Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Stop C0000135 Error after Windows 7 SP1 (x64) update

Started by mat58 , Oct 31 2011 07:02 PM

This topic is locked

13 replies to this topic

#1 mat58

Forum Regular

Members
217 posts

Gender:Female
Location:Mesa, AZ

Posted 31 October 2011 - 07:02 PM

Hello,

I'm helping a friend with her new Dell Inspiron One computer. She initially complained that she could not get into IE, and Firefox was redirecting. There were also some "updates waiting to be installed". She ran Malwarebytes (removed a few items). She also attempted to run the Windows Update for both Windows 7 SP1 (x64) and IE9. They appeared to work, but on shutdown a message came up that a program was not closing properly. Since then, the PC will not boot. I have tried System Restore, and tried using the last known configuration, both to no avail. I selected the option not to reboot on error and have the following BSOD:

STOP: C0000135 The program can't start because %hs is missing from your computer. Try reinstalling the program to fix the problem.

Can someone please help me ? I'm not sure if this is a virus or something else with the OS.

Back to top

BC Ads
BleepingComputer.com

#2 JSntgRvr

Master Surgeon General

Malware Response Team
7,131 posts

Gender:Male
Location:Puerto Rico

Posted 31 October 2011 - 11:27 PM

Lets give it a try. You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Click on Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!

Back to top

#3 mat58

Forum Regular

Members
217 posts

Gender:Female
Location:Mesa, AZ

Posted 31 October 2011 - 11:55 PM

Hello. Thank you for helping me. Here is the text file:

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.7
Ran by SYSTEM at 2011-11-01 01:50:09
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-05-30] ()
HKLM-x32\...\Run: [ShwiconXP6366] c:\Program Files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe [237568 2009-07-16] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-02-22] (Sensible Vision )
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [FAStartup] [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-06-07] (Apple Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2825741 2011-05-30] ()
HKLM-x32\...\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [346 2011-10-30] ()
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-12-15] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1486392 2011-09-23] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKU\Jowaiszas Fam\...\Policies\system: [LogonHoursAction] 2
HKU\Jowaiszas Fam\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Zane\...\Policies\system: [LogonHoursAction] 2
HKU\Zane\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-11] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Lsa: [Notification Packages] scecli
FAPassSync
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 0325871319739128mcinstcleanup; C:\Windows\TEMP\032587~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [42 2011-10-27] ()
4 DellOSDservice; "C:\Program Files\Dell\OSD\DellOSDservice.exe" [7168 2010-07-05] (Microsoft)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [509416 2010-10-07] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200056 2011-04-14] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [245352 2011-04-14] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [158832 2011-03-13] (McAfee, Inc.)
2 wltrysvc; "C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe" [5088256 2010-02-02] (Dell Inc.)
2 FAService; "c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe" [x]

========================== Drivers (Whitelisted) =============

0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie64.sys [16440 2010-03-09] (Advanced Micro Devices Inc.)
3 BrSerIb; C:\Windows\System32\DRIVERS\BrSerIb.sys [87552 2010-01-20] (Brother Industries Ltd.)
3 BrUsbSIb; C:\Windows\System32\DRIVERS\BrUsbSIb.sys [14592 2010-01-20] (Brother Industries Ltd.)
3 cfwids; C:\Windows\System32\drivers\cfwids.sys [63056 2011-04-14] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [156792 2011-03-13] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190520 2011-04-14] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441840 2011-04-14] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [639216 2011-03-13] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75160 2011-04-14] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94992 2011-04-14] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-04-14] (McAfee, Inc.)
3 nuviocir; C:\Windows\System32\DRIVERS\nuviocir_win7_x64.sys [33792 2010-07-14] (Nuvoton Technology Corp.)
3 mfeavfk01; [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-10-30 22:34 - 2011-10-30 22:34 - 0029274 ____A C:\Windows\ntbtlog.txt
2011-10-30 16:40 - 2011-10-30 16:40 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_NuidFltr_01005.Wdf
2011-10-30 16:16 - 2011-10-30 16:16 - 0000000 ___HD C:\Windows\AxInstSV
2011-10-29 17:59 - 2011-10-30 17:10 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-29 17:59 - 2011-10-29 17:59 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\Malwarebytes
2011-10-29 17:59 - 2011-10-29 17:59 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\Malwarebytes
2011-10-29 17:59 - 2011-10-29 17:59 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-10-29 17:59 - 2011-10-29 17:59 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2011-10-29 17:59 - 2011-10-29 17:59 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-10-28 21:57 - 2011-10-28 21:57 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-10-28 21:55 - 2011-10-30 09:32 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-10-28 21:55 - 2011-10-28 21:55 - 0001144 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2011-10-28 21:55 - 2011-10-28 21:55 - 0001144 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
2011-10-28 21:55 - 2011-10-28 21:55 - 0000000 ____D C:\Users\Jowaiszas Fam\Local Settings\Mozilla
2011-10-28 21:55 - 2011-10-28 21:55 - 0000000 ____D C:\Users\Jowaiszas Fam\Local Settings\Application Data\Mozilla
2011-10-28 21:55 - 2011-10-28 21:55 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\Mozilla
2011-10-28 21:55 - 2011-10-28 21:55 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\Mozilla
2011-10-28 21:55 - 2011-10-28 21:55 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Local\Mozilla
2011-10-28 21:50 - 2011-06-14 17:51 - 0001415 ____A C:\Users\Jowaiszas Fam\Desktop\Internet Explorer.lnk
2011-10-27 21:12 - 2011-10-27 21:12 - 0000000 ____D C:\Windows\System32\Macromed
2011-10-27 20:31 - 2011-10-30 09:29 - 0000000 ____D C:\Windows\System32\SPReview
2011-10-27 20:29 - 2011-10-30 09:32 - 0000000 ____D C:\59eff4bb7568b11ed580
2011-10-24 18:26 - 2011-10-24 18:26 - 0012007 ____A C:\Windows\SysWOW64\hs_err_pid2636.log
2011-10-24 10:18 - 2011-10-24 10:18 - 0000000 ____D C:\Windows\Sun
2011-10-19 21:15 - 2011-10-24 10:10 - 0000000 ____D C:\Program Files\CCleaner
2011-10-19 20:53 - 2011-10-19 20:53 - 0000000 ____A C:\Users\Jowaiszas Fam\Sti_Trace.log
2011-10-19 20:47 - 2011-10-19 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\Zeon
2011-10-19 20:47 - 2011-10-19 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\ScanSoft
2011-10-19 20:47 - 2011-10-19 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\Zeon
2011-10-19 20:47 - 2011-10-19 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\ScanSoft
2011-10-19 20:46 - 2011-10-19 20:46 - 0000000 ____D C:\Users\Jowaiszas Fam\My Documents\My PaperPort Documents
2011-10-19 20:46 - 2011-10-19 20:46 - 0000000 ____D C:\Users\Jowaiszas Fam\Documents\My PaperPort Documents
2011-10-19 20:35 - 2011-10-19 20:35 - 0000000 ____D C:\Brother
2011-10-19 20:34 - 2010-02-09 03:22 - 0255488 ____R (brother) C:\Windows\System32\NSSRH64.dll
2011-10-19 20:34 - 2009-10-25 20:34 - 0059392 ____R (Brother Industries,Ltd.) C:\Windows\System32\BrWiaNCp.dll
2011-10-19 20:34 - 2009-10-25 20:34 - 0048640 ____R (Brother Industries,Ltd) C:\Windows\System32\Brnsplg.dll
2011-10-19 20:34 - 2009-08-18 05:38 - 0083968 ____R (Brother Industries, Ltd.) C:\Windows\System32\BrNetSti.dll
2011-10-19 20:34 - 2005-04-21 23:36 - 0143360 ____R C:\Windows\System32\BrSNMP64.dll
2011-10-19 20:33 - 2011-10-03 07:06 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2011-10-19 20:33 - 2011-10-03 07:06 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2011-10-19 20:33 - 2011-10-03 07:06 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2011-10-19 20:32 - 2011-10-19 20:33 - 0003777 ____A C:\Windows\SysWOW64\jupdate-1.6.0_29-b11.log
2011-10-19 20:30 - 2011-10-30 19:13 - 0001830 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk
2011-10-19 20:30 - 2011-10-30 19:13 - 0001830 ____A C:\Users\All Users\Desktop\McAfee Security Center.lnk
2011-10-19 20:29 - 2011-10-19 20:29 - 0000000 ____D C:\Program Files (x86)\McAfee.com
2011-10-19 20:29 - 2011-04-14 16:01 - 0009984 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2011-10-19 20:27 - 2011-10-19 20:30 - 0000000 ____D C:\Program Files\McAfee
2011-10-19 20:27 - 2011-10-19 20:30 - 0000000 ____D C:\Program Files\Common Files\McAfee
2011-10-19 20:27 - 2011-10-19 20:27 - 0000000 ____D C:\Program Files\McAfee.com
2011-10-19 20:27 - 2011-04-14 16:01 - 0441840 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfefirek.sys
2011-10-19 20:27 - 2011-04-14 16:01 - 0283744 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfewfpk.sys
2011-10-19 20:27 - 2011-04-14 16:01 - 0190520 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2011-10-19 20:27 - 2011-04-14 16:01 - 0094992 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2011-10-19 20:27 - 2011-04-14 16:01 - 0075160 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfenlfk.sys
2011-10-19 20:27 - 2011-04-14 16:01 - 0063056 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\cfwids.sys
2011-10-19 20:26 - 2011-05-24 21:14 - 0270720 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2011-10-19 20:21 - 2011-03-13 13:45 - 0158832 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2011-10-19 20:17 - 2011-10-19 20:18 - 0002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2011-10-19 20:17 - 2011-10-19 20:18 - 0002016 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2011-10-19 20:17 - 2011-10-19 20:17 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-10-19 20:11 - 2011-10-19 20:11 - 4188120 ____A (McAfee, Inc.) C:\Users\Jowaiszas Fam\Downloads\McAfeeSetup-Serial.exe
2011-10-19 10:54 - 2011-10-19 12:24 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2011-10-18 11:40 - 2011-10-30 19:31 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2011-10-18 11:40 - 2011-10-19 10:54 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2011-10-17 17:22 - 2011-10-01 00:24 - 9326080 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-10-17 17:22 - 2011-09-30 23:42 - 5990912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-10-17 17:22 - 2011-09-30 22:21 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-10-17 17:22 - 2011-09-30 21:59 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-10-17 17:22 - 2011-09-05 22:07 - 3134976 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-10-17 17:22 - 2011-08-20 00:45 - 1197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-10-17 17:22 - 2011-08-20 00:44 - 1501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-10-17 17:22 - 2011-08-20 00:44 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-10-17 17:22 - 2011-08-20 00:42 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-10-17 17:22 - 2011-08-20 00:41 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-10-17 17:22 - 2011-08-20 00:41 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-10-17 17:22 - 2011-08-20 00:41 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-10-17 17:22 - 2011-08-20 00:41 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-10-17 17:22 - 2011-08-20 00:41 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-10-17 17:22 - 2011-08-20 00:40 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-10-17 17:22 - 2011-08-20 00:40 - 12370944 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-10-17 17:22 - 2011-08-20 00:40 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-10-17 17:22 - 2011-08-20 00:40 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-10-17 17:22 - 2011-08-20 00:40 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-10-17 17:22 - 2011-08-20 00:37 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-10-17 17:22 - 2011-08-19 23:38 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-10-17 17:22 - 2011-08-19 23:38 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-10-17 17:22 - 2011-08-19 23:38 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-10-17 17:22 - 2011-08-19 23:36 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-10-17 17:22 - 2011-08-19 23:35 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-10-17 17:22 - 2011-08-19 23:35 - 10990080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-10-17 17:22 - 2011-08-19 23:35 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-10-17 17:22 - 2011-08-19 23:35 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-10-17 17:22 - 2011-08-19 23:35 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-10-17 17:22 - 2011-08-19 23:35 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-10-17 17:22 - 2011-08-19 23:35 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-10-17 17:22 - 2011-08-19 23:35 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-10-17 17:22 - 2011-08-19 23:35 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-10-17 17:22 - 2011-08-19 23:34 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-10-17 17:22 - 2011-08-19 23:32 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-10-17 17:22 - 2011-08-19 23:20 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-10-17 17:22 - 2011-08-19 22:26 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-10-17 17:22 - 2011-08-17 00:32 - 0613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2011-10-17 17:22 - 2011-08-17 00:27 - 0288256 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2011-10-17 17:22 - 2011-08-17 00:27 - 0108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2011-10-17 17:22 - 2011-08-17 00:27 - 0104960 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2011-10-17 17:22 - 2011-08-17 00:27 - 0075776 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2011-10-17 17:22 - 2011-08-16 23:26 - 0465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2011-10-17 17:22 - 2011-08-16 23:22 - 0204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2011-10-17 17:22 - 2011-08-16 23:22 - 0075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2011-10-17 17:22 - 2011-08-16 23:22 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2011-10-17 17:22 - 2011-08-16 23:22 - 0059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2011-10-17 17:20 - 2011-08-27 00:40 - 0861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2011-10-17 17:20 - 2011-08-27 00:40 - 0331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2011-10-17 17:20 - 2011-08-26 23:43 - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2011-10-17 17:20 - 2011-08-26 23:43 - 0233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2011-10-14 10:17 - 2011-10-30 09:26 - 0000000 ____D C:\Program Files (x86)\ESET
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\Z5aQJ6dWKfLTqUe
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\vpnG5aQH6W
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\T5aQJ6dWKfLTqUe
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\lS1iD3onFaH7
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\a5aQJ6dWKfLqUeB
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\Z5aQJ6dWKfLTqUe
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\vpnG5aQH6W
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\T5aQJ6dWKfLTqUe
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\lS1iD3onFaH7
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\a5aQJ6dWKfLqUeB
2011-10-12 21:27 - 2011-10-12 21:27 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\ZzxAucS3nG4Q
2011-10-12 21:27 - 2011-10-12 21:27 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\mNA0c3nn4aQ6W
2011-10-12 21:27 - 2011-10-12 21:27 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\fkIVrzONtAu2b
2011-10-12 21:27 - 2011-10-12 21:27 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\ZzxAucS3nG4Q
2011-10-12 21:27 - 2011-10-12 21:27 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\mNA0c3nn4aQ6W
2011-10-12 21:27 - 2011-10-12 21:27 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\fkIVrzONtAu2b
2011-10-12 13:35 - 2011-10-12 13:35 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\gekIVrzONx0
2011-10-12 13:35 - 2011-10-12 13:35 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\dvS2obF3pGaJdKf
2011-10-12 13:35 - 2011-10-12 13:35 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\gekIVrzONx0
2011-10-12 13:35 - 2011-10-12 13:35 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\dvS2obF3pGaJdKf
2011-10-11 20:47 - 2011-10-14 10:48 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\O222obbF3pm5aJ6
2011-10-11 20:47 - 2011-10-14 10:48 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\O222obbF3pm5aJ6
2011-10-11 20:47 - 2011-10-14 10:09 - 0001948 ____A C:\Users\Jowaiszas Fam\Desktop\Cloud Protection.lnk
2011-10-11 20:47 - 2011-10-11 20:47 - 0001207 ____A C:\Users\Jowaiszas Fam\Application Data\ldr.ini
2011-10-11 20:47 - 2011-10-11 20:47 - 0001207 ____A C:\Users\Jowaiszas Fam\AppData\Roaming\ldr.ini
2011-10-11 20:47 - 2011-10-11 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\VhhTTXqqjUClIrz
2011-10-11 20:47 - 2011-10-11 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\pHHdK7ffRLgjCeI
2011-10-11 20:47 - 2011-10-11 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\JIBBtzPPNyA1uDo
2011-10-11 20:47 - 2011-10-11 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\dK88ggRZ9hYXjVe
2011-10-11 20:47 - 2011-10-11 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\VhhTTXqqjUClIrz
2011-10-11 20:47 - 2011-10-11 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\pHHdK7ffRLgjCeI
2011-10-11 20:47 - 2011-10-11 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\JIBBtzPPNyA1uDo
2011-10-11 20:47 - 2011-10-11 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\dK88ggRZ9hYXjVe
2011-10-11 20:45 - 2011-10-11 20:45 - 0000000 ____D C:\Windows\system64
2011-10-02 23:05 - 2011-10-02 23:05 - 0000000 ___RD C:\Users\Jowaiszas Fam\Application Data\Brother
2011-10-02 23:05 - 2011-10-02 23:05 - 0000000 ___RD C:\Users\Jowaiszas Fam\AppData\Roaming\Brother

============ 3 Months Modified Files and Folders =============

2011-11-01 01:50 - 2011-11-01 01:50 - 0000000 ____D C:\FRST
2011-10-31 21:24 - 2011-03-04 05:37 - 3016712192 __ASH C:\hiberfil.sys
2011-10-30 22:34 - 2011-10-30 22:34 - 0029274 ____A C:\Windows\ntbtlog.txt
2011-10-30 21:26 - 2009-07-14 00:10 - 1624810 ____A C:\Windows\WindowsUpdate.log
2011-10-30 19:31 - 2011-10-18 11:40 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2011-10-30 19:21 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-10-30 19:21 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-10-30 19:19 - 2009-07-14 00:13 - 0727246 ____A C:\Windows\System32\PerfStringBackup.INI
2011-10-30 19:14 - 2011-03-04 04:25 - 0000000 ____D C:\Users\Default\Local Settings\SoftThinks
2011-10-30 19:14 - 2011-03-04 04:25 - 0000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2011-10-30 19:14 - 2011-03-04 04:25 - 0000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2011-10-30 19:14 - 2011-03-04 04:25 - 0000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2011-10-30 19:14 - 2011-03-04 04:25 - 0000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2011-10-30 19:14 - 2011-03-04 04:25 - 0000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2011-10-30 19:14 - 2011-03-04 04:05 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2011-10-30 19:13 - 2011-10-19 20:30 - 0001830 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk
2011-10-30 19:13 - 2011-10-19 20:30 - 0001830 ____A C:\Users\All Users\Desktop\McAfee Security Center.lnk
2011-10-30 19:13 - 2011-06-14 17:48 - 0000000 ____D C:\users\Jowaiszas Fam
2011-10-30 19:13 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-10-30 19:13 - 2009-07-13 23:51 - 0028988 ____A C:\Windows\setupact.log
2011-10-30 19:13 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\config\TxR
2011-10-30 17:11 - 2011-06-14 19:27 - 0000000 ____D C:\users\Zane
2011-10-30 17:10 - 2011-10-29 17:59 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-30 17:10 - 2009-07-14 00:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2011-10-30 17:10 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\registration
2011-10-30 16:40 - 2011-10-30 16:40 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_NuidFltr_01005.Wdf
2011-10-30 16:16 - 2011-10-30 16:16 - 0000000 ___HD C:\Windows\AxInstSV
2011-10-30 09:34 - 2009-07-14 02:45 - 0000000 ____D C:\Program Files\Windows Journal
2011-10-30 09:34 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-10-30 09:34 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2011-10-30 09:34 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2011-10-30 09:34 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Defender
2011-10-30 09:34 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\DVD Maker
2011-10-30 09:34 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2011-10-30 09:34 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2011-10-30 09:34 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 __RSD C:\Windows\Media
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\TAPI
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\sppui
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\Setup
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\oobe
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\migwiz
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\manifeststore
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\es-ES
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\Dism
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\da-DK
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\servicing
2011-10-30 09:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2011-10-30 09:33 - 2011-03-04 03:44 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2011-10-30 09:33 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2011-10-30 09:33 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2011-10-30 09:33 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\sysprep
2011-10-30 09:33 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\spp
2011-10-30 09:33 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\Speech
2011-10-30 09:33 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\NDF
2011-10-30 09:33 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\MUI
2011-10-30 09:33 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\security
2011-10-30 09:32 - 2011-10-28 21:55 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-10-30 09:32 - 2011-10-27 20:29 - 0000000 ____D C:\59eff4bb7568b11ed580
2011-10-30 09:32 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\AppCompat
2011-10-30 09:32 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-10-30 09:29 - 2011-10-27 20:31 - 0000000 ____D C:\Windows\System32\SPReview
2011-10-30 09:26 - 2011-10-14 10:17 - 0000000 ____D C:\Program Files (x86)\ESET
2011-10-29 17:59 - 2011-10-29 17:59 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\Malwarebytes
2011-10-29 17:59 - 2011-10-29 17:59 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\Malwarebytes
2011-10-29 17:59 - 2011-10-29 17:59 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-10-29 17:59 - 2011-10-29 17:59 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2011-10-29 17:59 - 2011-10-29 17:59 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-10-28 21:57 - 2011-10-28 21:57 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-10-28 21:55 - 2011-10-28 21:55 - 0001144 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2011-10-28 21:55 - 2011-10-28 21:55 - 0001144 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
2011-10-28 21:55 - 2011-10-28 21:55 - 0000000 ____D C:\Users\Jowaiszas Fam\Local Settings\Mozilla
2011-10-28 21:55 - 2011-10-28 21:55 - 0000000 ____D C:\Users\Jowaiszas Fam\Local Settings\Application Data\Mozilla
2011-10-28 21:55 - 2011-10-28 21:55 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\Mozilla
2011-10-28 21:55 - 2011-10-28 21:55 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\Mozilla
2011-10-28 21:55 - 2011-10-28 21:55 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Local\Mozilla
2011-10-27 21:12 - 2011-10-27 21:12 - 0000000 ____D C:\Windows\System32\Macromed
2011-10-27 20:55 - 2011-03-04 05:09 - 0000000 ____D C:\Windows\Panther
2011-10-27 09:42 - 2009-07-14 02:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2011-10-24 19:34 - 2011-03-04 05:37 - 0015232 ____A C:\Windows\PFRO.log
2011-10-24 18:26 - 2011-10-24 18:26 - 0012007 ____A C:\Windows\SysWOW64\hs_err_pid2636.log
2011-10-24 15:28 - 2009-07-13 22:18 - 0000000 __SHD C:\$Recycle.Bin
2011-10-24 10:59 - 2011-06-14 17:51 - 0000000 ____D C:\Users\Jowaiszas Fam\Local Settings\VirtualStore
2011-10-24 10:59 - 2011-06-14 17:51 - 0000000 ____D C:\Users\Jowaiszas Fam\Local Settings\Application Data\VirtualStore
2011-10-24 10:59 - 2011-06-14 17:51 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Local\VirtualStore
2011-10-24 10:18 - 2011-10-24 10:18 - 0000000 ____D C:\Windows\Sun
2011-10-24 10:10 - 2011-10-19 21:15 - 0000000 ____D C:\Program Files\CCleaner
2011-10-24 10:10 - 2011-08-18 20:57 - 0000000 ____D C:\Users\All Users\InstallShield
2011-10-24 10:10 - 2011-08-18 20:57 - 0000000 ____D C:\Users\All Users\Application Data\InstallShield
2011-10-24 10:10 - 2011-08-18 20:57 - 0000000 ____D C:\ProgramData\InstallShield
2011-10-24 10:08 - 2011-03-04 04:12 - 0000000 ____D C:\Users\All Users\McAfee
2011-10-24 10:08 - 2011-03-04 04:12 - 0000000 ____D C:\Users\All Users\Application Data\McAfee
2011-10-24 10:08 - 2011-03-04 04:12 - 0000000 ____D C:\ProgramData\McAfee
2011-10-19 21:19 - 2011-06-14 17:58 - 0000000 ___DC C:\Users\Jowaiszas Fam\Local Settings\MigWiz
2011-10-19 21:19 - 2011-06-14 17:58 - 0000000 ___DC C:\Users\Jowaiszas Fam\Local Settings\Application Data\MigWiz
2011-10-19 21:19 - 2011-06-14 17:58 - 0000000 ___DC C:\Users\Jowaiszas Fam\AppData\Local\MigWiz
2011-10-19 20:53 - 2011-10-19 20:53 - 0000000 ____A C:\Users\Jowaiszas Fam\Sti_Trace.log
2011-10-19 20:47 - 2011-10-19 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\Zeon
2011-10-19 20:47 - 2011-10-19 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\ScanSoft
2011-10-19 20:47 - 2011-10-19 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\Zeon
2011-10-19 20:47 - 2011-10-19 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\ScanSoft
2011-10-19 20:46 - 2011-10-19 20:46 - 0000000 ____D C:\Users\Jowaiszas Fam\My Documents\My PaperPort Documents
2011-10-19 20:46 - 2011-10-19 20:46 - 0000000 ____D C:\Users\Jowaiszas Fam\Documents\My PaperPort Documents
2011-10-19 20:35 - 2011-10-19 20:35 - 0000000 ____D C:\Brother
2011-10-19 20:35 - 2011-08-18 21:06 - 0000050 ____A C:\Windows\System32\BRIDF10B.DAT
2011-10-19 20:33 - 2011-10-19 20:32 - 0003777 ____A C:\Windows\SysWOW64\jupdate-1.6.0_29-b11.log
2011-10-19 20:33 - 2011-03-04 03:52 - 0000000 ____D C:\Program Files (x86)\Java
2011-10-19 20:30 - 2011-10-19 20:27 - 0000000 ____D C:\Program Files\McAfee
2011-10-19 20:30 - 2011-10-19 20:27 - 0000000 ____D C:\Program Files\Common Files\McAfee
2011-10-19 20:30 - 2011-03-04 04:12 - 0000000 ____D C:\Program Files (x86)\McAfee
2011-10-19 20:29 - 2011-10-19 20:29 - 0000000 ____D C:\Program Files (x86)\McAfee.com
2011-10-19 20:27 - 2011-10-19 20:27 - 0000000 ____D C:\Program Files\McAfee.com
2011-10-19 20:18 - 2011-10-19 20:17 - 0002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2011-10-19 20:18 - 2011-10-19 20:17 - 0002016 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2011-10-19 20:17 - 2011-10-19 20:17 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-10-19 20:17 - 2011-06-16 08:46 - 0000000 ____D C:\Users\Jowaiszas Fam\Local Settings\Application Data\Adobe
2011-10-19 20:17 - 2011-06-16 08:46 - 0000000 ____D C:\Users\Jowaiszas Fam\Local Settings\Adobe
2011-10-19 20:17 - 2011-06-16 08:46 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Local\Adobe
2011-10-19 20:17 - 2011-03-04 04:01 - 0000000 ____D C:\Users\All Users\Application Data\Adobe
2011-10-19 20:17 - 2011-03-04 04:01 - 0000000 ____D C:\Users\All Users\Adobe
2011-10-19 20:17 - 2011-03-04 04:01 - 0000000 ____D C:\ProgramData\Adobe
2011-10-19 20:11 - 2011-10-19 20:11 - 4188120 ____A (McAfee, Inc.) C:\Users\Jowaiszas Fam\Downloads\McAfeeSetup-Serial.exe
2011-10-19 12:24 - 2011-10-19 10:54 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2011-10-19 11:05 - 2011-09-15 16:19 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\SoftGrid Client
2011-10-19 11:05 - 2011-09-15 16:19 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\SoftGrid Client
2011-10-19 10:54 - 2011-10-18 11:40 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2011-10-18 11:40 - 2011-06-24 11:07 - 0000000 ____D C:\Program Files\Dell Support Center
2011-10-18 11:39 - 2011-06-15 11:00 - 0000000 ____D C:\Users\All Users\PCDr
2011-10-18 11:39 - 2011-06-15 11:00 - 0000000 ____D C:\Users\All Users\Application Data\PCDr
2011-10-18 11:39 - 2011-06-15 11:00 - 0000000 ____D C:\ProgramData\PCDr
2011-10-18 05:25 - 2011-03-04 04:11 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-10-18 05:25 - 2009-07-13 23:45 - 0294248 ____A C:\Windows\System32\FNTCACHE.DAT
2011-10-18 05:05 - 2011-06-14 18:42 - 50086344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-10-14 10:48 - 2011-10-11 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\O222obbF3pm5aJ6
2011-10-14 10:48 - 2011-10-11 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\O222obbF3pm5aJ6
2011-10-14 10:48 - 2009-10-25 16:42 - 0000000 ____D C:\Users\Jowaiszas Fam\My Documents\LEGO Creations
2011-10-14 10:48 - 2009-10-25 16:42 - 0000000 ____D C:\Users\Jowaiszas Fam\Documents\LEGO Creations
2011-10-14 10:17 - 2011-06-14 17:48 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\LocalLow
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\Z5aQJ6dWKfLTqUe
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\vpnG5aQH6W
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\T5aQJ6dWKfLTqUe
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\lS1iD3onFaH7
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\a5aQJ6dWKfLqUeB
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\Z5aQJ6dWKfLTqUe
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\vpnG5aQH6W
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\T5aQJ6dWKfLTqUe
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\lS1iD3onFaH7
2011-10-14 10:09 - 2011-10-14 10:09 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\a5aQJ6dWKfLqUeB
2011-10-14 10:09 - 2011-10-11 20:47 - 0001948 ____A C:\Users\Jowaiszas Fam\Desktop\Cloud Protection.lnk
2011-10-12 21:27 - 2011-10-12 21:27 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\ZzxAucS3nG4Q
2011-10-12 21:27 - 2011-10-12 21:27 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\mNA0c3nn4aQ6W
2011-10-12 21:27 - 2011-10-12 21:27 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\fkIVrzONtAu2b
2011-10-12 21:27 - 2011-10-12 21:27 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\ZzxAucS3nG4Q
2011-10-12 21:27 - 2011-10-12 21:27 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\mNA0c3nn4aQ6W
2011-10-12 21:27 - 2011-10-12 21:27 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\fkIVrzONtAu2b
2011-10-12 13:35 - 2011-10-12 13:35 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\gekIVrzONx0
2011-10-12 13:35 - 2011-10-12 13:35 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\dvS2obF3pGaJdKf
2011-10-12 13:35 - 2011-10-12 13:35 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\gekIVrzONx0
2011-10-12 13:35 - 2011-10-12 13:35 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\dvS2obF3pGaJdKf
2011-10-11 20:47 - 2011-10-11 20:47 - 0001207 ____A C:\Users\Jowaiszas Fam\Application Data\ldr.ini
2011-10-11 20:47 - 2011-10-11 20:47 - 0001207 ____A C:\Users\Jowaiszas Fam\AppData\Roaming\ldr.ini
2011-10-11 20:47 - 2011-10-11 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\VhhTTXqqjUClIrz
2011-10-11 20:47 - 2011-10-11 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\pHHdK7ffRLgjCeI
2011-10-11 20:47 - 2011-10-11 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\JIBBtzPPNyA1uDo
2011-10-11 20:47 - 2011-10-11 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\dK88ggRZ9hYXjVe
2011-10-11 20:47 - 2011-10-11 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\VhhTTXqqjUClIrz
2011-10-11 20:47 - 2011-10-11 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\pHHdK7ffRLgjCeI
2011-10-11 20:47 - 2011-10-11 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\JIBBtzPPNyA1uDo
2011-10-11 20:47 - 2011-10-11 20:47 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\dK88ggRZ9hYXjVe
2011-10-11 20:45 - 2011-10-11 20:45 - 0000000 ____D C:\Windows\system64
2011-10-11 20:45 - 2009-07-14 00:37 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2011-10-03 07:06 - 2011-10-19 20:33 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2011-10-03 07:06 - 2011-10-19 20:33 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2011-10-03 07:06 - 2011-10-19 20:33 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2011-10-03 07:06 - 2011-03-04 03:52 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2011-10-02 23:05 - 2011-10-02 23:05 - 0000000 ___RD C:\Users\Jowaiszas Fam\Application Data\Brother
2011-10-02 23:05 - 2011-10-02 23:05 - 0000000 ___RD C:\Users\Jowaiszas Fam\AppData\Roaming\Brother
2011-10-01 00:24 - 2011-10-17 17:22 - 9326080 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-09-30 23:42 - 2011-10-17 17:22 - 5990912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-09-30 22:21 - 2011-10-17 17:22 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-09-30 21:59 - 2011-10-17 17:22 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-09-28 23:00 - 2011-09-24 13:33 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\W Photo Studio Viewer
2011-09-28 23:00 - 2011-09-24 13:33 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\W Photo Studio Viewer
2011-09-24 13:37 - 2011-09-24 13:37 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\Roxio Log Files
2011-09-24 13:37 - 2011-09-24 13:37 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\Roxio Log Files
2011-09-24 13:36 - 2011-09-24 13:36 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\Macrovision
2011-09-24 13:36 - 2011-09-24 13:36 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\Macrovision
2011-09-22 18:57 - 2011-09-21 19:16 - 0015729 ____A C:\Users\Jowaiszas Fam\My Documents\cam paw.odt
2011-09-22 18:57 - 2011-09-21 19:16 - 0015729 ____A C:\Users\Jowaiszas Fam\Documents\cam paw.odt
2011-09-16 00:54 - 2011-09-15 16:18 - 0743066 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-09-16 00:54 - 2011-09-15 16:18 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-09-15 20:42 - 2011-09-15 18:29 - 0000000 ____D C:\Users\All Users\VirtualizedApplications
2011-09-15 20:42 - 2011-09-15 18:29 - 0000000 ____D C:\Users\All Users\Application Data\VirtualizedApplications
2011-09-15 20:42 - 2011-09-15 18:29 - 0000000 ____D C:\ProgramData\VirtualizedApplications
2011-09-15 20:29 - 2011-06-14 17:48 - 0000000 ____D C:\Users\Jowaiszas Fam\Local Settings\SoftThinks
2011-09-15 20:29 - 2011-06-14 17:48 - 0000000 ____D C:\Users\Jowaiszas Fam\Local Settings\Application Data\SoftThinks
2011-09-15 20:29 - 2011-06-14 17:48 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Local\SoftThinks
2011-09-15 16:19 - 2011-09-15 16:19 - 0000000 ____D C:\Users\Jowaiszas Fam\Local Settings\SoftGrid Client
2011-09-15 16:19 - 2011-09-15 16:19 - 0000000 ____D C:\Users\Jowaiszas Fam\Local Settings\Application Data\SoftGrid Client
2011-09-15 16:19 - 2011-09-15 16:19 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Local\SoftGrid Client
2011-09-15 16:19 - 2011-09-15 16:18 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\TP
2011-09-15 16:19 - 2011-09-15 16:18 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\TP
2011-09-15 16:18 - 2011-09-15 16:18 - 0000000 ____D C:\Program Files\Microsoft Office
2011-09-15 16:18 - 2011-03-04 04:15 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2011-09-14 17:49 - 2011-09-14 17:49 - 0018650 ____A C:\Users\Jowaiszas Fam\My Documents\Colonists zj.odt
2011-09-14 17:49 - 2011-09-14 17:49 - 0018650 ____A C:\Users\Jowaiszas Fam\Documents\Colonists zj.odt
2011-09-06 18:01 - 2011-03-04 04:16 - 0000000 ____D C:\Program Files (x86)\Dell Stage
2011-09-06 10:58 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\rescache
2011-09-05 22:07 - 2011-10-17 17:22 - 3134976 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-09-01 19:44 - 2011-09-01 19:19 - 0016619 ____A C:\Users\Jowaiszas Fam\My Documents\Untitled 2.odt
2011-09-01 19:44 - 2011-09-01 19:19 - 0016619 ____A C:\Users\Jowaiszas Fam\Documents\Untitled 2.odt
2011-08-27 00:40 - 2011-10-17 17:20 - 0861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2011-08-27 00:40 - 2011-10-17 17:20 - 0331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2011-08-26 23:43 - 2011-10-17 17:20 - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2011-08-26 23:43 - 2011-10-17 17:20 - 0233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2011-08-26 09:57 - 2011-08-26 09:57 - 0455949 ____A C:\Users\Jowaiszas Fam\Downloads\truelove barbara.pdf
2011-08-22 18:19 - 2011-08-22 18:19 - 0000000 ____D C:\Users\Zane\Local Settings\Scansoft
2011-08-22 18:19 - 2011-08-22 18:19 - 0000000 ____D C:\Users\Zane\Local Settings\Application Data\Scansoft
2011-08-22 18:19 - 2011-08-22 18:19 - 0000000 ____D C:\Users\Zane\AppData\Local\Scansoft
2011-08-22 18:19 - 2011-06-15 17:17 - 0064560 ____A C:\Users\Zane\Local Settings\GDIPFONTCACHEV1.DAT
2011-08-22 18:19 - 2011-06-15 17:17 - 0064560 ____A C:\Users\Zane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2011-08-22 18:19 - 2011-06-15 17:17 - 0064560 ____A C:\Users\Zane\AppData\Local\GDIPFONTCACHEV1.DAT
2011-08-20 13:09 - 2011-08-20 13:09 - 0288508 ____A C:\Windows\msxml4-KB973688-enu.LOG
2011-08-20 05:01 - 2011-08-20 05:00 - 0291580 ____A C:\Windows\msxml4-KB954430-enu.LOG
2011-08-20 05:00 - 2011-08-20 05:00 - 0000000 ____D C:\Program Files (x86)\MSXML 4.0
2011-08-20 00:45 - 2011-10-17 17:22 - 1197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-08-20 00:44 - 2011-10-17 17:22 - 1501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-08-20 00:44 - 2011-10-17 17:22 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-08-20 00:42 - 2011-10-17 17:22 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-08-20 00:41 - 2011-10-17 17:22 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-08-20 00:41 - 2011-10-17 17:22 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-08-20 00:41 - 2011-10-17 17:22 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-08-20 00:41 - 2011-10-17 17:22 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-08-20 00:41 - 2011-10-17 17:22 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-08-20 00:40 - 2011-10-17 17:22 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-08-20 00:40 - 2011-10-17 17:22 - 12370944 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-08-20 00:40 - 2011-10-17 17:22 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-08-20 00:40 - 2011-10-17 17:22 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-08-20 00:40 - 2011-10-17 17:22 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-08-20 00:37 - 2011-10-17 17:22 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-08-19 23:38 - 2011-10-17 17:22 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-08-19 23:38 - 2011-10-17 17:22 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-08-19 23:38 - 2011-10-17 17:22 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-08-19 23:36 - 2011-10-17 17:22 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-08-19 23:35 - 2011-10-17 17:22 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-08-19 23:35 - 2011-10-17 17:22 - 10990080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-08-19 23:35 - 2011-10-17 17:22 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-08-19 23:35 - 2011-10-17 17:22 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-08-19 23:35 - 2011-10-17 17:22 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-08-19 23:35 - 2011-10-17 17:22 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-08-19 23:35 - 2011-10-17 17:22 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-08-19 23:35 - 2011-10-17 17:22 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-08-19 23:35 - 2011-10-17 17:22 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-08-19 23:34 - 2011-10-17 17:22 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-08-19 23:32 - 2011-10-17 17:22 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-08-19 23:20 - 2011-10-17 17:22 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-08-19 22:26 - 2011-10-17 17:22 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-08-18 21:18 - 2011-08-18 21:18 - 0000000 ____D C:\Users\Jowaiszas Fam\Local Settings\Scansoft
2011-08-18 21:18 - 2011-08-18 21:18 - 0000000 ____D C:\Users\Jowaiszas Fam\Local Settings\Application Data\Scansoft
2011-08-18 21:18 - 2011-08-18 21:18 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Local\Scansoft
2011-08-18 21:14 - 2011-06-14 17:48 - 0064560 ____A C:\Users\Jowaiszas Fam\Local Settings\GDIPFONTCACHEV1.DAT
2011-08-18 21:14 - 2011-06-14 17:48 - 0064560 ____A C:\Users\Jowaiszas Fam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2011-08-18 21:14 - 2011-06-14 17:48 - 0064560 ____A C:\Users\Jowaiszas Fam\AppData\Local\GDIPFONTCACHEV1.DAT
2011-08-18 21:07 - 2011-08-18 21:07 - 0002146 ____A C:\Users\Public\Desktop\Brother Creative Center.lnk
2011-08-18 21:07 - 2011-08-18 21:07 - 0002146 ____A C:\Users\All Users\Desktop\Brother Creative Center.lnk
2011-08-18 21:07 - 2011-08-18 21:07 - 0000254 ____A C:\Windows\Brpfx04a.ini
2011-08-18 21:07 - 2011-08-18 21:07 - 0000093 ____A C:\Windows\brpcfx.ini
2011-08-18 21:06 - 2011-08-18 21:06 - 0000066 ____A C:\Windows\Brfaxrx.ini
2011-08-18 21:06 - 2011-08-18 21:06 - 0000000 ____D C:\Users\Public\Documents\BrFaxRx
2011-08-18 21:06 - 2011-08-18 21:06 - 0000000 ____D C:\Users\All Users\Documents\BrFaxRx
2011-08-18 21:06 - 2011-08-18 21:06 - 0000000 ____D C:\Program Files (x86)\Browny02
2011-08-18 21:06 - 2011-08-18 21:05 - 0000419 ____A C:\Windows\BRWMARK.INI
2011-08-18 21:06 - 2011-08-18 21:05 - 0000000 ____D C:\Program Files (x86)\Brother
2011-08-18 21:05 - 2011-08-18 20:55 - 0000000 ____D C:\Users\All Users\Brother
2011-08-18 21:05 - 2011-08-18 20:55 - 0000000 ____D C:\Users\All Users\Application Data\Brother
2011-08-18 21:05 - 2011-08-18 20:55 - 0000000 ____D C:\ProgramData\Brother
2011-08-18 21:05 - 2011-03-04 03:53 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-08-18 20:58 - 2011-08-18 20:58 - 0000000 ____D C:\Users\Jowaiszas Fam\Application Data\InstallShield
2011-08-18 20:58 - 2011-08-18 20:58 - 0000000 ____D C:\Users\Jowaiszas Fam\AppData\Roaming\InstallShield
2011-08-18 20:58 - 2011-08-18 20:58 - 0000000 ____D C:\Program Files\Nuance
2011-08-18 20:57 - 2011-08-18 20:56 - 0000000 ____D C:\Users\All Users\ScanSoft
2011-08-18 20:57 - 2011-08-18 20:56 - 0000000 ____D C:\Users\All Users\Application Data\ScanSoft
2011-08-18 20:57 - 2011-08-18 20:56 - 0000000 ____D C:\ProgramData\ScanSoft
2011-08-18 20:56 - 2011-08-18 20:56 - 0000000 ____D C:\Program Files (x86)\ScanSoft
2011-08-18 18:58 - 2011-08-18 18:58 - 0302593 ____A C:\Users\Jowaiszas Fam\Downloads\painter florence-001.pdf
2011-08-17 00:32 - 2011-10-17 17:22 - 0613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2011-08-17 00:27 - 2011-10-17 17:22 - 0288256 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2011-08-17 00:27 - 2011-10-17 17:22 - 0108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2011-08-17 00:27 - 2011-10-17 17:22 - 0104960 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2011-08-17 00:27 - 2011-10-17 17:22 - 0075776 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2011-08-16 23:26 - 2011-10-17 17:22 - 0465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2011-08-16 23:22 - 2011-10-17 17:22 - 0204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2011-08-16 23:22 - 2011-10-17 17:22 - 0075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2011-08-16 23:22 - 2011-10-17 17:22 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2011-08-16 23:22 - 2011-10-17 17:22 - 0059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2011-08-16 16:56 - 2011-08-16 16:56 - 0000000 ____D C:\Windows\System32\EventProviders
2011-08-06 12:59 - 2011-08-06 12:59 - 0000000 ____D C:\Users\Zane\Local Settings\Application Data\Apple
2011-08-06 12:59 - 2011-08-06 12:59 - 0000000 ____D C:\Users\Zane\Local Settings\Apple
2011-08-06 12:59 - 2011-08-06 12:59 - 0000000 ____D C:\Users\Zane\AppData\Local\Apple
2011-08-06 12:58 - 2011-08-06 12:58 - 0000000 ____D C:\Users\Zane\Application Data\Fingertapps
2011-08-06 12:58 - 2011-08-06 12:58 - 0000000 ____D C:\Users\Zane\AppData\Roaming\Fingertapps

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3835.95 MB
Available physical RAM: 3269.09 MB
Total Pagefile: 3834.1 MB
Available Pagefile: 3252.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:916.83 GB) (Free:829.79 GB) NTFS
2 Drive d: (CD_ROM) (CDROM) (Total:0.16 GB) (Free:0 GB) CDFS
3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.71 GB) NTFS
4 Drive f: (PATRIOT) (Removable) (Total:7.46 GB) (Free:5.32 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==========================================================

Last Boot: 2011-10-22 11:49

======================= End Of Log ==========================

Back to top

#4 JSntgRvr

Master Surgeon General

Malware Response Team
7,131 posts

Gender:Male
Location:Puerto Rico

Posted 01 November 2011 - 09:52 AM

Download the enclosed file. [attachment=110450:fixlist.txt]

Save it in the USB drive. Run FRST as you did before, except that this time around press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

If successful, boot normally and run combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If any of these applications will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. http://www.appremover.com/supported-applications. Do not use AppRemover on Norton
  
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combofix.exe & follow the prompts.
Install the Recovery Console if prompted.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" .

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Edited by JSntgRvr, 01 November 2011 - 09:55 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!

Back to top

#5 mat58

Forum Regular

Members
217 posts

Gender:Female
Location:Mesa, AZ

Posted 01 November 2011 - 06:21 PM

Before I go any further, I downloaded your "fixlist.txt" file and ran FRST64.exe as requested. Here is that log:

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.2.7)
Ran by SYSTEM at 2011-11-01 21:16:00 R:1
Running from F:\

==============================================

HKLM-x32\\\.\.\.\\Run\\FAStartup Value deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows Value was restored.
C:\Users\Jowaiszas Fam\Application Data\Z5aQJ6dWKfLTqUe moved successfully.
C:\Users\Jowaiszas Fam\Application Data\vpnG5aQH6W moved successfully.
C:\Users\Jowaiszas Fam\Application Data\T5aQJ6dWKfLTqUe moved successfully.
C:\Users\Jowaiszas Fam\Application Data\lS1iD3onFaH7 moved successfully.
C:\Users\Jowaiszas Fam\Application Data\a5aQJ6dWKfLqUeB moved successfully.
C:\Users\Jowaiszas Fam\AppData\Roaming\Z5aQJ6dWKfLTqUe not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\vpnG5aQH6W not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\T5aQJ6dWKfLTqUe not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\lS1iD3onFaH7 not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\a5aQJ6dWKfLqUeB not found.
C:\Users\Jowaiszas Fam\Application Data\ZzxAucS3nG4Q moved successfully.
C:\Users\Jowaiszas Fam\Application Data\mNA0c3nn4aQ6W moved successfully.
C:\Users\Jowaiszas Fam\Application Data\fkIVrzONtAu2b moved successfully.
C:\Users\Jowaiszas Fam\AppData\Roaming\ZzxAucS3nG4Q not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\mNA0c3nn4aQ6W not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\fkIVrzONtAu2b not found.
C:\Users\Jowaiszas Fam\Application Data\gekIVrzONx0 moved successfully.
C:\Users\Jowaiszas Fam\Application Data\dvS2obF3pGaJdKf moved successfully.
C:\Users\Jowaiszas Fam\AppData\Roaming\gekIVrzONx0 not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\dvS2obF3pGaJdKf not found.
C:\Users\Jowaiszas Fam\Application Data\O222obbF3pm5aJ6 moved successfully.
C:\Users\Jowaiszas Fam\AppData\Roaming\O222obbF3pm5aJ6 not found.
C:\Users\Jowaiszas Fam\Application Data\VhhTTXqqjUClIrz moved successfully.
C:\Users\Jowaiszas Fam\Application Data\pHHdK7ffRLgjCeI moved successfully.
C:\Users\Jowaiszas Fam\Application Data\JIBBtzPPNyA1uDo moved successfully.
C:\Users\Jowaiszas Fam\Application Data\dK88ggRZ9hYXjVe moved successfully.
C:\Users\Jowaiszas Fam\AppData\Roaming\VhhTTXqqjUClIrz not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\pHHdK7ffRLgjCeI not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\JIBBtzPPNyA1uDo not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\dK88ggRZ9hYXjVe not found.
C:\Windows\system64 moved successfully.
C:\Users\Jowaiszas Fam\Application Data\Z5aQJ6dWKfLTqUe not found.
C:\Users\Jowaiszas Fam\Application Data\vpnG5aQH6W not found.
C:\Users\Jowaiszas Fam\Application Data\T5aQJ6dWKfLTqUe not found.
C:\Users\Jowaiszas Fam\Application Data\lS1iD3onFaH7 not found.
C:\Users\Jowaiszas Fam\Application Data\a5aQJ6dWKfLqUeB not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\Z5aQJ6dWKfLTqUe not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\vpnG5aQH6W not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\T5aQJ6dWKfLTqUe not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\lS1iD3onFaH7 not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\a5aQJ6dWKfLqUeB not found.
C:\Users\Jowaiszas Fam\Application Data\ZzxAucS3nG4Q not found.
C:\Users\Jowaiszas Fam\Application Data\mNA0c3nn4aQ6W not found.
C:\Users\Jowaiszas Fam\Application Data\fkIVrzONtAu2b not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\ZzxAucS3nG4Q not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\mNA0c3nn4aQ6W not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\fkIVrzONtAu2b not found.
C:\Users\Jowaiszas Fam\Application Data\gekIVrzONx0 not found.
C:\Users\Jowaiszas Fam\Application Data\dvS2obF3pGaJdKf not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\gekIVrzONx0 not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\dvS2obF3pGaJdKf not found.
C:\Users\Jowaiszas Fam\Application Data\VhhTTXqqjUClIrz not found.
C:\Users\Jowaiszas Fam\Application Data\pHHdK7ffRLgjCeI not found.
C:\Users\Jowaiszas Fam\Application Data\JIBBtzPPNyA1uDo not found.
C:\Users\Jowaiszas Fam\Application Data\dK88ggRZ9hYXjVe not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\VhhTTXqqjUClIrz not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\pHHdK7ffRLgjCeI not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\JIBBtzPPNyA1uDo not found.
C:\Users\Jowaiszas Fam\AppData\Roaming\dK88ggRZ9hYXjVe not found.
C:\Windows\system64 not found.

==== End of Fixlog ====

Due to time constraints this evening, I may not be able to run ComboFix until tomorrow. I will post back as soon as I can.

Back to top

#6 JSntgRvr

Master Surgeon General

Malware Response Team
7,131 posts

Gender:Male
Location:Puerto Rico

Posted 01 November 2011 - 08:16 PM

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!

Back to top

#7 mat58

Forum Regular

Members
217 posts

Gender:Female
Location:Mesa, AZ

Posted 01 November 2011 - 11:43 PM

Here is the ComboFix Log:

ComboFix 11-11-01.04 - Jowaiszas Fam 11/01/2011 23:02:25.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2448 [GMT -7:00]
Running from: c:\users\Jowaiszas Fam\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jowaiszas Fam\370_gotomypc.exe
c:\users\Jowaiszas Fam\AppData\Roaming\ldr.ini
c:\users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud Protection
c:\users\Jowaiszas Fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud Protection\Cloud Protection.lnk
c:\users\Jowaiszas Fam\Desktop\Cloud Protection.lnk
c:\users\Jowaiszas Fam\g2mdlhlpx.exe
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\00000004.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000004.@
c:\windows\assembly\tmp\U\80000032.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
.
.
((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 )))))))))))))))))))))))))))))))
.
.
2011-11-02 06:19 . 2011-11-02 06:19 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4CCFE11C-8EC9-4AFC-AAAD-96261EBB9D55}\offreg.dll
2011-11-02 06:14 . 2011-11-02 06:14 -------- d-----w- c:\users\Zane\AppData\Local\temp
2011-11-02 06:14 . 2011-11-02 06:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-02 05:25 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4CCFE11C-8EC9-4AFC-AAAD-96261EBB9D55}\mpengine.dll
2011-11-01 06:50 . 2011-11-01 06:51 -------- d-----w- C:\FRST
2011-10-30 21:16 . 2011-10-30 21:16 -------- d--h--w- c:\windows\AxInstSV
2011-10-29 22:59 . 2011-10-29 22:59 -------- d-----w- c:\users\Jowaiszas Fam\AppData\Roaming\Malwarebytes
2011-10-29 22:59 . 2011-10-29 22:59 -------- d-----w- c:\programdata\Malwarebytes
2011-10-29 22:59 . 2011-10-30 22:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-29 02:57 . 2011-10-29 02:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-29 02:55 . 2011-10-29 02:55 -------- d-----w- c:\users\Jowaiszas Fam\AppData\Local\Mozilla
2011-10-29 02:45 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-29 02:45 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-28 02:12 . 2011-10-28 02:12 -------- d-----w- c:\windows\system32\Macromed
2011-10-28 01:31 . 2011-10-30 14:29 -------- d-----w- c:\windows\system32\SPReview
2011-10-28 01:29 . 2011-10-30 14:32 -------- d-----w- C:\59eff4bb7568b11ed580
2011-10-24 15:18 . 2011-10-24 15:18 -------- d-----w- c:\windows\Sun
2011-10-20 02:15 . 2011-10-24 15:10 -------- d-----w- c:\program files\CCleaner
2011-10-20 01:47 . 2011-10-20 01:47 -------- d-----w- c:\users\Jowaiszas Fam\AppData\Roaming\Zeon
2011-10-20 01:47 . 2011-10-20 01:47 -------- d-----w- c:\users\Jowaiszas Fam\AppData\Roaming\ScanSoft
2011-10-20 01:35 . 2011-10-20 01:35 -------- d-----w- C:\Brother
2011-10-20 01:34 . 2010-02-09 08:22 255488 ------r- c:\windows\system32\NSSRH64.dll
2011-10-20 01:34 . 2009-10-26 01:34 59392 ------r- c:\windows\system32\BrWiaNCp.dll
2011-10-20 01:34 . 2009-10-26 01:34 48640 ------r- c:\windows\system32\Brnsplg.dll
2011-10-20 01:34 . 2009-08-18 10:38 83968 ------r- c:\windows\system32\BrNetSti.dll
2011-10-20 01:34 . 2005-04-22 04:36 143360 ------r- c:\windows\system32\BrSNMP64.dll
2011-10-20 01:33 . 2011-10-20 01:33 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-20 01:29 . 2011-10-20 01:29 -------- d-----w- c:\program files (x86)\McAfee.com
2011-10-20 01:29 . 2011-04-14 21:01 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-20 01:27 . 2011-04-14 21:01 94992 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-20 01:27 . 2011-04-14 21:01 75160 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-20 01:27 . 2011-04-14 21:01 63056 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-20 01:27 . 2011-04-14 21:01 441840 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-20 01:27 . 2011-04-14 21:01 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-20 01:27 . 2011-04-14 21:01 190520 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-20 01:27 . 2011-10-20 01:30 -------- d-----w- c:\program files\McAfee
2011-10-20 01:27 . 2011-10-20 01:30 -------- d-----w- c:\program files\Common Files\McAfee
2011-10-20 01:26 . 2011-05-25 02:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-10-20 01:21 . 2011-03-13 18:45 158832 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-20 01:17 . 2011-10-20 01:17 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-10-17 22:20 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-17 22:20 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-17 22:20 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-17 22:20 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-14 15:17 . 2011-10-30 14:26 -------- d-----w- c:\program files (x86)\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 12:06 . 2011-03-04 08:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP6366"="c:\program files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe" [2009-07-17 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-22 98304]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-24 1486392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-11 559616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-02-22 21:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0325871319739128mcinstcleanup;McAfee Application Installer Cleanup (0325871319739128);c:\windows\TEMP\032587~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-10-06 25072]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 DellOSDservice;DellOSDservice;c:\program files\Dell\OSD\DellOSDservice.exe [2010-07-06 7168]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 nuviocir;Nuvoton W836x7HG CIR Device Driver;c:\windows\system32\DRIVERS\nuviocir_win7_x64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2011-10-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2011-11-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"combofix"="c:\combofix\CF9322.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jowaiszas Fam\AppData\Roaming\Mozilla\Firefox\Profiles\cwznoaey.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
c:\program files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
.
**************************************************************************
.
Completion time: 2011-11-01 23:45:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-02 06:45
.
Pre-Run: 891,985,285,120 bytes free
Post-Run: 892,275,949,568 bytes free
.
- - End Of File - - 11A9B96D4854BB298FBEE507D4FA586A

Back to top

#8 JSntgRvr

Master Surgeon General

Malware Response Team
7,131 posts

Gender:Male
Location:Puerto Rico

Posted 02 November 2011 - 08:51 AM

To check for remnants, please update and perform a malwarebytes antimalware scan, as well as an antivirus scan. Let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!

Back to top

#9 mat58

Forum Regular

Members
217 posts

Gender:Female
Location:Mesa, AZ

Posted 03 November 2011 - 12:03 AM

McAfee full scan quarantined Tool-NirCmd and Malwarebytes full scan resulted in no infections.

Back to top

#10 JSntgRvr

Master Surgeon General

Malware Response Team
7,131 posts

Gender:Male
Location:Puerto Rico

Posted 03 November 2011 - 12:13 PM

Congratulations.

Follow these steps to uninstall Combofix.

Rename Combofix to Uninstall and click on it. That should launch and remove the application.

Be safe

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!

Back to top

#11 mat58

Forum Regular

Members
217 posts

Gender:Female
Location:Mesa, AZ

Posted 03 November 2011 - 07:23 PM

I can't find ComboFix. It is no longer on the desktop. Did the McAfee full scan do anything with it (I did mention 1 file was quarantined, but the name was very different). I want to make sure it's not left on the PC for my friend to run by mistake.

I am also running a Windows Update (Windows 7 SP1 64 bit). I'll let you know how it goes.

Back to top

#12 mat58

Forum Regular

Members
217 posts

Gender:Female
Location:Mesa, AZ

Posted 05 November 2011 - 11:41 AM

All Windows updates completed successfully. Other than not knowing where ComboFix disappeared to, the PC looks clean and problems resolved. Thank you so much for your help.

Back to top

#13 JSntgRvr

Master Surgeon General

Malware Response Team
7,131 posts

Gender:Male
Location:Puerto Rico

Posted 05 November 2011 - 12:29 PM

You are welcome.

Just to make sure all tools are removed run this application:

Please download OTC by OldTimer.

Save it to your desktop.
Please double-click OTC.exe to run it. (Vista users, please right click on OTC.exe and select "Run as an Administrator")
This will delete the tools we used in the removal of malware, including this program.
If you are asked to reboot to complete the removal process then please do so

Upon restart, manually remove any remaining tools.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!

Back to top

#14 JSntgRvr

Master Surgeon General

Malware Response Team
7,131 posts

Gender:Male
Location:Puerto Rico

Posted 13 November 2011 - 07:35 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!