Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer will not Start - BSOD


  • This topic is locked This topic is locked
16 replies to this topic

#1 klassic

klassic

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 19 January 2012 - 11:15 PM

I have a laptop that had viruses and trojans on it. I was trying to clean it, but now it will not start and gets BSOD.

STOP: c0000135 The program can't start because %hs is missing from your computer. Try reinstalling the program to fix this problem.

It had the Windows 7 Anti Virus 2012 on it which I know is a virus in itself. I have run several scans in normal and safemode using Malwarebytes Anti-Malware, Spybot Search & Destroy, SuperAntiSpyware, Ad-Aware, Windows Defender. These have all removed hundreds of infections. I tried to restore to a previous point, but it hangs on intializing the system restore. What do I do? I can remove the hard drive from the laptop and connect it to my desktop if necessary.

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:56 PM

Posted 19 January 2012 - 11:22 PM

:welcome:

Lets give it a try. You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:56 PM

Posted 19 January 2012 - 11:28 PM

EDIT:ignore it :)

Edited by narenxp, 19 January 2012 - 11:30 PM.


#4 klassic

klassic
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 19 January 2012 - 11:32 PM

Scan result of Farbar Recovery Tool (FRST written by farbar) Version: 17-01-2012 00
Ran by SYSTEM at 2012-01-19 22:30:41
Running from H:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet004

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [166424 2009-11-09] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [390168 2009-11-09] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [408600 2009-11-09] (Intel Corporation)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [318464 2009-05-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-10-20] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-08-25] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-12-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-12-01] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKU\Audrey\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)
HKU\Audrey\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-10-16] (Hewlett-Packard Company)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)
HKLM\...\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonce [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Lsa: [Notification Packages] scecli
DPPWDFLT
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [322624 2009-12-01] (DigitalPersona, Inc.)
2 DvmMDES; "C:\SPLASH.SYS\config\DVMExportService.exe" [323584 2009-07-08] (DeviceVM, Inc.)
2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [85560 2011-06-21] (Hewlett-Packard Company)
2 hpsrv; C:\Windows\System32\Hpservice.exe [30520 2011-05-13] (Hewlett-Packard Company)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
2 N360; "C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.7\SymcPCCULaunchSvc.exe /s [123320 2011-11-14] (Symantec Corporation)
2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.7\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.7\diMaster.dll" /prefetch:1 [132984 2009-08-29] (Symantec Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe [240640 2009-10-20] (IDT, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-09-30] (Intel Corporation)
2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1926448 2010-01-07] (Validity Sensors, Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe" [x]
2 YahooAUService; "C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe" [x]

========================== Drivers (Whitelisted) =============

3 Accelerometer; C:\Windows\System32\DRIVERS\Accelerometer.sys [43320 2011-05-13] (Hewlett-Packard Company)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [1157240 2011-12-23] (Symantec Corporation)
1 DVMIO; \??\C:\SPLASH.SYS\config\dvmio.sys [21624 2009-09-27] (DeviceVM, Inc.)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-01-09] (Symantec Corporation)
3 enecir; C:\Windows\System32\DRIVERS\enecir.sys [70656 2009-06-29] (ENE TECHNOLOGY INC.)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-01-09] (Symantec Corporation)
0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [30008 2011-05-13] (Hewlett-Packard Company)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120113.025\ENG64.SYS [117880 2012-01-09] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120113.025\EX64.SYS [2048632 2012-01-09] (Symantec Corporation)
3 NWADI; C:\Windows\System32\DRIVERS\NWADIenum.sys [256512 2010-07-08] (Novatel Wireless Inc)
3 NWUSBCDFIL64; C:\Windows\System32\DRIVERS\NwUsbCdFil64.sys [25600 2010-07-08] (Novatel Wireless Inc.)
3 NWUSBModem_000; C:\Windows\System32\DRIVERS\nwusbmdm_000.sys [217728 2010-07-08] (Novatel Wireless Inc.)
3 NWUSBPort2_000; C:\Windows\System32\DRIVERS\nwusbser2_000.sys [217728 2010-07-08] (Novatel Wireless Inc.)
3 NWUSBPort_000; C:\Windows\System32\DRIVERS\nwusbser_000.sys [217728 2010-07-08] (Novatel Wireless Inc.)
3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [200736 2009-11-12] (Realtek Semiconductor Corp.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SRTSP; C:\Windows\System32\drivers\N360x64\0501000.01D\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\N360x64\0501000.01D\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0501000.01D\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-01-05] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\N360x64\0501000.01D\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\drivers\N360x64\0501000.01D\SYMNETS.SYS [386168 2011-07-08] (Symantec Corporation)
4 eabfiltr; [x]
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120111.003\IDSvia64.sys [x]
1 ihuputhm; \??\C:\Windows\system32\drivers\ihuputhm.sys [x]
3 RTSTOR; C:\Windows\System32\drivers\RTSTOR.SYS [x]
2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-15 04:44 - 2012-01-15 04:44 - 0000000 ___HD C:\$AVG
2012-01-14 20:04 - 2012-01-14 20:04 - 0005632 __ASH C:\Windows\Thumbs.db
2012-01-14 12:31 - 2012-01-14 12:31 - 0371097 ____A C:\Users\Audrey\Desktop\Base Filtering Engine.reg
2012-01-14 12:24 - 2012-01-14 12:24 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-01-14 12:17 - 2012-01-14 12:17 - 0121045 ____A C:\Users\Audrey\Desktop\BFE64.txt
2012-01-13 15:54 - 2012-01-19 19:59 - 0959310 ____A C:\Windows\ntbtlog.txt
2012-01-11 05:30 - 2011-11-19 06:58 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-01-11 05:30 - 2011-11-19 06:01 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-01-11 05:30 - 2011-11-16 22:41 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-01-11 05:30 - 2011-11-16 21:38 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-01-11 05:30 - 2011-10-25 21:25 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-01-11 05:30 - 2011-10-25 21:25 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-01-11 05:30 - 2011-10-25 20:32 - 1328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-01-11 05:30 - 2011-10-25 20:32 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-01-09 23:17 - 2012-01-09 23:17 - 0002179 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2012-01-09 23:15 - 2012-01-09 23:15 - 0000000 ____D C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2012-01-09 23:04 - 2012-01-09 23:04 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-01-09 22:53 - 2012-01-14 12:41 - 0000504 ____A C:\Windows\setupact.log
2012-01-09 22:43 - 2012-01-09 22:43 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-01-09 22:43 - 2012-01-09 22:43 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-01-09 22:43 - 2012-01-09 22:43 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-01-09 22:43 - 2012-01-09 22:43 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-01-09 22:43 - 2012-01-09 22:43 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-01-09 22:43 - 2012-01-09 22:43 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-01-09 22:43 - 2012-01-09 22:43 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-01-09 22:43 - 2012-01-09 22:43 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-01-09 22:43 - 2012-01-09 22:43 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-01-09 22:43 - 2012-01-09 22:43 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-01-09 22:43 - 2012-01-09 22:43 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-01-09 22:43 - 2012-01-09 22:43 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-01-09 22:43 - 2012-01-09 22:43 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-01-09 22:21 - 2012-01-09 22:44 - 0003948 ____A C:\Windows\IE9_main.log
2012-01-09 22:09 - 2012-01-09 22:09 - 0000000 ____D C:\Windows\System32\SPReview
2012-01-09 22:09 - 2012-01-09 22:09 - 0000000 ____D C:\Windows\System32\EventProviders
2012-01-09 22:00 - 2011-08-29 21:25 - 14173184 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-09 22:00 - 2011-08-29 20:21 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-09 18:28 - 2011-11-10 03:54 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-01-09 18:28 - 2011-11-10 03:54 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-01-09 18:28 - 2011-11-10 03:54 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-01-09 18:27 - 2012-01-09 18:28 - 0004790 ____A C:\Windows\SysWOW64\jupdate-1.6.0_30-b12.log
2012-01-09 18:21 - 2012-01-09 21:49 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-01-09 18:05 - 2012-01-09 18:05 - 0000000 ____D C:\Users\Audrey\AppData\Roaming\SUPERAntiSpyware.com
2012-01-09 18:05 - 2012-01-09 18:05 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-01-09 18:05 - 2012-01-09 18:05 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-01-09 17:53 - 2012-01-09 17:53 - 0000000 ____A C:\Windows\setuperr.log
2012-01-09 17:49 - 2012-01-13 17:33 - 0046396 ____A C:\Windows\PFRO.log
2012-01-09 17:43 - 2012-01-09 17:43 - 0000000 ____D C:\Users\Audrey\AppData\Roaming\Malwarebytes
2012-01-09 17:41 - 2012-01-09 17:41 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-09 17:41 - 2012-01-09 17:41 - 0000000 ____D C:\Program Files\CCleaner
2012-01-09 17:41 - 2012-01-09 17:41 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-09 17:41 - 2011-12-10 13:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-01-05 18:32 - 2012-01-05 18:32 - 0174200 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-01-05 18:32 - 2012-01-05 18:32 - 0007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-01-05 18:32 - 2012-01-05 18:32 - 0002636 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-01-05 18:32 - 2012-01-05 18:32 - 0000855 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
2012-01-05 18:32 - 2012-01-05 18:32 - 0000000 ____D C:\Users\Audrey\AppData\Local\Symantec
2012-01-05 18:32 - 2012-01-05 18:32 - 0000000 ____D C:\Program Files\Symantec
2012-01-05 18:32 - 2012-01-05 18:32 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-01-05 18:32 - 2011-07-06 10:44 - 0034288 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-01-05 18:31 - 2012-01-05 18:31 - 0000000 ____D C:\Windows\System32\Drivers\N360x64
2012-01-05 18:31 - 2012-01-05 18:31 - 0000000 ____D C:\Program Files (x86)\Norton 360 Premier Edition
2012-01-05 18:31 - 2010-08-20 19:59 - 0125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-01-05 18:31 - 2010-08-20 19:59 - 0106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-01-05 18:29 - 2012-01-05 18:29 - 0000000 ____D C:\ProgramData\PCSettings
2012-01-05 15:45 - 2012-01-05 18:31 - 0001270 ____A C:\Users\Audrey\Desktop\Norton Installation Files.lnk
2012-01-05 15:45 - 2012-01-05 15:45 - 0000000 ____D C:\Users\Public\Downloads\Norton
2012-01-01 18:21 - 2012-01-09 17:47 - 0009078 __ASH C:\Users\Audrey\AppData\Local\co1lh55qkp32280fl5r67q0u658b3y520866f4h1v1sce
2012-01-01 18:21 - 2012-01-09 17:47 - 0009078 __ASH C:\ProgramData\co1lh55qkp32280fl5r67q0u658b3y520866f4h1v1sce
2011-12-29 14:24 - 2011-12-29 14:24 - 0000118 ____A C:\Windows\System32\MRT.INI


============ 3 Months Modified Files and Folders =============

2012-01-19 22:30 - 2012-01-19 22:30 - 0000000 ____D C:\FRST
2012-01-19 20:10 - 2010-06-18 15:31 - 3063025664 __ASH C:\hiberfil.sys
2012-01-19 19:59 - 2012-01-13 15:54 - 0959310 ____A C:\Windows\ntbtlog.txt
2012-01-15 04:44 - 2012-01-15 04:44 - 0000000 ___HD C:\$AVG
2012-01-14 20:04 - 2012-01-14 20:04 - 0005632 __ASH C:\Windows\Thumbs.db
2012-01-14 20:04 - 2011-09-04 08:20 - 0000000 ____D C:\6fa15729940504f1a594075544484cce
2012-01-14 12:48 - 2010-07-31 17:07 - 0000282 ____A C:\ProgramData\HPWALog.txt
2012-01-14 12:48 - 2009-12-21 12:01 - 0000177 ____H C:\dvmexp.idx
2012-01-14 12:48 - 2009-12-21 11:21 - 1985779 ____A C:\Windows\WindowsUpdate.log
2012-01-14 12:48 - 2009-07-13 20:45 - 0024448 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-01-14 12:48 - 2009-07-13 20:45 - 0024448 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-01-14 12:46 - 2009-07-13 21:13 - 0726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-14 12:41 - 2012-01-09 22:53 - 0000504 ____A C:\Windows\setupact.log
2012-01-14 12:41 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-01-14 12:31 - 2012-01-14 12:31 - 0371097 ____A C:\Users\Audrey\Desktop\Base Filtering Engine.reg
2012-01-14 12:24 - 2012-01-14 12:24 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-01-14 12:17 - 2012-01-14 12:17 - 0121045 ____A C:\Users\Audrey\Desktop\BFE64.txt
2012-01-14 06:37 - 2009-12-21 11:50 - 0000000 ___HD C:\SPLASH.000
2012-01-13 17:47 - 2010-06-18 15:17 - 0000000 ____D C:\ProgramData\Recovery
2012-01-13 17:33 - 2012-01-09 17:49 - 0046396 ____A C:\Windows\PFRO.log
2012-01-13 17:33 - 2010-12-18 17:44 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2012-01-13 17:33 - 2009-12-07 11:13 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-01-13 16:10 - 2010-07-31 16:58 - 0000000 ____D C:\Users\Audrey\AppData\LocalLow
2012-01-13 16:09 - 2010-12-18 19:14 - 0000000 ____D C:\Users\Audrey\AppData\Local\GoCasino
2012-01-13 16:09 - 2010-12-18 16:59 - 0000000 ____D C:\Program Files (x86)\Full Tilt Poker
2012-01-13 16:08 - 2010-08-01 15:10 - 0000000 ____D C:\Program Files (x86)\LimeWire
2012-01-13 16:07 - 2010-12-18 17:23 - 0000000 ____D C:\Program Files (x86)\PokerStars
2012-01-13 16:07 - 2010-08-18 19:04 - 0000000 ____D C:\Program Files (x86)\PokerStars.NET
2012-01-13 16:05 - 2010-12-18 17:44 - 0000000 ____D C:\ProgramData\Yahoo!
2012-01-13 05:08 - 2010-12-18 17:44 - 0000000 ____D C:\Program Files (x86)\Shop to Win 2
2012-01-12 18:27 - 2010-12-18 19:35 - 0000000 ____D C:\Users\Audrey\AppData\Local\CrashDumps
2012-01-12 01:02 - 2011-01-29 12:46 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-01-12 01:01 - 2009-12-07 11:50 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-01-11 20:12 - 2011-01-08 20:07 - 0000000 ____D C:\Program Files (x86)\PlaySushi
2012-01-11 20:12 - 2010-10-10 17:05 - 0000000 ____D C:\Users\Audrey\Work
2012-01-10 01:18 - 2009-07-13 20:45 - 0426592 ____A C:\Windows\System32\FNTCACHE.DAT
2012-01-10 00:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-01-09 23:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-01-09 23:17 - 2012-01-09 23:17 - 0002179 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2012-01-09 23:17 - 2009-12-07 11:11 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-01-09 23:15 - 2012-01-09 23:15 - 0000000 ____D C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2012-01-09 23:10 - 2009-09-06 16:40 - 0000000 ____D C:\SwSetup
2012-01-09 23:04 - 2012-01-09 23:04 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-01-09 23:02 - 2010-07-31 17:07 - 0000174 ___SH C:\Users\Audrey\Start Menu\Programs\Startup\desktop.ini
2012-01-09 23:02 - 2010-07-31 17:07 - 0000174 ___SH C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-01-09 23:02 - 2010-07-31 17:07 - 0000000 ___RD C:\Users\Audrey\Virtual Machines
2012-01-09 22:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-01-09 22:54 - 2009-09-06 17:57 - 0000000 ____D C:\Windows\Panther
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\zh-TW
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\zh-CN
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\tr-TR
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\th-TH
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\sv-SE
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\ru-RU
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\ro-RO
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\pt-PT
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\pt-BR
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\pl-PL
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\nl-NL
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\nb-NO
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\ko-KR
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\ja-JP
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\it-IT
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\hu-HU
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\he-IL
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\fr-FR
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\fi-FI
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\es-ES
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\el-GR
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\de-DE
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\da-DK
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\cs-CZ
2012-01-09 22:50 - 2009-12-21 11:29 - 0000000 ____D C:\Windows\System32\Drivers\ar-SA
2012-01-09 22:50 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-01-09 22:50 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2012-01-09 22:50 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-01-09 22:50 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-01-09 22:50 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-01-09 22:50 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-01-09 22:50 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-01-09 22:50 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-TW
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-CN
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\tr-TR
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\th-TH
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sv-SE
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ro-RO
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-PT
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-BR
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pl-PL
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nl-NL
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nb-NO
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ko-KR
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ja-JP
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\it-IT
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hu-HU
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\he-IL
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fr-FR
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fi-FI
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\el-GR
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\de-DE
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ar-SA
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-TW
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-CN
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\tr-TR
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\th-TH
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sv-SE
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ro-RO
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-PT
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-BR
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pl-PL
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nl-NL
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nb-NO
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ko-KR
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\it-IT
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hu-HU
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\he-IL
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fr-FR
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fi-FI
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\el-GR
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ar-SA
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-01-09 22:50 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-01-09 22:44 - 2012-01-09 22:21 - 0003948 ____A C:\Windows\IE9_main.log
2012-01-09 22:43 - 2012-01-09 22:43 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-01-09 22:43 - 2012-01-09 22:43 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-01-09 22:43 - 2012-01-09 22:43 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-01-09 22:43 - 2012-01-09 22:43 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-01-09 22:43 - 2012-01-09 22:43 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-01-09 22:43 - 2012-01-09 22:43 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-01-09 22:43 - 2012-01-09 22:43 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-01-09 22:43 - 2012-01-09 22:43 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-01-09 22:43 - 2012-01-09 22:43 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-01-09 22:43 - 2012-01-09 22:43 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-01-09 22:43 - 2012-01-09 22:43 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-01-09 22:43 - 2012-01-09 22:43 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-01-09 22:43 - 2012-01-09 22:43 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-01-09 22:43 - 2012-01-09 22:43 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-01-09 22:43 - 2012-01-09 22:43 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-01-09 22:19 - 2009-12-07 11:50 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-01-09 22:18 - 2009-07-13 18:36 - 0175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-01-09 22:18 - 2009-07-13 18:36 - 0152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-01-09 22:09 - 2012-01-09 22:09 - 0000000 ____D C:\Windows\System32\SPReview
2012-01-09 22:09 - 2012-01-09 22:09 - 0000000 ____D C:\Windows\System32\EventProviders
2012-01-09 22:04 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-01-09 21:53 - 2010-12-18 17:44 - 0000000 ____D C:\Program Files (x86)\Free Offers from Freeze.com
2012-01-09 21:49 - 2012-01-09 18:21 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-01-09 18:28 - 2012-01-09 18:27 - 0004790 ____A C:\Windows\SysWOW64\jupdate-1.6.0_30-b12.log
2012-01-09 18:28 - 2009-12-07 13:31 - 0000000 ____D C:\Program Files (x86)\Java
2012-01-09 18:05 - 2012-01-09 18:05 - 0000000 ____D C:\Users\Audrey\AppData\Roaming\SUPERAntiSpyware.com
2012-01-09 18:05 - 2012-01-09 18:05 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-01-09 18:05 - 2012-01-09 18:05 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-01-09 17:53 - 2012-01-09 17:53 - 0000000 ____A C:\Windows\setuperr.log
2012-01-09 17:47 - 2012-01-01 18:21 - 0009078 __ASH C:\Users\Audrey\AppData\Local\co1lh55qkp32280fl5r67q0u658b3y520866f4h1v1sce
2012-01-09 17:47 - 2012-01-01 18:21 - 0009078 __ASH C:\ProgramData\co1lh55qkp32280fl5r67q0u658b3y520866f4h1v1sce
2012-01-09 17:43 - 2012-01-09 17:43 - 0000000 ____D C:\Users\Audrey\AppData\Roaming\Malwarebytes
2012-01-09 17:42 - 2011-04-01 19:58 - 0000000 ____D C:\Windows\Minidump
2012-01-09 17:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\ModemLogs
2012-01-09 17:41 - 2012-01-09 17:41 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-09 17:41 - 2012-01-09 17:41 - 0000000 ____D C:\Program Files\CCleaner
2012-01-09 17:41 - 2012-01-09 17:41 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-05 18:32 - 2012-01-05 18:32 - 0174200 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-01-05 18:32 - 2012-01-05 18:32 - 0007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-01-05 18:32 - 2012-01-05 18:32 - 0002636 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-01-05 18:32 - 2012-01-05 18:32 - 0000855 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
2012-01-05 18:32 - 2012-01-05 18:32 - 0000000 ____D C:\Users\Audrey\AppData\Local\Symantec
2012-01-05 18:32 - 2012-01-05 18:32 - 0000000 ____D C:\Program Files\Symantec
2012-01-05 18:32 - 2012-01-05 18:32 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-01-05 18:32 - 2009-12-21 11:52 - 0000000 ____D C:\ProgramData\Norton
2012-01-05 18:31 - 2012-01-05 18:31 - 0000000 ____D C:\Windows\System32\Drivers\N360x64
2012-01-05 18:31 - 2012-01-05 18:31 - 0000000 ____D C:\Program Files (x86)\Norton 360 Premier Edition
2012-01-05 18:31 - 2012-01-05 15:45 - 0001270 ____A C:\Users\Audrey\Desktop\Norton Installation Files.lnk
2012-01-05 18:29 - 2012-01-05 18:29 - 0000000 ____D C:\ProgramData\PCSettings
2012-01-05 18:29 - 2009-12-21 11:51 - 0000000 ____D C:\ProgramData\NortonInstaller
2012-01-05 15:45 - 2012-01-05 15:45 - 0000000 ____D C:\Users\Public\Downloads\Norton
2012-01-04 18:04 - 2009-07-13 21:08 - 0032618 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-04 17:59 - 2011-02-07 18:36 - 0000000 ____D C:\Users\Audrey\Angus
2012-01-04 17:31 - 2010-12-20 16:24 - 0000000 ____D C:\Users\Audrey\AppData\Roaming\Tific
2011-12-30 09:34 - 2010-10-24 17:39 - 0011711 ____A C:\Users\Audrey\Documents\Budget.xlsx
2011-12-29 14:42 - 2011-09-24 18:19 - 0000336 ____A C:\Windows\Tasks\HPCeeScheduleForAudrey.job
2011-12-29 14:26 - 2010-09-05 19:34 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2011-12-29 14:24 - 2011-12-29 14:24 - 0000118 ____A C:\Windows\System32\MRT.INI
2011-12-18 18:53 - 2009-09-06 17:03 - 0000000 ____D C:\users\Administrator
2011-12-18 18:53 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2011-12-12 02:05 - 2010-12-18 17:24 - 0000000 ____D C:\Users\Audrey\AppData\Local\PokerStars
2011-12-11 23:29 - 2010-12-18 19:15 - 0000000 ____D C:\Users\Audrey\AppData\Local\VTShared
2011-12-11 20:39 - 2011-12-06 15:43 - 0011080 __ASH C:\Users\Audrey\AppData\Local\173516x1g286j182n624q0xwd5b2
2011-12-11 20:39 - 2011-12-06 15:43 - 0011080 __ASH C:\ProgramData\173516x1g286j182n624q0xwd5b2
2011-12-11 20:35 - 2010-07-31 17:07 - 0000000 ____D C:\Users\Audrey\AppData\Local\VirtualStore
2011-12-10 13:24 - 2012-01-09 17:41 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-06 15:43 - 2011-12-06 15:43 - 0000000 ____D C:\Windows\system64
2011-12-06 15:43 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2011-12-06 15:12 - 2011-12-06 15:09 - 0000000 ____D C:\Program Files (x86)\Swag_Bucks
2011-12-06 15:10 - 2011-12-06 15:10 - 0000000 ____D C:\Users\Audrey\AppData\Local\Conduit
2011-12-06 15:10 - 2011-12-06 15:10 - 0000000 ____D C:\Program Files (x86)\Conduit
2011-11-23 20:52 - 2011-12-18 18:59 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-19 06:58 - 2012-01-11 05:30 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2011-11-19 06:01 - 2012-01-11 05:30 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2011-11-16 22:41 - 2012-01-11 05:30 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2011-11-16 21:38 - 2012-01-11 05:30 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2011-11-10 03:54 - 2012-01-09 18:28 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2011-11-10 03:54 - 2012-01-09 18:28 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2011-11-10 03:54 - 2012-01-09 18:28 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2011-11-10 03:54 - 2010-08-04 15:33 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2011-11-04 21:32 - 2011-12-18 18:59 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-11-04 20:26 - 2011-12-18 18:59 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-10-25 21:25 - 2012-01-11 05:30 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2011-10-25 21:25 - 2012-01-11 05:30 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2011-10-25 21:21 - 2011-12-18 19:02 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-10-25 20:32 - 2012-01-11 05:30 - 1328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2011-10-25 20:32 - 2012-01-11 05:30 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2011-10-22 11:00 - 2009-12-07 13:20 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3894.84 MB
Available physical RAM: 3172.35 MB
Total Pagefile: 3892.99 MB
Available Pagefile: 3161.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:280.37 GB) (Free:235.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:17.43 GB) (Free:2.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (SANDISK) (Removable) (Total:1.91 GB) (Free:1.82 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: () (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1959 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 280 GB 200 MB
Partition 3 Primary 17 GB 280 GB
Partition 4 Primary 103 MB 297 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partition 199 MB Healthy

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 280 GB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 17 GB Healthy

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1959 MB 31 KB

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H SANDISK FAT32 Removable 1959 MB Healthy

==========================================================

Last Boot: 2012-01-10 00:07

======================= End Of Log ==========================

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:56 PM

Posted 19 January 2012 - 11:40 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:56 PM

Posted 19 January 2012 - 11:47 PM

Download the enclosed file.[attachment=117376:fixlist.txt]

Save it in the USB flash drive. Insert the USB drive into the ailing computer and run FRST as you did before, Except that this time around, click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Attempt to boot in Normal Mode. If successful, run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If any of these applications will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. http://www.appremover.com/supported-applications. Do not use AppRemover on Norton

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Edited by JSntgRvr, 19 January 2012 - 11:48 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 klassic

klassic
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 20 January 2012 - 12:04 AM

It asks if I want to update combo fix. If I say no it says it will run in reduced functionality mode. Do I update?

edit: sorry just read the last line. oops

Edited by klassic, 20 January 2012 - 12:07 AM.


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:56 PM

Posted 20 January 2012 - 12:13 AM

It asks if I want to update combo fix. If I say no it says it will run in reduced functionality mode. Do I update?

edit: sorry just read the last line. oops

Yes.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 klassic

klassic
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 20 January 2012 - 12:35 AM

Is it normal to be stuck at Completed Stage 4 for over 20 minutes?

#10 klassic

klassic
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 20 January 2012 - 07:24 AM

8 hours later still at Completed Stage 4

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:56 PM

Posted 20 January 2012 - 03:59 PM

Is there an antivirus or firewall working?

Lets try other scans:

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Lets try ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner.
  • Select the option YES, I accept the Terms of Use then click on Start.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 klassic

klassic
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 20 January 2012 - 07:37 PM

Anti-virus is still off. I just got home from work and it is still running. It was at Stage 48 when I started this post and now it is at Stage 50. I will let it finish the scan.

#13 klassic

klassic
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 20 January 2012 - 08:09 PM

ComboFix 12-01-19.02 - Audrey 01/19/2012 23:11:30.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3895.2319 [GMT -6:00]
Running from: c:\users\Audrey\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Freeze.com\NetAssistant\NeTAssistant.dll
c:\program files (x86)\Shop to Win 2\ShOPpingbho.dll
c:\users\Public\videos\HP MediaSmart Demo.exe
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))))
.
.
2012-01-21 00:42 . 2012-01-21 00:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-20 06:30 . 2012-01-20 06:31 -------- d-----w- C:\FRST
2012-01-15 12:44 . 2012-01-15 12:44 -------- d-----w- C:\$AVG
2012-01-14 20:24 . 2012-01-14 20:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-11 13:30 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 13:30 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 13:30 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 13:30 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 13:30 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 13:30 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 13:30 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 13:30 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 07:15 . 2012-01-10 07:15 -------- d-----w- c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2012-01-10 07:04 . 2012-01-10 07:04 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-01-10 06:09 . 2012-01-10 06:09 -------- d-----w- c:\windows\system32\SPReview
2012-01-10 06:09 . 2012-01-10 06:09 -------- d-----w- c:\windows\system32\EventProviders
2012-01-10 02:30 . 2012-01-10 02:30 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-10 02:21 . 2012-01-10 05:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-10 02:05 . 2012-01-10 02:05 -------- d-----w- c:\users\Audrey\AppData\Roaming\SUPERAntiSpyware.com
2012-01-10 02:05 . 2012-01-10 02:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-10 02:05 . 2012-01-10 02:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-10 01:43 . 2012-01-10 01:43 -------- d-----w- c:\users\Audrey\AppData\Roaming\Malwarebytes
2012-01-10 01:41 . 2012-01-10 01:41 -------- d-----w- c:\program files\CCleaner
2012-01-10 01:41 . 2012-01-10 01:41 -------- d-----w- c:\programdata\Malwarebytes
2012-01-10 01:41 . 2012-01-10 01:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-10 01:41 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-06 02:32 . 2012-01-06 02:32 -------- d-----w- c:\users\Audrey\AppData\Local\Symantec
2012-01-06 02:32 . 2012-01-06 02:32 -------- dc----w- c:\windows\system32\DRVSTORE
2012-01-06 02:32 . 2011-07-06 18:44 34288 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-06 02:32 . 2012-01-06 02:32 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-06 02:32 . 2012-01-06 02:32 -------- d-----w- c:\program files\Symantec
2012-01-06 02:32 . 2012-01-06 02:32 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-01-06 02:31 . 2010-08-21 03:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-01-06 02:31 . 2010-08-21 03:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-01-06 02:31 . 2012-01-06 02:31 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-01-06 02:31 . 2012-01-06 02:31 -------- d-----w- c:\program files (x86)\Norton 360 Premier Edition
2012-01-06 02:29 . 2012-01-06 02:29 -------- d-----w- c:\programdata\PCSettings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 06:18 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-10 06:18 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-06 18:58 . 2010-08-04 23:33 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-02 14:40 . 2010-08-04 23:36 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-12-02 14:39 . 2010-08-04 23:35 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-12-02 14:37 . 2010-08-07 00:49 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-11-28 23:03 . 2010-08-07 00:52 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-11-28 23:03 . 2010-08-07 00:51 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-11-28 23:01 . 2010-08-04 23:33 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-11-27 00:46 . 2010-08-07 00:48 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-24 04:52 . 2011-12-19 02:59 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-12-06 18:59 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C88F1A58-BEE8-4DBE-9DB5-CAA96AAADC60}\mpengine.dll
2011-11-10 11:54 . 2010-08-04 23:33 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-05 05:32 . 2011-12-19 02:59 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-19 02:59 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-10-26 05:21 . 2011-12-19 03:02 43520 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Swag_Bucks\prxtbSwa1.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 21:12 1244040 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 1079584]
Image Transfer.lnk - c:\program files (x86)\Sony Corporation\Image Transfer\SonyTray.exe [2010-10-5 73728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 ihuputhm;ihuputhm;c:\windows\system32\drivers\ihuputhm.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 X5XSEx;X5XSEx;c:\program files (x86)\Free Ride Games\X5XSEx.Sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [x]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [x]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-24 1157240]
S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-09-27 21624]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120119.006\IDSvia64.sys [2012-01-07 488568]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2009-03-03 89600]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-07-09 323584]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.7\SymcPCCULaunchSvc.exe [2011-11-14 123320]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.7\ccSvcHst.exe [2009-08-24 126392]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-07 1926448]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 20:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-21 c:\windows\Tasks\HPCeeScheduleForAudrey.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-10 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-10 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-10 408600]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 318464]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-10-21 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-07 171520]
"combofix"="c:\combofix\CF6353.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{C4B8BAB4-1667-11DF-A242-BA9455D89593} - c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.7\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.7\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-01-20 19:06:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-21 01:06
.
Pre-Run: 252,550,270,976 bytes free
Post-Run: 252,655,579,136 bytes free
.
- - End Of File - - D8E620DDF3A776961290EA60A02860D4

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:56 PM

Posted 20 January 2012 - 09:24 PM

Download and run SecurityCheck by screen317. Post the resulting report.

How is the computer doing so far.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 klassic

klassic
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 21 January 2012 - 06:44 AM

Results of screen317's Security Check version 0.99.30
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
Adobe Flash Player 10.0.45.2 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````





Seems to be running well, but I haven't really used it yet besides all these scans.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users