Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer can't open programs (Win 7 Antispyware 2012?)


  • This topic is locked This topic is locked
23 replies to this topic

#1 redstarfishy

redstarfishy

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 19 October 2011 - 05:40 PM

Hello,

I have Compaq laptop with windows 7 home edition.
I was reading something two nights ago when my computer suddenly restarted itself. When it reloaded, I was unable to open up any programs. I tried firefox, photoshop, adware, word, excel, and various other programs that have never given me problems before. None of them opened. I can't extract/unzip anything. The only thing I could open was task manager and folders. I asked for help from a friend and they directed me to this site and to specifically the “Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue”. I followed the instructions and was able to do everything up to step 3, which includes the file that is suppose to fix the registry and allow me to open programs again. However, even after installing it, I still can’t open anything. I’ve tried all the name files for Rkill and none of them worked. I even tried changing the name myself to see if it would help, but it doesn’t. I can see it appear on task manager and linger for maybe 10 seconds? But it always disappears. I tried running Malwarebytes, but again, it doesn’t stay long on the task manager. I also tried a registry cleaner, but that didn’t work either. I’ve even looked around on the registry for the files listed at the end of the instructions, but only one found one, which I removed (I know, I shouldn’t fool with the registry so that was the only thing I did).
I have tried to get together the DDS and GMER files that are requested, but again, I can’t run anything so neither of these worked for me. I thought I read somewhere that said, if you can't open any of the virus scanner programs, you're basically screwed, but I would see if someone can help me before I need to see if I can find my windows disk. Thank you!!

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,633 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:08 AM

Posted 24 October 2011 - 05:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/424205 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 redstarfishy

redstarfishy
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 24 October 2011 - 06:49 PM

I am still having the same problem as before. My compaq lap top won't run any programs. I can't run DDS or GMER to get the logs. I have tried the various different names for the programs here on the forum and have tried to change the name myself, but neither action will let the computer run it. They appear on the task manager for 15, maybe 30 seconds, but always disappears. I'm able to open up folders and the control panel in general (but not all the options under the control panel, some things don't open). I have windows 7, home edition, 64 bit. I don't think I have any windows CDs, but I will double check to be sure. Thank you in advance for any help you can give me, and please tell me if you need any more information.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:08 PM

Posted 25 October 2011 - 12:34 AM

Hello redstarfishy,

Apologies for the delay.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#5 redstarfishy

redstarfishy
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 25 October 2011 - 04:11 PM

Thank you for the reply! Here's the log:

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.7
Ran by SYSTEM at 2011-10-25 16:56:32
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-09-25] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6489704 2011-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [172032 2010-03-24] (Sun Microsystems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-04-14] (Apple Inc.)
HKU\Jess\...\Run: [googletalk] C:\Users\Jess\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
HKU\Jess\...\Run: [AdobeBridge] [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ======

2 DTNetService; C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe [394560 2010-07-29] (DT Soft Ltd)
3 GameConsoleService; "C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe" [246520 2010-07-28] (WildTangent, Inc.)
2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2151640 2011-08-31] (Lavasoft Limited)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
2 RtVOsdService; "C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe" [315392 2010-06-24] (Realtek Semiconductor Corp.)
2 Akamai; c:\program files (x86)\common files\akamai\netsession_win_b31de1e.dll [x]

========================== Drivers (Whitelisted) =============

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101029.001\BHDrvx64.sys [954928 2010-08-31] (Symantec Corporation)
1 ccHP; C:\Windows\System32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)
1 dtcdrom; \??\C:\Windows\SysWOW64\drivers\dtcdrom.sys [234048 2010-09-05] (Disc-Soft)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-09-05] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2010-09-05] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101103.001\IDSvia64.sys [476720 2010-10-19] (Symantec Corporation)
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-08-28] ()
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-08-18] (Lavasoft AB)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-09-05] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101104.035\ENG64.SYS [x]
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101104.035\EX64.SYS [x]
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-10-25 16:56 - 2011-10-25 16:56 - 0000000 ____D C:\FRST
2011-10-19 13:25 - 2011-10-24 15:31 - 0136246 ____A C:\Windows\ntbtlog.txt
2011-10-18 19:22 - 2011-10-18 19:22 - 0000000 ____D C:\Users\All Users\Recovery
2011-10-18 19:22 - 2011-10-18 19:22 - 0000000 ____D C:\ProgramData\Recovery
2011-10-18 17:24 - 2009-07-13 17:14 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2011-10-18 14:49 - 2011-10-18 14:49 - 0085200 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2011-10-18 14:28 - 2011-10-18 14:43 - 0000000 ____D C:\Users\Guest\AppData\Local\CrashDumps
2011-10-18 14:26 - 2011-10-18 17:01 - 0000000 ____D C:\users\Guest
2011-10-18 14:26 - 2011-10-18 14:27 - 0000000 ____D C:\Users\Guest\AppData\LocalLow
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\Templates
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\Start Menu
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\PrintHood
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\NetHood
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\My Documents
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\Documents\My Videos
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\Documents\My Pictures
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\Documents\My Music
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\AppData\Local\Temporary Internet Files
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\AppData\Local\History
2011-10-18 14:26 - 2010-10-23 19:36 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2011-10-18 14:26 - 2010-04-27 01:12 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Media Center Programs
2011-10-17 18:31 - 2011-10-18 16:58 - 0000000 ____D C:\Windows\Minidump
2011-10-17 18:15 - 2011-08-19 21:45 - 1197568 ____N (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-10-17 18:15 - 2011-08-19 21:44 - 1501184 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-10-17 18:15 - 2011-08-19 21:40 - 2458624 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-10-17 18:15 - 2011-08-19 20:38 - 1230336 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-10-17 18:15 - 2011-08-19 20:38 - 0981504 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-10-17 18:15 - 2011-08-19 20:35 - 2072576 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-10-17 18:14 - 2011-08-26 21:40 - 0861184 ____N (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2011-10-17 18:14 - 2011-08-26 20:43 - 0571904 ____N (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2011-10-17 18:14 - 2011-03-10 22:18 - 2566144 ____N (Microsoft Corporation) C:\Windows\System32\esent.dll
2011-10-12 17:09 - 2011-10-12 17:09 - 0002489 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2011-09-26 15:17 - 2010-09-13 22:45 - 0367104 ____A (Microsoft Corporation) C:\Windows\System32\wcncsvc.dll
2011-09-26 15:17 - 2010-09-13 22:07 - 0276992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2011-09-26 14:27 - 2011-07-08 21:14 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-09-26 14:27 - 2011-07-08 20:30 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-09-26 14:27 - 2011-04-22 12:18 - 0027008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2011-09-26 14:27 - 2011-04-08 22:58 - 0142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2011-09-26 14:27 - 2011-04-08 21:56 - 0123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2011-09-26 14:27 - 2011-03-02 22:17 - 0356352 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2011-09-26 14:27 - 2011-03-02 22:17 - 0182272 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2011-09-26 14:27 - 2011-03-02 22:14 - 0030208 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2011-09-26 14:27 - 2011-03-02 21:29 - 0269824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2011-09-26 14:27 - 2011-03-02 21:27 - 0028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2011-09-26 14:27 - 2010-12-22 22:07 - 1118720 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2011-09-26 14:27 - 2010-12-22 22:07 - 0961024 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2011-09-26 14:27 - 2010-12-22 22:07 - 0723968 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-09-26 14:27 - 2010-12-22 22:02 - 0259072 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2011-09-26 14:27 - 2010-12-22 21:28 - 0850432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2011-09-26 14:27 - 2010-12-22 21:28 - 0642048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2011-09-26 14:27 - 2010-12-22 21:28 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2011-09-26 14:27 - 2010-12-22 21:24 - 0199680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2011-09-26 14:26 - 2011-06-15 21:31 - 0199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2011-09-26 14:26 - 2011-06-15 20:35 - 0180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2011-09-26 14:26 - 2011-06-15 01:58 - 0212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2011-09-26 14:26 - 2011-06-15 01:58 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2011-09-26 14:26 - 2011-06-15 01:58 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2011-09-26 14:26 - 2011-06-15 01:58 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2011-09-26 14:26 - 2011-06-15 01:04 - 0319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2011-09-26 14:26 - 2011-06-15 01:04 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2011-09-26 14:26 - 2011-06-15 01:04 - 0122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2011-09-26 14:26 - 2011-06-15 01:04 - 0086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2011-09-26 14:26 - 2011-06-15 01:04 - 0081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2011-09-26 14:26 - 2011-04-26 18:57 - 0102400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2011-09-26 14:26 - 2011-02-25 22:23 - 2870272 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2011-09-26 14:26 - 2011-02-25 21:33 - 2614784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2011-09-26 14:26 - 2011-01-16 22:17 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2011-09-26 14:26 - 2011-01-16 21:38 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2011-09-26 14:26 - 2010-12-17 22:11 - 0714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2011-09-26 14:26 - 2010-12-17 21:29 - 0541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2011-09-26 14:26 - 2010-10-26 21:16 - 1739176 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2011-09-26 14:26 - 2010-10-26 20:40 - 1293120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2011-09-26 14:25 - 2011-07-08 18:44 - 0287744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-09-26 14:25 - 2011-05-03 21:30 - 2326016 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2011-09-26 14:25 - 2011-05-03 21:28 - 2228224 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2011-09-26 14:25 - 2011-05-03 21:28 - 0779264 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2011-09-26 14:25 - 2011-05-03 21:28 - 0491520 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2011-09-26 14:25 - 2011-05-03 21:28 - 0288256 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2011-09-26 14:25 - 2011-05-03 21:28 - 0075264 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2011-09-26 14:25 - 2011-05-03 21:24 - 0593408 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2011-09-26 14:25 - 2011-05-03 21:24 - 0249856 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2011-09-26 14:25 - 2011-05-03 21:24 - 0113664 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2011-09-26 14:25 - 2011-05-03 20:53 - 1553920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2011-09-26 14:25 - 2011-05-03 20:52 - 1401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2011-09-26 14:25 - 2011-05-03 20:52 - 0666624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2011-09-26 14:25 - 2011-05-03 20:52 - 0428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2011-09-26 14:25 - 2011-05-03 20:52 - 0337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2011-09-26 14:25 - 2011-05-03 20:52 - 0197120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2011-09-26 14:25 - 2011-05-03 20:52 - 0164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2011-09-26 14:25 - 2011-05-03 20:52 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2011-09-26 14:25 - 2011-05-03 20:52 - 0059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2011-09-26 14:25 - 2011-05-03 18:51 - 0157696 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2011-09-26 14:25 - 2011-05-03 18:51 - 0126464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2011-09-26 14:25 - 2011-04-28 19:13 - 0461312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2011-09-26 14:25 - 2011-04-28 19:12 - 0399872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2011-09-26 14:25 - 2011-04-28 19:12 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2011-09-26 14:25 - 2011-04-24 18:44 - 0499712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-09-26 14:25 - 2011-03-10 22:19 - 1395712 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2011-09-26 14:25 - 2011-03-10 22:19 - 1359872 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2011-09-26 14:25 - 2011-03-10 21:40 - 1164288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2011-09-26 14:25 - 2011-03-10 21:40 - 1137664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2011-09-26 14:25 - 2011-02-23 22:30 - 0476160 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2011-09-26 14:25 - 2011-02-23 21:32 - 0288256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2011-09-26 14:25 - 2011-02-22 21:15 - 0090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2011-09-26 14:25 - 2011-02-18 22:36 - 0046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2011-09-26 14:25 - 2011-02-18 21:32 - 0034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2011-09-26 14:25 - 2011-02-18 20:13 - 0367104 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2011-09-26 14:25 - 2011-02-18 19:37 - 0294912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2011-09-26 14:25 - 2011-02-17 22:37 - 0612352 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2011-09-26 14:25 - 2011-02-17 22:36 - 0852480 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-09-26 14:25 - 2011-02-17 21:36 - 0428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2011-09-26 14:25 - 2011-02-17 21:35 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-09-26 14:25 - 2010-12-20 22:16 - 0442880 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2011-09-26 14:25 - 2010-12-20 22:16 - 0258048 ____A (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2011-09-26 14:25 - 2010-12-20 22:16 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2011-09-26 14:25 - 2010-12-20 22:16 - 0062976 ____A (Microsoft Corporation) C:\Windows\System32\wscapi.dll
2011-09-26 14:25 - 2010-12-20 22:15 - 0264192 ____A (Microsoft Corporation) C:\Windows\System32\upnp.dll
2011-09-26 14:25 - 2010-12-20 22:15 - 0015360 ____A (Microsoft Corporation) C:\Windows\System32\slwga.dll
2011-09-26 14:25 - 2010-12-20 22:13 - 2003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2011-09-26 14:25 - 2010-12-20 22:13 - 1880576 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2011-09-26 14:25 - 2010-12-20 22:10 - 0100864 ____A (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2011-09-26 14:25 - 2010-12-20 21:38 - 0350720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2011-09-26 14:25 - 2010-12-20 21:38 - 0204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2011-09-26 14:25 - 2010-12-20 21:38 - 0204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll
2011-09-26 14:25 - 2010-12-20 21:38 - 0051200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2011-09-26 14:25 - 2010-12-20 21:38 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2011-09-26 14:25 - 2010-12-20 21:36 - 1389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2011-09-26 14:25 - 2010-12-20 21:36 - 1236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2011-09-26 14:25 - 2010-12-20 21:34 - 0080384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2011-09-26 14:24 - 2011-07-21 23:34 - 9322496 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-09-26 14:24 - 2011-07-21 22:38 - 5989376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-09-26 14:24 - 2011-06-20 22:19 - 12371456 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-09-26 14:23 - 2011-07-21 21:35 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-09-26 14:23 - 2011-07-21 20:56 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-09-26 14:23 - 2011-06-22 21:29 - 5507968 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-09-26 14:23 - 2011-06-22 20:38 - 3957120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-09-26 14:23 - 2011-06-22 20:38 - 3902336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2011-09-26 14:23 - 2011-06-20 22:27 - 1896832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-09-26 14:23 - 2011-06-20 22:20 - 1499648 ____A (Microsoft Corporation) C:\Windows\System32\urlmon(1332).dll
2011-09-26 14:23 - 2011-06-20 22:20 - 1197056 ____A (Microsoft Corporation) C:\Windows\System32\wininet(1346).dll
2011-09-26 14:23 - 2011-06-20 22:20 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-09-26 14:23 - 2011-06-20 22:20 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-09-26 14:23 - 2011-06-20 22:20 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-09-26 14:23 - 2011-06-20 22:20 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-09-26 14:23 - 2011-06-20 22:20 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-09-26 14:23 - 2011-06-20 22:20 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-09-26 14:23 - 2011-06-20 22:19 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil(1319).dll
2011-09-26 14:23 - 2011-06-20 22:19 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-09-26 14:23 - 2011-06-20 22:19 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-09-26 14:23 - 2011-06-20 22:19 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-09-26 14:23 - 2011-06-20 22:19 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-09-26 14:23 - 2011-06-20 22:17 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-09-26 14:23 - 2011-06-20 21:36 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon(1351).dll
2011-09-26 14:23 - 2011-06-20 21:36 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet(1355).dll
2011-09-26 14:23 - 2011-06-20 21:36 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-09-26 14:23 - 2011-06-20 21:35 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-09-26 14:23 - 2011-06-20 21:35 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-09-26 14:23 - 2011-06-20 21:35 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-09-26 14:23 - 2011-06-20 21:35 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-09-26 14:23 - 2011-06-20 21:35 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-09-26 14:23 - 2011-06-20 21:34 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil(1347).dll
2011-09-26 14:23 - 2011-06-20 21:34 - 10989568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-09-26 14:23 - 2011-06-20 21:34 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-09-26 14:23 - 2011-06-20 21:34 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-09-26 14:23 - 2011-06-20 21:34 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-09-26 14:23 - 2011-06-20 21:34 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-09-26 14:23 - 2011-06-20 21:32 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-09-26 14:23 - 2011-06-20 21:05 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-09-26 14:23 - 2011-06-20 20:26 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-09-26 14:23 - 2011-03-12 04:03 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2011-09-26 14:23 - 2011-03-12 03:31 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2011-09-26 14:22 - 2011-07-15 21:26 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2011-09-26 14:22 - 2011-07-15 21:26 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2011-09-26 14:22 - 2011-07-15 21:26 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-09-26 14:22 - 2011-07-15 21:26 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2011-09-26 14:22 - 2011-07-15 21:24 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2011-09-26 14:22 - 2011-07-15 21:21 - 1162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2011-09-26 14:22 - 2011-07-15 21:21 - 0422400 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2011-09-26 14:22 - 2011-07-15 21:17 - 0338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2011-09-26 14:22 - 2011-07-15 21:04 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:36 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2011-09-26 14:22 - 2011-07-15 20:31 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2011-09-26 14:22 - 2011-07-15 20:30 - 1048576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2011-09-26 14:22 - 2011-07-15 20:30 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2011-09-26 14:22 - 2011-07-15 20:30 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 18:26 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2011-09-26 14:22 - 2011-07-15 18:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2011-09-26 14:22 - 2011-07-15 18:21 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 18:21 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 18:21 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-09-26 14:22 - 2011-07-15 18:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-09-26 14:22 - 2011-05-24 03:21 - 0404992 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2011-09-26 14:22 - 2011-05-24 02:34 - 0145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2011-09-26 14:22 - 2011-05-24 02:34 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2011-09-26 14:22 - 2011-05-24 02:34 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2011-09-26 14:22 - 2011-05-24 02:32 - 0252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2011-09-26 14:22 - 2011-02-11 22:14 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2011-09-26 14:22 - 2011-02-05 04:41 - 0640896 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2011-09-26 14:22 - 2011-02-05 04:41 - 0556928 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2011-09-26 14:22 - 2011-02-05 04:41 - 0020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
2011-09-26 14:22 - 2011-02-05 04:41 - 0019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
2011-09-26 14:22 - 2011-02-05 04:41 - 0017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
2011-09-26 14:22 - 2011-02-05 04:39 - 0603976 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2011-09-26 14:22 - 2011-02-05 04:39 - 0518160 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2011-09-26 14:22 - 2011-01-25 22:53 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2011-09-26 14:22 - 2011-01-25 22:53 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2011-09-26 14:22 - 2011-01-25 22:31 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2011-09-26 14:22 - 2010-12-17 22:13 - 0861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32(1325).dll
2011-09-26 14:22 - 2010-12-17 22:12 - 3138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2011-09-26 14:22 - 2010-12-17 22:08 - 1097216 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2011-09-26 14:22 - 2010-12-17 21:31 - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32(1350).dll
2011-09-26 14:22 - 2010-12-17 21:30 - 2690560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2011-09-26 14:22 - 2010-12-17 21:26 - 1034240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2011-09-26 14:19 - 2011-06-10 18:56 - 3134464 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-09-26 14:19 - 2011-05-02 21:21 - 0976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2011-09-26 14:19 - 2011-05-02 20:50 - 0740864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2011-09-25 10:02 - 2011-09-25 10:08 - 6506626 ____A C:\Users\Jess\Desktop\MTS_astiees_1200107_Astiees_DEFAULT_Werewolf_DarkBrown_Skin.zip

============ 3 Months Modified Files and Folders =============

2011-10-25 16:56 - 2011-10-25 16:56 - 0000000 ____D C:\FRST
2011-10-24 15:47 - 2010-04-27 00:22 - 1681875 ____A C:\Windows\WindowsUpdate.log
2011-10-24 15:47 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-10-24 15:47 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-10-24 15:42 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-10-24 15:41 - 2010-11-06 09:56 - 0065916 ____A C:\aaw7boot.log
2011-10-24 15:41 - 2010-04-27 00:14 - 1556291584 __ASH C:\hiberfil.sys
2011-10-24 15:41 - 2009-07-13 20:51 - 0066158 ____A C:\Windows\setupact.log
2011-10-24 15:31 - 2011-10-19 13:25 - 0136246 ____A C:\Windows\ntbtlog.txt
2011-10-18 19:22 - 2011-10-18 19:22 - 0000000 ____D C:\Users\All Users\Recovery
2011-10-18 19:22 - 2011-10-18 19:22 - 0000000 ____D C:\ProgramData\Recovery
2011-10-18 17:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2011-10-18 17:31 - 2009-07-13 21:13 - 0732510 ____A C:\Windows\System32\PerfStringBackup.INI
2011-10-18 17:26 - 2010-09-05 08:11 - 0000000 ____D C:\users\Jess
2011-10-18 17:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-10-18 17:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2011-10-18 17:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2011-10-18 17:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2011-10-18 17:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-TW
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-HK
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-CN
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\uk-UA
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\tr-TR
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\th-TH
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sv-SE
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sl-SI
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sk-SK
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ro-RO
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ras
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-PT
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-BR
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pl-PL
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nl-NL
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nb-NO
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lv-LV
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lt-LT
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ko-KR
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ja-JP
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\it-IT
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hu-HU
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hr-HR
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\he-IL
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fr-FR
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fi-FI
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\et-EE
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\el-GR
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\de-DE
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\bg-BG
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ar-SA
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-TW
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-HK
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-CN
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\uk-UA
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\tr-TR
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\th-TH
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sv-SE
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sr-Latn-CS
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sl-SI
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sk-SK
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ro-RO
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ras
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-PT
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-BR
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pl-PL
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nl-NL
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nb-NO
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lv-LV
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lt-LT
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ko-KR
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\it-IT
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ias
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hu-HU
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hr-HR
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\he-IL
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fr-FR
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fi-FI
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\et-EE
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\el-GR
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\bg-BG
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ar-SA
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\L2Schemas
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2011-10-18 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Services
2011-10-18 17:23 - 2011-08-14 15:30 - 0000000 ____D C:\Users\Jess\Desktop\Sims Information
2011-10-18 17:23 - 2010-09-10 15:29 - 0000000 ____D C:\Users\Jess\Desktop\Everything
2011-10-18 17:23 - 2010-09-10 10:35 - 0000000 ____D C:\Users\Jess\AppData\Roaming\IrfanView
2011-10-18 17:23 - 2010-09-05 15:34 - 0000000 ____D C:\Program Files (x86)\Trillian
2011-10-18 17:23 - 2010-04-27 00:42 - 0000000 ____D C:\Users\All Users\Norton
2011-10-18 17:23 - 2010-04-27 00:42 - 0000000 ____D C:\ProgramData\Norton
2011-10-18 17:23 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2011-10-18 17:23 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2011-10-18 17:23 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2011-10-18 17:22 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2011-10-18 17:17 - 2011-05-21 09:25 - 0000000 ____D C:\Users\Jess\Desktop\Manga
2011-10-18 17:15 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2011-10-18 17:01 - 2011-10-18 14:26 - 0000000 ____D C:\users\Guest
2011-10-18 16:58 - 2011-10-17 18:31 - 0000000 ____D C:\Windows\Minidump
2011-10-18 16:58 - 2010-09-10 15:29 - 0000000 ____D C:\Users\Jess\Documents\Everything
2011-10-18 14:49 - 2011-10-18 14:49 - 0085200 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2011-10-18 14:43 - 2011-10-18 14:28 - 0000000 ____D C:\Users\Guest\AppData\Local\CrashDumps
2011-10-18 14:27 - 2011-10-18 14:26 - 0000000 ____D C:\Users\Guest\AppData\LocalLow
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\Templates
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\Start Menu
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\PrintHood
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\NetHood
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\My Documents
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\Documents\My Videos
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\Documents\My Pictures
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\Documents\My Music
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\AppData\Local\Temporary Internet Files
2011-10-18 14:26 - 2011-10-18 14:26 - 0000000 __SHD C:\Users\Guest\AppData\Local\History
2011-10-17 18:39 - 2011-07-20 17:30 - 0000000 ____D C:\Users\Jess\AppData\Local\ElevatedDiagnostics
2011-10-17 16:22 - 2010-09-05 08:18 - 0000464 ____A C:\Users\All Users\HPWALog.txt
2011-10-17 16:22 - 2010-09-05 08:18 - 0000464 ____A C:\ProgramData\HPWALog.txt
2011-10-12 17:11 - 2010-04-27 00:42 - 0000000 ____D C:\Windows\System32\Drivers\NISx64
2011-10-12 17:09 - 2011-10-12 17:09 - 0002489 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2011-10-12 17:09 - 2010-09-05 15:06 - 0025162 ____A C:\Windows\PFRO.log
2011-10-09 15:45 - 2011-09-03 17:27 - 0000328 ____A C:\Windows\Tasks\HPCeeScheduleForJess.job
2011-10-08 16:45 - 2010-09-18 17:20 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2011-10-04 17:56 - 2010-12-04 21:49 - 0007605 ____A C:\Users\Jess\AppData\Local\resmon.resmoncfg
2011-10-04 17:54 - 2009-07-13 19:20 - 0000000 ____D C:\PerfLogs
2011-10-02 16:52 - 2010-09-05 08:24 - 0000000 ____D C:\Users\Jess\AppData\Roaming\Adobe
2011-10-02 16:50 - 2010-12-04 16:38 - 0000132 ____A C:\Users\Jess\AppData\Roaming\Adobe PNG Format CS5 Prefs
2011-10-02 09:00 - 2011-04-28 14:48 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2011-10-02 09:00 - 2011-04-28 14:48 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2011-09-29 15:59 - 2010-09-05 08:35 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-09-28 23:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-09-26 16:11 - 2009-07-13 20:45 - 4907400 ____A C:\Windows\System32\FNTCACHE.DAT
2011-09-25 10:08 - 2011-09-25 10:02 - 6506626 ____A C:\Users\Jess\Desktop\MTS_astiees_1200107_Astiees_DEFAULT_Werewolf_DarkBrown_Skin.zip
2011-09-18 14:48 - 2010-09-23 17:48 - 0000000 ____D C:\Users\Jess\AppData\Local\CrashDumps
2011-09-11 12:59 - 2011-09-11 12:59 - 0000000 ____D C:\Users\Jess\AppData\Roaming\Template
2011-09-11 12:59 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2011-09-11 12:58 - 2011-09-11 12:58 - 0000000 ____A C:\Users\Jess\AppData\Roaming\wklnhst.dat
2011-09-06 10:24 - 2010-10-31 13:52 - 47946184 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-09-05 17:16 - 2011-09-05 06:54 - 0222288 ____A C:\Users\Jess\AppData\Local\census.cache
2011-09-05 17:16 - 2011-09-05 06:53 - 0127231 ____A C:\Users\Jess\AppData\Local\ars.cache
2011-09-05 13:24 - 2011-09-05 13:22 - 0427985 ____A C:\Users\Jess\Desktop\Lucky Shack Cards and Drink.rar
2011-08-28 08:31 - 2011-08-29 00:01 - 0016432 ____A C:\Windows\System32\lsdelete.exe
2011-08-28 08:26 - 2011-08-28 08:26 - 0001060 ____A C:\Users\Public\Desktop\Ad-Aware.lnk
2011-08-28 08:26 - 2011-08-28 08:26 - 0000000 ____D C:\Program Files (x86)\Lavasoft
2011-08-28 08:26 - 2010-11-05 14:31 - 0000000 ____D C:\Users\All Users\Lavasoft
2011-08-28 08:26 - 2010-11-05 14:31 - 0000000 ____D C:\ProgramData\Lavasoft
2011-08-28 08:19 - 2011-08-28 08:19 - 0002206 ____A C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
2011-08-28 08:14 - 2010-09-05 18:25 - 0000000 ____D C:\Program Files (x86)\Electronic Arts
2011-08-28 08:14 - 2010-03-24 09:50 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-08-26 21:40 - 2011-10-17 18:14 - 0861184 ____N (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2011-08-26 20:43 - 2011-10-17 18:14 - 0571904 ____N (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2011-08-26 17:14 - 2011-08-26 17:14 - 0000355 ____A C:\Users\Jess\Homegroup - Shortcut.lnk
2011-08-19 21:45 - 2011-10-17 18:15 - 1197568 ____N (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-08-19 21:44 - 2011-10-17 18:15 - 1501184 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-08-19 21:40 - 2011-10-17 18:15 - 2458624 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-08-19 20:38 - 2011-10-17 18:15 - 1230336 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-08-19 20:38 - 2011-10-17 18:15 - 0981504 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-08-19 20:35 - 2011-10-17 18:15 - 2072576 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-08-18 11:25 - 2011-08-28 08:26 - 0069376 ____A (Lavasoft AB) C:\Windows\System32\Drivers\Lbd.sys
2011-08-15 15:47 - 2010-09-05 08:16 - 0085200 ____A C:\Users\Jess\AppData\Local\GDIPFONTCACHEV1.DAT

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 29%
Total physical RAM: 1978.93 MB
Available physical RAM: 1390.09 MB
Total Pagefile: 1978.93 MB
Available Pagefile: 1376.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:218.65 GB) (Free:82.57 GB) NTFS
2 Drive e: (RECOVERY) (Fixed) (Total:13.94 GB) (Free:2.31 GB) NTFS
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (NANO PRO) (Removable) (Total:7.46 GB) (Free:4.93 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS

==========================================================

Last Boot: 2011-10-13 09:09

======================= End Of Log ==========================

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:08 PM

Posted 25 October 2011 - 04:41 PM

Well done.

Not much on the log.

  • Download MBRFix. Save and extract its contents to the desktop. Once extracted, there will be three files in the folder. Copy just the MBRFix64 application to the USB drive.

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    cmd: g:\MbrFix64 /drive 0 savembr g:\MBRDUMP.txt
    cmd: type c:\tdss*.txt
    end
    

    Now please enter System Recovery Options.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    The tool will make a log on the flashdrive (Fixlog.txt) please post its contents in your reply. It will also produce another file, MBRDUMP.txt, on the flash drive that although it may look a text file, it is a hex file. You must attach this report on your reply instead of posting its contents.
  • Also run FRST.

    Type the following in the edit box after "Search:".

    svchost.exe

    It should look like: Search: svchost.exe

    Click Search button and post the log it makes to your reply.


#7 redstarfishy

redstarfishy
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 25 October 2011 - 07:10 PM

Below are the two logs. There wasn't a mbrdump.txt file that I could find. I can rerun everything and see if it works the second time?

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.2.7)
Ran by SYSTEM at 2011-10-25 19:55:28 R:1
Running from H:\

==============================================


========= g:\MbrFix64 /drive 0 savembr g:\MBRDUMP.txt =========

The device is not ready.

========= End of CMD: =========


========= type c:\tdss*.txt =========

The system cannot find the file specified.

========= End of CMD: =========


==== End of Fixlog ====




Farbars Recovery Scan Tool 2.0.3
Ran by SYSTEM at 2011-10-25 19:56:11
Running from H:\

================== Search: svchost.exe ===================

C:\Windows\svchost.exe
[2011-10-18 17:24] - [2009-07-13 17:14] - 0020480 ____A (Microsoft Corporation) 2CEFF13ACE25A40BD8D97654944297CD

C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009-07-13 15:19] - [2009-07-13 17:14] - 0020992 ____A (Microsoft Corporation) 54A47F6B5E09A77E61649109C6A08866

C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009-07-13 15:31] - [2009-07-13 17:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\SysWOW64\svchost.exe
[2009-07-13 15:19] - [2009-07-13 17:14] - 0020992 ____A (Microsoft Corporation) 54A47F6B5E09A77E61649109C6A08866

C:\Windows\System32\svchost.exe
[2009-07-13 15:31] - [2009-07-13 17:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

====== End Of Search ======

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:08 PM

Posted 26 October 2011 - 05:56 AM

Well done. I changed the drive letter, this time you get the file we need.

  • Download MBRFix. Save and extract its contents to the desktop. Once extracted, there will be three files in the folder. Copy just the MBRFix64 application to the USB drive.

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    cmd: h:\MbrFix64 /drive 0 savembr g:\MBRDUMP.txt
    end
    

    Now please enter System Recovery Options.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    The tool will make a log on the flashdrive (Fixlog.txt) please post its contents in your reply. It will also produce another file, MBRDUMP.txt, on the flash drive that although it may look a text file, it is a hex file. You must attach this report on your reply instead of posting its contents.
  • Also run FRST.

    Type the following in the edit box after "Search:".

    winrshost.exe

    It should look like: Search: winrshost.exe

    Click Search button and post the log it makes to your reply.


#9 redstarfishy

redstarfishy
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 26 October 2011 - 09:42 AM

Thank you for the reply. I first followed your instructions completely through but didn't get the mbrdump file again, so I looked at the fixlist file and realized you change only one g drive to h drive and had left the g:\MBRDUMP.txt as is. So I changed it to h:\MBRDUMP.txt, reran it, and below are my logs. I just wanted to mention the letter change in case something funny happens.



Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.2.7)
Ran by SYSTEM at 2011-10-26 10:26:49 R:3
Running from H:\

==============================================


========= h:\MbrFix64 /drive 0 savembr h:\MBRDUMP.txt =========


========= End of CMD: =========


==== End of Fixlog ====





Farbars Recovery Scan Tool 2.0.3
Ran by SYSTEM at 2011-10-26 10:32:04
Running from H:\

================== Search: winrshost.exe ===================

C:\Windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_6.1.7600.16385_none_160ccc8a92fae520\winrshost.exe
[2009-07-13 15:31] - [2009-07-13 17:14] - 0020480 ____A (Microsoft Corporation) 2CEFF13ACE25A40BD8D97654944297CD

C:\Windows\winsxs\amd64_microsoft-windows-winrsplugins_31bf3856ad364e35_6.1.7600.16385_none_722b680e4b585656\winrshost.exe
[2009-07-13 15:47] - [2009-07-13 17:39] - 0024064 ____A (Microsoft Corporation) CB67B936FA0D5DA04F732940BD59B89A

C:\Windows\SysWOW64\winrshost.exe
[2009-07-13 15:31] - [2009-07-13 17:14] - 0020480 ____A (Microsoft Corporation) 2CEFF13ACE25A40BD8D97654944297CD

C:\Windows\System32\winrshost.exe
[2009-07-13 15:47] - [2009-07-13 17:39] - 0024064 ____A (Microsoft Corporation) CB67B936FA0D5DA04F732940BD59B89A

====== End Of Search ======

Attached Files



#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:08 PM

Posted 26 October 2011 - 10:10 AM

Well done and thanks for correcting the path. :thumbup2:

The MBR is infected.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
cmd: bootrec /FixMbr
Control: 
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

#11 redstarfishy

redstarfishy
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 26 October 2011 - 10:55 AM

You said the MBR is infected, can I delete it then so it doesn't infect my flash drive/this computer I'm using? Or is it just corrupted, so it's not going to cause problems, you just can't read it?

New fix log:

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.2.7)
Ran by SYSTEM at 2011-10-26 11:51:39 R:4
Running from H:\

==============================================


========= bootrec /FixMbr =========

˙ţT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


=========== Control: ===========

The operation completed successfully.

==== End of Control: ====

==== End of Fixlog ====

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:08 PM

Posted 26 October 2011 - 11:04 AM

The file is harmless and is only a copy of the infected MBR. You may delete it.

Please go to Windows directory delete the following file in normal mode:

C:\Windows\svchost.exe

Note that svchost.exe in other directories is a vital system file. This file is a renamed winrshost.exe file and it should not be there.

Then reboot the computer to normal mode.

Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Click Run Scan button.
  • Two reports will open:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Copy and paste OTL.txt and attach Extra.txt to your reply.


#13 redstarfishy

redstarfishy
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 26 October 2011 - 11:39 AM

Thank you for your quick replies!

OTL logfile created on: 10/26/2011 12:22:38 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = H:\
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 52.79% Memory free
3.87 Gb Paging File | 2.87 Gb Available in Paging File | 74.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.65 Gb Total Space | 82.63 Gb Free Space | 37.79% Space Free | Partition Type: NTFS
Drive D: | 13.94 Gb Total Space | 2.31 Gb Free Space | 16.54% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.25 Mb Free Space | 96.04% Space Free | Partition Type: FAT32
Drive H: | 7.46 Gb Total Space | 4.93 Gb Free Space | 66.11% Space Free | Partition Type: FAT32

Computer Name: JESS-PC | User Name: Jess | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/26 12:20:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2011/08/31 20:06:42 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/08/31 20:06:41 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/08/04 00:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
PRC - [2011/02/04 16:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/07/29 07:19:46 | 000,394,560 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/01/18 18:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/22 16:57:58 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_b31de1e.dll -- (Akamai)
SRV - [2011/08/31 20:06:41 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/04 00:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2011/02/04 16:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/07/29 07:19:46 | 000,394,560 | ---- | M] (DT Soft Ltd) [Auto | Running] -- C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe -- (DTNetService)
SRV - [2010/07/28 17:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/21 22:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2011/08/21 22:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/18 15:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/08/04 00:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/25 20:26:19 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/25 20:24:02 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/09/05 12:19:10 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/19 21:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/29 20:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/08/28 12:31:30 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2010/10/19 16:36:20 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101103.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/09/05 22:18:09 | 000,234,048 | ---- | M] (Disc-Soft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\dtcdrom.sys -- (dtcdrom)
DRV - [2010/09/05 12:38:01 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/09/05 12:38:01 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/08/31 18:57:03 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101029.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/09/22 21:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1691756032-1334767202-3423505498-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKU\S-1-5-21-1691756032-1334767202-3423505498-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKU\S-1-5-21-1691756032-1334767202-3423505498-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-1691756032-1334767202-3423505498-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1691756032-1334767202-3423505498-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/24 15:41:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2011/07/24 15:51:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2011/10/26 12:20:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/01/16 12:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/29 19:59:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/07 21:47:26 | 000,000,000 | ---D | M]

[2010/09/05 12:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jess\AppData\Roaming\Mozilla\Extensions
[2011/09/27 20:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\o4g2zrj9.default\extensions
[2011/09/27 20:21:01 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\o4g2zrj9.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/05/07 08:32:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/13 20:30:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/16 17:39:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/15 20:16:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/24 15:51:57 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN
[2011/09/29 19:59:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/07 21:47:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/01/16 10:24:53 | 000,002,252 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com
O1 - Hosts: 127.0.0.1 hh-software.com
O1 - Hosts: 127.0.0.1 www.hh-software.com
O1 - Hosts: 127.0.0.1 activate.adobe.de
O1 - Hosts: 23 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1691756032-1334767202-3423505498-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1691756032-1334767202-3423505498-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1691756032-1334767202-3423505498-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1691756032-1334767202-3423505498-1001..\Run: [googletalk] C:\Users\Jess\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DF10BDE-F50F-48B3-AA88-0761DF0E846A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{dbb725a7-1100-11e0-9431-c80aa9a201c5}\Shell - "" = AutoRun
O33 - MountPoints2\{dbb725a7-1100-11e0-9431-c80aa9a201c5}\Shell\AutoRun\command - "" = H:\KODAK_Software_Downloader.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/26 12:22:21 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Tific
[2011/10/26 12:22:08 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Local\Symantec
[2011/10/25 20:56:23 | 000,000,000 | ---D | C] -- C:\FRST
[2011/10/18 23:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2011/10/17 22:31:28 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/10/17 22:14:58 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/10/17 22:14:36 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/09/26 18:35:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/26 18:27:22 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/09/26 18:27:22 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/09/26 18:27:19 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/09/26 18:27:19 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/09/26 18:27:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/09/26 18:27:15 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/09/26 18:27:14 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/09/26 18:27:13 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/09/26 18:27:13 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/09/26 18:27:13 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/09/26 18:27:13 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/09/26 18:27:13 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/09/26 18:27:13 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/09/26 18:27:12 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/09/26 18:26:18 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/09/26 18:26:17 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/09/26 18:26:15 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/09/26 18:26:15 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/09/26 18:26:14 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/09/26 18:26:14 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/09/26 18:26:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/09/26 18:26:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/09/26 18:26:14 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/09/26 18:26:14 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/09/26 18:26:14 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/09/26 18:26:09 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/09/26 18:26:06 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/09/26 18:26:02 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/09/26 18:25:57 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/09/26 18:25:57 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/09/26 18:25:56 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/09/26 18:25:56 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/09/26 18:25:55 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/09/26 18:25:55 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/09/26 18:25:55 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/09/26 18:25:54 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/09/26 18:25:54 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/09/26 18:25:54 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/09/26 18:25:54 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/09/26 18:25:54 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/09/26 18:25:54 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/09/26 18:25:44 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011/09/26 18:25:43 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011/09/26 18:25:41 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011/09/26 18:25:40 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011/09/26 18:25:40 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011/09/26 18:25:40 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011/09/26 18:25:40 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011/09/26 18:25:33 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/09/26 18:25:33 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/09/26 18:25:33 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/09/26 18:25:27 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/09/26 18:25:27 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/09/26 18:25:26 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/09/26 18:25:26 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/09/26 18:25:19 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/09/26 18:25:19 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/09/26 18:25:19 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/09/26 18:25:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/09/26 18:25:15 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/09/26 18:25:15 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/09/26 18:23:59 | 002,458,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil(1319).dll
[2011/09/26 18:23:57 | 002,072,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil(1347).dll
[2011/09/26 18:23:56 | 001,499,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon(1332).dll
[2011/09/26 18:23:56 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon(1351).dll
[2011/09/26 18:23:55 | 001,197,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet(1346).dll
[2011/09/26 18:23:55 | 000,981,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet(1355).dll
[2011/09/26 18:23:55 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/09/26 18:23:54 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/09/26 18:23:54 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/09/26 18:23:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/09/26 18:23:54 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/09/26 18:23:53 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/09/26 18:23:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/09/26 18:23:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/09/26 18:23:53 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/09/26 18:23:53 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/09/26 18:23:53 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/09/26 18:23:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/09/26 18:23:53 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/09/26 18:23:53 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/09/26 18:23:52 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/09/26 18:23:18 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/09/26 18:23:17 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/09/26 18:23:17 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/09/26 18:23:01 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/09/26 18:23:01 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/09/26 18:22:56 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/09/26 18:22:56 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/09/26 18:22:56 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/09/26 18:22:55 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/09/26 18:22:55 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/09/26 18:22:55 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/09/26 18:22:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/09/26 18:22:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/09/26 18:22:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/09/26 18:22:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/09/26 18:22:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/09/26 18:22:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/09/26 18:22:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/09/26 18:22:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/09/26 18:22:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/09/26 18:22:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/09/26 18:22:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/09/26 18:22:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/09/26 18:22:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/09/26 18:22:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/09/26 18:22:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/09/26 18:22:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/09/26 18:22:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/09/26 18:22:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/09/26 18:22:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/09/26 18:22:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/09/26 18:22:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/09/26 18:22:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/09/26 18:22:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/09/26 18:22:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/09/26 18:22:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/09/26 18:22:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/09/26 18:22:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/09/26 18:22:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/09/26 18:22:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/09/26 18:22:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/09/26 18:22:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/09/26 18:22:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/09/26 18:22:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/09/26 18:22:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/09/26 18:22:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/09/26 18:22:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/09/26 18:22:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/09/26 18:22:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/09/26 18:22:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/09/26 18:22:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/09/26 18:22:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/09/26 18:22:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/09/26 18:22:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/09/26 18:22:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/09/26 18:22:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/09/26 18:22:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/09/26 18:22:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/09/26 18:22:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/09/26 18:22:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/09/26 18:22:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/09/26 18:22:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/09/26 18:22:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/09/26 18:22:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/09/26 18:22:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/09/26 18:22:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/09/26 18:22:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/09/26 18:22:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/09/26 18:22:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/09/26 18:22:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/09/26 18:22:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/09/26 18:22:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/09/26 18:22:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/09/26 18:22:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/09/26 18:22:31 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/09/26 18:22:30 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/09/26 18:22:30 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/09/26 18:22:30 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/09/26 18:22:25 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/09/26 18:22:25 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/09/26 18:22:25 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/09/26 18:22:24 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/09/26 18:22:24 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/09/26 18:22:24 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/09/26 18:22:24 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/09/26 18:22:21 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/09/26 18:22:20 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/09/26 18:22:19 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/09/26 18:22:14 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/09/26 18:22:14 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/09/26 18:22:09 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32(1325).dll
[2011/09/26 18:22:09 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaut32(1350).dll
[2010/10/23 22:37:35 | 001,228,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Photoshop_12_LS1.exe

========== Files - Modified Within 30 Days ==========

[2011/10/26 12:29:56 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/26 12:29:56 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/26 12:18:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/26 12:18:25 | 1556,291,584 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/26 12:14:41 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/10/26 12:14:41 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/10/18 21:31:43 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/18 21:31:43 | 000,628,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/18 21:31:43 | 000,108,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/18 20:30:53 | 002,546,484 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\Cat.DB
[2011/10/14 06:20:38 | 001,413,934 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\Cat(1271).DB
[2011/10/12 21:09:55 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/10/09 19:45:18 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJess.job
[2011/10/04 21:56:04 | 000,007,605 | ---- | M] () -- C:\Users\Jess\AppData\Local\resmon.resmoncfg
[2011/10/02 20:50:24 | 000,000,132 | ---- | M] () -- C:\Users\Jess\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/09/29 19:59:32 | 000,002,056 | ---- | M] () -- C:\Users\Jess\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/26 20:11:01 | 004,907,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/10/12 21:09:55 | 000,002,489 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/09/11 16:58:59 | 000,000,000 | ---- | C] () -- C:\Users\Jess\AppData\Roaming\wklnhst.dat
[2011/09/05 10:54:26 | 000,222,288 | ---- | C] () -- C:\Users\Jess\AppData\Local\census.cache
[2011/09/05 10:53:35 | 000,127,231 | ---- | C] () -- C:\Users\Jess\AppData\Local\ars.cache
[2011/05/21 14:50:22 | 000,000,132 | ---- | C] () -- C:\Users\Jess\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/04/28 18:48:30 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/28 18:48:30 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010/12/29 20:05:10 | 000,000,407 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/12/11 20:47:58 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2010/12/05 01:49:17 | 000,007,605 | ---- | C] () -- C:\Users\Jess\AppData\Local\resmon.resmoncfg
[2010/12/04 20:38:26 | 000,000,132 | ---- | C] () -- C:\Users\Jess\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/10/27 08:04:46 | 000,000,036 | ---- | C] () -- C:\Users\Jess\AppData\Local\housecall.guid.cache
[2010/10/23 22:37:35 | 1026,293,791 | ---- | C] () -- C:\Program Files (x86)\Photoshop_12_LS1.7z
[2010/10/13 20:46:04 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2010/04/27 04:23:24 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/04/27 04:19:09 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/04/27 04:19:09 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/03/05 15:57:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/03/05 15:57:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/03/05 15:57:08 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/03/05 15:57:02 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/03/05 15:56:58 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

Attached Files



#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:08 PM

Posted 26 October 2011 - 01:10 PM

Please download Malwarebytes' Anti-Malware from one of these locations:
malwarebytes.org
majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#15 redstarfishy

redstarfishy
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 26 October 2011 - 01:58 PM

The scan took about four minutes and came back saying there wasn't anything malicious on the lap top. I think I would like to run a full scan, just to be sure, but are there any other recommandations on what I should do now (before I start the full scan)?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users