1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can't update MSE or other Anti-Spyware

Discussion in 'Virus & Other Malware Removal' started by Peachykeen, Jan 11, 2013.

Thread Status:
Not open for further replies.
  1. Peachykeen

    Peachykeen Thread Starter

    Joined:
    May 19, 2001
    Messages:
    336
    I tried updating MS Essentials and got Error Code 0x8007043c. When I ran Super AntiSpyware, it seemed to freeze after scanning about 75K files.
    My computer has locked while running the dds (?) program. Saw on another post to run RogueKiller, so that report is below. Thanks SO much for your help!

    Hijack this log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:31:38 AM, on 1/11/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Tricia\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mc1849.mail.yahoo.com/mc/...050&pSize=50&.rand=1051248067&.jsrand=1286539
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Download and Sa - {598F626D-4ACD-DD59-A01C-EDCD19B8FFD8} - C:\ProgramData\Download and Sa\508c59615eb78.ocx (file missing)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe
    O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
    O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    O18 - Protocol: intu-help-qb5 - {867FCB77-9823-4CD6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: c:\Windows\SysWOW64\nvinit.dll c:\PROGRA~2\APPSAR~1\sprotector.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Sentinel HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - c:\Program Files\MozyHome\mozybackup.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
    O23 - Service: pcServiceHost - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14370 bytes


    RogueKiller V8.4.3 _x64_ [Jan 10 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Safe mode with network support
    User : Tricia [Admin rights]
    Mode : Scan -- Date : 01/11/2013 11:08:22

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [RUN][BLACKLISTDLL] HKLM\[...]\Services\Microsoft\Run : NVHotkey (rundll32.exe C:\Windows\system32\nvHotkey.dll,Start) -> FOUND
    [HJPOL] HKCU\[...]\Services\Microsoft\System : disableregistrytools (0) -> FOUND
    [HJPOL] HKLM\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
    --- User ---
    [MBR] 2c035185539c6c28cba4e462e5a7cb45
    [BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 933764 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_01112013_02d1108.txt >>
    RKreport[1]_S_01112013_02d1108.txt

    FRST.TXT below:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013
    Ran by SYSTEM at 11-01-2013 14:46:27
    Running from F:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet [2022976 2011-06-27] ()
    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7214696 2011-05-25] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2226280 2011-05-17] (Realtek Semiconductor)
    HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [540992 2011-11-04] (NVIDIA Corporation)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
    HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
    HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-11-01] (Intel(R) Corporation)
    HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
    HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
    HKLM\...\Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exe [2354176 2011-10-18] (Cypress Semiconductor, Inc.)
    HKLM\...\Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe [2375168 2011-11-08] (Cypress Semiconductor Corporation)
    HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10357008 2011-10-18] (Intel Corporation)
    HKLM\...\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe" [2727936 2012-06-07] (Alcatel-Lucent)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-07-28] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [66872 2012-02-06] ()
    HKLM-x32\...\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [2643320 2012-10-25] (Intuit Inc. All rights reserved.)
    HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [x]
    HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] ()
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
    HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295072 2012-12-29] (RealNetworks, Inc.)
    HKU\Tricia\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-11-01] (SUPERAntiSpyware.com)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    AppInit_DLLs: C:\Windows\System32\nvinitx.dll
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk
    ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe (Creative Home)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
    ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk
    ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
    ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)

    ==================== Services (Whitelisted) ===================

    2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
    2 hasplms; C:\Windows\system32\hasplms.exe -run [4913608 2011-12-02] (SafeNet Inc.)
    2 mozybackup; "C:\Program Files\MozyHome\mozybackup.exe" [54632 2012-03-19] (Mozy, Inc.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
    2 MSSQLSERVER; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [29293408 2010-12-10] (Microsoft Corporation)
    3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
    2 pcCMService64; "C:\Program Files\Common Files\Motive\pcCMService.exe" [441344 2012-07-06] (Alcatel-Lucent)
    2 RealNetworks Downloader Resolver Service; "C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe" [38608 2012-11-29] ()

    ==================== Drivers (Whitelisted) =====================

    3 akshhl; C:\Windows\System32\Drivers\akshhl.sys [57088 2011-09-08] (SafeNet Inc.)
    3 aksusb; C:\Windows\System32\Drivers\aksusb.sys [21120 2011-08-09] (SafeNet Inc.)
    3 cyhid; C:\Windows\System32\Drivers\cyhid.sys [117248 2011-12-08] (Cypress Semiconductor, Inc.)
    3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [13824 2011-12-08] (Cypress Semiconductor, Inc.)
    3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [79872 2011-12-08] (Cypress Semiconductor, Inc.)
    3 fdrawcmd; C:\Windows\System32\Drivers\fdrawcmd.sys [32408 2008-09-27] (simonowen.com)
    2 hardlock; C:\Windows\System32\Drivers\hardlock.sys [321536 2011-10-07] (SafeNet Inc.)
    1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67328 2012-03-19] (Mozy, Inc.)
    0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
    3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
    3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
    2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
    1 nvkflt; C:\Windows\System32\Drivers\nvkflt.sys [249152 2011-11-04] (NVIDIA Corporation)
    1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    3 SydexFDD; C:\Windows\SysWow64\Drivers\SydexFDD.sys [13359 2011-01-24] (Windows (R) 2000 DDK provider)
    2 wntpport; C:\Windows\SysWow64\Drivers\wntpport.sys [28416 2011-01-24] (Vireo Software)
    3 catchme; \??\C:\username123\catchme.sys [x]
    3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
    3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-01-11 08:08 - 2013-01-11 08:08 - 00001896 ____A C:\Users\Tricia\Desktop\RKreport[1]_S_01112013_02d1108.txt
    2013-01-11 08:07 - 2013-01-11 08:08 - 00000000 ____D C:\Users\Tricia\Desktop\RK_Quarantine
    2013-01-11 08:03 - 2013-01-11 08:03 - 00753152 ____A C:\Users\Tricia\Desktop\RogueKillerX64.exe
    2013-01-11 07:36 - 2013-01-11 07:36 - 00688992 ____A (Swearware) C:\Users\Tricia\Downloads\dds.scr
    2013-01-11 07:35 - 2013-01-11 07:35 - 00688992 ____R (Swearware) C:\Users\Tricia\Desktop\dds.scr
    2013-01-11 07:31 - 2013-01-11 07:31 - 00014372 ____A C:\Users\Tricia\My Documents\hijackthis.log
    2013-01-11 07:31 - 2013-01-11 07:31 - 00014372 ____A C:\Users\Tricia\Documents\hijackthis.log
    2013-01-10 17:29 - 2013-01-11 04:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-01-10 09:29 - 2013-01-10 09:29 - 00714203 ____A C:\Users\Tricia\Desktop\Oklahoma.ai
    2013-01-10 09:04 - 2013-01-10 09:04 - 02009035 ____A C:\Users\Tricia\Desktop\Oklahoma.cdr
    2013-01-09 16:26 - 2013-01-11 07:09 - 00000000 ____D C:\Users\Tricia\Application Data\IrfanView
    2013-01-09 16:26 - 2013-01-11 07:09 - 00000000 ____D C:\Users\Tricia\AppData\Roaming\IrfanView
    2013-01-09 13:54 - 2013-01-09 13:54 - 00065343 ____A C:\Users\Tricia\Desktop\rope.zip
    2013-01-07 09:54 - 2013-01-07 09:54 - 04914605 ____A C:\Users\Tricia\Desktop\pocket_set1.zip
    2013-01-07 09:54 - 2013-01-07 09:54 - 00289418 ____A C:\Users\Tricia\Desktop\heart_frame.zip
    2013-01-04 09:03 - 2013-01-04 09:03 - 10361214 ____A C:\Users\Tricia\Desktop\Fancy Fabric Folders by SewMichelle.zip
    2012-12-29 15:37 - 2012-12-29 15:37 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
    2012-12-29 15:37 - 2012-12-29 15:37 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
    2012-12-29 15:37 - 2012-12-29 15:37 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
    2012-12-29 15:37 - 2012-12-29 15:37 - 00201424 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
    2012-12-29 15:37 - 2012-12-29 15:37 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
    2012-12-29 15:37 - 2012-12-29 15:37 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
    2012-12-29 15:37 - 2012-12-29 15:37 - 00000000 ____D C:\Users\All Users\RealNetworks
    2012-12-29 15:37 - 2012-12-29 15:37 - 00000000 ____D C:\Users\All Users\Application Data\RealNetworks
    2012-12-29 15:37 - 2012-12-29 15:37 - 00000000 ____D C:\Program Files (x86)\RealNetworks
    2012-12-26 11:51 - 2012-12-26 11:51 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-12-21 06:19 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2012-12-21 06:19 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2012-12-21 06:19 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2012-12-21 06:19 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2012-12-18 18:41 - 2012-12-18 18:41 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-12-18 18:41 - 2012-12-18 18:41 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
    2012-12-18 18:41 - 2012-12-18 18:41 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-18 18:41 - 2012-12-18 18:41 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-18 18:41 - 2012-12-18 18:41 - 00000000 ____D C:\Program Files\iTunes
    2012-12-18 18:41 - 2012-12-18 18:41 - 00000000 ____D C:\Program Files\iPod
    2012-12-18 18:41 - 2012-12-18 18:41 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-12-18 05:38 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-12-18 05:38 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-12-18 05:38 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-12-18 05:38 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-12-18 05:38 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-12-18 05:38 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-12-18 05:38 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-12-18 05:38 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-12-18 05:38 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-12-18 05:38 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-12-18 05:38 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-12-18 05:38 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-12-18 05:38 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-12-18 05:38 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-12-18 05:38 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-12-18 05:38 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-12-18 05:38 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-12-18 05:38 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-12-18 05:38 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-12-18 05:38 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-12-18 05:38 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-12-18 05:38 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-12-18 05:38 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-12-18 05:38 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-12-18 05:38 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-12-18 05:38 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-12-18 05:38 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-12-18 05:38 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-12-18 05:38 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-12-18 05:38 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-12-18 05:38 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-12-18 05:38 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-12-16 06:43 - 2012-12-16 06:43 - 00036664 ____A C:\RPSetup.exe.log
    2012-12-12 04:04 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-12-12 04:04 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-12-12 04:04 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-12-12 04:04 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-12-12 04:04 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-12-12 04:04 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-12-12 04:04 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-12-12 04:04 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-12-12 04:04 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-12-12 04:03 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
    2012-12-12 04:03 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
    2012-12-12 04:03 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-12-12 04:03 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-12-12 04:03 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-12-12 04:03 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-12-12 04:03 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-12-12 04:03 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-12-12 04:03 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-12-12 04:03 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-12-12 04:03 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll


    ==================== One Month Modified Files and Folders =======

    2013-01-11 14:46 - 2013-01-11 14:46 - 00000000 ____D C:\FRST
    2013-01-11 08:08 - 2013-01-11 08:08 - 00001896 ____A C:\Users\Tricia\Desktop\RKreport[1]_S_01112013_02d1108.txt
    2013-01-11 08:08 - 2013-01-11 08:07 - 00000000 ____D C:\Users\Tricia\Desktop\RK_Quarantine
    2013-01-11 08:03 - 2013-01-11 08:03 - 00753152 ____A C:\Users\Tricia\Desktop\RogueKillerX64.exe
    2013-01-11 07:36 - 2013-01-11 07:36 - 00688992 ____A (Swearware) C:\Users\Tricia\Downloads\dds.scr
    2013-01-11 07:35 - 2013-01-11 07:35 - 00688992 ____R (Swearware) C:\Users\Tricia\Desktop\dds.scr
    2013-01-11 07:31 - 2013-01-11 07:31 - 00014372 ____A C:\Users\Tricia\My Documents\hijackthis.log
    2013-01-11 07:31 - 2013-01-11 07:31 - 00014372 ____A C:\Users\Tricia\Documents\hijackthis.log
    2013-01-11 07:20 - 2012-05-31 12:46 - 00000000 ____D C:\users\Tricia
    2013-01-11 07:15 - 2012-05-07 04:33 - 01958981 ____A C:\Windows\WindowsUpdate.log
    2013-01-11 07:09 - 2013-01-09 16:26 - 00000000 ____D C:\Users\Tricia\Application Data\IrfanView
    2013-01-11 07:09 - 2013-01-09 16:26 - 00000000 ____D C:\Users\Tricia\AppData\Roaming\IrfanView
    2013-01-11 07:06 - 2012-12-02 06:22 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-01-11 07:05 - 2012-05-07 04:33 - 00000000 ____D C:\Users\All Users\NVIDIA
    2013-01-11 07:05 - 2012-05-07 04:33 - 00000000 ____D C:\Users\All Users\Application Data\NVIDIA
    2013-01-11 07:05 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-01-11 07:05 - 2009-07-13 20:51 - 00065576 ____A C:\Windows\setupact.log
    2013-01-11 04:32 - 2013-01-10 17:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-01-10 18:58 - 2012-06-03 09:32 - 00000227 ____A C:\Windows\password.klc
    2013-01-10 18:55 - 2012-06-15 04:46 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-01-10 18:27 - 2012-12-02 06:22 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-01-10 13:11 - 2012-08-12 15:25 - 00000000 ____D C:\Users\Tricia\Application Data\Real
    2013-01-10 13:11 - 2012-08-12 15:25 - 00000000 ____D C:\Users\Tricia\AppData\Roaming\Real
    2013-01-10 13:11 - 2012-08-12 15:23 - 00000000 ____D C:\Users\All Users\Real
    2013-01-10 13:11 - 2012-08-12 15:23 - 00000000 ____D C:\Users\All Users\Application Data\Real
    2013-01-10 11:55 - 2012-05-07 02:45 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-01-10 11:55 - 2012-05-07 02:45 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-01-10 09:29 - 2013-01-10 09:29 - 00714203 ____A C:\Users\Tricia\Desktop\Oklahoma.ai
    2013-01-10 09:04 - 2013-01-10 09:04 - 02009035 ____A C:\Users\Tricia\Desktop\Oklahoma.cdr
    2013-01-10 09:01 - 2012-05-31 12:50 - 00000422 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
    2013-01-10 07:01 - 2012-03-19 11:58 - 00003574 ____A C:\Windows\mozy.flt
    2013-01-10 07:01 - 2012-03-19 11:58 - 00003016 ____A C:\Windows\mozy.blk
    2013-01-10 05:13 - 2009-07-13 21:13 - 00845480 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-01-10 04:53 - 2012-06-03 09:03 - 00000000 ____D C:\Users\Tricia\Local Settings\Nero
    2013-01-10 04:53 - 2012-06-03 09:03 - 00000000 ____D C:\Users\Tricia\Local Settings\Application Data\Nero
    2013-01-10 04:53 - 2012-06-03 09:03 - 00000000 ____D C:\Users\Tricia\AppData\Local\Nero
    2013-01-10 04:48 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-01-10 04:48 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-01-10 04:39 - 2009-07-13 20:45 - 00644136 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-01-10 04:36 - 2012-05-31 12:50 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    2013-01-09 16:52 - 2012-06-11 12:01 - 00000000 ____D C:\Users\Tricia\Local Settings\CutePDF Writer
    2013-01-09 16:52 - 2012-06-11 12:01 - 00000000 ____D C:\Users\Tricia\Local Settings\Application Data\CutePDF Writer
    2013-01-09 16:52 - 2012-06-11 12:01 - 00000000 ____D C:\Users\Tricia\AppData\Local\CutePDF Writer
    2013-01-09 16:51 - 2012-05-31 12:47 - 00180128 ____A C:\Users\Tricia\Local Settings\GDIPFONTCACHEV1.DAT
    2013-01-09 16:51 - 2012-05-31 12:47 - 00180128 ____A C:\Users\Tricia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2013-01-09 16:51 - 2012-05-31 12:47 - 00180128 ____A C:\Users\Tricia\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-01-09 13:54 - 2013-01-09 13:54 - 00065343 ____A C:\Users\Tricia\Desktop\rope.zip
    2013-01-07 09:56 - 2012-06-01 18:27 - 00000000 ____D C:\1designs
    2013-01-07 09:54 - 2013-01-07 09:54 - 04914605 ____A C:\Users\Tricia\Desktop\pocket_set1.zip
    2013-01-07 09:54 - 2013-01-07 09:54 - 00289418 ____A C:\Users\Tricia\Desktop\heart_frame.zip
    2013-01-04 13:12 - 2012-04-13 06:38 - 00029184 ____A C:\Users\Tricia\My Documents\Bridgewater Directory.xls
    2013-01-04 13:12 - 2012-04-13 06:38 - 00029184 ____A C:\Users\Tricia\Documents\Bridgewater Directory.xls
    2013-01-04 09:03 - 2013-01-04 09:03 - 10361214 ____A C:\Users\Tricia\Desktop\Fancy Fabric Folders by SewMichelle.zip
    2013-01-02 14:09 - 2012-10-23 09:49 - 00000424 ____A C:\Windows\system32commongn.dat
    2012-12-29 15:38 - 2012-08-12 15:26 - 00000000 ____D C:\Users\Tricia\Application Data\RealNetworks
    2012-12-29 15:38 - 2012-08-12 15:26 - 00000000 ____D C:\Users\Tricia\AppData\Roaming\RealNetworks
    2012-12-29 15:37 - 2012-12-29 15:37 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
    2012-12-29 15:37 - 2012-12-29 15:37 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
    2012-12-29 15:37 - 2012-12-29 15:37 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
    2012-12-29 15:37 - 2012-12-29 15:37 - 00201424 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
    2012-12-29 15:37 - 2012-12-29 15:37 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
    2012-12-29 15:37 - 2012-12-29 15:37 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
    2012-12-29 15:37 - 2012-12-29 15:37 - 00000000 ____D C:\Users\All Users\RealNetworks
    2012-12-29 15:37 - 2012-12-29 15:37 - 00000000 ____D C:\Users\All Users\Application Data\RealNetworks
    2012-12-29 15:37 - 2012-12-29 15:37 - 00000000 ____D C:\Program Files (x86)\RealNetworks
    2012-12-29 15:37 - 2012-08-12 15:25 - 00000000 ____D C:\Program Files (x86)\Real
    2012-12-26 11:51 - 2012-12-26 11:51 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-12-24 06:03 - 2012-12-09 13:06 - 00010524 ____A C:\Users\Tricia\My Documents\2012.xlsx
    2012-12-24 06:03 - 2012-12-09 13:06 - 00010524 ____A C:\Users\Tricia\Documents\2012.xlsx
    2012-12-21 09:07 - 2012-06-02 12:16 - 00000000 ____D C:\Users\Tricia\Desktop\About Me
    2012-12-21 06:54 - 2012-06-11 12:50 - 00000090 ____A C:\Windows\QBChanUtil_Trigger.ini
    2012-12-18 18:41 - 2012-12-18 18:41 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-12-18 18:41 - 2012-12-18 18:41 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
    2012-12-18 18:41 - 2012-12-18 18:41 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-18 18:41 - 2012-12-18 18:41 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-18 18:41 - 2012-12-18 18:41 - 00000000 ____D C:\Program Files\iTunes
    2012-12-18 18:41 - 2012-12-18 18:41 - 00000000 ____D C:\Program Files\iPod
    2012-12-18 18:41 - 2012-12-18 18:41 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-12-18 13:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-12-18 05:40 - 2012-06-02 11:18 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-12-18 05:38 - 2012-06-01 14:12 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-12-18 05:38 - 2012-06-01 14:12 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
    2012-12-16 09:11 - 2012-12-21 06:19 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2012-12-16 06:45 - 2012-12-21 06:19 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2012-12-16 06:43 - 2012-12-16 06:43 - 00036664 ____A C:\RPSetup.exe.log
    2012-12-16 06:43 - 2012-05-07 03:17 - 00036664 ____A C:\Windows\RPSETUP.EXE.LOG
    2012-12-16 06:43 - 2012-05-07 03:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-12-16 06:41 - 2012-05-07 04:14 - 00000000 ____D C:\Users\All Users\Dell
    2012-12-16 06:41 - 2012-05-07 04:14 - 00000000 ____D C:\Users\All Users\Application Data\Dell
    2012-12-16 06:41 - 2012-05-07 03:40 - 00000000 ____D C:\Program Files (x86)\Dell
    2012-12-16 06:30 - 2012-05-07 03:21 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
    2012-12-16 06:30 - 2012-05-07 03:21 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
    2012-12-16 06:30 - 2012-05-07 03:21 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2012-12-16 06:30 - 2012-05-07 03:21 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
    2012-12-16 06:30 - 2012-05-07 03:21 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
    2012-12-16 06:30 - 2012-05-07 03:21 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2012-12-16 06:13 - 2012-12-21 06:19 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2012-12-16 06:13 - 2012-12-21 06:19 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2012-12-13 08:32 - 2012-05-31 13:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-12-13 08:32 - 2010-11-20 19:47 - 00095280 ____A C:\Windows\PFRO.log
    2012-12-13 07:35 - 2012-05-31 13:15 - 00001153 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-12-13 07:35 - 2012-05-31 13:15 - 00001153 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-12-24 05:12:23
    Restore point made on: 2012-12-24 08:27:55
    Restore point made on: 2012-12-28 06:01:26
    Restore point made on: 2012-12-31 08:17:37
    Restore point made on: 2012-12-31 08:20:34
    Restore point made on: 2012-12-31 10:18:23
    Restore point made on: 2013-01-01 22:18:23
    Restore point made on: 2013-01-05 09:13:42
    Restore point made on: 2013-01-07 09:36:46
    Restore point made on: 2013-01-09 11:13:31
    Restore point made on: 2013-01-09 15:06:24
    Restore point made on: 2013-01-10 07:01:25
    Restore point made on: 2013-01-11 07:12:05
    Restore point made on: 2013-01-11 07:14:47

    ==================== Memory info ===========================

    Percentage of memory in use: 9%
    Total physical RAM: 8086.17 MB
    Available physical RAM: 7279.18 MB
    Total Pagefile: 8084.37 MB
    Available Pagefile: 7272.46 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:911.88 GB) (Free:816.41 GB) NTFS
    2 Drive d: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:8.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
    4 Drive f: (FLASHDRIVE) (Removable) (Total:1.86 GB) (Free:1.76 GB) FAT
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 2048 KB
    Disk 1 Online 1908 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 101 MB 31 KB
    Partition 2 Primary 19 GB 104 MB
    Partition 3 Primary 911 GB 19 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 FAT Partition 101 MB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D RECOVERY NTFS Partition 19 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C OS NTFS Partition 911 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1907 MB 64 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F FLASHDRIVE FAT Removable 1907 MB Healthy

    =========================================================

    Last Boot: 2013-01-04 07:09

    ==================== End Of Log =============================
     
  2. Peachykeen

    Peachykeen Thread Starter

    Joined:
    May 19, 2001
    Messages:
    336
    Disregard my original request. I have run SuperAntispyware and removed two Trojans. If I still have problems, I'll start a new thread with new HJT logs, etc.
    I do appreciate all the time and help the volunteers provide!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1084706

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice