B23-9C53-CA090B4C8524}
    2013-05-16 13:36:08--------d-----w-C:\Users\LMPC\AppData\Roaming\Windows Live Writer
    2013-05-16 13:36:08--------d-----w-C:\Users\LMPC\AppData\Local\Windows Live Writer
    2013-05-16 12:39:27--------d-----w-C:\Program Files (x86)\MSXML 4.0
    2013-05-16 08:33:05--------d-----w-C:\Windows\SysWow64\Wat
    2013-05-16 08:33:05--------d-----w-C:\Windows\System32\Wat
    2013-05-16 08:11:579728----a-w-C:\Windows\System32\Wdfres.dll
    2013-05-16 08:11:57785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
    2013-05-16 08:11:5754376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
    2013-05-16 08:11:572560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2013-05-16 08:03:562382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2013-05-16 08:03:562382848----a-w-C:\Windows\System32\mshtml.tlb
    2013-05-16 08:03:1987040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
    2013-05-16 08:03:1984992----a-w-C:\Windows\System32\WUDFSvc.dll
    2013-05-16 08:03:19744448----a-w-C:\Windows\System32\WUDFx.dll
    2013-05-16 08:03:1945056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
    2013-05-16 08:03:19229888----a-w-C:\Windows\System32\WUDFHost.exe
    2013-05-16 08:03:19198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
    2013-05-16 08:03:19194048----a-w-C:\Windows\System32\WUDFPlatform.dll
    2013-05-15 21:30:0790624----a-w-C:\Windows\System32\drivers\bowser.sys
    2013-05-15 21:30:06983400----a-w-C:\Windows\System32\drivers\dxgkrnl.sys
    2013-05-15 21:30:06265064----a-w-C:\Windows\System32\drivers\dxgmms1.sys
    2013-05-15 21:30:06144384----a-w-C:\Windows\System32\cdd.dll
    2013-05-15 21:30:053717632----a-w-C:\Windows\System32\mstscax.dll
    2013-05-15 21:30:053217408----a-w-C:\Windows\SysWow64\mstscax.dll
    2013-05-15 21:30:0444032----a-w-C:\Windows\System32\tsgqec.dll
    2013-05-15 21:30:0436864----a-w-C:\Windows\SysWow64\tsgqec.dll
    2013-05-15 21:30:04158720----a-w-C:\Windows\System32\aaclient.dll
    2013-05-15 21:30:04131584----a-w-C:\Windows\SysWow64\aaclient.dll
    2013-05-15 17:56:14886784----a-w-C:\Program Files\Common Files\System\wab32.dll
    2013-05-15 17:56:14708608----a-w-C:\Program Files (x86)\Common Files\System\wab32.dll
    2013-05-15 17:56:13142336----a-w-C:\Windows\System32\poqexec.exe
    2013-05-15 17:56:13123904----a-w-C:\Windows\SysWow64\poqexec.exe
    2013-05-15 17:56:12395776----a-w-C:\Windows\System32\webio.dll
    2013-05-15 17:56:12314880----a-w-C:\Windows\SysWow64\webio.dll
    2013-05-15 17:56:1019968----a-w-C:\Windows\System32\drivers\usb8023.sys
    2013-05-15 17:56:097680----a-w-C:\Windows\SysWow64\instnm.exe
    2013-05-15 17:56:095120----a-w-C:\Windows\SysWow64\wow32.dll
    2013-05-15 17:56:0925600----a-w-C:\Windows\SysWow64\setup16.exe
    2013-05-15 17:56:09215040----a-w-C:\Windows\System32\winsrv.dll
    2013-05-15 17:56:092048----a-w-C:\Windows\SysWow64\user.exe
    2013-05-15 17:56:0914336----a-w-C:\Windows\SysWow64\ntvdm64.dll
    2013-05-15 17:55:50288088----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-05-15 17:55:501913192----a-w-C:\Windows\System32\drivers\tcpip.sys
    2013-05-15 17:55:34503808----a-w-C:\Windows\System32\srcore.dll
    2013-05-15 17:55:3443008----a-w-C:\Windows\SysWow64\srclient.dll
    2013-05-15 17:53:079460464----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2013-05-15 14:09:59--------d-----w-C:\Program Files (x86)\MSECache
    2013-05-02 18:18:3886016----a-r-C:\Users\LMPC\AppData\Roaming\Microsoft\Windows\Templates\F\LGUTchkdl.dll
    2013-05-02 18:18:384608----a-r-C:\Users\LMPC\AppData\Roaming\Microsoft\Windows\Templates\F\LGEUSBAutorun.dll
    2013-05-01 21:57:35--------d-----w-C:\Users\LMPC\AppData\Local\Adobe
    .
    ==================== Find3M ====================
    .
    2013-05-02 07:06:08278800------w-C:\Windows\System32\MpSigStub.exe
    2013-04-13 05:49:23135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19308736----a-w-C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19111104----a-w-C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16474624----a-w-C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:152176512----a-w-C:\Windows\apppatch\AcGenral.dll
    2013-04-12 14:45:081656680----a-w-C:\Windows\System32\drivers\ntfs.sys
    2013-04-10 03:30:503153920----a-w-C:\Windows\System32\win32k.sys
    2013-04-05 20:19:131488----a-w-C:\Windows\SysWow64\Rsvchost.reg
    2013-04-05 20:19:131488----a-w-C:\Windows\SysWow64\RdcyReg.reg
    2013-04-05 20:04:100----a-w-C:\Windows\invcol.tmp
    2013-04-05 01:08:442312704----a-w-C:\Windows\System32\jscript9.dll
    2013-04-05 01:00:301392128----a-w-C:\Windows\System32\wininet.dll
    2013-04-05 00:59:241494528----a-w-C:\Windows\System32\inetcpl.cpl
    2013-04-05 00:56:16173056----a-w-C:\Windows\System32\ieUnatt.exe
    2013-04-05 00:55:47599040----a-w-C:\Windows\System32\vbscript.dll
    2013-04-04 22:11:341800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2013-04-04 22:02:591427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2013-04-04 22:02:171129472----a-w-C:\Windows\SysWow64\wininet.dll
    2013-04-04 21:58:51142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2013-04-04 21:57:45420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2013-04-02 11:04:5391648----a-w-C:\Windows\System32\SetIEInstalledDate.exe
    2013-04-02 09:53:230----a-w-C:\Windows\ativpsrm.bin
    2013-04-02 09:25:5573656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-04-02 09:25:55697272----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-03-29 07:53:48246072----a-w-C:\Windows\System32\drivers\avgidsdrivera.sys
    2013-03-21 08:08:24240952----a-w-C:\Windows\System32\drivers\avgtdia.sys
    2013-03-19 06:04:065550424----a-w-C:\Windows\System32\ntoskrnl.exe
    2013-03-19 05:53:5848640----a-w-C:\Windows\System32\wwanprotdim.dll
    2013-03-19 05:53:58230400----a-w-C:\Windows\System32\wwansvc.dll
    2013-03-19 05:46:5643520----a-w-C:\Windows\System32\csrsrv.dll
    2013-03-19 05:04:133968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2013-03-19 05:04:103913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2013-03-19 04:47:506656----a-w-C:\Windows\SysWow64\apisetschema.dll
    2013-03-19 03:06:33112640----a-w-C:\Windows\System32\smss.exe
    2013-02-27 06:02:44111448----a-w-C:\Windows\System32\consent.exe
    2013-02-27 05:48:001930752----a-w-C:\Windows\System32\authui.dll
    2013-02-27 05:47:1070144----a-w-C:\Windows\System32\appinfo.dll
    2013-02-27 04:49:241796096----a-w-C:\Windows\SysWow64\authui.dll
    .
    ============= FINISH: 11:18:19.03 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/5/2013 3:00:50 PM
    System Uptime: 5/23/2013 3:32:46 PM (20 hours ago)
    .
    Motherboard: Dell Inc. | | 0KRC95
    Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz | CPU 1 | 1568/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 399.102 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP24: 4/26/2013 3:42:15 PM - Scheduled Checkpoint
    RP25: 5/14/2013 7:38:45 PM - Scheduled Checkpoint
    RP26: 5/15/2013 9:11:00 AM - Installed Microsoft Access database engine 2010 (English)
    RP27: 5/15/2013 12:52:43 PM - Windows Update
    RP28: 5/16/2013 3:00:14 AM - Windows Update
    RP29: 5/16/2013 7:38:54 AM - Windows Update
    RP30: 5/17/2013 3:00:12 AM - Windows Update
    RP31: 5/17/2013 7:42:13 AM - Windows Update
    RP32: 5/18/2013 3:00:10 AM - Windows Update
    RP34: 5/23/2013 3:15:14 PM - Windows Defender Checkpoint
    RP35: 5/23/2013 4:39:45 PM - Installed AVG 2013
    RP36: 5/23/2013 4:40:04 PM - Installed AVG 2013
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.7)
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AVG 2013
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    Catalyst Control Center Profiles Desktop
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Custom
    D3DX10
    Dell Backup and Recovery Manager
    Dell Client System Update
    Dell Data Protection | Access
    Dell Edoc Viewer
    DellAccess
    EMBASSY Client Core
    ERAS Connector
    FactoryTalk Activation Manager 3.60.00 (CPR 9 SR 6)
    FactoryTalk Alarms and Events 2.60.00 (CPR 9 SR 6)
    FactoryTalk Diagnostics 2.60.00 (CPR 9 SR 6)
    FactoryTalk Services Platform 2.60.00 (CPR 9 SR 6)
    FactoryTalk View Site Edition Client 7.00.00
    FactoryTalk® View Site Edition Client 7.00.00 (CPR 9 SR 6)
    FactoryTalk® View Site Edition Server 7.00.00 (CPR 9 SR 6)
    FactoryTalk® View Studio Enterprise 7.00.00 (CPR 9 SR 6)
    Free SMTP Server
    Gemalto
    GemPcCCID
    Intel(R) Control Center
    Intel(R) Network Connections 17.3.63.0
    Intel(R) Rapid Storage Technology
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.75.0.1300
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Access database engine 2010 (English)
    Microsoft Application Error Reporting
    Microsoft Office Home and Business 2013 - en-us
    Microsoft Silverlight
    Microsoft SkyDrive
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 R2
    Microsoft SQL Server 2008 R2 Native Client
    Microsoft SQL Server 2008 R2 RsFx Driver
    Microsoft SQL Server 2008 R2 Setup (English)
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Browser
    Microsoft SQL Server Compact 4.0 x64 ENU
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Office 15 Click-to-Run Extensibility Component
    Office 15 Click-to-Run Licensing Component
    Office 15 Click-to-Run Localization Component
    PBA Driver
    Preboot Manager
    Private Information Manager
    Realtek High Definition Audio Driver
    Rockwell Automation Driver Package x64
    Rockwell Windows Firewall Configuration Utility 1.00.06
    RSLinx Classic 3.60.00 CPR 9 SR 6
    RSLinx Enterprise 5.60.00 (CPR 9 SR 6)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    SI TSS
    SPBA (WBF) 5.9
    SQL Server 2008 R2 Common Files
    SQL Server 2008 R2 Database Engine Services
    SQL Server 2008 R2 Database Engine Shared
    Sql Server Customer Experience Improvement Program
    toolkit32for64bit
    Trusted Drive Manager
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Visual Basic for Applications (R) Core
    Visual Basic for Applications (R) Core - English
    Visual Studio 2010 x64 Redistributables
    Wave Crypto Runtime 2.0.9.0 x64
    Wave Crypto Runtime 2.0.9.0 x86
    Wave Infrastructure Installer
    Wave Support Software Installer
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/24/2013 10:45:02 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.
    5/24/2013 10:44:58 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver HP Officejet Pro 8600 required for printer HP Officejet Pro 8600 (Network) is unknown. Contact the administrator to install the driver before you log in again.
    5/24/2013 10:44:56 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Bullzip PDF Printer required for printer Bullzip PDF Printer is unknown. Contact the administrator to install the driver before you log in again.
    5/24/2013 10:44:56 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.
    5/24/2013 10:44:54 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Fax - HP Officejet Pro 8600 required for printer Fax - HP Officejet Pro 8600 (Network) is unknown. Contact the administrator to install the driver before you log in again.
    5/23/2013 5:19:08 PM, Error: TermDD [56] - The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 68.96.134.205.
    5/23/2013 5:11:18 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2013 5:11:18 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2013 3:33:09 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    5/23/2013 3:33:08 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    5/23/2013 3:33:07 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    5/23/2013 3:33:06 PM, Error: Service Control Manager [7001] - The WvPCR service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
    5/23/2013 3:33:06 PM, Error: Service Control Manager [7001] - The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
    5/23/2013 3:00:09 PM, Error: TermDD [56] - The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 68.226.76.92.
    5/23/2013 10:38:55 AM, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2013 10:38:55 AM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    5/22/2013 9:37:22 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {DAA085E0-F341-11CE-B4B5-C46F03C10000} and APPID {DAA085E0-F341-11CE-B4B5-C46F03C10000} to the user LMPC-PC\LMPC SID (S-1-5-21-1236341281-62204155-2792960718-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    5/22/2013 10:45:26 AM, Error: Service Control Manager [7034] - The EmbassyService service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================

    [​IMG] I changed your topic title to something more meaningful.

    [​IMG] What file and it what location is detected by AVG?

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  3. stephengates

    stephengates TS Rookie Topic Starter

    Broni,

    Thanks a lot for your reply!! Really appreciate it. I download both files. However whenever I go to extract the Anti-Rootkit (MBAR) I find there are no files in the extracted folder?! What's up w that?

    Ran the RogueKiller scan no problem:

    RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : LMPC [Admin rights]
    Mode : Remove -- Date : 05/24/2013 13:16:48
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 7 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{D0D41F40-34B2-4D6F-B3CF-CD34C01FE1E1} : NameServer (66.172.200.11,66.172.201.11) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{D0D41F40-34B2-4D6F-B3CF-CD34C01FE1E1} : NameServer (66.172.200.11,66.172.201.11) -> NOT REMOVED, USE DNSFIX
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1236341281-62204155-2792960718-1000\$4749e0ce752fdd59af26ab9e312d1adb\n.) [x] -> REPLACED (C:\Windows\system32\shell32.dll)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\n.) [x] -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\@ [-] --> REMOVED
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1236341281-62204155-2792960718-1000\$4749e0ce752fdd59af26ab9e312d1adb\@ [-] --> REMOVED
    [Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\U\00000004.@ [-] --> REMOVED
    [Del.Parent][FILE] 00000008.@ : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\U\00000008.@ [-] --> REMOVED
    [Del.Parent][FILE] 000000cb.@ : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\U\000000cb.@ [-] --> REMOVED
    [Del.Parent][FILE] 80000000.@ : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\U\80000000.@ [-] --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1236341281-62204155-2792960718-1000\$4749e0ce752fdd59af26ab9e312d1adb\U --> REMOVED
    [Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\L\00000004.@ [-] --> REMOVED
    [Del.Parent][FILE] 201d3dde : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\L\201d3dde [-] --> REMOVED
    [Del.Parent][FILE] 76603ac3 : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\L\76603ac3 [-] --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$4749e0ce752fdd59af26ab9e312d1adb\L --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1236341281-62204155-2792960718-1000\$4749e0ce752fdd59af26ab9e312d1adb\L --> REMOVED
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> REMOVED
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> REMOVED
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST500DM002-1BD142 +++++
    --- User ---
    [MBR] 3c008daef7c7e432535e37f971b5a312
    [BSP] 80a79e5c3ed357b0c51d6d811f3eceec : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15544 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31916032 | Size: 461352 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2]_D_05242013_02d1316.txt >>
    RKreport[1]_S_05242013_02d1315.txt ; RKreport[2]_D_05242013_02d1316.txt
     
  4. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
    • Press Scan button.[/*]
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.[/*]
     
  5. stephengates

    stephengates TS Rookie Topic Starter

    Broni,

    Here are the logs:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-05-2013 02
    Ran by LMPC (administrator) on 24-05-2013 14:20:46
    Running from C:\Users\LMPC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZG1YQTI0
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal
    ==================== Processes (Whitelisted) =================
    (AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    (AMD) C:\Windows\system32\atiesrxx.exe
    (Microsoft Corporation) C:\Windows\system32\LogonUI.exe
    (AMD) C:\Windows\system32\atieclxx.exe
    (Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\EventServer.exe
    (Flexera Software, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\FTAEArchiver.exe
    (Flexera Software, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\FTAE_HistServ.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe
    (SafeNet Inc.) C:\Windows\system32\hasplms.exe
    (Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
    () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RdcyHost.exe
    (Rockwell Automation Inc.) C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe
    (Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\EventClientMultiplexer.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RnaDirServer.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RNADirMultiplexor.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RnaAeServer.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmMux.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\ServerFramework.exe
    () C:\Program Files (x86)\Free SMTP Server\localsrv.exe
    (Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
    (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
    (Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    (AVG Secure Search) C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSCommon\RSOBSERV.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
    (Farbar) C:\Users\LMPC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZG1YQTI0\FRST64.exe
    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2011-07-20] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [370584 2012-11-08] (Wave Systems Corp.)
    HKLM\...\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
    HKLM\...\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
    Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
    MountPoints2: {4f05ca01-b26d-11e2-b98b-90b11c95e01c} - F:\TL_Bootstrap.exe
    MountPoints2: {a0d22e8b-b563-11e2-b98b-90b11c95e01c} - F:\TL_Bootstrap.exe
    HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291648 2012-10-16] (Intel Corporation)
    HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-12-07] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [284480 2012-05-30] (Intel Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [UsbCipHelper] C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe [434176 2011-10-18] (Rockwell Automation, Inc.)
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" [1226928 2013-05-23] (AVG Secure Search)
    Lsa: [Authentication Packages] msv1_0 wvauth
    Startup: C:\Users\LMPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RSLINX - Shortcut.lnk
    ShortcutTarget: RSLINX - Shortcut.lnk -> C:\Program Files (x86)\Rockwell Software\RSLinx\RSLINX.EXE (Rockwell Automation, Inc.)
    ==================== Internet (Whitelisted) ====================
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13-comm.msn.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13-comm.msn.com
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    HKCU SearchScopes: DefaultScope {D6CF6EEE-73A0-4C3A-A4BC-C9A446E38C86} URL =
    BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
    Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 05 mswsock.dll [65024] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog9 01 mswsock.dll [20992] (Microsoft Corporation)
    Winsock: Catalog9 02 mswsock.dll [20992] (Microsoft Corporation)
    Winsock: Catalog9 03 mswsock.dll [20992] (Microsoft Corporation)
    Winsock: Catalog9 04 mswsock.dll [20992] (Microsoft Corporation)
    Winsock: Catalog9 05 mswsock.dll [20992] (Microsoft Corporation)
    Winsock: Catalog9 06 mswsock.dll [20992] (Microsoft Corporation)
    Winsock: Catalog9 07 mswsock.dll [20992] (Microsoft Corporation)
    Winsock: Catalog9 08 mswsock.dll [20992] (Microsoft Corporation)
    Winsock: Catalog9 09 mswsock.dll [20992] (Microsoft Corporation)
    Winsock: Catalog9 10 mswsock.dll [20992] (Microsoft Corporation)
    Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
    Tcpip\..\Interfaces\{D0D41F40-34B2-4D6F-B3CF-CD34C01FE1E1}: [NameServer]66.172.200.11,66.172.201.11
    ==================== Services (Whitelisted) =================
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
    S2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [225720 2012-11-20] ()
    R2 FactoryTalk Activation Service; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [1407312 2012-12-12] (Flexera Software, Inc.)
    R2 FTActivationBoost; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [145888 2012-12-21] (Rockwell Automation, Inc.)
    R2 FTAE_Archiver; C:\Program Files (x86)\Common Files\Rockwell\FTAEArchiver.exe [62136 2012-12-20] (Rockwell Automation, Inc.)
    R2 FTAE_HistServ; C:\Program Files (x86)\Common Files\Rockwell\FTAE_HistServ.exe [152248 2012-12-20] (Rockwell Automation, Inc.)
    R2 FTSysDiagSvcHost; C:\Program Files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe [69120 2012-12-17] (Rockwell Automation, Inc.)
    R2 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-22] (SafeNet Inc.)
    S3 LogReceiver; C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [82616 2012-12-27] (Rockwell Automation, Inc.)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 MSSQL$FTVIEWX64TAGDB; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
    R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1872568 2013-04-19] (Microsoft Corporation)
    R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [20480 2012-11-23] ()
    R2 RnaAeServer; C:\Program Files (x86)\Common Files\Rockwell\RnaAeServer.exe [164024 2012-12-20] (Rockwell Automation, Inc.)
    R2 RnaAlarmMux; C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmMux.exe [708280 2012-12-20] (Rockwell Automation, Inc.)
    S3 Rockwell HMI Activity Logger; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe [153272 2013-01-05] (Rockwell Automation, Inc.)
    S3 Rockwell HMI Alarm Logger; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe [132792 2013-01-05] (Rockwell Automation, Inc.)
    R2 Rockwell HMI Diagnostics; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe [108728 2013-01-05] (Rockwell Automation, Inc.)
    R2 Rockwell HMI Framework; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\ServerFramework.exe [889016 2013-01-05] (Rockwell Automation, Inc.)
    R2 Rockwell Tag Server; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe [214712 2013-01-05] (Rockwell Automation, Inc.)
    S3 RSLinx; C:\PROGRA~2\ROCKWE~1\RSLinx\RSLINX.EXE [3272224 2013-01-19] (Rockwell Automation, Inc.)
    R2 RSLinxNG; C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe [250552 2012-12-27] (Rockwell Automation, Inc.)
    S4 SQLAgent$FTVIEWX64TAGDB; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)
    S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] ()
    R2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-23] (AVG Secure Search)
    R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1758720 2012-11-19] (Wave Systems Corp.)
    S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254384 2012-11-08] (Wave Systems Corp.)
    ==================== Drivers (Whitelisted) ====================
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-23] (AVG Technologies)
    R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
    R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
    R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [3708776 2012-02-07] (Realtek Semiconductor Corp.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R3 SNXPCAMD; C:\Windows\System32\DRIVERS\snxpcamd.sys [53112 2010-12-02] (SUNIX Co., Ltd.)
    R3 SNXPPAMD; C:\Windows\System32\DRIVERS\snxppamd.sys [100728 2010-12-02] (SUNIX Co., Ltd.)
    R3 SNXPSAMD; C:\Windows\System32\DRIVERS\snxpsamd.sys [97144 2010-12-02] (SUNIX Co., Ltd.)
    R1 VirtualBackplane; C:\Windows\System32\Drivers\VirtualBackplane.sys [51200 2011-06-02] (Rockwell Automation)
    S3 pcidnt; \SystemRoot\System32\Drivers\pcidnt.sys [x]
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2013-05-24 14:20 - 2013-05-24 14:20 - 00000000 ____D C:\FRST
    2013-05-24 13:23 - 2013-05-24 13:23 - 00000000 ____D C:\Users\LMPC\Desktop\mbar
    2013-05-24 13:21 - 2013-05-24 13:21 - 00000000 ____D C:\Users\LMPC\Documents\mbar-1.05.0.1001
    2013-05-24 13:16 - 2013-05-24 13:16 - 00004051 ____A C:\Users\LMPC\Desktop\RKreport[2]_D_05242013_02d1316.txt
    2013-05-24 13:15 - 2013-05-24 13:15 - 00003139 ____A C:\Users\LMPC\Desktop\RKreport[1]_S_05242013_02d1315.txt
    2013-05-24 13:14 - 2013-05-24 13:16 - 00000000 ____D C:\Users\LMPC\Desktop\RK_Quarantine
    2013-05-24 12:35 - 2013-05-24 12:35 - 00000000 ____D C:\Users\LMPC\AppData\Local\AVG SafeGuard toolbar
    2013-05-24 11:18 - 2013-05-24 11:18 - 00028497 ____A C:\Users\LMPC\Desktop\dds.txt
    2013-05-24 11:18 - 2013-05-24 11:18 - 00013777 ____A C:\Users\LMPC\Desktop\attach.txt
    2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\Malwarebytes
    2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-24 11:11 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-05-23 16:41 - 2013-05-23 16:41 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2013-05-23 16:41 - 2013-05-23 16:41 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\TuneUp Software
    2013-05-23 16:41 - 2013-05-23 16:41 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\AVG2013
    2013-05-23 16:41 - 2013-05-23 16:40 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2013-05-23 16:40 - 2013-05-23 16:41 - 00000000 ____D C:\ProgramData\AVG2013
    2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ___HD C:\$AVG
    2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
    2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ____D C:\Program Files (x86)\AVG
    2013-05-23 16:34 - 2013-05-24 13:43 - 00000000 ____D C:\ProgramData\MFAData
    2013-05-23 16:34 - 2013-05-23 17:02 - 00000000 ____D C:\Users\LMPC\AppData\Local\Avg2013
    2013-05-23 16:34 - 2013-05-23 16:34 - 00000000 ____D C:\Users\LMPC\AppData\Local\MFAData
    2013-05-23 15:05 - 2013-05-23 15:05 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2013-05-23 11:45 - 2013-05-23 12:02 - 00000000 ____D C:\Program Files (x86)\SysInternals
    2013-05-22 11:48 - 2013-05-22 11:48 - 00000000 ____D C:\Users\LMPC\Desktop\Gen Run Reports - backup
    2013-05-21 08:38 - 2013-05-21 08:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{0A01D529-A43A-494C-ADB5-0FB00DB3A468}
    2013-05-20 20:38 - 2013-05-20 20:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{6B509808-A99C-4191-9A32-5C1E97FC35BF}
    2013-05-20 08:38 - 2013-05-20 08:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{CCB0FDFF-F3CF-4EEF-975C-02CAFD34D73A}
    2013-05-19 20:37 - 2013-05-19 20:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{7F2BE1C7-4C61-4F83-8ECF-D4232EA35927}
    2013-05-19 08:37 - 2013-05-19 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{FBFB7710-CE86-4666-9092-B856C673430F}
    2013-05-18 20:37 - 2013-05-18 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{1A1966B7-8CD3-480F-B51F-3412E055187C}
    2013-05-18 08:37 - 2013-05-18 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{05134FA1-DC8D-453C-A701-13B208FD5F52}
    2013-05-17 20:37 - 2013-05-17 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{DE700F8B-0FEA-407F-9B23-30A868EFB2D0}
    2013-05-17 08:36 - 2013-05-17 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{7F8999CA-0C50-441B-8347-4EF0692941CE}
    2013-05-17 07:44 - 2013-05-03 16:15 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-05-17 03:00 - 2013-05-17 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-05-17 03:00 - 2013-05-17 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-05-16 20:36 - 2013-05-16 20:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{C46AE467-4907-4855-9B9F-329A3A10AB24}
    2013-05-16 16:50 - 2013-05-16 16:50 - 00001065 ____A C:\Users\LMPC\Desktop\Free SMTP Server.lnk
    2013-05-16 16:50 - 2013-05-16 16:50 - 00000000 ____D C:\Program Files (x86)\Free SMTP Server
    2013-05-16 09:25 - 2013-05-16 09:25 - 00416156 ____A C:\Users\LMPC\Desktop\Email_List_Ver2.ACD
    2013-05-16 09:24 - 2013-05-16 09:24 - 00121859 ____A C:\Users\LMPC\Desktop\Email_Ver2.txt
    2013-05-16 08:36 - 2013-05-16 12:21 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\Windows Live Writer
    2013-05-16 08:36 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\Windows Live Writer
    2013-05-16 08:36 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{19EF95DD-3C46-4B23-9C53-CA090B4C8524}
    2013-05-16 07:39 - 2013-05-16 07:39 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
    2013-05-16 03:13 - 2013-05-16 07:40 - 00292558 ____A C:\Windows\msxml4-KB973688-enu.LOG
    2013-05-16 03:11 - 2013-05-16 07:39 - 00300298 ____A C:\Windows\msxml4-KB954430-enu.LOG
    2013-05-16 03:11 - 2012-07-25 23:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
    2013-05-16 03:11 - 2012-07-25 23:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
    2013-05-16 03:11 - 2012-07-25 21:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
    2013-05-16 03:11 - 2012-06-02 09:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    2013-05-16 03:03 - 2013-05-05 16:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-16 03:03 - 2013-05-05 16:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-05-16 03:03 - 2013-05-05 14:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-16 03:03 - 2013-05-05 14:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-05-16 03:03 - 2012-07-25 22:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
    2013-05-16 03:03 - 2012-07-25 22:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
    2013-05-16 03:03 - 2012-07-25 22:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
    2013-05-16 03:03 - 2012-07-25 22:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
    2013-05-16 03:03 - 2012-07-25 22:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
    2013-05-16 03:03 - 2012-07-25 21:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
    2013-05-16 03:03 - 2012-07-25 21:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
    2013-05-16 03:03 - 2012-06-02 09:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2013-05-16 03:01 - 2013-04-04 20:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-05-16 03:01 - 2013-04-04 20:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-05-16 03:01 - 2013-04-04 20:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-05-16 03:01 - 2013-04-04 20:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-05-16 03:01 - 2013-04-04 19:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-05-16 03:01 - 2013-04-04 19:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-05-16 03:01 - 2013-04-04 19:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-05-16 03:01 - 2013-04-04 19:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-05-16 03:01 - 2013-04-04 19:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-05-16 03:01 - 2013-04-04 19:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-05-16 03:01 - 2013-04-04 19:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-05-16 03:01 - 2013-04-04 19:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-05-16 03:01 - 2013-04-04 19:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-05-16 03:01 - 2013-04-04 19:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-05-16 03:01 - 2013-04-04 17:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-05-16 03:01 - 2013-04-04 17:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-05-16 03:01 - 2013-04-04 17:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-05-16 03:01 - 2013-04-04 17:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-05-16 03:01 - 2013-04-04 17:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-05-16 03:01 - 2013-04-04 17:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-05-16 03:01 - 2013-04-04 16:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-05-16 03:01 - 2013-04-04 16:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-05-16 03:01 - 2013-04-04 16:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-05-16 03:01 - 2013-04-04 16:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-05-16 03:01 - 2013-04-04 16:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-05-16 03:01 - 2013-04-04 16:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-05-16 03:01 - 2013-04-04 16:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-05-16 03:01 - 2013-04-04 16:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-05-15 17:29 - 2013-05-15 17:29 - 00000249 ____A C:\Users\LMPC\Documents\Query from Alarm Log.dqy
    2013-05-15 16:30 - 2013-04-10 01:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2013-05-15 16:30 - 2013-04-10 01:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
    2013-05-15 16:30 - 2013-02-15 01:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
    2013-05-15 16:30 - 2013-02-15 01:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2013-05-15 16:30 - 2013-02-15 01:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
    2013-05-15 16:30 - 2013-02-14 23:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2013-05-15 16:30 - 2013-02-14 23:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2013-05-15 16:30 - 2013-02-14 22:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2013-05-15 16:30 - 2011-02-22 23:55 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
    2013-05-15 16:30 - 2011-02-03 06:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
    2013-05-15 16:29 - 2013-04-12 09:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2013-05-15 16:29 - 2013-04-09 22:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-05-15 16:29 - 2013-03-19 01:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-05-15 16:29 - 2013-03-19 00:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
    2013-05-15 16:29 - 2013-03-19 00:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
    2013-05-15 16:29 - 2013-03-19 00:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2013-05-15 16:29 - 2013-03-19 00:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-05-15 16:29 - 2013-03-19 00:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-05-15 16:29 - 2013-03-18 23:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2013-05-15 16:29 - 2013-03-18 22:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
    2013-05-15 16:29 - 2013-02-27 01:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
    2013-05-15 16:29 - 2013-02-27 00:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2013-05-15 16:29 - 2013-02-27 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
    2013-05-15 16:29 - 2013-02-27 00:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
    2013-05-15 16:29 - 2013-02-27 00:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
    2013-05-15 16:29 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-05-15 16:29 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
    2013-05-15 16:29 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2013-05-15 16:29 - 2013-01-24 01:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
    2013-05-15 12:56 - 2013-02-11 23:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
    2013-05-15 12:56 - 2013-01-04 00:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2013-05-15 12:56 - 2013-01-03 23:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2013-05-15 12:56 - 2013-01-03 21:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2013-05-15 12:56 - 2013-01-03 21:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2013-05-15 12:56 - 2013-01-03 21:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2013-05-15 12:56 - 2013-01-03 21:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2013-05-15 12:56 - 2011-11-17 01:35 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
    2013-05-15 12:56 - 2011-11-17 00:35 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
    2013-05-15 12:56 - 2011-04-09 01:58 - 00142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
    2013-05-15 12:56 - 2011-04-09 00:56 - 00123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2013-05-15 12:55 - 2013-01-03 01:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-05-15 12:55 - 2013-01-03 01:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2013-05-15 12:55 - 2012-05-05 03:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2013-05-15 12:55 - 2012-05-05 02:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2013-05-15 09:09 - 2013-05-15 09:09 - 00000000 ____D C:\Program Files (x86)\MSECache
    2013-05-15 09:09 - 2013-05-15 09:02 - 26809448 ____A (Microsoft Corporation) C:\Users\LMPC\Downloads\AccessDatabaseEngine.exe
    2013-05-02 16:05 - 2013-05-21 13:26 - 00028984 ____A C:\Users\LMPC\Documents\Alarm and Event History.xlsx
    2013-05-01 16:57 - 2013-05-01 16:57 - 00000000 ____D C:\Users\LMPC\AppData\Local\Adobe
    2013-05-01 15:12 - 2013-05-01 15:17 - 00000000 ____D C:\Users\LMPC\Documents\Gen Plant Alarm Log
    2013-04-26 09:31 - 2013-04-26 09:31 - 00007645 ____A C:\Users\LMPC\Documents\Gen Run Reports04-26-2013 Run 1.xlsx
    2013-04-24 18:09 - 2013-04-24 18:09 - 00007645 ____A C:\Users\LMPC\Documents\Gen Run Reports04-24-2013 Run 2.xlsx
    2013-04-24 10:58 - 2013-04-24 10:58 - 00007649 ____A C:\Users\LMPC\Documents\Gen Run Reports04-24-2013 Run 1.xlsx
    ==================== One Month Modified Files and Folders =======
    2013-05-24 14:20 - 2013-05-24 14:20 - 00000000 ____D C:\FRST
    2013-05-24 14:07 - 2009-07-13 23:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-05-24 14:07 - 2009-07-13 23:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-05-24 14:04 - 2009-07-14 00:13 - 00872568 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-05-24 14:01 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp
    2013-05-24 13:59 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-05-24 13:59 - 2009-07-13 23:51 - 00033018 ____A C:\Windows\setupact.log
    2013-05-24 13:57 - 2013-04-05 15:30 - 00000206 ____A C:\Windows\ODBC.INI
    2013-05-24 13:43 - 2013-05-23 16:34 - 00000000 ____D C:\ProgramData\MFAData
    2013-05-24 13:23 - 2013-05-24 13:23 - 00000000 ____D C:\Users\LMPC\Desktop\mbar
    2013-05-24 13:21 - 2013-05-24 13:21 - 00000000 ____D C:\Users\LMPC\Documents\mbar-1.05.0.1001
    2013-05-24 13:21 - 2013-04-02 04:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-05-24 13:16 - 2013-05-24 13:16 - 00004051 ____A C:\Users\LMPC\Desktop\RKreport[2]_D_05242013_02d1316.txt
    2013-05-24 13:16 - 2013-05-24 13:14 - 00000000 ____D C:\Users\LMPC\Desktop\RK_Quarantine
    2013-05-24 13:15 - 2013-05-24 13:15 - 00003139 ____A C:\Users\LMPC\Desktop\RKreport[1]_S_05242013_02d1315.txt
    2013-05-24 12:35 - 2013-05-24 12:35 - 00000000 ____D C:\Users\LMPC\AppData\Local\AVG SafeGuard toolbar
    2013-05-24 11:18 - 2013-05-24 11:18 - 00028497 ____A C:\Users\LMPC\Desktop\dds.txt
    2013-05-24 11:18 - 2013-05-24 11:18 - 00013777 ____A C:\Users\LMPC\Desktop\attach.txt
    2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\Malwarebytes
    2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-23 17:11 - 2009-07-14 00:08 - 00008124 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2013-05-23 17:02 - 2013-05-23 16:34 - 00000000 ____D C:\Users\LMPC\AppData\Local\Avg2013
    2013-05-23 16:41 - 2013-05-23 16:41 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2013-05-23 16:41 - 2013-05-23 16:41 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\TuneUp Software
    2013-05-23 16:41 - 2013-05-23 16:41 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\AVG2013
    2013-05-23 16:41 - 2013-05-23 16:40 - 00000000 ____D C:\ProgramData\AVG2013
    2013-05-23 16:40 - 2013-05-23 16:41 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ___HD C:\$AVG
    2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
    2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ____D C:\Program Files (x86)\AVG
    2013-05-23 16:34 - 2013-05-23 16:34 - 00000000 ____D C:\Users\LMPC\AppData\Local\MFAData
    2013-05-23 15:32 - 2010-11-20 22:47 - 00012700 ____A C:\Windows\PFRO.log
    2013-05-23 15:05 - 2013-05-23 15:05 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2013-05-23 15:00 - 2013-04-02 04:24 - 02015444 ____A C:\Windows\WindowsUpdate.log
    2013-05-23 14:31 - 2013-04-11 09:46 - 00000000 ____D C:\Users\LMPC\Documents\Gen Run Reports
    2013-05-23 12:02 - 2013-05-23 11:45 - 00000000 ____D C:\Program Files (x86)\SysInternals
    2013-05-22 11:48 - 2013-05-22 11:48 - 00000000 ____D C:\Users\LMPC\Desktop\Gen Run Reports - backup
    2013-05-22 11:00 - 2013-04-11 09:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2013-05-21 13:26 - 2013-05-02 16:05 - 00028984 ____A C:\Users\LMPC\Documents\Alarm and Event History.xlsx
    2013-05-21 08:38 - 2013-05-21 08:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{0A01D529-A43A-494C-ADB5-0FB00DB3A468}
    2013-05-20 20:38 - 2013-05-20 20:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{6B509808-A99C-4191-9A32-5C1E97FC35BF}
    2013-05-20 08:38 - 2013-05-20 08:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{CCB0FDFF-F3CF-4EEF-975C-02CAFD34D73A}
    2013-05-19 20:38 - 2013-05-19 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{7F2BE1C7-4C61-4F83-8ECF-D4232EA35927}
    2013-05-19 08:37 - 2013-05-19 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{FBFB7710-CE86-4666-9092-B856C673430F}
    2013-05-18 20:37 - 2013-05-18 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{1A1966B7-8CD3-480F-B51F-3412E055187C}
    2013-05-18 08:37 - 2013-05-18 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{05134FA1-DC8D-453C-A701-13B208FD5F52}
    2013-05-17 20:37 - 2013-05-17 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{DE700F8B-0FEA-407F-9B23-30A868EFB2D0}
    2013-05-17 08:37 - 2013-05-17 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{7F8999CA-0C50-441B-8347-4EF0692941CE}
    2013-05-17 07:44 - 2011-02-10 09:33 - 00866466 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2013-05-17 03:00 - 2013-05-17 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-05-17 03:00 - 2013-05-17 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-05-16 20:36 - 2013-05-16 20:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{C46AE467-4907-4855-9B9F-329A3A10AB24}
    2013-05-16 16:53 - 2013-04-05 15:01 - 00000000 ____D C:\Users\LMPC\AppData\Local\VirtualStore
    2013-05-16 16:50 - 2013-05-16 16:50 - 00001065 ____A C:\Users\LMPC\Desktop\Free SMTP Server.lnk
    2013-05-16 16:50 - 2013-05-16 16:50 - 00000000 ____D C:\Program Files (x86)\Free SMTP Server
    2013-05-16 12:21 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\Windows Live Writer
    2013-05-16 09:25 - 2013-05-16 09:25 - 00416156 ____A C:\Users\LMPC\Desktop\Email_List_Ver2.ACD
    2013-05-16 09:24 - 2013-05-16 09:24 - 00121859 ____A C:\Users\LMPC\Desktop\Email_Ver2.txt
    2013-05-16 08:36 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\Windows Live Writer
    2013-05-16 08:36 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{19EF95DD-3C46-4B23-9C53-CA090B4C8524}
    2013-05-16 07:40 - 2013-05-16 03:13 - 00292558 ____A C:\Windows\msxml4-KB973688-enu.LOG
    2013-05-16 07:39 - 2013-05-16 07:39 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
    2013-05-16 07:39 - 2013-05-16 03:11 - 00300298 ____A C:\Windows\msxml4-KB954430-enu.LOG
    2013-05-16 04:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
    2013-05-16 03:34 - 2009-07-13 23:45 - 00347440 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-05-16 03:33 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
    2013-05-16 03:33 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
    2013-05-15 17:29 - 2013-05-15 17:29 - 00000249 ____A C:\Users\LMPC\Documents\Query from Alarm Log.dqy
    2013-05-15 09:11 - 2013-04-02 04:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2013-05-15 09:09 - 2013-05-15 09:09 - 00000000 ____D C:\Program Files (x86)\MSECache
    2013-05-15 09:02 - 2013-05-15 09:09 - 26809448 ____A (Microsoft Corporation) C:\Users\LMPC\Downloads\AccessDatabaseEngine.exe
    2013-05-05 16:36 - 2013-05-16 03:03 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-05 16:16 - 2013-05-16 03:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-05-05 14:25 - 2013-05-16 03:03 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-05 14:12 - 2013-05-16 03:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-05-03 16:15 - 2013-05-17 07:44 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-05-02 02:06 - 2010-11-20 22:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2013-05-01 16:59 - 2013-04-05 15:08 - 00000000 ____D C:\ProgramData\Adobe
    2013-05-01 16:57 - 2013-05-01 16:57 - 00000000 ____D C:\Users\LMPC\AppData\Local\Adobe
    2013-05-01 16:57 - 2013-04-05 15:05 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\Adobe
    2013-05-01 15:17 - 2013-05-01 15:12 - 00000000 ____D C:\Users\LMPC\Documents\Gen Plant Alarm Log
    2013-04-26 09:31 - 2013-04-26 09:31 - 00007645 ____A C:\Users\LMPC\Documents\Gen Run Reports04-26-2013 Run 1.xlsx
    2013-04-24 18:09 - 2013-04-24 18:09 - 00007645 ____A C:\Users\LMPC\Documents\Gen Run Reports04-24-2013 Run 2.xlsx
    2013-04-24 10:58 - 2013-04-24 10:58 - 00007649 ____A C:\Users\LMPC\Documents\Gen Run Reports04-24-2013 Run 1.xlsx
    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    C:\Program Files\Windows Defender\mpsvc.dll => ZeroAcces. use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

    Last Boot: 2013-05-24 00:11
    ==================== End Of Log ============================
     
  6. stephengates

    stephengates TS Rookie Topic Starter

    And...

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2013 02
    Ran by LMPC at 2013-05-24 14:21:00 Run:
    Running from C:\Users\LMPC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZG1YQTI0
    Boot Mode: Normal
    ==========================================================

    ==================== Installed Programs =======================
    Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
    Adobe Reader X (10.1.7) (Version: 10.1.7)
    AMD APP SDK Runtime (Version: 10.0.831.4)
    AMD Catalyst Install Manager (Version: 3.0.855.0)
    AVG 2013 (Version: 13.0.3184)
    AVG 2013 (Version: 13.0.3343)
    AVG 2013 (Version: 2013.0.3343)
    Catalyst Control Center - Branding (Version: 1.00.0000)
    Catalyst Control Center (Version: 2011.1207.217.3953)
    Catalyst Control Center Graphics Previews Common (Version: 2011.1207.217.3953)
    Catalyst Control Center InstallProxy (Version: 2011.1207.217.3953)
    Catalyst Control Center Localization All (Version: 2011.1207.217.3953)
    Catalyst Control Center Profiles Desktop (Version: 2011.1207.217.3953)
    CCC Help Chinese Standard (Version: 2011.1207.0216.3953)
    CCC Help Chinese Traditional (Version: 2011.1207.0216.3953)
    CCC Help Czech (Version: 2011.1207.0216.3953)
    CCC Help Danish (Version: 2011.1207.0216.3953)
    CCC Help Dutch (Version: 2011.1207.0216.3953)
    CCC Help English (Version: 2011.1207.0216.3953)
    CCC Help Finnish (Version: 2011.1207.0216.3953)
    CCC Help French (Version: 2011.1207.0216.3953)
    CCC Help German (Version: 2011.1207.0216.3953)
    CCC Help Greek (Version: 2011.1207.0216.3953)
    CCC Help Hungarian (Version: 2011.1207.0216.3953)
    CCC Help Italian (Version: 2011.1207.0216.3953)
    CCC Help Japanese (Version: 2011.1207.0216.3953)
    CCC Help Korean (Version: 2011.1207.0216.3953)
    CCC Help Norwegian (Version: 2011.1207.0216.3953)
    CCC Help Polish (Version: 2011.1207.0216.3953)
    CCC Help Portuguese (Version: 2011.1207.0216.3953)
    CCC Help Russian (Version: 2011.1207.0216.3953)
    CCC Help Spanish (Version: 2011.1207.0216.3953)
    CCC Help Swedish (Version: 2011.1207.0216.3953)
    CCC Help Thai (Version: 2011.1207.0216.3953)
    CCC Help Turkish (Version: 2011.1207.0216.3953)
    ccc-utility64 (Version: 2011.1207.217.3953)
    Custom (Version: 01.00.00.002)
    D3DX10 (Version: 15.4.2368.0902)
    Dell Backup and Recovery Manager (Version: 1.3.1)
    Dell Client System Update (Version: 1.3.0)
    Dell Data Protection | Access (Version: 2.3.00001.021)
    Dell Edoc Viewer (Version: 1.0.0)
    DellAccess (Version: 01.03.00.046)
    EMBASSY Client Core (Version: 01.03.00.092)
    ERAS Connector (Version: 02.09.05.0330)
    FactoryTalk Activation Manager 3.60.00 (CPR 9 SR 6) (Version: 3.60.00)
    FactoryTalk Alarms and Events 2.60.00 (CPR 9 SR 6) (Version: 2.60.00)
    FactoryTalk Diagnostics 2.60.00 (CPR 9 SR 6) (Version: 2.60.00)
    FactoryTalk Services Platform 2.60.00 (CPR 9 SR 6) (Version: 2.60.00)
    FactoryTalk View Site Edition Client 7.00.00
    FactoryTalk® View Site Edition Client 7.00.00 (CPR 9 SR 6) (Version: 7.00.00)
    FactoryTalk® View Site Edition Server 7.00.00 (CPR 9 SR 6) (Version: 7.00.00)
    FactoryTalk® View Studio Enterprise 7.00.00 (CPR 9 SR 6) (Version: 7.00.00)
    Free SMTP Server
    Gemalto (Version: 01.64.01.0010)
    GemPcCCID (Version: 2.0.1)
    Intel(R) Control Center (Version: 1.2.1.1008)
    Intel(R) Network Connections 17.3.63.0 (Version: 17.3.63.0)
    Intel(R) Rapid Storage Technology (Version: 11.2.0.1006)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (Version: 1.0.6.245)
    Junk Mail filter update (Version: 15.4.3502.0922)
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
    Mesh Runtime (Version: 15.4.5722.2)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
    Microsoft Access database engine 2010 (English) (Version: 14.0.6029.1000)
    Microsoft Application Error Reporting (Version: 12.0.6012.5000)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000)
    Microsoft Office Home and Business 2013 - en-us (Version: 15.0.4505.1006)
    Microsoft Silverlight (Version: 5.1.20125.0)
    Microsoft SkyDrive (Version: 16.4.6012.0828)
    Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
    Microsoft SQL Server 2008 R2 Native Client (Version: 10.50.1600.1)
    Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.50.1600.1)
    Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.50.1600.1)
    Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)
    Microsoft SQL Server Browser (Version: 10.50.1600.1)
    Microsoft SQL Server Compact 4.0 x64 ENU (Version: 4.0.8482.1)
    Microsoft SQL Server VSS Writer (Version: 10.50.1600.1)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
    MSVCRT (Version: 15.4.2862.0708)
    MSVCRT_amd64 (Version: 15.4.2862.0708)
    MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
    MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
    Office 15 Click-to-Run Extensibility Component (Version: 15.0.4505.1006)
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4505.1006)
    Office 15 Click-to-Run Localization Component (Version: 15.0.4505.1006)
    PBA Driver (Version: 1.0.1.7)
    Preboot Manager (Version: 03.05.00.026)
    Private Information Manager (Version: 07.03.00.016)
    Realtek High Definition Audio Driver (Version: 6.0.1.5907)
    Rockwell Automation Driver Package x64 (Version: 1.1.11)
    Rockwell Windows Firewall Configuration Utility 1.00.06 (Version: 1.00.06.0004)
    RSLinx Classic 3.60.00 CPR 9 SR 6 (Version: 3.60.00 CPR 9 SR 6)
    RSLinx Enterprise 5.60.00 (CPR 9 SR 6) (Version: 5.60.00)
    SI TSS (Version: 2.1.41)
    SPBA (WBF) 5.9 (Version: 5.9.7.7232)
    SQL Server 2008 R2 Common Files (Version: 10.50.1600.1)
    SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1)
    SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1)
    Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1)
    toolkit32for64bit (Version: 7.68.85.0013)
    Trusted Drive Manager (Version: 5.0.0.304)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
    Visual Basic for Applications (R) Core - English (Version: 6.5.10.32)
    Visual Basic for Applications (R) Core (Version: 6.5.10.32)
    Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
    Wave Crypto Runtime 2.0.9.0 x64 (Version: 02.00.09.0000)
    Wave Crypto Runtime 2.0.9.0 x86 (Version: 02.00.09.0000)
    Wave Infrastructure Installer (Version: 07.68.85.0014)
    Wave Support Software Installer (Version: 05.15.00.021)
    Windows Live Communications Platform (Version: 15.4.3502.0922)
    Windows Live Essentials (Version: 15.4.3502.0922)
    Windows Live Essentials (Version: 15.4.3508.1109)
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
    Windows Live Installer (Version: 15.4.3502.0922)
    Windows Live Language Selector (Version: 15.4.3508.1109)
    Windows Live Mail (Version: 15.4.3502.0922)
    Windows Live Mesh (Version: 15.4.3502.0922)
    Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
    Windows Live Messenger (Version: 15.4.3502.0922)
    Windows Live MIME IFilter (Version: 15.4.3502.0922)
    Windows Live Movie Maker (Version: 15.4.3502.0922)
    Windows Live Photo Common (Version: 15.4.3502.0922)
    Windows Live Photo Gallery (Version: 15.4.3502.0922)
    Windows Live PIMT Platform (Version: 15.4.3508.1109)
    Windows Live Remote Client (Version: 15.4.5722.2)
    Windows Live Remote Client Resources (Version: 15.4.5722.2)
    Windows Live Remote Service (Version: 15.4.5722.2)
    Windows Live Remote Service Resources (Version: 15.4.5722.2)
    Windows Live SOXE (Version: 15.4.3502.0922)
    Windows Live SOXE Definitions (Version: 15.4.3502.0922)
    Windows Live UX Platform (Version: 15.4.3502.0922)
    Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
    Windows Live Writer (Version: 15.4.3502.0922)
    Windows Live Writer Resources (Version: 15.4.3502.0922)
    ==================== Restore Points =========================
    26-04-2013 20:42:15 Scheduled Checkpoint
    15-05-2013 00:38:45 Scheduled Checkpoint
    15-05-2013 14:11:00 Installed Microsoft Access database engine 2010 (English)
    15-05-2013 17:52:43 Windows Update
    16-05-2013 08:00:14 Windows Update
    16-05-2013 12:38:54 Windows Update
    17-05-2013 08:00:12 Windows Update
    17-05-2013 12:42:13 Windows Update
    18-05-2013 08:00:10 Windows Update
    23-05-2013 20:15:14 Windows Defender Checkpoint
    23-05-2013 21:39:45 Installed AVG 2013
    23-05-2013 21:40:04 Installed AVG 2013
    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (05/24/2013 02:01:01 PM) (Source: Application Error) (User: )
    Description: Faulting application name: EmbassyServer.exe, version: 1.3.0.117, time stamp: 0x50ab6eb4
    Faulting module name: EmbassyServer.exe, version: 1.3.0.117, time stamp: 0x50ab6eb4
    Exception code: 0xc0000005
    Fault offset: 0x000000000001711a
    Faulting process id: 0x8e0
    Faulting application start time: 0xEmbassyServer.exe0
    Faulting application path: EmbassyServer.exe1
    Faulting module path: EmbassyServer.exe2
    Report Id: EmbassyServer.exe3
    Error: (05/24/2013 01:59:50 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (05/24/2013 00:35:29 PM) (Source: Application Error) (User: )
    Description: Faulting application name: EmbassyServer.exe, version: 1.3.0.117, time stamp: 0x50ab6eb4
    Faulting module name: EmbassyServer.exe, version: 1.3.0.117, time stamp: 0x50ab6eb4
    Exception code: 0xc0000005
    Fault offset: 0x000000000001711a
    Faulting process id: 0x890
    Faulting application start time: 0xEmbassyServer.exe0
    Faulting application path: EmbassyServer.exe1
    Faulting module path: EmbassyServer.exe2
    Report Id: EmbassyServer.exe3
    Error: (05/24/2013 00:29:37 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (05/23/2013 06:53:51 PM) (Source: Winlogon) (User: )
    Description: The Windows logon process has unexpectedly terminated.
    Error: (05/23/2013 05:14:52 PM) (Source: Application Error) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: y, version: 0.0.0.0, time stamp: 0x5038a94a
    Exception code: 0xc0000005
    Fault offset: 0x000000000000166a
    Faulting process id: 0x1348
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Error: (05/23/2013 05:14:39 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (05/23/2013 05:11:16 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe_ProfSvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: y, version: 0.0.0.0, time stamp: 0x5038a94a
    Exception code: 0xc0000005
    Fault offset: 0x0000000000005580
    Faulting process id: 0x1b0
    Faulting application start time: 0xsvchost.exe_ProfSvc0
    Faulting application path: svchost.exe_ProfSvc1
    Faulting module path: svchost.exe_ProfSvc2
    Report Id: svchost.exe_ProfSvc3
    Error: (05/23/2013 05:10:46 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x7323c9f1
    Faulting process id: 0x1f90
    Faulting application start time: 0xsvchost.exe0
    Faulting application path: svchost.exe1
    Faulting module path: svchost.exe2
    Report Id: svchost.exe3
    Error: (05/23/2013 05:09:46 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x7323c9f1
    Faulting process id: 0x2e40
    Faulting application start time: 0xsvchost.exe0
    Faulting application path: svchost.exe1
    Faulting module path: svchost.exe2
    Report Id: svchost.exe3

    System errors:
    =============
    Error: (05/24/2013 02:01:31 PM) (Source: UmrdpService) (User: )
    Description: Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.
    Error: (05/24/2013 02:01:26 PM) (Source: UmrdpService) (User: )
    Description: Driver HP Officejet Pro 8600 required for printer HP Officejet Pro 8600 (Network) is unknown. Contact the administrator to install the driver before you log in again.
    Error: (05/24/2013 02:01:25 PM) (Source: UmrdpService) (User: )
    Description: Driver Bullzip PDF Printer required for printer Bullzip PDF Printer is unknown. Contact the administrator to install the driver before you log in again.
    Error: (05/24/2013 02:01:23 PM) (Source: UmrdpService) (User: )
    Description: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.
    Error: (05/24/2013 02:01:23 PM) (Source: UmrdpService) (User: )
    Description: Driver Fax - HP Officejet Pro 8600 required for printer Fax - HP Officejet Pro 8600 (Network) is unknown. Contact the administrator to install the driver before you log in again.
    Error: (05/24/2013 02:01:03 PM) (Source: Service Control Manager) (User: )
    Description: The EmbassyService service terminated unexpectedly. It has done this 1 time(s).
    Error: (05/24/2013 01:59:45 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    Error: (05/24/2013 01:59:36 PM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service terminated with the following error:
    %%1060
    Error: (05/24/2013 01:59:33 PM) (Source: Service Control Manager) (User: )
    Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    Error: (05/24/2013 01:59:32 PM) (Source: Service Control Manager) (User: )
    Description: The WvPCR service depends on the TPM Base Services service which failed to start because of the following error:
    %%0

    Microsoft Office Sessions:
    =========================
    Error: (05/24/2013 02:01:01 PM) (Source: Application Error)(User: )
    Description: EmbassyServer.exe1.3.0.11750ab6eb4EmbassyServer.exe1.3.0.11750ab6eb4c0000005000000000001711a8e001ce58b0d42f2adbC:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exeC:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe46384e04-c4a4-11e2-b6b2-90b11c95e01c
    Error: (05/24/2013 01:59:50 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (05/24/2013 00:35:29 PM) (Source: Application Error)(User: )
    Description: EmbassyServer.exe1.3.0.11750ab6eb4EmbassyServer.exe1.3.0.11750ab6eb4c0000005000000000001711a89001ce58a4378265baC:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exeC:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe53118f73-c498-11e2-ad67-90b11c95e01c
    Error: (05/24/2013 00:29:37 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (05/23/2013 06:53:51 PM) (Source: Winlogon)(User: )
    Description:
    Error: (05/23/2013 05:14:52 PM) (Source: Application Error)(User: )
    Description: Explorer.EXE6.1.7601.175674d672ee4y0.0.0.05038a94ac0000005000000000000166a134801ce57f4cee81878C:\Windows\Explorer.EXEc:\windows\system32\y304bbfb2-c3f6-11e2-9834-90b11c95e01c
    Error: (05/23/2013 05:14:39 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (05/23/2013 05:11:16 PM) (Source: Application Error)(User: )
    Description: svchost.exe_ProfSvc6.1.7600.163854a5bc3c1y0.0.0.05038a94ac000000500000000000055801b001ce57f4baa4c50eC:\Windows\system32\svchost.exec:\windows\system32\yaf4d890c-c3f5-11e2-9834-90b11c95e01c
    Error: (05/23/2013 05:10:46 PM) (Source: Application Error)(User: )
    Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057323c9f11f9001ce580260256ceaC:\Windows\SysWOW64\svchost.exeunknown9dd3b52a-c3f5-11e2-9834-90b11c95e01c
    Error: (05/23/2013 05:09:46 PM) (Source: Application Error)(User: )
    Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057323c9f12e4001ce58023c45db12C:\Windows\SysWOW64\svchost.exeunknown79f6463a-c3f5-11e2-9834-90b11c95e01c

    CodeIntegrity Errors:
    ===================================
    Date: 2013-05-24 14:18:54.096
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
    Date: 2013-05-24 14:01:23.632
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
    Date: 2013-05-24 13:42:06.474
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
    Date: 2013-05-24 13:14:03.937
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
    Date: 2013-05-24 13:02:12.333
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
    Date: 2013-05-24 12:35:53.217
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
    Date: 2013-05-24 12:28:18.238
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
    Date: 2013-05-24 12:14:31.615
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
    Date: 2013-05-24 11:48:37.334
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
    Date: 2013-05-24 11:23:54.314
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================
    Percentage of memory in use: 23%
    Total physical RAM: 8178.45 MB
    Available physical RAM: 6257.21 MB
    Total Pagefile: 16355.09 MB
    Available Pagefile: 14271.89 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB
    ==================== Drives ================================
    Drive c: (OS) (Fixed) (Total:450.54 GB) (Free:398.12 GB) NTFS (Disk=0 Partition=3)
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows Vista) (Size: 466 GB) (Disk ID: F7A36B7E)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
    ==================== End Of Log ============================
     
  7. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Re-run FRST one more time and post new log.
     

    Attached Files:

  8. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Still with me?
     
  9. stephengates

    stephengates TS Rookie Topic Starter

    Broni,

    Sorry for the delayed response! I was on my honeymoon last week. Thanks for all your help.

    Here is the fixlog:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2013 03
    Ran by LMPC at 2013-06-03 08:36:16 Run:1
    Running from C:\Users\LMPC\Desktop
    Boot Mode: Normal
    ==============================================
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f05ca01-b26d-11e2-b98b-90b11c95e01c} => Key deleted successfully.
    HKCR\CLSID\{4f05ca01-b26d-11e2-b98b-90b11c95e01c} => Key not found.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0d22e8b-b563-11e2-b98b-90b11c95e01c} => Key deleted successfully.
    HKCR\CLSID\{a0d22e8b-b563-11e2-b98b-90b11c95e01c} => Key not found.
    HKCR\PROTOCOLS\Handler\osf => Key deleted successfully.
    HKCR\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1} => Key not found.
    Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
    Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
    Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
    Winsock: Catalog5-x64 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
    "C:\Program Files\Windows Defender" => Deleting junctions and unlocking files completed successfully.
    ==== End of Fixlog ====
     
  10. stephengates

    stephengates TS Rookie Topic Starter

    When you said "Re-run FRST one more time and post new log." I wasn't sure if you meant to to another "fix" or a "scan" so I included both.

    Also, FYI I ran an AVG scan again and it's saying that no threats were detected.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2013 03
    Ran by LMPC at 2013-06-03 08:43:22 Run:2
    Running from C:\Users\LMPC\Desktop
    Boot Mode: Normal
    ==============================================
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f05ca01-b26d-11e2-b98b-90b11c95e01c} => Key not found.
    HKCR\CLSID\{4f05ca01-b26d-11e2-b98b-90b11c95e01c} => Key not found.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0d22e8b-b563-11e2-b98b-90b11c95e01c} => Key not found.
    HKCR\CLSID\{a0d22e8b-b563-11e2-b98b-90b11c95e01c} => Key not found.
    HKCR\PROTOCOLS\Handler\osf => Key not found.
    HKCR\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1} => Key not found.
    Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
    Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
    Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
    Winsock: Catalog5-x64 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
    "C:\Program Files\Windows Defender" => Deleting junctions and unlocking files completed successfully.
    ==== End of Fixlog ====


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2013 03
    Ran by LMPC (administrator) on 03-06-2013 08:43:47
    Running from C:\Users\LMPC\Desktop
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal
    ==================== Processes (Whitelisted) =================
    (AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    (AMD) C:\Windows\system32\atiesrxx.exe
    (Microsoft Corporation) C:\Windows\system32\LogonUI.exe
    (AMD) C:\Windows\system32\atieclxx.exe
    (Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\EventServer.exe
    (Flexera Software, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\FTAEArchiver.exe
    (Flexera Software, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\FTAE_HistServ.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe
    (SafeNet Inc.) C:\Windows\system32\hasplms.exe
    (Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
    () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RdcyHost.exe
    (Rockwell Automation Inc.) C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe
    (Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\EventClientMultiplexer.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RnaDirServer.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RNADirMultiplexor.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RnaAeServer.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmMux.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\ServerFramework.exe
    () C:\Program Files (x86)\Free SMTP Server\localsrv.exe
    (Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
    (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
    (Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    (AVG Secure Search) C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSCommon\RSOBSERV.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (AVG Secure Search) C:\Windows\TEMP\{8A038460-7D8B-4377-A015-2C636C72CEFA}.exe
    (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2011-07-20] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [370584 2012-11-08] (Wave Systems Corp.)
    HKLM\...\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
    HKLM\...\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
    Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
    HKCU\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe -update activex [697272 2013-04-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291648 2012-10-16] (Intel Corporation)
    HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-12-07] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [284480 2012-05-30] (Intel Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [UsbCipHelper] C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe [434176 2011-10-18] (Rockwell Automation, Inc.)
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" [1226928 2013-05-23] (AVG Secure Search)
    Lsa: [Authentication Packages] msv1_0 wvauth
    Startup: C:\Users\LMPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RSLINX - Shortcut.lnk
    ShortcutTarget: RSLINX - Shortcut.lnk -> C:\Program Files (x86)\Rockwell Software\RSLinx\RSLINX.EXE (Rockwell Automation, Inc.)
    ==================== Internet (Whitelisted) ====================
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13-comm.msn.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13-comm.msn.com
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    HKCU SearchScopes: DefaultScope {D6CF6EEE-73A0-4C3A-A4BC-C9A446E38C86} URL =
    BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
    Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
    Tcpip\..\Interfaces\{D0D41F40-34B2-4D6F-B3CF-CD34C01FE1E1}: [NameServer]66.172.200.11,66.172.201.11
    ==================== Services (Whitelisted) =================
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
    S2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [225720 2012-11-20] ()
    R2 FactoryTalk Activation Service; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [1407312 2012-12-12] (Flexera Software, Inc.)
    R2 FTActivationBoost; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [145888 2012-12-21] (Rockwell Automation, Inc.)
    R2 FTAE_Archiver; C:\Program Files (x86)\Common Files\Rockwell\FTAEArchiver.exe [62136 2012-12-20] (Rockwell Automation, Inc.)
    R2 FTAE_HistServ; C:\Program Files (x86)\Common Files\Rockwell\FTAE_HistServ.exe [152248 2012-12-20] (Rockwell Automation, Inc.)
    R2 FTSysDiagSvcHost; C:\Program Files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe [69120 2012-12-17] (Rockwell Automation, Inc.)
    R2 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-22] (SafeNet Inc.)
    S3 LogReceiver; C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [82616 2012-12-27] (Rockwell Automation, Inc.)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 MSSQL$FTVIEWX64TAGDB; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
    R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1872568 2013-04-19] (Microsoft Corporation)
    R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [20480 2012-11-23] ()
    R2 RnaAeServer; C:\Program Files (x86)\Common Files\Rockwell\RnaAeServer.exe [164024 2012-12-20] (Rockwell Automation, Inc.)
    R2 RnaAlarmMux; C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmMux.exe [708280 2012-12-20] (Rockwell Automation, Inc.)
    S3 Rockwell HMI Activity Logger; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe [153272 2013-01-05] (Rockwell Automation, Inc.)
    S3 Rockwell HMI Alarm Logger; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe [132792 2013-01-05] (Rockwell Automation, Inc.)
    R2 Rockwell HMI Diagnostics; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe [108728 2013-01-05] (Rockwell Automation, Inc.)
    R2 Rockwell HMI Framework; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\ServerFramework.exe [889016 2013-01-05] (Rockwell Automation, Inc.)
    R2 Rockwell Tag Server; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe [214712 2013-01-05] (Rockwell Automation, Inc.)
    S3 RSLinx; C:\PROGRA~2\ROCKWE~1\RSLinx\RSLINX.EXE [3272224 2013-01-19] (Rockwell Automation, Inc.)
    R2 RSLinxNG; C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe [250552 2012-12-27] (Rockwell Automation, Inc.)
    S4 SQLAgent$FTVIEWX64TAGDB; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)
    S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] ()
    R2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-23] (AVG Secure Search)
    R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1758720 2012-11-19] (Wave Systems Corp.)
    S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254384 2012-11-08] (Wave Systems Corp.)
    ==================== Drivers (Whitelisted) ====================
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-23] (AVG Technologies)
    R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
    R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
    R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [3708776 2012-02-07] (Realtek Semiconductor Corp.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R3 SNXPCAMD; C:\Windows\System32\DRIVERS\snxpcamd.sys [53112 2010-12-02] (SUNIX Co., Ltd.)
    R3 SNXPPAMD; C:\Windows\System32\DRIVERS\snxppamd.sys [100728 2010-12-02] (SUNIX Co., Ltd.)
    R3 SNXPSAMD; C:\Windows\System32\DRIVERS\snxpsamd.sys [97144 2010-12-02] (SUNIX Co., Ltd.)
    R1 VirtualBackplane; C:\Windows\System32\Drivers\VirtualBackplane.sys [51200 2011-06-02] (Rockwell Automation)
    S3 pcidnt; \SystemRoot\System32\Drivers\pcidnt.sys [x]
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2013-06-03 08:35 - 2013-06-03 08:35 - 01916716 ____A (Farbar) C:\Users\LMPC\Desktop\FRST64.exe
    2013-06-02 02:00 - 2013-06-02 02:00 - 00000352 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
    2013-05-24 14:20 - 2013-06-03 08:36 - 00000000 ____D C:\FRST
    2013-05-24 13:23 - 2013-05-24 13:23 - 00000000 ____D C:\Users\LMPC\Desktop\mbar
    2013-05-24 13:21 - 2013-05-24 13:21 - 00000000 ____D C:\Users\LMPC\Documents\mbar-1.05.0.1001
    2013-05-24 13:16 - 2013-05-24 13:16 - 00004051 ____A C:\Users\LMPC\Desktop\RKreport[2]_D_05242013_02d1316.txt
    2013-05-24 13:15 - 2013-05-24 13:15 - 00003139 ____A C:\Users\LMPC\Desktop\RKreport[1]_S_05242013_02d1315.txt
    2013-05-24 13:14 - 2013-05-24 13:16 - 00000000 ____D C:\Users\LMPC\Desktop\RK_Quarantine
    2013-05-24 12:35 - 2013-05-24 12:35 - 00000000 ____D C:\Users\LMPC\AppData\Local\AVG SafeGuard toolbar
    2013-05-24 11:18 - 2013-05-24 11:18 - 00028497 ____A C:\Users\LMPC\Desktop\dds.txt
    2013-05-24 11:18 - 2013-05-24 11:18 - 00013777 ____A C:\Users\LMPC\Desktop\attach.txt
    2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\Malwarebytes
    2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-24 11:11 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-05-23 16:41 - 2013-05-23 16:41 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2013-05-23 16:41 - 2013-05-23 16:41 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\TuneUp Software
    2013-05-23 16:41 - 2013-05-23 16:41 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\AVG2013
    2013-05-23 16:41 - 2013-05-23 16:40 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2013-05-23 16:40 - 2013-06-02 02:00 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
    2013-05-23 16:40 - 2013-05-23 16:41 - 00000000 ____D C:\ProgramData\AVG2013
    2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ___HD C:\$AVG
    2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ____D C:\Program Files (x86)\AVG
    2013-05-23 16:34 - 2013-06-03 08:42 - 00000000 ____D C:\ProgramData\MFAData
    2013-05-23 16:34 - 2013-05-23 17:02 - 00000000 ____D C:\Users\LMPC\AppData\Local\Avg2013
    2013-05-23 16:34 - 2013-05-23 16:34 - 00000000 ____D C:\Users\LMPC\AppData\Local\MFAData
    2013-05-23 15:05 - 2013-05-23 15:05 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2013-05-23 11:45 - 2013-05-23 12:02 - 00000000 ____D C:\Program Files (x86)\SysInternals
    2013-05-22 11:48 - 2013-05-22 11:48 - 00000000 ____D C:\Users\LMPC\Desktop\Gen Run Reports - backup
    2013-05-21 08:38 - 2013-05-21 08:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{0A01D529-A43A-494C-ADB5-0FB00DB3A468}
    2013-05-20 20:38 - 2013-05-20 20:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{6B509808-A99C-4191-9A32-5C1E97FC35BF}
    2013-05-20 08:38 - 2013-05-20 08:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{CCB0FDFF-F3CF-4EEF-975C-02CAFD34D73A}
    2013-05-19 20:37 - 2013-05-19 20:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{7F2BE1C7-4C61-4F83-8ECF-D4232EA35927}
    2013-05-19 08:37 - 2013-05-19 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{FBFB7710-CE86-4666-9092-B856C673430F}
    2013-05-18 20:37 - 2013-05-18 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{1A1966B7-8CD3-480F-B51F-3412E055187C}
    2013-05-18 08:37 - 2013-05-18 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{05134FA1-DC8D-453C-A701-13B208FD5F52}
    2013-05-17 20:37 - 2013-05-17 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{DE700F8B-0FEA-407F-9B23-30A868EFB2D0}
    2013-05-17 08:36 - 2013-05-17 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{7F8999CA-0C50-441B-8347-4EF0692941CE}
    2013-05-17 07:44 - 2013-05-03 16:15 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-05-17 03:00 - 2013-05-17 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-05-17 03:00 - 2013-05-17 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-05-16 20:36 - 2013-05-16 20:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{C46AE467-4907-4855-9B9F-329A3A10AB24}
    2013-05-16 16:50 - 2013-05-16 16:50 - 00001065 ____A C:\Users\LMPC\Desktop\Free SMTP Server.lnk
    2013-05-16 16:50 - 2013-05-16 16:50 - 00000000 ____D C:\Program Files (x86)\Free SMTP Server
    2013-05-16 09:25 - 2013-05-16 09:25 - 00416156 ____A C:\Users\LMPC\Desktop\Email_List_Ver2.ACD
    2013-05-16 09:24 - 2013-05-16 09:24 - 00121859 ____A C:\Users\LMPC\Desktop\Email_Ver2.txt
    2013-05-16 08:36 - 2013-05-16 12:21 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\Windows Live Writer
    2013-05-16 08:36 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\Windows Live Writer
    2013-05-16 08:36 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{19EF95DD-3C46-4B23-9C53-CA090B4C8524}
    2013-05-16 07:39 - 2013-05-16 07:39 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
    2013-05-16 03:13 - 2013-05-16 07:40 - 00292558 ____A C:\Windows\msxml4-KB973688-enu.LOG
    2013-05-16 03:11 - 2013-05-16 07:39 - 00300298 ____A C:\Windows\msxml4-KB954430-enu.LOG
    2013-05-16 03:11 - 2012-07-25 23:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
    2013-05-16 03:11 - 2012-07-25 23:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
    2013-05-16 03:11 - 2012-07-25 21:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
    2013-05-16 03:11 - 2012-06-02 09:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    2013-05-16 03:03 - 2013-05-05 16:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-16 03:03 - 2013-05-05 16:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-05-16 03:03 - 2013-05-05 14:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-16 03:03 - 2013-05-05 14:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-05-16 03:03 - 2012-07-25 22:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
    2013-05-16 03:03 - 2012-07-25 22:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
    2013-05-16 03:03 - 2012-07-25 22:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
    2013-05-16 03:03 - 2012-07-25 22:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
    2013-05-16 03:03 - 2012-07-25 22:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
    2013-05-16 03:03 - 2012-07-25 21:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
    2013-05-16 03:03 - 2012-07-25 21:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
    2013-05-16 03:03 - 2012-06-02 09:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2013-05-16 03:01 - 2013-04-04 20:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-05-16 03:01 - 2013-04-04 20:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-05-16 03:01 - 2013-04-04 20:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-05-16 03:01 - 2013-04-04 20:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-05-16 03:01 - 2013-04-04 19:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-05-16 03:01 - 2013-04-04 19:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-05-16 03:01 - 2013-04-04 19:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-05-16 03:01 - 2013-04-04 19:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-05-16 03:01 - 2013-04-04 19:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-05-16 03:01 - 2013-04-04 19:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-05-16 03:01 - 2013-04-04 19:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-05-16 03:01 - 2013-04-04 19:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-05-16 03:01 - 2013-04-04 19:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-05-16 03:01 - 2013-04-04 19:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-05-16 03:01 - 2013-04-04 17:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-05-16 03:01 - 2013-04-04 17:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-05-16 03:01 - 2013-04-04 17:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-05-16 03:01 - 2013-04-04 17:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-05-16 03:01 - 2013-04-04 17:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-05-16 03:01 - 2013-04-04 17:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-05-16 03:01 - 2013-04-04 16:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-05-16 03:01 - 2013-04-04 16:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-05-16 03:01 - 2013-04-04 16:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-05-16 03:01 - 2013-04-04 16:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-05-16 03:01 - 2013-04-04 16:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-05-16 03:01 - 2013-04-04 16:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-05-16 03:01 - 2013-04-04 16:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-05-16 03:01 - 2013-04-04 16:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-05-15 17:29 - 2013-05-15 17:29 - 00000249 ____A C:\Users\LMPC\Documents\Query from Alarm Log.dqy
    2013-05-15 16:30 - 2013-04-10 01:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2013-05-15 16:30 - 2013-04-10 01:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
    2013-05-15 16:30 - 2013-02-15 01:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
    2013-05-15 16:30 - 2013-02-15 01:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2013-05-15 16:30 - 2013-02-15 01:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
    2013-05-15 16:30 - 2013-02-14 23:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2013-05-15 16:30 - 2013-02-14 23:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2013-05-15 16:30 - 2013-02-14 22:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2013-05-15 16:30 - 2011-02-22 23:55 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
    2013-05-15 16:30 - 2011-02-03 06:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
    2013-05-15 16:29 - 2013-04-12 09:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2013-05-15 16:29 - 2013-04-09 22:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-05-15 16:29 - 2013-03-19 01:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-05-15 16:29 - 2013-03-19 00:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
    2013-05-15 16:29 - 2013-03-19 00:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
    2013-05-15 16:29 - 2013-03-19 00:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2013-05-15 16:29 - 2013-03-19 00:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-05-15 16:29 - 2013-03-19 00:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-05-15 16:29 - 2013-03-18 23:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2013-05-15 16:29 - 2013-03-18 22:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
    2013-05-15 16:29 - 2013-02-27 01:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
    2013-05-15 16:29 - 2013-02-27 00:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2013-05-15 16:29 - 2013-02-27 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
    2013-05-15 16:29 - 2013-02-27 00:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
    2013-05-15 16:29 - 2013-02-27 00:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
    2013-05-15 16:29 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-05-15 16:29 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
    2013-05-15 16:29 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2013-05-15 16:29 - 2013-01-24 01:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
    2013-05-15 12:56 - 2013-02-11 23:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
    2013-05-15 12:56 - 2013-01-04 00:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2013-05-15 12:56 - 2013-01-03 23:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2013-05-15 12:56 - 2013-01-03 21:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2013-05-15 12:56 - 2013-01-03 21:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2013-05-15 12:56 - 2013-01-03 21:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2013-05-15 12:56 - 2013-01-03 21:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2013-05-15 12:56 - 2011-11-17 01:35 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
    2013-05-15 12:56 - 2011-11-17 00:35 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
    2013-05-15 12:56 - 2011-04-09 01:58 - 00142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
    2013-05-15 12:56 - 2011-04-09 00:56 - 00123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2013-05-15 12:55 - 2013-01-03 01:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-05-15 12:55 - 2013-01-03 01:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2013-05-15 12:55 - 2012-05-05 03:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2013-05-15 12:55 - 2012-05-05 02:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2013-05-15 09:09 - 2013-05-15 09:09 - 00000000 ____D C:\Program Files (x86)\MSECache
    2013-05-15 09:09 - 2013-05-15 09:02 - 26809448 ____A (Microsoft Corporation) C:\Users\LMPC\Downloads\AccessDatabaseEngine.exe
    ==================== One Month Modified Files and Folders =======
    2013-06-03 08:42 - 2013-05-23 16:34 - 00000000 ____D C:\ProgramData\MFAData
    2013-06-03 08:36 - 2013-05-24 14:20 - 00000000 ____D C:\FRST
    2013-06-03 08:35 - 2013-06-03 08:35 - 01916716 ____A (Farbar) C:\Users\LMPC\Desktop\FRST64.exe
    2013-06-03 08:21 - 2013-04-02 04:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-06-03 08:13 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp
    2013-06-02 02:00 - 2013-06-02 02:00 - 00000352 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
    2013-06-02 02:00 - 2013-05-23 16:40 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
    2013-05-24 14:07 - 2009-07-13 23:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-05-24 14:07 - 2009-07-13 23:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-05-24 14:04 - 2009-07-14 00:13 - 00872568 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-05-24 13:59 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-05-24 13:59 - 2009-07-13 23:51 - 00033018 ____A C:\Windows\setupact.log
    2013-05-24 13:57 - 2013-04-05 15:30 - 00000206 ____A C:\Windows\ODBC.INI
    2013-05-24 13:23 - 2013-05-24 13:23 - 00000000 ____D C:\Users\LMPC\Desktop\mbar
    2013-05-24 13:21 - 2013-05-24 13:21 - 00000000 ____D C:\Users\LMPC\Documents\mbar-1.05.0.1001
    2013-05-24 13:16 - 2013-05-24 13:16 - 00004051 ____A C:\Users\LMPC\Desktop\RKreport[2]_D_05242013_02d1316.txt
    2013-05-24 13:16 - 2013-05-24 13:14 - 00000000 ____D C:\Users\LMPC\Desktop\RK_Quarantine
    2013-05-24 13:15 - 2013-05-24 13:15 - 00003139 ____A C:\Users\LMPC\Desktop\RKreport[1]_S_05242013_02d1315.txt
    2013-05-24 12:35 - 2013-05-24 12:35 - 00000000 ____D C:\Users\LMPC\AppData\Local\AVG SafeGuard toolbar
    2013-05-24 11:18 - 2013-05-24 11:18 - 00028497 ____A C:\Users\LMPC\Desktop\dds.txt
    2013-05-24 11:18 - 2013-05-24 11:18 - 00013777 ____A C:\Users\LMPC\Desktop\attach.txt
    2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\Malwarebytes
    2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-05-24 11:11 - 2013-05-24 11:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-23 17:11 - 2009-07-14 00:08 - 00008124 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2013-05-23 17:02 - 2013-05-23 16:34 - 00000000 ____D C:\Users\LMPC\AppData\Local\Avg2013
    2013-05-23 16:41 - 2013-05-23 16:41 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2013-05-23 16:41 - 2013-05-23 16:41 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\TuneUp Software
    2013-05-23 16:41 - 2013-05-23 16:41 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\AVG2013
    2013-05-23 16:41 - 2013-05-23 16:40 - 00000000 ____D C:\ProgramData\AVG2013
    2013-05-23 16:40 - 2013-05-23 16:41 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ___HD C:\$AVG
    2013-05-23 16:40 - 2013-05-23 16:40 - 00000000 ____D C:\Program Files (x86)\AVG
    2013-05-23 16:34 - 2013-05-23 16:34 - 00000000 ____D C:\Users\LMPC\AppData\Local\MFAData
    2013-05-23 15:32 - 2010-11-20 22:47 - 00012700 ____A C:\Windows\PFRO.log
    2013-05-23 15:05 - 2013-05-23 15:05 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2013-05-23 15:00 - 2013-04-02 04:24 - 02015444 ____A C:\Windows\WindowsUpdate.log
    2013-05-23 14:31 - 2013-04-11 09:46 - 00000000 ____D C:\Users\LMPC\Documents\Gen Run Reports
    2013-05-23 12:02 - 2013-05-23 11:45 - 00000000 ____D C:\Program Files (x86)\SysInternals
    2013-05-22 11:48 - 2013-05-22 11:48 - 00000000 ____D C:\Users\LMPC\Desktop\Gen Run Reports - backup
    2013-05-22 11:00 - 2013-04-11 09:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2013-05-21 13:26 - 2013-05-02 16:05 - 00028984 ____A C:\Users\LMPC\Documents\Alarm and Event History.xlsx
    2013-05-21 08:38 - 2013-05-21 08:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{0A01D529-A43A-494C-ADB5-0FB00DB3A468}
    2013-05-20 20:38 - 2013-05-20 20:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{6B509808-A99C-4191-9A32-5C1E97FC35BF}
    2013-05-20 08:38 - 2013-05-20 08:38 - 00000000 ____D C:\Users\LMPC\AppData\Local\{CCB0FDFF-F3CF-4EEF-975C-02CAFD34D73A}
    2013-05-19 20:38 - 2013-05-19 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{7F2BE1C7-4C61-4F83-8ECF-D4232EA35927}
    2013-05-19 08:37 - 2013-05-19 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{FBFB7710-CE86-4666-9092-B856C673430F}
    2013-05-18 20:37 - 2013-05-18 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{1A1966B7-8CD3-480F-B51F-3412E055187C}
    2013-05-18 08:37 - 2013-05-18 08:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{05134FA1-DC8D-453C-A701-13B208FD5F52}
    2013-05-17 20:37 - 2013-05-17 20:37 - 00000000 ____D C:\Users\LMPC\AppData\Local\{DE700F8B-0FEA-407F-9B23-30A868EFB2D0}
    2013-05-17 08:37 - 2013-05-17 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{7F8999CA-0C50-441B-8347-4EF0692941CE}
    2013-05-17 07:44 - 2011-02-10 09:33 - 00866466 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2013-05-17 03:00 - 2013-05-17 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-05-17 03:00 - 2013-05-17 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-05-16 20:36 - 2013-05-16 20:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{C46AE467-4907-4855-9B9F-329A3A10AB24}
    2013-05-16 16:53 - 2013-04-05 15:01 - 00000000 ____D C:\Users\LMPC\AppData\Local\VirtualStore
    2013-05-16 16:50 - 2013-05-16 16:50 - 00001065 ____A C:\Users\LMPC\Desktop\Free SMTP Server.lnk
    2013-05-16 16:50 - 2013-05-16 16:50 - 00000000 ____D C:\Program Files (x86)\Free SMTP Server
    2013-05-16 12:21 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Roaming\Windows Live Writer
    2013-05-16 09:25 - 2013-05-16 09:25 - 00416156 ____A C:\Users\LMPC\Desktop\Email_List_Ver2.ACD
    2013-05-16 09:24 - 2013-05-16 09:24 - 00121859 ____A C:\Users\LMPC\Desktop\Email_Ver2.txt
    2013-05-16 08:36 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\Windows Live Writer
    2013-05-16 08:36 - 2013-05-16 08:36 - 00000000 ____D C:\Users\LMPC\AppData\Local\{19EF95DD-3C46-4B23-9C53-CA090B4C8524}
    2013-05-16 07:40 - 2013-05-16 03:13 - 00292558 ____A C:\Windows\msxml4-KB973688-enu.LOG
    2013-05-16 07:39 - 2013-05-16 07:39 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
    2013-05-16 07:39 - 2013-05-16 03:11 - 00300298 ____A C:\Windows\msxml4-KB954430-enu.LOG
    2013-05-16 04:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
    2013-05-16 03:34 - 2009-07-13 23:45 - 00347440 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-05-16 03:33 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
    2013-05-16 03:33 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
    2013-05-15 17:29 - 2013-05-15 17:29 - 00000249 ____A C:\Users\LMPC\Documents\Query from Alarm Log.dqy
    2013-05-15 09:11 - 2013-04-02 04:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2013-05-15 09:09 - 2013-05-15 09:09 - 00000000 ____D C:\Program Files (x86)\MSECache
    2013-05-15 09:02 - 2013-05-15 09:09 - 26809448 ____A (Microsoft Corporation) C:\Users\LMPC\Downloads\AccessDatabaseEngine.exe
    2013-05-05 16:36 - 2013-05-16 03:03 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-05 16:16 - 2013-05-16 03:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-05-05 14:25 - 2013-05-16 03:03 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-05 14:12 - 2013-05-16 03:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    Last Boot: 2013-06-03 00:49
    ==================== End Of Log ============================
     
  11. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Good job :)

    See if MBAR will run now.
     
     
  12. stephengates

    stephengates TS Rookie Topic Starter

    Thanks :) Ok, MBAR did run! It found 3 Malware items. I clicked "cleanup" and it says that it successfully cleaned up the system!

    Anything else I should do? Thanks for all your help! Amazed at the amount of help you provided!
     
  13. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    I need to see both MBAR logs.
     
  14. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Still with me?
     
  15. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.