# SVCHost.exe (netsvcs) hogging 90-100% of CPU



## Seahawkfan

Shortly after boot up the process scvhost.exe (netsvcs) PID 1056 starts hogging all of my CPU. I have tried running Resource Monitor to identify the service using up my CPU but it does not show the cpu usage for the individual services.

I have also tried numerous other fixes i found while searching online as well as using CCleaner to clean up my registry files. Windows is up to date as far as i know and i have still had no luck.

ANY help would be greatly appreciated

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Athlon(tm) II Dual-Core M300, AMD64 Family 16 Model 6 Stepping 2
Processor Count: 2
RAM: 3838 Mb
Graphics Card: AMD M880G with ATI Mobility Radeon HD 4200, 256 Mb
Hard Drives: C: Total - 464838 MB, Free - 196233 MB;
Motherboard: Gateway, SJV50TR
Antivirus: Microsoft Security Essentials, Updated and Enabled

Below is a screen shot of the Resource monitor after my system was idle for 1 min with no other programs running.


----------



## Seahawkfan

I tried booting into safe mode but the problem still persists. If I shut down and restart the computer the problem goes away for about 15 minutes and then svchost again takes over my CPU whether I use the internet or not.

And now the PID is 1044 instead of 1056

Any suggestions as to where this problem is coming from and how do i go about fixing it?


----------



## Seahawkfan

just tried a system restore to a point before this problem occurred and it didnt help.

I checked for updates on my antivirus and re-ran it just to be certain and it turned up no male-ware or virus of any kind.

Kind of lost where i should go next


----------



## CompGeek2014

svchost.exe, in case you do not know, is a program that other services can run under, such as the log service, the audio service, etc. If you open task manager and right click on svchost.exe in the list of processes and select go to services it will pop over to the services tab with each service running under svchost highlighted. You can then check in computer management under services and disable certain ones that look odd. For more information about which services are safe and not, you can try google searching them by name.

Also to make sure you dont have a virus masquerading as svchost.exe, you can open a command prompt and type "cd .." to get to the c:\ prompt then type "dir svchost.exe /s" this will take a few but it will search your hard drive for other copies. the only copy should be in the system or system32 folder of the windows directory. If there is one somewhere else it probably shouldn't be there and could be a virus.


----------



## Seahawkfan

thank you for the reply

The problem i am running into is that none of the services under the suspect svchost.exe look abnormal to me. I did a google search on all of them and they all come back as windows services. Also none of them show any excessive CPU usage so I can't pinpoint which service is using up all the cpu.

I followed the steps you posted to check if there is a virus masquerading as svchost.exe and the results came back with only one svchost.exe file and it is located in the windows\system32 folder.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>dir svchost.exe /s
Volume in drive C is Gateway
Volume Serial Number is 5A94-2665

Directory of C:\Windows\system32

07/13/2009 05:39 PM 27,136 svchost.exe
1 File(s) 27,136 bytes

Total Files Listed:
1 File(s) 27,136 bytes
0 Dir(s) 207,348,998,144 bytes free

If i suspend each service individually the CPU usage does not drop, however if i suspend the svchost.exe (netsvcs) process the CPU usage drops dramatically.


----------



## CompGeek2014

sometimes it has to do with large log files. To clear your windows logs do the following. Open computer management, expand event viewer and then windows logs. Each log for system, application, and security will be listed there along with the current size. If you right click each one in the tree to the left you can select "clear log" It will prompt you with a message asking if you would like to save it first. you can if you like. Ultimately clearing it should help especially if there are tons of events.

Also you can download a free program i love to use all the time to generally clean up the system. It is called Glary Utilities. Be mindful it may try to install other things when you set it up like toolbars, etc. so click no or decline to those. It is free and works great. I like the one click method for registry and spyware, temp files, and tracks( browser history, etc.)


----------



## Seahawkfan

So i manually deleted the log files, which were more then full, and downloaded Glary ran it and fixed the issues it reported then rebooted.

So far it seems to have worked, and i say so far because other solutions have seemed to work also. So i am going to leave this thread open in case i need more advice.

But thank you a lot CompGeek2014 for all your help, i very much appreciate it. fingers crossed it worked


----------



## Seahawkfan

AWESOME!! Problem solved, the svchost.exe (netsvcs) is now only running at 1% usage at most.

THANK YOU for the help!!


----------



## CompGeek2014

You're welcome. Glad to be able to have helped.


----------



## Mark1956

CompGeek2014, you have done well to resolve the problem here, but you should not advise anyone to use software like Glary Utilities to clean the Registry. We often get asked to help people here that have caused damage to their system using a Registry Cleaner. They are not only unnecessary they can and do cause problems by removing Registry keys that are required by the OS or installed software to run correctly. The other functions in Glary Utilities are quite safe, but the Registry Cleaner should never be used unless you have the knowledge to judge if what it says should be removed is safe to do.

If you need convincing, please read this:

We *do not* recommend the routine use of registry cleaners/optimizers for several reasons:

• *Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.*

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The *registry is a crucial component *because it is where Windows _"remembers"_ all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively *small changes done incorrectly can render the system inoperable*. For a more detailed explanation, read Understanding The Registry

• *Not all registry cleaners are created equal*. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Further, some vendors who offer registry cleaners use deceptive advertisements and claims which are borderline *scams*. They may alert you to finding thousands of registry errors which can only be fixed and improve performance if you pay a fee for the use of their product.

• *Not all registry cleaners create a backup of the registry before making changes.* If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential *BEFORE* making any changes to the registry.

•* Improperly removing registry entries can hamper malware disinfection* and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

• *The usefulness of cleaning the registry is highly overrated and can be dangerous.* In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a specific registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools *unnecessarily* or* incorrectly* could lead to *disastrous effects on your operating system such as preventing it from ever starting again.* *For routine use, the benefits to your computer are negligible while the potential risks are great.*

The registry can function without any problems at all even if it has 1000's of redundant keys and the benefit of removing them is extremely unlikely to make any difference to the system's overall performance.

If you are still not convinced then please read the information in these following links.

• Ed Bott's Weblog: Why I don't use registry cleaners

• Do I need a Registry Cleaner?

• Registry Cleaners and System Tweaking Tools


----------



## CompGeek2014

Thanks Mark, I will keep that in mind for future reference. Personally for myself, I haven't ever had an issue with this particular program on its default settings, and it does have a restore feature, but for the sake of everyone else, If suggesting the use of this program in the future, I will advise to disable the registry cleaning option to err on the side of caution.


----------



## Mark1956

In future, it would be best not to recommend any program on this forum that contains a Registry Cleaning facility even if you advise not to use the Registry Cleaner as some people can get tempted to give it a go. Other folks may read the post and do the same thing. And although you pointed it out in your post above, these free programs like Glary Utilities come bundled with Adware. A dedicated temp file cleaner is all you need, TFC is by far the best and it has no other utilities built into it, it is free and it does not come bundled with Adware.

Download here: Temporary file cleaner


----------



## CompGeek2014

Thanks again, I will keep that in mind and head your advice.


----------



## Mark1956

:up:


----------



## Seahawkfan

well the problem has returned, after about an hour and a half of use the SVCHost.exe again began hogging all of my CPU

I opened procexp64 to further investigate the problem and found that the thread msvcrt.dll!ftime64_s+0x 180 seems to be the cause of the massive CPU usage as it was using 40-75% alone. Not sure what to do about it, any suggestions?


----------



## Seahawkfan

This is the stack from the offending thread


ntoskrnl.exe!KeWaitForMultipleObjects+0xc0a
ntoskrnl.exe!KeAcquireSpinLockAtDpcLevel+0x732
ntoskrnl.exe!KeWaitForSingleObject+0x19f
ntoskrnl.exe!_misaligned_access+0xba4
ntoskrnl.exe!_misaligned_access+0x1821
ntoskrnl.exe!_misaligned_access+0x1a97
MSHTML.dll!Ordinal107+0x96f86
MSHTML.dll!Ordinal107+0xed8da
MSHTML.dll!Ordinal107+0xed77c
MSHTML.dll!DllCanUnloadNow+0x242255
MSHTML.dll!Ordinal105+0xcf6ef
MSHTML.dll!Ordinal105+0xd2dfc
MSHTML.dll!Ordinal107+0xf8eba
MSHTML.dll!Ordinal107+0xf4ea
MSHTML.dll!Ordinal107+0xf272
MSHTML.dll!Ordinal107+0xf616
jscript9.dll!DllCanUnloadNow+0x24d63
jscript9.dll!DllGetClassObject+0xb9dc1
jscript9.dll!DllGetClassObject+0xb9c83
jscript9.dll!DllGetClassObject+0xb99fd
jscript9.dll!JsVarToExtension+0x4498e
jscript9.dll!JsVarToExtension+0x4a374
jscript9.dll!JsVarToExtension+0x4aa50


----------



## CompGeek2014

I would try disabling Java. Whatever version of Java you have installed I would remove them all and see if that fixes the issue since it would appear that the jscript9.dll would be a Java file. Not sure on that but guessing. Do you use any programs that use Java? Some peer file sharing programs are built on Java.


----------



## Seahawkfan

i dont use any programs that run off java, and i dont use and P2P programs. After disabling it, it appeared the problem was fixed for about 2 hours. Then out of nowhere it again began to hog my CPU

When I closed the internet browser the problem continued for about 15 mins, and then my CPU usage finally dropped.


----------



## Mark1956

Lets have a look at what is on your system, this scan will also show us the error logs which may help to identify the cause of the problem.

Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

*Note:* If you get a warning that the download could harm your system, please ignore it and allow the download to go ahead. FRST is perfectly safe and we would never ask you to download anything that isn't.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click on FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the*Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run from. Please copy and paste it into your next reply.
The first time the tool is run, it makes another log (*Addition.txt*). Please also copy and paste that into your reply.


----------



## Seahawkfan

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by Joe (administrator) on JOE-PC on 16-02-2014 11:14:06
Running from C:\Users\Joe\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
( ) C:\Windows\system32\lxdncoms.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
() C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(C-motech Co.,Ltd) C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\SoftwareUpdate.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-09] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2009-11-20] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [ProfilerU] - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [357376 2008-08-28] (Saitek)
HKLM\...\Run: [SaiMfd] - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [194560 2008-08-28] (Saitek)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-01] (Dritek System Inc.)
HKLM-x32\...\Run: [RDVCHG] - C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe [316736 2010-12-15] (C-motech Co.,Ltd)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)
HKU\S-1-5-21-1416037036-305662112-459655153-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1416037036-305662112-459655153-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1416037036-305662112-459655153-1000\...\MountPoints2: D - D:\Autorun.exe
HKU\S-1-5-21-1416037036-305662112-459655153-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-1416037036-305662112-459655153-1000\...\MountPoints2: {10837846-04a3-11df-9ee9-806e6f6e6963} - D:\RunGame.exe
HKU\S-1-5-21-1416037036-305662112-459655153-1000\...\MountPoints2: {6631a967-05bc-11e0-9cc6-00262d80e0fd} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1416037036-305662112-459655153-1000\...\MountPoints2: {70836be8-d2db-11e1-a986-00262d80e0fd} - E:\Autorun.exe /s
HKU\S-1-5-21-1416037036-305662112-459655153-1000\...\MountPoints2: {7ee81569-e493-11e2-b4db-00262d80e0fd} - H:\TL_Bootstrap.exe
HKU\S-1-5-21-1416037036-305662112-459655153-1000\...\MountPoints2: {83d9df64-9c85-11e0-a65b-00262d80e0fd} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1416037036-305662112-459655153-1000\...\MountPoints2: {fffac0aa-69e9-11df-9d55-00262d80e0fd} - E:\LaunchU3.exe -a
IFEO\taskmgr.exe: [Debugger] "C:\USERS\JOE\DESKTOP\TECHPEN\SYSINTERNALSSUITE\PROCEXP64.EXE"
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (No File)
Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3147923&CUI=UN51825267716968218
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360410n6b6l0400z155a44i1x556
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80051&lng=en
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80051
URLSearchHook: HKCU - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
SearchScopes: HKLM-x32 - {09971cee-01b8-42bc-9d91-456b1faad6be} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm051YYus&ptb=97209397-1BB9-46CE-8E29-53C901978B2D&ind=2012010320&ptnrS=CDxdm051YYus&si=&n=77ecd750&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
SearchScopes: HKCU - DefaultScope {45A3F2E6-6443-4A5C-ACDD-6D81B8432DE9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3147923
SearchScopes: HKCU - {09971cee-01b8-42bc-9d91-456b1faad6be} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm051YYus&ptb=97209397-1BB9-46CE-8E29-53C901978B2D&ind=2012010320&ptnrS=CDxdm051YYus&si=&n=77ecd750&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_Btisdt7&mntrId=5A94060B6BE70529&affID=119351&tsp=4937
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://supertoolbar.ask.com/redirect?client=ie&tb=WBR&o=13993&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKCU - {45A3F2E6-6443-4A5C-ACDD-6D81B8432DE9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3147923
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80051&lng=en
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - \bin\jp2ssv.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name - {9D425283-D487-4337-BAB6-AB8354A81457} - No File
Toolbar: HKLM-x32 - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} - No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{017F411E-7984-47B4-B300-5C9CEEE81606}: [NameServer]192.168.2.1
Tcpip\..\Interfaces\{8E41ECE8-2225-4574-A7ED-A4B465691BA5}: [NameServer]192.168.137.1

Chrome: 
=======
CHR HomePage: hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=5A94060B6BE70529&affID=119351&tsp=4937
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\Joe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Joe\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Google Search) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (ShopAtHome.com extension) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp [2012-02-25]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-07-01]
CHR Extension: (Google Wallet) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR Extension: (4Loot) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkpcdceijednnilobgleblmagjchmofe [2012-05-30]
CHR HKCU\...\Chrome\Extension: [pkpcdceijednnilobgleblmagjchmofe] - C:\Users\Joe\AppData\Local\CRE\pkpcdceijednnilobgleblmagjchmofe.crx [2012-05-20]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-30]
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Joe\AppData\Local\Temp\YontooLayers.crx [2012-06-30]
CHR HKLM-x32\...\Chrome\Extension: [pkpcdceijednnilobgleblmagjchmofe] - C:\Users\Joe\AppData\Local\CRE\pkpcdceijednnilobgleblmagjchmofe.crx [2012-05-20]

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 CASprint; C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [124224 2010-12-15] (SmithMicro Inc.)
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NvtlService; C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [82944 2010-01-11] ()
S3 SprintRcAppSvc; C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe [120128 2010-12-15] (SmithMicro Inc.)
R2 WebrootSpySweeperService; C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [4048240 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
S4 WRConsumerService; C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [1201640 2010-07-16] (Webroot Software, Inc. )

==================== Drivers (Whitelisted) ====================

R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-02-11] (Glarysoft Ltd)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2011-07-07] (HandSet Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-12-15] (Smith Micro Inc.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Realtek Semiconductor Corp.)
S3 SaiK0836; C:\Windows\System32\DRIVERS\SaiK0836.sys [172040 2010-06-17] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [16000 2008-09-12] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [41216 2008-09-12] (Saitek)
R0 ssfs0bbc; C:\Windows\System32\DRIVERS\ssfs0bbc.sys [37488 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [135280 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [285696 2010-12-15] (Sierra Wireless Inc.)
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-16 11:14 - 2014-02-16 11:14 - 00020361 _____ () C:\Users\Joe\Downloads\FRST.txt
2014-02-16 11:13 - 2014-02-16 11:14 - 00000000 ____D () C:\FRST
2014-02-16 11:13 - 2014-02-16 11:13 - 02152960 _____ (Farbar) C:\Users\Joe\Downloads\FRST64.exe
2014-02-16 11:12 - 2014-02-16 11:12 - 00657960 _____ () C:\Users\Joe\Downloads\ZipSetup.exe
2014-02-16 11:12 - 2014-02-16 11:12 - 00001090 _____ () C:\Users\Joe\Desktop\Continue Zip Opener Installation.lnk
2014-02-15 12:34 - 2014-02-15 12:53 - 00000000 ____D () C:\ProgramData\hddm
2014-02-14 18:43 - 2014-02-16 11:12 - 00185432 _____ () C:\Windows\WindowsUpdate.log
2014-02-14 18:42 - 2014-02-16 11:09 - 00000616 _____ () C:\Windows\setupact.log
2014-02-14 18:42 - 2014-02-15 17:41 - 00001666 _____ () C:\Windows\PFRO.log
2014-02-14 18:42 - 2014-02-14 18:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-14 18:35 - 2014-02-14 18:35 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-02-14 18:25 - 2014-02-16 11:10 - 00000328 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-02-14 18:25 - 2014-02-14 18:25 - 00002964 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-02-14 18:25 - 2014-02-14 18:25 - 00002616 _____ () C:\Windows\System32\Tasks\GlaryInitialize 4
2014-02-14 18:25 - 2014-02-14 18:25 - 00001118 _____ () C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-02-14 18:25 - 2014-02-14 18:25 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\GlarySoft
2014-02-14 18:24 - 2014-02-16 11:10 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-02-14 18:24 - 2014-02-12 00:25 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-02-14 18:24 - 2014-02-11 18:11 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-02-14 18:10 - 2014-02-14 18:23 - 12101824 _____ () C:\Users\Joe\Downloads\gu4setup.exe
2014-02-14 17:34 - 2014-02-14 17:34 - 00347816 _____ (Microsoft Corporation) C:\Users\Joe\Downloads\MicrosoftFixit.WinSecurity.LB.14731585524523584.1.1.Run.exe
2014-02-14 15:39 - 2014-02-14 15:39 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf164c112f2cbe
2014-02-13 20:34 - 2014-02-13 20:34 - 00033617 _____ () C:\svchost.txt
2014-02-13 16:43 - 2014-02-13 16:43 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\ParetoLogic
2014-02-13 16:43 - 2014-02-13 16:43 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\DriverCure
2014-02-13 16:42 - 2014-02-14 12:58 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-02-01 17:26 - 2014-02-02 00:32 - 00000001 _____ () C:\Users\Joe\random.dat
2014-02-01 17:26 - 2014-02-02 00:26 - 00000042 _____ () C:\Users\Joe\jagex_cl_runescape_LIVE.dat
2014-02-01 17:24 - 2014-02-14 15:15 - 00000000 ____D () C:\.jagex_cache_32
2014-02-01 17:23 - 2014-02-01 17:23 - 00000012 _____ () C:\Users\Joe\jagexappletviewer.preferences
2014-02-01 17:22 - 2014-02-01 17:26 - 00000000 ____D () C:\Users\Joe\jagexcache
2014-02-01 17:22 - 2014-02-01 17:22 - 00002068 _____ () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2014-02-01 17:22 - 2014-02-01 17:22 - 00002038 _____ () C:\Users\Joe\Desktop\RuneScape.lnk
2014-02-01 17:22 - 2014-02-01 17:22 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2014-02-01 17:14 - 2014-02-01 17:19 - 23805952 _____ () C:\Users\Joe\Downloads\RuneScape_451.msi
2014-01-29 17:36 - 2014-01-31 19:12 - 00003283 _____ () C:\pcwdbg.log
2014-01-29 15:10 - 2014-01-29 15:10 - 00004096 _____ () C:\Windows\d3dx.dat
2014-01-29 14:50 - 2014-01-29 14:50 - 00001110 _____ () C:\Users\Joe\Desktop\PC Wizard 2010.lnk
2014-01-29 14:50 - 2014-01-29 14:50 - 00000000 ____D () C:\Windows\Java
2014-01-29 14:50 - 2014-01-29 14:50 - 00000000 ____D () C:\Program Files (x86)\CPUID
2014-01-29 14:50 - 2009-11-12 16:19 - 00027136 _____ (CPUID) C:\Windows\SysWOW64\PCWizard.cpl
2014-01-29 14:50 - 2009-10-06 18:32 - 00327168 _____ () C:\Windows\SysWOW64\cutil32.dll
2014-01-29 14:50 - 2009-08-03 20:25 - 00285696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\cudart.dll
2014-01-27 11:33 - 2014-01-27 11:33 - 04901896 _____ (Adobe Systems Inc.) C:\Users\Joe\Downloads\Shockwave_Installer_Slim (1).exe
2014-01-23 10:12 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-23 10:12 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-23 10:12 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-23 10:12 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-23 10:12 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-23 10:12 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-23 10:12 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-23 10:12 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-23 10:12 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-23 10:12 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-23 10:12 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-23 10:12 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-23 10:12 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-23 10:11 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-23 10:11 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-23 10:11 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-23 10:11 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-23 10:11 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-23 10:11 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-23 10:11 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-23 10:11 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-23 10:11 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-23 10:11 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-23 10:11 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-23 10:11 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-23 10:11 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-23 10:11 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-23 10:11 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-23 10:11 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-23 10:11 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-23 10:11 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-23 01:08 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-01-23 01:04 - 2014-01-23 01:04 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-23 01:04 - 2014-01-23 01:04 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-23 01:04 - 2014-01-23 01:04 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-23 01:04 - 2014-01-23 01:04 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-23 01:04 - 2014-01-23 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-23 01:04 - 2014-01-23 01:04 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-23 01:04 - 2014-01-23 01:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00921000 _____ (Oracle Corporation) C:\Users\Joe\Downloads\chromeinstall-7u51.exe
2014-01-22 12:15 - 2014-01-22 12:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-22 09:00 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-01-22 09:00 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-01-22 09:00 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-01-22 09:00 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-01-21 10:34 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-01-21 10:34 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-01-21 10:31 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-21 10:31 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-21 10:31 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-21 10:31 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-21 10:31 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-21 10:31 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-21 10:31 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-21 10:31 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-21 10:31 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-21 10:31 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-01-21 10:31 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-01-21 10:31 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-01-21 10:31 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-01-21 10:31 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-01-21 10:31 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-01-21 10:31 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-01-21 10:31 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-01-21 10:30 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-01-21 10:30 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-01-21 10:30 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-01-21 10:30 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-01-21 10:30 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-01-21 10:30 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-01-21 10:30 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-01-21 10:30 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-01-21 10:15 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-01-21 10:15 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-01-21 10:15 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-01-21 10:15 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-01-21 10:15 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-01-21 10:15 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-01-21 10:15 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-01-21 10:15 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-01-21 10:15 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-01-21 10:15 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-01-21 10:15 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-01-21 10:15 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-01-21 10:15 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-01-21 10:15 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-01-21 10:15 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-01-21 10:14 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-01-21 10:14 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-01-21 10:14 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-01-21 10:14 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-01-21 10:14 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-01-21 10:14 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-01-21 10:13 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-01-21 10:13 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-01-21 10:13 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-01-21 10:13 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-01-21 10:13 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-01-21 10:13 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-01-21 10:12 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-01-21 10:12 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-01-21 10:12 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-01-21 10:12 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-01-21 10:12 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-01-21 10:12 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-01-21 10:12 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-01-21 10:12 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-01-21 10:12 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-01-21 10:12 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-01-21 10:12 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-01-21 10:12 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-01-21 10:12 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-01-21 10:12 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-01-21 10:12 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-01-21 10:12 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-01-21 10:12 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-01-21 10:12 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-01-21 10:12 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-01-21 10:12 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-01-21 10:12 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-01-21 10:12 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-01-21 10:12 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-01-21 10:12 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-01-21 10:11 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-01-20 17:56 - 2014-02-16 11:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf164c112f2cbe.job
2014-01-20 17:23 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-01-20 17:23 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-01-20 17:18 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-01-20 17:18 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-01-20 17:11 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

2014-02-16 11:14 - 2014-02-16 11:14 - 00020361 _____ () C:\Users\Joe\Downloads\FRST.txt
2014-02-16 11:14 - 2014-02-16 11:13 - 00000000 ____D () C:\FRST
2014-02-16 11:13 - 2014-02-16 11:13 - 02152960 _____ (Farbar) C:\Users\Joe\Downloads\FRST64.exe
2014-02-16 11:12 - 2014-02-16 11:12 - 00657960 _____ () C:\Users\Joe\Downloads\ZipSetup.exe
2014-02-16 11:12 - 2014-02-16 11:12 - 00001090 _____ () C:\Users\Joe\Desktop\Continue Zip Opener Installation.lnk
2014-02-16 11:12 - 2014-02-14 18:43 - 00185432 _____ () C:\Windows\WindowsUpdate.log
2014-02-16 11:10 - 2014-02-14 18:25 - 00000328 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-02-16 11:10 - 2014-02-14 18:24 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-02-16 11:09 - 2014-02-14 18:42 - 00000616 _____ () C:\Windows\setupact.log
2014-02-16 11:09 - 2014-01-20 17:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf164c112f2cbe.job
2014-02-16 11:09 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-16 05:49 - 2012-05-20 10:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-16 01:52 - 2009-07-13 20:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-16 01:52 - 2009-07-13 20:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-15 19:04 - 2009-07-13 21:08 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-15 18:59 - 2010-12-25 14:31 - 00007592 _____ () C:\Users\Joe\AppData\Local\Resmon.ResmonCfg
2014-02-15 17:41 - 2014-02-14 18:42 - 00001666 _____ () C:\Windows\PFRO.log
2014-02-15 17:35 - 2013-07-08 14:36 - 00000000 ____D () C:\Program Files (x86)\MightyMagoo
2014-02-15 16:45 - 2010-04-13 11:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-15 16:34 - 2011-07-09 23:41 - 00000000 ____D () C:\Program Files (x86)\BitLord 1.2
2014-02-15 16:19 - 2011-04-01 19:22 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{756B7C9C-4BA5-4433-A529-AA187EC925DB}
2014-02-15 12:53 - 2014-02-15 12:34 - 00000000 ____D () C:\ProgramData\hddm
2014-02-15 12:51 - 2010-09-07 19:13 - 00000000 ____D () C:\2be715df4b6752db318f641e
2014-02-14 18:42 - 2014-02-14 18:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-14 18:37 - 2013-09-27 11:33 - 00000000 ____D () C:\Windows\Minidump
2014-02-14 18:36 - 2011-07-23 09:21 - 00000000 ____D () C:\Users\Joe\Desktop\Misc
2014-02-14 18:35 - 2014-02-14 18:35 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-02-14 18:25 - 2014-02-14 18:25 - 00002964 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-02-14 18:25 - 2014-02-14 18:25 - 00002616 _____ () C:\Windows\System32\Tasks\GlaryInitialize 4
2014-02-14 18:25 - 2014-02-14 18:25 - 00001118 _____ () C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-02-14 18:25 - 2014-02-14 18:25 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\GlarySoft
2014-02-14 18:23 - 2014-02-14 18:10 - 12101824 _____ () C:\Users\Joe\Downloads\gu4setup.exe
2014-02-14 17:34 - 2014-02-14 17:34 - 00347816 _____ (Microsoft Corporation) C:\Users\Joe\Downloads\MicrosoftFixit.WinSecurity.LB.14731585524523584.1.1.Run.exe
2014-02-14 17:29 - 2011-10-26 16:51 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-02-14 17:29 - 2011-07-09 22:57 - 00000000 ____D () C:\Program Files (x86)\Download Manager
2014-02-14 17:07 - 2010-04-13 10:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-14 15:39 - 2014-02-14 15:39 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf164c112f2cbe
2014-02-14 15:39 - 2010-04-13 10:54 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 15:26 - 2014-01-04 00:23 - 00000000 ___HD () C:\ProgramData\ArcSoft
2014-02-14 15:26 - 2009-10-29 12:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-14 15:24 - 2010-04-07 15:53 - 00000000 ___RD () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-14 15:24 - 2010-04-07 15:51 - 00000000 ___RD () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-14 15:20 - 2010-04-07 15:51 - 00000000 ____D () C:\Users\Joe
2014-02-14 15:16 - 2010-05-02 23:20 - 00000000 ____D () C:\Users\Guest
2014-02-14 15:16 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-02-14 15:16 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-02-14 15:15 - 2014-02-01 17:24 - 00000000 ____D () C:\.jagex_cache_32
2014-02-14 15:15 - 2010-04-14 23:55 - 00000000 ____D () C:\Users\Public\CyberLink
2014-02-14 15:15 - 2010-04-07 22:59 - 00000000 ____D () C:\Users\Joe\Documents\SimCity 4
2014-02-14 15:15 - 2009-10-29 12:59 - 00000000 ___HD () C:\OEM
2014-02-14 15:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-14 15:13 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-02-14 15:08 - 2012-01-24 07:56 - 00000000 ____D () C:\Users\Public\Games
2014-02-14 15:07 - 2012-06-30 22:50 - 00000000 ____D () C:\ProgramData\Real
2014-02-14 15:07 - 2011-09-24 19:42 - 00000000 ____D () C:\Torque
2014-02-14 15:06 - 2013-07-08 22:49 - 00000000 ____D () C:\LGMobileUpgrade
2014-02-14 15:06 - 2012-03-01 22:54 - 00000000 ____D () C:\Games
2014-02-14 12:58 - 2014-02-13 16:42 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-02-13 20:34 - 2014-02-13 20:34 - 00033617 _____ () C:\svchost.txt
2014-02-13 20:19 - 2013-07-21 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 17:28 - 2011-02-25 18:03 - 00785920 ___SH () C:\Users\Joe\Desktop\Thumbs.db
2014-02-13 17:10 - 2009-07-27 12:41 - 00000000 ____D () C:\Windows\Panther
2014-02-13 16:43 - 2014-02-13 16:43 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\ParetoLogic
2014-02-13 16:43 - 2014-02-13 16:43 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\DriverCure
2014-02-13 10:09 - 2011-09-24 16:39 - 00000000 ____D () C:\Users\Joe\Desktop\1_Programming Languages
2014-02-12 00:25 - 2014-02-14 18:24 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-02-11 18:11 - 2014-02-14 18:24 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-02-04 08:56 - 2011-11-10 02:35 - 00002221 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-02 00:32 - 2014-02-01 17:26 - 00000001 _____ () C:\Users\Joe\random.dat
2014-02-02 00:26 - 2014-02-01 17:26 - 00000042 _____ () C:\Users\Joe\jagex_cl_runescape_LIVE.dat
2014-02-01 17:26 - 2014-02-01 17:22 - 00000000 ____D () C:\Users\Joe\jagexcache
2014-02-01 17:23 - 2014-02-01 17:23 - 00000012 _____ () C:\Users\Joe\jagexappletviewer.preferences
2014-02-01 17:22 - 2014-02-01 17:22 - 00002068 _____ () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2014-02-01 17:22 - 2014-02-01 17:22 - 00002038 _____ () C:\Users\Joe\Desktop\RuneScape.lnk
2014-02-01 17:22 - 2014-02-01 17:22 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2014-02-01 17:19 - 2014-02-01 17:14 - 23805952 _____ () C:\Users\Joe\Downloads\RuneScape_451.msi
2014-01-31 19:12 - 2014-01-29 17:36 - 00003283 _____ () C:\pcwdbg.log
2014-01-30 05:18 - 2013-09-27 11:33 - 527915737 _____ () C:\Windows\MEMORY.DMP
2014-01-29 15:10 - 2014-01-29 15:10 - 00004096 _____ () C:\Windows\d3dx.dat
2014-01-29 14:50 - 2014-01-29 14:50 - 00001110 _____ () C:\Users\Joe\Desktop\PC Wizard 2010.lnk
2014-01-29 14:50 - 2014-01-29 14:50 - 00000000 ____D () C:\Windows\Java
2014-01-29 14:50 - 2014-01-29 14:50 - 00000000 ____D () C:\Program Files (x86)\CPUID
2014-01-29 14:40 - 2012-03-03 21:53 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1416037036-305662112-459655153-1000UA.job
2014-01-29 14:40 - 2012-03-03 21:53 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1416037036-305662112-459655153-1000Core.job
2014-01-29 14:36 - 2011-07-22 18:46 - 00000000 ____D () C:\Users\Joe\Desktop\TechPen
2014-01-29 14:33 - 2012-06-30 23:00 - 00003196 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1416037036-305662112-459655153-1000
2014-01-29 14:33 - 2012-06-30 22:59 - 00003334 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1416037036-305662112-459655153-1000
2014-01-29 14:33 - 2012-03-03 21:53 - 00003900 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1416037036-305662112-459655153-1000UA
2014-01-29 14:32 - 2012-03-03 21:53 - 00003532 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1416037036-305662112-459655153-1000Core
2014-01-29 03:20 - 2009-07-13 21:13 - 00886858 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-29 03:12 - 2011-06-09 08:28 - 00865430 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-27 11:33 - 2014-01-27 11:33 - 04901896 _____ (Adobe Systems Inc.) C:\Users\Joe\Downloads\Shockwave_Installer_Slim (1).exe
2014-01-27 11:33 - 2012-06-09 20:05 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-01-23 18:31 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-01-23 09:43 - 2010-04-10 13:16 - 00002414 _____ () C:\Users\Joe\AppData\Roaming\wklnhst.dat
2014-01-23 08:39 - 2010-04-07 15:53 - 00001451 _____ () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-23 08:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-01-23 01:04 - 2014-01-23 01:04 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-23 01:04 - 2014-01-23 01:04 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-23 01:04 - 2014-01-23 01:04 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-23 01:04 - 2014-01-23 01:04 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-23 01:04 - 2014-01-23 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-23 01:04 - 2014-01-23 01:04 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-23 01:04 - 2014-01-23 01:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-23 01:04 - 2014-01-23 01:04 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-23 01:04 - 2014-01-23 01:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-22 12:16 - 2014-01-22 12:16 - 00921000 _____ (Oracle Corporation) C:\Users\Joe\Downloads\chromeinstall-7u51.exe
2014-01-22 12:15 - 2014-01-22 12:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-22 12:15 - 2010-04-08 09:14 - 00000000 ____D () C:\Users\Joe\AppData\Local\Adobe
2014-01-22 12:10 - 2012-05-20 10:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-22 12:10 - 2012-05-20 10:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-22 12:10 - 2011-11-03 17:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-22 12:00 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-01-22 11:53 - 2009-07-13 20:45 - 00372576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-22 11:47 - 2013-03-14 06:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-01-22 08:57 - 2009-11-11 22:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-22 08:45 - 2011-07-26 14:41 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-01-22 08:44 - 2011-07-26 14:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-01-22 08:44 - 2011-06-09 08:27 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-01-22 08:38 - 2013-03-14 06:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-01-20 18:25 - 2009-10-29 12:21 - 00000000 ____D () C:\Program Files (x86)\Google
2014-01-20 17:02 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-18 23:33 - 2010-04-08 09:31 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Joe\jagex_cl_runescape_LIVE.dat
C:\Users\Joe\random.dat

Some content of TEMP:
====================
C:\Users\Joe\AppData\Local\Temp\ICReinstall_ZipSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-08 12:04

==================== End Of Log ============================


----------



## Seahawkfan

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
Ran by Joe at 2014-02-16 11:15:35
Running from C:\Users\Joe\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Webroot AntiVirus with Spy Sweeper (Disabled - Up to date) {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
AS: Webroot AntiVirus with Spy Sweeper (Disabled - Up to date) {8162D2B6-63C7-5812-E5F7-165FDC222080}
AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (x32 Version: - Microsoft)
Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.0.3.13070 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.7.148 - Adobe Systems, Inc.)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
AMD USB Filter Driver (x32 Version: 1.0.11.86 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (x32 Version: 1.4.1 - Apple Inc.)
ArcSoft Panorama Maker 5 (x32 Version: 5.0.1.25 - ArcSoft)
Ask.com Toolbar (x32 Version: 1.2.1.0 - Ask.com) <==== ATTENTION
ATI Catalyst Install Manager (Version: 3.0.732.0 - ATI Technologies, Inc.)
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
Bing Bar (x32 Version: 7.0.614.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Broadcom Gigabit NetLink Controller (Version: 12.26.02 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2227.38498 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help English (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help French (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help German (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
ccc-utility64 (Version: 2009.0729.2227.38498 - ATI) Hidden
Charles 3.6.5 (Version: 3.6.5.6 - XK72 Ltd)
CodeBlocks (HKCU Version: 10.05 - The Code::Blocks Team)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (Version: 4.98.9.0 - Conexant)
CPUID HWMonitor Pro 1.08 (Version: - )
Crystal Reports Basic for Visual Studio 2008 (x32 Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (Version: 10.5.0.0 - Business Objects)
CyberLink PowerDVD 8 (x32 Version: 8.0.3402 - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.0.3402 - CyberLink Corp.) Hidden
Debut Video Capture Software (x32 Version: - NCH Software)
DHTML Editing Component (x32 Version: 6.02.0001 - Microsoft Corporation)
EA Download Manager UI (x32 Version: 6.0.4 - Electronic Arts) Hidden
EA Download Manager UI (x32 Version: 6.0.4.124 - Electronic Arts)
Express Zip File Compression Software (x32 Version: - NCH Software)
Facebook Video Calling 2.0.0.447 (x32 Version: 2.0.447 - Skype Limited)
FlashDevelop 4.0.0 (x32 Version: 4.0.0-RC1 - FlashDevelop.org)
Gateway InfoCentre (x32 Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (x32 Version: 2.0.0.29 - NewTech Infosystems)
Gateway Power Management (x32 Version: 4.05.3004 - Gateway Incorporated)
Gateway Recovery Management (x32 Version: 4.05.3005 - Gateway Incorporated)
Gateway Registration (x32 Version: 1.02.3006 - Gateway Incorporated)
Gateway ScreenSaver (x32 Version: 1.6.0730 - Gateway Incorporated)
Gateway Updater (x32 Version: 1.01.3017 - Gateway Incorporated)
Glary Utilities 4.6 (x32 Version: 4.6.0.90 - Glarysoft Ltd)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google SketchUp 8 (x32 Version: 3.0.14346 - Google, Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.56 - Conexant Systems)
Hoyle Casino Games 2011 (remove only) (x32 Version: - )
Hoyle Slots 2010 (remove only) (x32 Version: - )
Identity Card (x32 Version: 1.00.3002 - Gateway Incorporated)
InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (x32 Version: 3.0.04 - Gateway)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Device Emulator (64 bit) version 3.0 - ENU (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (x32 Version: - Microsoft Corporation)
Microsoft Document Explorer 2008 (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Suite Activation Assistant (x32 Version: 2.9 - Microsoft Corporation)
Microsoft Office Visual Web Developer 2007 (x32 Version: 12.0.4518.1066 - Microsoft Corporation) Hidden
Microsoft Office Visual Web Developer MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (x32 Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 Design Tools ENU (x32 Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (x32 Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices ENU (x32 Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (x32 Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Professional Edition - ENU (x32 Version: - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - ENU (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Remote Debugger - ENU (Version: - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - ENU (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual Studio Web Authoring Component (x32 Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
MSDN Library for Visual Studio 2008 - ENU (x32 Version: 9.0 - Microsoft)
MSDN Library for Visual Studio 2008 - ENU (x32 Version: 9.0.21022 - Microsoft) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (x32 Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
Nikon Message Center 2 (x32 Version: 2.0.1 - Nikon)
OpenAL (x32 Version: - )
oRipa Screen Recorder (x32 Version: 1.2.2 - EjoyStudio)
Pando Media Booster (x32 Version: 2.6.0.1 - Pando Networks Inc.)
PC Wizard 2010.1.93 (x32 Version: - Laurent KUTIL & Franck DELATTRE)
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
Picture Control Utility (x32 Version: 1.2.2 - Nikon)
PowerISO (x32 Version: 4.7 - PowerISO Computing, Inc.)
Prism Video File Converter (x32 Version: - NCH Software)
Punch! Home and Landscape (x32 Version: 15.0.2 - Punch! Software, LLC)
QuickTime (x32 Version: 7.69.80.9 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (x32 Version: 15.0.5 - RealNetworks)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Burn (x32 Version: 1.2 - Roxio)
Roxio Burn (x32 Version: 1.2.0 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
RuneScape Launcher 1.2.3 (x32 Version: 1.2.3 - Jagex Ltd)
Saitek SD6 Programming Software 6.5.2.0 (Version: 6.5.2.0 - Saitek)
Security Task Manager 1.8d (x32 Version: 1.8d - Neuber Software)
Sid Meier's Civilization 4 Complete (x32 Version: 1.74 - Firaxis Games)
Sid Meier's Civilization IV Colonization (x32 Version: 1.00 - Firaxis Games)
SimCity 4 Deluxe (x32 Version: - )
SimCity Societies (x32 Version: 1.0.0.0 - Electronic Arts)
Sothink SWF Editor (x32 Version: 1.2 - SourceTec Software Co., LTD)
Spotify (HKCU Version: 0.9.1.57.ge7405149 - Spotify AB)
Sprint SmartView (Version: 2.50.0094.0 - Sprint)
Spy Sweeper Core (x32 Version: 4.4.0.85 - Webroot Software) Hidden
Star Trek Online (x32 Version: - Cryptic Studios)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 14.0.6.0 - Synaptics Incorporated)
The Sims Carnival SnapCity (x32 Version: - Electronic Arts)
The Sims 2 Best of Business Collection (x32 Version: - Electronic Arts)
The Sims 2 Double Deluxe (x32 Version: - Electronic Arts)
Torque 3D 2009 SDK 1.0.1 (remove only) (x32 Version: - )
Unity Web Player (HKCU Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 System (KB2539530) (x32 Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221) (x32 Version: 1 - Microsoft Corporation)
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
Video Web Camera (x32 Version: 0.5.26.2 - SuYin)
ViewNX 2 (x32 Version: 2.1.2 - Nikon)
Visual C++ 2008 Runtime (x64) (x32 Version: 1.0.1 - Highresolution Enterprises) Hidden
Visual Studio .NET Prerequisites - English (Version: 9.0.21022 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32 Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Webroot AntiVirus with Spy Sweeper (x32 Version: 6.1 - Webroot Software, Inc.)
Welcome Center (x32 Version: 1.00.3009 - Gateway Incorporated)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Mobile 5.0 SDK R2 for Pocket PC (x32 Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (x32 Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Phone app for desktop (x32 Version: 1.0.1720.1 - Microsoft Corporation)
World of Tanks (x32 Version: - Wargaming.net)
X-Mouse Button Control 2.5 (x32 Version: 2.5 - Highresolution Enterprises)
Yontoo 1.10.02 (Version: 1.10.02 - Yontoo LLC) <==== ATTENTION
ZTE Handset USB Driver (Version: - ZTE Corporation)
ZTE Handset USB Driver (Version: 5.2066.1.9B04 - ZTE Corporation)

==================== Restore Points =========================

13-02-2014 11:00:13 Windows Update
14-02-2014 03:58:07 Windows Update
14-02-2014 22:57:34 Restore Operation
14-02-2014 23:24:29 Installed Connect Service
15-02-2014 01:27:03 Uninstall "iefdm2.dll"
15-02-2014 01:29:08 Move file to quarantine: iefdm2.dll
15-02-2014 02:54:55 Windows Update
16-02-2014 00:35:22 Removed Java 7 Update 51
16-02-2014 00:41:48 Removed Java(TM) 6 Update 30
16-02-2014 00:45:30 Removed Java(TM) 7 Update 2 (64-bit)
16-02-2014 00:47:17 Removed Java(TM) SE Development Kit 7 Update 2 (64-bit)
16-02-2014 00:53:04 Removed JavaFX 2.0.2 (64-bit)
16-02-2014 01:29:28 Removed JavaFX 2.0.2 (64-bit)
16-02-2014 01:30:16 Removed JavaFX 2.0.2 SDK (64-bit)

==================== Hosts content: ==========================

2009-07-13 18:34 - 2010-04-07 16:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1EF755A1-64A9-4D4E-9999-72F5E3102196} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2014-02-12] (Glarysoft Ltd)
Task: {4600111C-CD14-41F6-B2F2-78153FC92428} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1416037036-305662112-459655153-1000UA => C:\Users\Joe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {51774DF4-45DC-4621-A156-F4830D941E03} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-13] (Google Inc.)
Task: {66F83437-5478-43E9-B986-DCB60EEC408E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-22] (Adobe Systems Incorporated)
Task: {82E8C4BE-1254-43A3-A128-5E600D9860C7} - System32\Tasks\GU4SkipUAC => C:\Program Files (x86)\Glary Utilities 4\Integrator.exe [2014-02-12] (Glarysoft Ltd)
Task: {8324EB53-0145-4C59-9B0E-988D8F742616} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1416037036-305662112-459655153-1000Core => C:\Users\Joe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {946F0574-91EF-4ED1-A7A5-942FB6300D73} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2009-02-09] () <==== ATTENTION
Task: {9F1F6FC7-3E71-4666-B0A7-1867A65A0CCB} - System32\Tasks\GoogleUpdateTaskMachineCore1cf164c112f2cbe => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-13] (Google Inc.)
Task: {BE274EB3-0CAB-40DC-9E17-81B9EBD87743} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1416037036-305662112-459655153-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-06-21] (RealNetworks, Inc.)
Task: {C6587069-E616-4644-AB2D-0EF2EBA9A296} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-13] (Google Inc.)
Task: {E56853A6-26C7-48CC-8A92-295AE0B5AC5A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1416037036-305662112-459655153-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-06-21] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1416037036-305662112-459655153-1000Core.job => C:\Users\Joe\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1416037036-305662112-459655153-1000UA.job => C:\Users\Joe\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf164c112f2cbe.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-18 18:44 - 2009-11-20 15:34 - 00200704 _____ () C:\Windows\PLFSetI.exe
2009-05-13 10:44 - 2009-05-13 10:44 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-01-18 18:40 - 2010-01-18 18:40 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-02-02 17:33 - 2009-02-02 17:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2008-09-28 17:55 - 2008-09-28 17:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2010-01-11 13:10 - 2010-01-11 13:10 - 00082944 _____ () C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
2014-02-12 00:24 - 2014-02-12 00:24 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 4\zlib1.dll
2014-02-04 08:56 - 2014-02-01 15:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 08:56 - 2014-02-01 15:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-04 08:56 - 2014-02-01 15:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 08:56 - 2014-02-01 15:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 08:56 - 2014-02-01 15:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2014-01-22 12:10 - 2014-01-22 12:10 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebrootSpySweeperService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRConsumerService => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: Desktop Disc Tool => :"C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: PDVD8LanguageShortcut => "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
MSCONFIG\startupreg: PWRISOVM.EXE => :C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl8 => "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2014 00:36:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/15/2014 07:00:32 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 32.0.1700.107 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c2c

Start Time: 01cf2ab86ee07bf6

Termination Time: 107

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 72cf0bc0-96b6-11e3-8c24-00262d80e0fd

Error: (02/15/2014 05:34:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_11_9_900_170.ocx, version: 11.9.900.170, time stamp: 0x529b76a2
Exception code: 0xc0000005
Fault offset: 0x0000000000243381
Faulting process id: 0x428
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (02/15/2014 01:08:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x294c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (02/15/2014 00:57:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_11_9_900_170.ocx, version: 11.9.900.170, time stamp: 0x529b76a2
Exception code: 0xc0000005
Fault offset: 0x00000000002432d1
Faulting process id: 0x418
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (02/15/2014 09:31:29 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/14/2014 11:05:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/14/2014 10:48:40 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/14/2014 10:48:40 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/14/2014 09:30:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_11_9_900_170.ocx, version: 11.9.900.170, time stamp: 0x529b76a2
Exception code: 0xc0000005
Fault offset: 0x00000000002432d1
Faulting process id: 0x410
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

System errors:
=============
Error: (02/16/2014 11:09:01 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/16/2014 11:09:01 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (02/16/2014 01:44:19 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/16/2014 01:44:19 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (02/16/2014 00:35:43 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/16/2014 00:35:43 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (02/15/2014 11:16:41 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/15/2014 11:16:41 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (02/15/2014 09:11:22 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/15/2014 09:11:22 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-02-16 11:09:30.181
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-16 02:46:36.877
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-16 01:55:01.084
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-16 01:44:52.318
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-16 01:36:41.116
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-16 01:22:07.343
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-16 00:55:49.682
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-16 00:36:10.404
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-16 00:18:36.479
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-15 23:52:31.009
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 3838.34 MB
Available physical RAM: 2246.08 MB
Total Pagefile: 7674.87 MB
Available Pagefile: 5831.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:453.94 GB) (Free:192.26 GB) NTFS
Drive d: (SC4DELUXE2) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: F810F810)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## Mark1956

There are two problems that immediately jump out at me from the logs. You have several Adware infections and you are using two Anti Virus programs.

It is your choice but I would recommend you keep Microsoft Security Essentials and remove Webroot, please follow this: Webroot uninstall and clean up Please follow all the instructions up to and including instruction 6.

Next run this tool and post the log produced after the reboot.

When done please run the system for a while and see if the problem has gone.

Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

*NOTE:* If using Internet Explorer and you get an alert that stops the program downloading click on *Tools > Smartscreen Filter > Turn off Smartscreen Filter* then click on *OK* in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop: 

You will then see the screen below, click on the *Scan* button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the *Clean* button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.


----------



## Seahawkfan

Will run the system for a while and then update on its condition. I bought this machine from a friend about 4 months ago and have had problems with it ever since. He told me that the computer was thrown against the wall by his girl friend and that some of the problems may have been caused by that. Thank you for the help, I hope this solves the problem

# AdwCleaner v3.018 - Report created 16/02/2014 at 14:39:57
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Joe - JOE-PC
# Running from : C:\Users\Joe\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\FunWebProducts
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Joe\AppData\Local\Conduit
Folder Deleted : C:\Users\Joe\AppData\Local\PackageAware
Folder Deleted : C:\Users\Joe\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Joe\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Joe\AppData\LocalLow\CouponAlert_2p
Folder Deleted : C:\Users\Joe\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Joe\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Joe\AppData\Roaming\BitLord
Folder Deleted : C:\Users\Joe\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Joe\AppData\Roaming\DSite
Folder Deleted : C:\Users\Joe\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Joe\Documents\BitLord
Folder Deleted : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkpcdceijednnilobgleblmagjchmofe
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pkpcdceijednnilobgleblmagjchmofe
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pkpcdceijednnilobgleblmagjchmofe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3147923
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_charles-web-debugging-tool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_charles-web-debugging-tool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\iWon
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\FunWebProducts
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [14144 octets] - [16/02/2014 14:38:12]
AdwCleaner[S0].txt - [13082 octets] - [16/02/2014 14:39:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13143 octets] ##########


----------



## Seahawkfan

After i rebooted the computer it worked perfectly fine for about an hour and then the problem returned. It went from 43 threads to 202 and a cpu usage of 0 to an average of 75.


----------



## Mark1956

Please confirm that you removed Webroot.

Do a repeat Scan and Clean with Adwcleaner and post the new log.

Then run these two programs in the order listed and post the logs.

*SCAN 1*
Please download RKill 
There are three buttons to choose from with different names on, select the first one and save it to your desktop.


Double-click on the *Rkill* desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and select *Run As Administrator*.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at *C:\rkill.log*. *Please Copy & Paste the entire log in your next reply.*
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.

*SCAN 2*
*DO NOT* reboot, download Malwarebytes from here if you do not already have it: Malwarebytes. Install the program, run it and let it update. If you already have Malwarebytes launch the program.


Select *Perform full scan* and click on the *Scan* button. When the scan completes click on *Show Results*. 
If the scan does not find any infections the log will appear as soon as it completes, please Copy & Paste it into your next reply.
If items are detected it will stay on the Scanner window and you will see *Objects detected: 1* (the number may be higher). 
Click on *Show Results* and put a check mark next to all the items displayed in the list by clicking on each one in turn *<--- very important*, then click on *Remove Selected*.
The log will appear, Copy & Paste it into your next post. 
Click on OK and close the window.


----------



## Seahawkfan

It will not allow me to uninstall web root, I get an error message that tells me i am missing this file

C:\Program Files (x86)\Webroot\WebrootSecurity\unins002.msg 

The link you posted for webroot only takes me to the customer support website and has no information about removing it. I searched through their site and found and followed the steps for removing it, but the file they say to search for is also missing from my computer.

Should I proceed with the rest of the steps you posted?


----------



## Mark1956

Try using Revo Uninstaller to get rid of Webroot.

And, yes, please continue with the other instructions.


----------



## Seahawkfan

The uninstaller worked and webroot has been removed

I downloaded each of the 3 RKill files and ran each one. All three of them open the command prompt and run through but stop on miscellaneous checks and do not run any further. The first one killed 2 processes and found one issue in the registry. 

Should I move on to the next step?


----------



## Mark1956

I'm not sure what the problem could be with Rkill not completing, how long did you leave it for when it appeared to be stuck? Reboot the system and try leaving it a bit longer, if it won't complete after ten minutes or so please make a careful note of the processes it has stopped and the registry issue and post them back here.

Then continue with the Malwarebytes scan, make quite sure you follow the instructions to remove all the detections it finds.


----------



## Seahawkfan

I didn't catch the process that Rkill, and I let it run for about 20 minutes and it still hung up on miscellaneous checks

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.17.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Joe :: JOE-PC [administrator]

2/16/2014 11:45:01 PM
mbam-log-2014-02-16 (23-45-01).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 629803
Time elapsed: 6 hour(s), 26 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 18
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FunWebProducts\Installr\2.bin\F3EZSETP.DLL.vir (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Users\Joe\Desktop\C++ Programing files\Hello1.exe (Trojan.Zbot.SDN) -> Quarantined and deleted successfully.
C:\Users\Joe\Desktop\TechPen\NirSoft\produkey.zip (PUP.PSWTool.ProductKey) -> Quarantined and deleted successfully.
C:\Users\Joe\Desktop\TechPen\NirSoft\produkey_setup.exe (PUP.PSWTool.ProductKey) -> Quarantined and deleted successfully.
C:\Users\Joe\Desktop\TechPen\NirSoft\produkey\ProduKey.exe (PUP.PSWTool.ProductKey) -> Quarantined and deleted successfully.
C:\Users\Joe\Desktop\TechPen\NirSoft\produkey-x64\ProduKey.exe (PUP.PSWTool.ProductKey) -> Quarantined and deleted successfully.
C:\Users\Joe\Desktop\TechPen\Win7 Loaders\works!\Windows 7 Loader (10-12-2009)\Windows 7 Loader.exe (Trojan.Agent.W) -> Quarantined and deleted successfully.
C:\Users\Joe\Desktop\TechPen\Win7 Loaders\works!\Windows 7 Loader(10-14-2009)\Windows 7 Loader.exe (Trojan.Agent.W) -> Quarantined and deleted successfully.
C:\Users\Joe\Desktop\TechPen\Win7 Loaders\works!\Windows 7 Loader(10-3-2009)\Windows 7 Loader.exe (Trojan.Agent.W) -> Quarantined and deleted successfully.
C:\Users\Joe\Downloads\DownloadManagerSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Joe\Downloads\PublicTransportSetup (1).exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\Joe\Downloads\PublicTransportSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\Joe\Downloads\SoftonicDownloader_for_charles-web-debugging-tool.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\Users\Joe\Downloads\tb_MapsView.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Joe\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\acupx217.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

(end)


----------



## Seahawkfan

So the problem still persists, although a bit more erratic now, as the CPU usage for svchost.exe (netsvcs) jumps up and down from around 20% to as high as 85%, and 49 threads to over 200. After the problem starts it will last for 10-30 minutes and then the CPU usage will drop only to return a few minutes later

The problem worsens if I have multiple tabs and/or browser screens open. If I restart the computer it is fine for around an hour even if I have several tabs open, and then the problem returns


----------



## Mark1956

Malwarebytes found a few infections including three instances of 'Windows 7 Loader' which is used to validate Windows. Have you used the Windows 7 Loader to validate your copy of Windows?


----------



## Seahawkfan

i havent run windows loader, but i bought this laptop used so it is possible.


----------



## Mark1956

As the Windows 7 Loader is on the system the chances are this is not genuine Windows which we cannot give assistance with. I have passed this on to a Moderator to decide If I can continue to help you.


----------



## Cookiegal

Please run the MGA Diagnostic Tool and post back the report it creates:
Download *MGADiag* to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.


----------



## Seahawkfan

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
Windows Product ID: 00359-OEM-8992687-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {9D0096B7-75D3-4365-AAC8-0A5069DAA4C8}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 102
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_B4D0AA8B-920-80070057

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{9D0096B7-75D3-4365-AAC8-0A5069DAA4C8}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-1416037036-305662112-459655153</SID><SYSTEM><Manufacturer>Gateway </Manufacturer><Model>NV53 </Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>V1.05 </Version><SMBIOSVersion major="2" minor="6"/><Date>20091207000000.000000+000</Date></BIOS><HWID>00253407018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>102</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><PidType>19</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800006-02-1033-7600.0000-3152009
Installation ID: 014101796886532470279282850581389514352034136513076513
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 7QJB7
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 2/18/2014 9:49:04 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: MAAAAAEAAQABAAEAAAACAAAAAwABAAEA6GHC5J6+7pTaoiaJ6kUy9owWqlAUWRh5

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
ACPI Table Name	OEMID Value	OEMTableID Value
APIC PTLTD APIC 
FACP AMD ANT 
HPET PTLTD HPETTBL 
MCFG PTLTD MCFG 
SLIC ACRSYS ACRPRDCT
SSDT AMD POWERNOW


----------



## Cookiegal

I see it's a Gateway but what model is it please?


----------



## TerryNet

Appears to me to be a leaked OEM SLP Product Key. If you have a COA sticker on the PC (sometimes in the battery compartment if a laptop) with a Product Key for Windows Home Premium see if you can update to that. If successful then give us a new MGADiag, please. This, of course, is in addition to the answer to Cookiegal's question.


----------



## Seahawkfan

Gateway NV53
model # : MS2285


----------



## Seahawkfan

The COA sticker is on the bottom of the laptop and the product key has rubbed off, is there any other way to find this number?


----------



## Cookiegal

I agree with Terry. Has the operating system ever been reinstalled on it?


----------



## Seahawkfan

no, its the same version the computer was bought with


----------



## TerryNet

If it is really the same instance, not just the same version, then here is a *scenario* that is unlikely but not impossible. Sometime after the PC and others were purchased the Product Key that Gateway puts on all their PCs for the original activation was leaked and Microsoft blocked it. The original owner should have called Gateway to get it resolved. Instead he/she used that Windows Loader thing to make it activate. That, in our view, makes it non-genuine.

I suggest that you call Gateway to see if maybe this scenario did happen (the part about the leaked key). If it did they may give you a new key or arrange for you to get one from Microsoft. I know that this has happened, but I don't remember the brand.

But, unless you can get something resolved we cannot continue to help.


----------



## TerryNet

So caught up in my scenario  I forgot an obvious suggestion. You may be able to buy a set of Recovery DVDs from Gateway for a nominal cost.


----------

