Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows startup virus


  • This topic is locked This topic is locked
63 replies to this topic

#1 kevinmcgreal

kevinmcgreal

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berea OH
  • Local time:09:11 AM

Posted 07 March 2013 - 02:30 PM

My system has a windows startup virus.  Yesterday, it shut down and would not restart.  It previously had a google redirect virus which I could not get rid of.  I read some of the other posts and downloaded the Farbar tool.  I now have the results below but don't know where to go from here.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-03-2013 01
Ran by SYSTEM at 07-03-2013 13:43:17
Running from H:\
Windows 7 Home Premium   (X64) OS Language: English(US) 
The current controlset is ControlSet002
 
==================== Registry (Whitelisted) ===================
 
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-09-07] (Alcor Micro Corp.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [489472 2010-09-27] (IDT, Inc.)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-08-31] ()
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2076272 2012-11-02] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-27] (Intel Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui [136416 2011-04-06] (Memeo Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [542104 2012-12-11] (Lavasoft)
HKLM-x32\...\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat [172 2013-01-08] ()
HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKU\Kevin J McGreal\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\Kevin J McGreal\...\Run: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2084 2011-08-19] ()
HKU\Kevin J McGreal\...\Run: [Google Update] "C:\Users\Kevin J McGreal\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-17] (Google Inc.)
HKU\Kevin J McGreal\...\Run: [SkyDrive] "C:\Users\Kevin J McGreal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background [255992 2012-11-16] (Microsoft Corporation)
HKU\Kevin J McGreal\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Kevin J McGreal\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-05-01] (Google Inc.)
HKU\Kevin J McGreal\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-11-01] (SUPERAntiSpyware.com)
HKU\Kevin J McGreal\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [16328976 2012-12-17] (Google)
HKU\Kevin J McGreal\...\RunOnce: [Uninstall C:\Users\Kevin J McGreal\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kevin J McGreal\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64" [345088 2010-11-20] (Microsoft Corporation)
HKU\Kevin J McGreal\...\RunOnce: [Uninstall C:\Users\Kevin J McGreal\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kevin J McGreal\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525" [345088 2010-11-20] (Microsoft Corporation)
HKU\Kevin J McGreal\...\RunOnce: [Uninstall C:\Users\Kevin J McGreal\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kevin J McGreal\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64" [345088 2010-11-20] (Microsoft Corporation)
HKU\Kevin J McGreal\...\RunOnce: [Uninstall C:\Users\Kevin J McGreal\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kevin J McGreal\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710" [345088 2010-11-20] (Microsoft Corporation)
HKU\Kevin J McGreal\...\RunOnce: [Uninstall C:\Users\Kevin J McGreal\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kevin J McGreal\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64" [345088 2010-11-20] (Microsoft Corporation)
HKU\Kevin J McGreal\...\RunOnce: [Uninstall C:\Users\Kevin J McGreal\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kevin J McGreal\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718" [345088 2010-11-20] (Microsoft Corporation)
HKU\Kevin J McGreal\...\RunOnce: [Uninstall C:\Users\Kevin J McGreal\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kevin J McGreal\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727" [345088 2010-11-20] (Microsoft Corporation)
HKU\Kevin J McGreal\...\RunOnce: [Uninstall C:\Users\Kevin J McGreal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kevin J McGreal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" [345088 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\759\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Kevin J McGreal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
 
==================== Services (Whitelisted) ===================
 
2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
2 Ad-Aware Service; "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" [1236968 2012-12-14] (Lavasoft Limited)
4 AffinegyService; "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe" [563104 2011-11-14] (Affinegy, Inc.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
2 DvmMDES; "C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe" [338208 2010-09-28] (DeviceVM, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
2 MSSQL$ALAMODE; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sALAMODE [29293408 2010-12-10] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
4 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 SBAMSvc; "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe" [3677000 2012-09-20] (GFI Software)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [994360 2011-10-13] (Secunia)
2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [399416 2011-10-13] (Secunia)
4 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()
 
==================== Drivers (Whitelisted) =====================
 
1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)
1 CbFs; \??\C:\Windows\system32\drivers\cbfs64.sys [191960 2010-09-22] (EldoS Corporation)
1 DVMIO; C:\Windows\System32\Drivers\DVMIO.sys [20056 2009-11-11] (DeviceVM, Inc.)
0 gfibto; C:\Windows\System32\Drivers\gfibto.sys [14456 2013-01-08] (GFI Software)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ====================
 
 
==================== One Month Created Files and Folders ========
 
2013-03-07 13:43 - 2013-03-07 13:43 - 00000000 ____D C:\FRST
2013-03-04 23:23 - 2013-03-06 15:42 - 00056384 ____A C:\Windows\alaredun.ini
2013-02-28 14:25 - 2013-02-28 14:25 - 02660832 ____A C:\Users\Kevin J McGreal\Desktop\curMismo.xml
2013-02-28 14:25 - 2013-02-28 14:25 - 02660832 ____A C:\Users\Kevin J McGreal\Desktop\13KM1021.xml
2013-02-28 14:20 - 2013-02-28 14:20 - 00093379 ____A C:\Users\Kevin J McGreal\Desktop\12KM1282.xml
2013-02-28 11:36 - 2013-02-28 12:17 - 00027618 ____A C:\Users\Kevin J McGreal\Desktop\KJMRESUME_mcgreal_feb_2013.xlsx
2013-02-28 06:24 - 2013-02-28 06:24 - 21067118 ____A C:\Users\Kevin J McGreal\Downloads\lamb (2).wmv
2013-02-27 10:53 - 2013-02-27 10:54 - 21067118 ____A C:\Users\Kevin J McGreal\Downloads\lamb.wmv
2013-02-27 10:53 - 2013-02-27 10:54 - 21067118 ____A C:\Users\Kevin J McGreal\Downloads\lamb (1).wmv
2013-02-26 21:53 - 2013-02-26 22:53 - 16473456 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-02-26 08:44 - 2013-02-16 22:40 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\IEUDINIT.EXE
2013-02-26 08:43 - 2013-02-26 08:43 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-02-26 08:41 - 2013-02-26 08:41 - 19221504 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 15407616 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 14317568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-26 08:41 - 2013-02-26 08:41 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-26 08:41 - 2013-02-26 08:41 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-26 08:41 - 2013-02-26 08:41 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-26 08:41 - 2013-02-26 08:41 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-02-26 08:41 - 2013-02-26 08:41 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-02-26 08:41 - 2013-02-26 08:41 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00526848 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-02-26 08:41 - 2013-02-26 08:41 - 00391680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-02-26 08:41 - 2013-02-26 08:41 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-02-26 08:41 - 2013-02-26 08:41 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-02-26 08:41 - 2013-02-26 08:41 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-02-26 08:39 - 2013-02-26 08:39 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-02-26 08:34 - 2013-02-26 08:44 - 00014107 ____A C:\Windows\IE10_main.log
2013-02-26 08:30 - 2013-02-26 08:31 - 46592416 ____A (Microsoft Corporation) C:\Users\Kevin J McGreal\Downloads\EIE10_EN-US_WOL_Win764.EXE
2013-02-24 19:18 - 2013-02-24 19:18 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-02-24 19:17 - 2013-02-24 19:18 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-24 19:17 - 2013-02-24 19:18 - 00000000 ____D C:\Program Files\iTunes
2013-02-24 19:17 - 2013-02-24 19:18 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-02-24 19:17 - 2013-02-24 19:17 - 00000000 ____D C:\Program Files\iPod
2013-02-24 15:43 - 2013-02-24 15:43 - 00000000 ____D C:\Users\Kevin J McGreal\AppData\Local\{A1B97DBC-C0A3-4E48-AAD0-85E0F61BEA28}
2013-02-21 11:51 - 2013-02-21 11:51 - 00005132 ____A C:\Users\Kevin J McGreal\Downloads\4081873_RESI_58ED.csv
2013-02-21 09:23 - 2013-02-21 09:23 - 00075931 ____A C:\Users\Kevin J McGreal\Downloads\OH035_323-01_1.tif
2013-02-21 09:23 - 2013-02-21 09:23 - 00075931 ____A C:\Users\Kevin J McGreal\Downloads\OH035_323-01_1 (1).tif
2013-02-19 15:23 - 2013-03-06 18:29 - 00000000 ___SD C:\Users\Kevin J McGreal\Google Drive
2013-02-19 15:23 - 2013-02-19 15:23 - 00001710 ____A C:\Users\Kevin J McGreal\Desktop\Google Drive.lnk
2013-02-19 15:22 - 2013-02-19 15:22 - 00000000 ____D C:\Users\Kevin J McGreal\AppData\LocalGoogle
2013-02-19 09:34 - 2013-02-19 09:32 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-02-19 09:33 - 2013-02-19 09:32 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-02-19 09:33 - 2013-02-19 09:32 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-02-19 09:33 - 2013-02-19 09:32 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-02-19 09:29 - 2013-02-19 09:29 - 00896928 ____A (Oracle Corporation) C:\Users\Kevin J McGreal\Downloads\chromeinstall-7u13.exe
2013-02-19 08:47 - 2013-02-19 08:47 - 00003747 ____A C:\Users\Kevin J McGreal\Downloads\4081873_RESI_55D3.csv
2013-02-13 03:12 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-13 03:12 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-02-13 03:12 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-02-13 03:12 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-13 03:12 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-13 03:12 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-13 03:12 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-13 03:12 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-13 03:12 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-13 03:11 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-13 03:11 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-13 03:11 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-02-12 14:28 - 2013-02-12 14:29 - 00005815 ____A C:\Users\Kevin J McGreal\Downloads\4081873_RESI_4CB1.csv
2013-02-09 19:45 - 2013-02-09 19:45 - 00260290 ____A C:\Users\Kevin J McGreal\Documents\illusionists 2 entrance.pptx
2013-02-09 10:31 - 2013-02-09 10:31 - 02195061 ____A C:\Users\Kevin J McGreal\Downloads\tdsskiller.zip
2013-02-09 10:31 - 2013-02-09 10:31 - 00000000 ____D C:\Users\Kevin J McGreal\Downloads\tdsskiller
2013-02-06 08:01 - 2013-02-06 08:01 - 00003351 ____A C:\Users\Kevin J McGreal\Downloads\4081873_RESI_4449.csv
2013-02-05 13:54 - 2013-02-07 12:52 - 00000000 ____D C:\Program Files (x86)\H&R Block Business 2012
2013-02-05 13:54 - 2013-02-05 13:54 - 00001250 ____A C:\Users\Kevin J McGreal\Desktop\H&R Block Business 2012.lnk
2013-02-05 13:46 - 2013-02-05 13:46 - 00002033 ____A C:\Users\Public\Desktop\H&R Block 2012.lnk
2013-02-05 13:45 - 2013-02-05 13:46 - 00000000 ____D C:\Program Files (x86)\HRBlock2012
2013-02-05 13:45 - 2013-02-05 13:45 - 00000000 ____D C:\Users\Kevin J McGreal\Documents\HRBlock
2013-02-05 13:45 - 2013-02-05 13:45 - 00000000 ____D C:\Program Files (x86)\PDF995
2013-02-05 13:43 - 2013-02-05 13:43 - 00000000 ____D C:\ProgramData\TaxCut
 
==================== One Month Modified Files and Folders =======
 
2013-03-07 13:43 - 2013-03-07 13:43 - 00000000 ____D C:\FRST
2013-03-06 19:28 - 2010-11-18 16:49 - 00000000 ____D C:\ProgramData\Recovery
2013-03-06 19:01 - 2011-09-21 09:15 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-06 19:00 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-06 19:00 - 2009-07-13 20:51 - 00109104 ____A C:\Windows\setupact.log
2013-03-06 18:53 - 2012-03-30 04:46 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-06 18:53 - 2011-11-17 17:00 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3371643701-3060768687-3771477198-1001Core.job
2013-03-06 18:52 - 2011-11-17 17:00 - 00000948 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3371643701-3060768687-3771477198-1001UA.job
2013-03-06 18:39 - 2011-05-31 20:13 - 00000310 ____A C:\Users\Kevin J McGreal\AppData\Local\mv_music.xml
2013-03-06 18:39 - 2011-05-31 20:13 - 00000285 ____A C:\Users\Kevin J McGreal\AppData\Local\mv_Photo.xml
2013-03-06 18:37 - 2011-04-21 11:23 - 01513075 ____A C:\Windows\WindowsUpdate.log
2013-03-06 18:29 - 2013-02-19 15:23 - 00000000 ___SD C:\Users\Kevin J McGreal\Google Drive
2013-03-06 18:29 - 2013-01-08 14:06 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-03-06 18:29 - 2012-11-19 22:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-03-06 18:29 - 2012-06-12 11:39 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-03-06 18:29 - 2012-06-12 11:39 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-03-06 18:29 - 2012-04-30 20:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-03-06 18:29 - 2011-06-08 08:29 - 00000000 ____D C:\Users\Kevin J McGreal\AppData\Roaming\ZumoDrive
2013-03-06 18:29 - 2011-06-01 01:20 - 00000000 ____D C:\RECYCLED
2013-03-06 18:29 - 2011-05-31 20:29 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-03-06 18:29 - 2011-04-21 11:47 - 00000000 ____D C:\ProgramData\RoxioNow
2013-03-06 18:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-03-06 18:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-03-06 18:27 - 2010-11-18 16:17 - 00000000 ____D C:\Program Files (x86)\Java
2013-03-06 18:16 - 2011-09-21 09:16 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-06 18:13 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-06 18:13 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-06 18:12 - 2009-07-13 21:13 - 00850284 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-06 15:42 - 2013-03-04 23:23 - 00056384 ____A C:\Windows\alaredun.ini
2013-03-06 15:42 - 2012-01-12 12:06 - 00000000 ____D C:\ProgramData\MFAData
2013-03-06 15:42 - 2011-11-18 18:28 - 00001265 ____A C:\Windows\alamode.ini
2013-03-06 15:40 - 2011-05-31 20:11 - 00000000 ____D C:\users\Kevin J McGreal
2013-03-04 19:03 - 2012-10-06 20:00 - 00050443 ____A C:\Windows\_alaDBGC.log
2013-03-04 18:59 - 2012-11-21 15:39 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-03-04 18:59 - 2012-11-21 15:39 - 00001645 ____A C:\Windows\LkmdfCoInst.log
2013-03-04 18:18 - 2013-02-03 13:27 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-03-04 15:24 - 2011-06-08 08:47 - 00000000 ____D C:\Users\Kevin J McGreal\Documents\My Sketches
2013-03-04 15:23 - 2011-08-19 12:33 - 00000000 ____D C:\ProgramData\Apex Software
2013-03-04 08:13 - 2011-08-21 14:16 - 00000000 ____D C:\Users\Kevin J McGreal\AppData\Local\CutePDF Writer
2013-03-03 15:57 - 2011-09-22 10:52 - 00000000 ____D C:\Users\Kevin J McGreal\AppData\Local\CrashDumps
2013-03-03 15:35 - 2012-05-30 11:25 - 00491520 ____A C:\Users\Kevin J McGreal\Documents\2012 McGreal Appraisal Log.xls
2013-03-03 15:21 - 2012-06-13 04:04 - 00000000 ___RD C:\Users\Kevin J McGreal\SkyDrive
2013-03-03 15:20 - 2013-01-08 14:06 - 00001868 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-03-02 05:19 - 2012-11-15 05:05 - 00000372 ____A C:\Windows\Tasks\HPCeeScheduleForKevin J McGreal.job
2013-03-01 13:51 - 2012-12-19 15:35 - 00838144 __ASH C:\Users\Kevin J McGreal\Documents\Thumbs.db
2013-02-28 16:18 - 2011-05-31 20:24 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForKJM-HPDV5$.job
2013-02-28 14:25 - 2013-02-28 14:25 - 02660832 ____A C:\Users\Kevin J McGreal\Desktop\curMismo.xml
2013-02-28 14:25 - 2013-02-28 14:25 - 02660832 ____A C:\Users\Kevin J McGreal\Desktop\13KM1021.xml
2013-02-28 14:20 - 2013-02-28 14:20 - 00093379 ____A C:\Users\Kevin J McGreal\Desktop\12KM1282.xml
2013-02-28 12:17 - 2013-02-28 11:36 - 00027618 ____A C:\Users\Kevin J McGreal\Desktop\KJMRESUME_mcgreal_feb_2013.xlsx
2013-02-28 06:24 - 2013-02-28 06:24 - 21067118 ____A C:\Users\Kevin J McGreal\Downloads\lamb (2).wmv
2013-02-28 04:33 - 2011-10-27 04:52 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-02-28 04:33 - 2011-06-02 17:06 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-02-28 04:33 - 2010-11-18 16:03 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-02-27 10:54 - 2013-02-27 10:53 - 21067118 ____A C:\Users\Kevin J McGreal\Downloads\lamb.wmv
2013-02-27 10:54 - 2013-02-27 10:53 - 21067118 ____A C:\Users\Kevin J McGreal\Downloads\lamb (1).wmv
2013-02-27 06:21 - 2011-12-25 06:57 - 06178304 __ASH C:\Users\Kevin J McGreal\Desktop\Thumbs.db
2013-02-26 22:53 - 2013-02-26 21:53 - 16473456 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-02-26 22:53 - 2012-03-30 04:46 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-26 22:53 - 2011-06-02 19:22 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-26 12:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-02-26 08:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-02-26 08:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-02-26 08:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-02-26 08:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-02-26 08:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-02-26 08:44 - 2013-02-26 08:34 - 00014107 ____A C:\Windows\IE10_main.log
2013-02-26 08:43 - 2013-02-26 08:43 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-02-26 08:41 - 2013-02-26 08:41 - 19221504 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 15407616 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 14317568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-26 08:41 - 2013-02-26 08:41 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-26 08:41 - 2013-02-26 08:41 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-26 08:41 - 2013-02-26 08:41 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-26 08:41 - 2013-02-26 08:41 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-02-26 08:41 - 2013-02-26 08:41 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-02-26 08:41 - 2013-02-26 08:41 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00526848 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-02-26 08:41 - 2013-02-26 08:41 - 00391680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-02-26 08:41 - 2013-02-26 08:41 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-02-26 08:41 - 2013-02-26 08:41 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-02-26 08:41 - 2013-02-26 08:41 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-02-26 08:41 - 2013-02-26 08:41 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-02-26 08:41 - 2013-02-26 08:41 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-02-26 08:39 - 2013-02-26 08:39 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-26 08:39 - 2013-02-26 08:39 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-02-26 08:38 - 2013-02-26 08:38 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-02-26 08:31 - 2013-02-26 08:30 - 46592416 ____A (Microsoft Corporation) C:\Users\Kevin J McGreal\Downloads\EIE10_EN-US_WOL_Win764.EXE
2013-02-26 06:47 - 2011-10-05 11:57 - 00000000 ____D C:\Users\Kevin J McGreal\Documents\Drees Homes
2013-02-25 12:24 - 2012-02-10 15:07 - 00029682 ____A C:\Users\Kevin J McGreal\Documents\uspapandy.htm
2013-02-25 12:24 - 2012-02-10 15:07 - 00000000 ____D C:\Users\Kevin J McGreal\Documents\uspapandy_files
2013-02-25 11:52 - 2011-06-02 19:16 - 00000000 ____D C:\Users\Kevin J McGreal\AppData\Roaming\Mozilla
2013-02-25 10:43 - 2011-09-21 09:15 - 00000000 ____D C:\Users\Kevin J McGreal\AppData\Local\Google
2013-02-24 19:18 - 2013-02-24 19:18 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-02-24 19:18 - 2013-02-24 19:17 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-24 19:18 - 2013-02-24 19:17 - 00000000 ____D C:\Program Files\iTunes
2013-02-24 19:18 - 2013-02-24 19:17 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-02-24 19:17 - 2013-02-24 19:17 - 00000000 ____D C:\Program Files\iPod
2013-02-24 15:43 - 2013-02-24 15:43 - 00000000 ____D C:\Users\Kevin J McGreal\AppData\Local\{A1B97DBC-C0A3-4E48-AAD0-85E0F61BEA28}
2013-02-21 12:02 - 2011-06-01 01:19 - 00000070 ____A C:\Windows\iltwain.ini
2013-02-21 11:51 - 2013-02-21 11:51 - 00005132 ____A C:\Users\Kevin J McGreal\Downloads\4081873_RESI_58ED.csv
2013-02-21 10:31 - 2011-09-20 08:11 - 00001112 ____A C:\Users\Public\Desktop\DataMasterPlus NEOHREX.lnk
2013-02-21 10:31 - 2011-09-20 08:11 - 00000000 ____D C:\Program Files (x86)\Market Data Service
2013-02-21 09:23 - 2013-02-21 09:23 - 00075931 ____A C:\Users\Kevin J McGreal\Downloads\OH035_323-01_1.tif
2013-02-21 09:23 - 2013-02-21 09:23 - 00075931 ____A C:\Users\Kevin J McGreal\Downloads\OH035_323-01_1 (1).tif
2013-02-19 15:26 - 2010-11-18 16:08 - 00000000 ____D C:\ProgramData\Adobe
2013-02-19 15:23 - 2013-02-19 15:23 - 00001710 ____A C:\Users\Kevin J McGreal\Desktop\Google Drive.lnk
2013-02-19 15:22 - 2013-02-19 15:22 - 00000000 ____D C:\Users\Kevin J McGreal\AppData\LocalGoogle
2013-02-19 15:22 - 2011-09-21 09:15 - 00000000 ____D C:\Program Files (x86)\Google
2013-02-19 09:32 - 2013-02-19 09:34 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-02-19 09:32 - 2013-02-19 09:33 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-02-19 09:32 - 2013-02-19 09:33 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-02-19 09:32 - 2013-02-19 09:33 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-02-19 09:32 - 2013-01-24 07:01 - 00861088 ____A C:\Windows\SysWOW64\npdeployJava1.dll
2013-02-19 09:32 - 2010-11-18 16:17 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-02-19 09:29 - 2013-02-19 09:29 - 00896928 ____A (Oracle Corporation) C:\Users\Kevin J McGreal\Downloads\chromeinstall-7u13.exe
2013-02-19 08:47 - 2013-02-19 08:47 - 00003747 ____A C:\Users\Kevin J McGreal\Downloads\4081873_RESI_55D3.csv
2013-02-16 22:40 - 2013-02-26 08:44 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\IEUDINIT.EXE
2013-02-14 06:25 - 2009-07-13 20:45 - 00497560 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-14 06:19 - 2011-06-01 01:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-02-14 06:11 - 2011-06-21 14:59 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-13 06:41 - 2012-09-29 12:31 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-02-12 14:29 - 2013-02-12 14:28 - 00005815 ____A C:\Users\Kevin J McGreal\Downloads\4081873_RESI_4CB1.csv
2013-02-09 19:50 - 2012-08-27 04:03 - 00000000 ____D C:\Users\Kevin J McGreal\Documents\Tent Business Docs
2013-02-09 19:45 - 2013-02-09 19:45 - 00260290 ____A C:\Users\Kevin J McGreal\Documents\illusionists 2 entrance.pptx
2013-02-09 19:42 - 2012-08-20 08:10 - 00000000 ____D C:\Users\Kevin J McGreal\Documents\Individual Software
2013-02-09 10:31 - 2013-02-09 10:31 - 02195061 ____A C:\Users\Kevin J McGreal\Downloads\tdsskiller.zip
2013-02-09 10:31 - 2013-02-09 10:31 - 00000000 ____D C:\Users\Kevin J McGreal\Downloads\tdsskiller
2013-02-07 12:59 - 2012-01-30 19:03 - 00000000 ____D C:\Users\Kevin J McGreal\Documents\H&R Block Business
2013-02-07 12:52 - 2013-02-05 13:54 - 00000000 ____D C:\Program Files (x86)\H&R Block Business 2012
2013-02-06 08:01 - 2013-02-06 08:01 - 00003351 ____A C:\Users\Kevin J McGreal\Downloads\4081873_RESI_4449.csv
2013-02-05 14:00 - 2011-05-31 20:18 - 00144976 ____A C:\Users\Kevin J McGreal\AppData\Local\GDIPFONTCACHEV1.DAT
2013-02-05 13:54 - 2013-02-05 13:54 - 00001250 ____A C:\Users\Kevin J McGreal\Desktop\H&R Block Business 2012.lnk
2013-02-05 13:46 - 2013-02-05 13:46 - 00002033 ____A C:\Users\Public\Desktop\H&R Block 2012.lnk
2013-02-05 13:46 - 2013-02-05 13:45 - 00000000 ____D C:\Program Files (x86)\HRBlock2012
2013-02-05 13:45 - 2013-02-05 13:45 - 00000000 ____D C:\Users\Kevin J McGreal\Documents\HRBlock
2013-02-05 13:45 - 2013-02-05 13:45 - 00000000 ____D C:\Program Files (x86)\PDF995
2013-02-05 13:43 - 2013-02-05 13:43 - 00000000 ____D C:\ProgramData\TaxCut
 
==================== Known DLLs (Whitelisted) =================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-02-27 09:04:03
Restore point made on: 2013-03-02 10:53:19
Restore point made on: 2013-03-05 00:00:57
Restore point made on: 2013-03-05 06:08:36
Restore point made on: 2013-03-06 08:34:09
 
==================== Memory info =========================== 
 
Percentage of memory in use: 19%
Total physical RAM: 3893.86 MB
Available physical RAM: 3135.66 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3129.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
 
==================== Partitions =============================
 
1 Drive c: () (Fixed) (Total:264.83 GB) (Free:155.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:32.96 GB) (Free:4.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (ALFRED) (Removable) (Total:1.86 GB) (Free:1.42 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          298 GB      0 B         
  Disk 1    Online         1915 MB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: 6EB6D97E
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            199 MB  1024 KB
  Partition 2    Primary            264 GB   200 MB
  Partition 3    Primary             32 GB   265 GB
  Partition 4    Primary            103 MB   297 GB
 
==================================================================================
 
Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   SYSTEM       NTFS   Partition    199 MB  Healthy            
 
=========================================================
 
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    264 GB  Healthy            
 
=========================================================
 
Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E   RECOVERY     NTFS   Partition     32 GB  Healthy            
 
=========================================================
 
Disk: 0
Partition 4
Type  : 0C
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     F   HP_TOOLS     FAT32  Partition    103 MB  Healthy            
 
=========================================================
 
Partitions of Disk 1:
===============
 
Disk ID: 00000000
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1911 MB  4032 KB
 
==================================================================================
 
Disk: 1
Partition 1
Type  : 0E
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     H   ALFRED       FAT    Removable   1911 MB  Healthy            
 
=========================================================
 
Last Boot: 2013-03-05 18:15
 
==================== End Of Log =============================
 
 
 
 

Farbar Recovery Scan Tool (x64) Version: 06-03-2013 01
Ran by SYSTEM at 2013-03-07 13:46:02
Running from H:\
 
================== Search: "services.exe" ===================
 
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
 
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
 
====== End Of Search ======

Edited by bloopie, 07 March 2013 - 03:49 PM.
Moved topic to Logs forum due to FRST log being posted. ~bloopie


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 17,477 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:11 AM

Posted 08 March 2013 - 04:54 PM

Greetings kevinmcgreal and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the StartNewTopic.gif button but use the AddReply.gif button instead.
  • In the upper right hand corner of the topic you will see the WatchTopic.gif button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.
Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 17,477 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:11 AM

Posted 08 March 2013 - 05:27 PM

Greetings,

Thank you for your patience thus far. I would like to take a deeper look into your computer. Please do this for me.

===================================================

xPUD MBR Report Using USB Device

--------------------

Start this from a clean computer. You will need a USB drive with no less than 64 mb of space.
  • Insert your USB drive. Caution: The next step will remove all information from your USB device.
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Download xPUD 0.9.2 iso, saving the file to your Desktop. (please allow a few seconds for the download window to appear)
  • Download UNetbootin and save it to your Desktop as well. (please allow a few seconds for the download window to appear)
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded.
  • Press Run
  • Select the Diskimage Option then click the Browse Button located on the right side of the textbox field.

SelectDiskImage.gif

  • Browse to and double click the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot, instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Right click this dumpit link, select "save link/target as", and save the file directly to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Use the arrow down key on your keyboard to highlight USB, the press Enter
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive). If it is not there remove the USB device for 5 seconds then reinsert.
  • Double click on the Dumpit file
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on Home tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.
===================================================

Things I would like to see in your next reply. :thumbsup2:
  • mbr.zip

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 kevinmcgreal

kevinmcgreal
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berea OH
  • Local time:09:11 AM

Posted 10 March 2013 - 06:57 PM

Gary, Thanks for your reply. Just got back from being out of town for a few days.  I will follow your instructions and post the results on Monday.  Thanks, Kevin



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 17,477 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:11 AM

Posted 10 March 2013 - 09:55 PM

Great, thanks.


Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 kevinmcgreal

kevinmcgreal
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berea OH
  • Local time:09:11 AM

Posted 11 March 2013 - 09:07 PM

Gary, I wanted to bring you up to date on the state of things on the laptop.  Prior to my post, about a month ago, I got the google redirect virus somehow. I was using AVG-free and the windows firewall at the time and tried a bunch of the highest rated free virus and malware programs on CNET.  None worked and I just started using chrome to get around it.  They would routinely find and remove other viruses since, but never the redirecting one.  After the machine crashed and went into the whole windows setup repair thing I threw a bunch more at it plus some ant-rootkit stuff.  Now, it is booting up ok and loading windows but will not run any programs and most of my added software is gone from the start menu.  The files are still there and I have copied off a bunch of my data to a USB drive.  It even downloaded or installed a windows update when I shut it down to boot it with the USB drive.  
I followed the instructions to create a bootable USB.  It is not working.  After choosing to boot from the USB it asks to select a language, then starts loading and goes to a blank screen.  I also got an error after installing UNetbootin saying the program may not have installed correctly and tried the reinstall using recommended settings.  That did not work either. Thanks,  Kevin   


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 17,477 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:11 AM

Posted 11 March 2013 - 09:50 PM



Hi Kevin,

Thanks for the update. This is what I would like you to do first.

===================================================

Unhide

--------------------

  • Please download Unhide to your desktop
  • Double click the icon
  • Once the program has completed a Windows alert will be displayed stating your files have been restored
  • Please reboot your computer
  • If the issues is not resolved please run the program a second time
  • Please copy and paste the contents of the Unhide.txt document which will be created on your desktop

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Unhide log
  • Are your programs back in the Start Menu?

Edited by Oh My, 13 March 2013 - 05:10 PM.

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 kevinmcgreal

kevinmcgreal
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berea OH
  • Local time:09:11 AM

Posted 11 March 2013 - 11:25 PM

Tries twice...didn't work.  Here is the log:

 

 

Unhide by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
 
Program started at: 03/12/2013 12:00:17 AM
Windows Version: Windows 7
 
Please be patient while your files are made visible again.
 
Processing the C:\ drive
Finished processing the C:\ drive. 403153 files processed.
 
Processing the D:\ drive
Finished processing the D:\ drive. 236 files processed.
 
The C:\Users\KEVINJ~1\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
 
Searching for Windows Registry changes made by FakeHDD rogues.
 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
 - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.
 
Program finished at: 03/12/2013 12:19:21 AM
Execution time: 0 hours(s), 19 minute(s), and 4 seconds(s)


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 17,477 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:11 AM

Posted 12 March 2013 - 08:14 AM

Hi Kevin,

Thanks for trying. If you navigate to a program by using Windows Explorer and double click the executable file does the program launch? For instance, if iTunes is not running and you navigate to this folder to launch the program, does it launch?

C:\Program Files\iTunes\iTunes.exe


Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 kevinmcgreal

kevinmcgreal
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berea OH
  • Local time:09:11 AM

Posted 12 March 2013 - 08:24 AM

Nothing will launch.  Tried several programs.  



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 17,477 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:11 AM

Posted 12 March 2013 - 08:33 AM

OK, thanks for the clarification.

Please run this for me.

===================================================

exeHelper by Raktor

--------------------
  • Please download exeHelper from Raktor to your desktop.
  • Double-click (Windows Vista/7 users right click and select Run as Administrator) on exeHelper.com then select Run
  • Once the program has finished a Notepad document will appear on your desktop
  • Copy and paste the contents in your reply
  • Try to launch iTunes
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

===================================================

Things I would like to see in your next reply. :thumbsup2:
  • Can you launch iTunes?

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 kevinmcgreal

kevinmcgreal
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berea OH
  • Local time:09:11 AM

Posted 12 March 2013 - 08:04 PM

Still no luck with Itunes
 
exeHelper by Raktor
Build 20100414
Run at 20:56:39 on 03/12/13
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Removing HKCR\secfile
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 17,477 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:11 AM

Posted 12 March 2013 - 08:25 PM

Can you launch iTunes?


Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 kevinmcgreal

kevinmcgreal
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berea OH
  • Local time:09:11 AM

Posted 12 March 2013 - 08:28 PM

No, iTunes won't launch.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 17,477 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:11 AM

Posted 12 March 2013 - 08:35 PM

Please do this and then see if you can launch programs.

===================================================

Clean Boot
--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • In the System Configuration Utility dialog box, click Selective Startup on the General tab
  • Click to clear the Load Startup Items check box
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart
===================================================

Things I would like to see in your next reply.  :thumbsup2:
  • Can you launch programs?

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users