Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.Boot.Pihar.c and various trojans


  • This topic is locked This topic is locked
10 replies to this topic

#1 ~Polky

~Polky

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Behind the screen
  • Local time:04:33 AM

Posted 23 November 2012 - 10:45 PM

Recently my laptop performed a series of odd things such as logging me off without warning, crashing, restarting instead of shutting down, and taking an exceptionally long time to load processes after logging in. As in faster to ctrl-alt-del up the task master and search a program rather than wait for the desktop and task bar.

TDSSKiller identified and removed the rootkit Rootkit.Boot.Pihar.c, found in \Device\Harddisk0\DR0

01:16:22.0613 1524 ================ Scan MBR ==================================
01:16:22.0629 1524 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:16:22.0629 1524 Suspicious mbr (Forged): \Device\Harddisk0\DR0
01:16:22.0722 1524 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
01:16:22.0722 1524 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
01:16:22.0925 1524 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
01:16:22.0925 1524 \Device\Harddisk0\DR0 - detected TDSS File System (1)
01:16:22.0925 1524 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
01:16:23.0081 1524 \Device\Harddisk1\DR1 - ok

ESET Online Scanner identified and removed 4 files total.

C:\ProgramData\Microsoft\Windows\DRM\666E.tmp Win64/Olmarik.AO trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\669E.tmp Win64/Olmarik.AO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\20.11.2012_01.15.18\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\20.11.2012_01.15.18\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined


Malwarebtes Anti-Maleware identified and removed 6 files total.

Files Detected: 6
C:\ProgramData\Microsoft\Windows\DRM\666E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\DRM\669E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\20.11.2012_01.15.18\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\20.11.2012_01.15.18\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\Users\Elizabeth Polk\AppData\Local\Temp\690F.tmp (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

I would greatly appreciate some assistance in making sure that my computer is free and clear of infection and damage, and some knowledge on what exactly this infection is supposed to do, as in stealing information or just causing chaos?
Thank you in advance.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
Run by Elizabeth Polk at 22:31:35 on 2012-11-23
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\PC Care Center\Bin\EndUserService.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Windows\System32\Drivers\WTSRV.EXE
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\SysWOW64\WTClient.exe
C:\Program Files (x86)\PC Care Center\Bin\WWTray.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Users\Elizabeth Polk\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Elizabeth Polk\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\BOINC\boincmgr.exe
C:\Program Files (x86)\BOINC\boinctray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\BOINC\boinc.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_faah_autodock_6.40_windows_intelx86
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_cep2_6.40_windows_intelx86
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_cep2_qchem_6.40_windows_intelx86
C:\Program Files (x86)\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = file:///C:/Users/Elizabeth%20Polk/Homepage.html
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Google Update] "C:\Users\Elizabeth Polk\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
uRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2225401P05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
uRun: [AdobeBridge] <no file>
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [WTClient] WTClient.exe
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
mRun: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{C45450AF-9960-4234-8D40-09F1456A93D3} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C45450AF-9960-4234-8D40-09F1456A93D3}\76575637472323 : DHCPNameServer = 209.26.220.104 209.26.220.105
TCP: Interfaces\{C45450AF-9960-4234-8D40-09F1456A93D3}\C696E6B6379737 : DHCPNameServer = 204.117.214.10 199.2.252.10
TCP: Interfaces\{C45450AF-9960-4234-8D40-09F1456A93D3}\D496649643632303C402A45647071636B6028323140302355636572756 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://acer.msn.com
x64-mDefault_Page_URL = hxxp://acer.msn.com
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? MWLService;MyWinLocker Service
R? PTSimHid;PenTablet Simulated HID MiniDriver
R? SkypeUpdate;Skype Updater
R? SwitchBoard;Adobe SwitchBoard
R? TsUsbFlt;TsUsbFlt
R? WDC_SAM;WD SCSI Pass Thru driver
R? wlcrasvc;Windows Live Mesh remote connections service
S? AMD External Events Utility;AMD External Events Utility
S? AtiHDAudioService;ATI Function Driver for HD Audio Service
S? DragonSvc;Dragon Service
S? DsiWMIService;Dritek WMI Service
S? ePowerSvc;Acer ePower Service
S? ETD;ELAN PS/2 Port Input Device
S? GREGService;GREGService
S? k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0
S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
S? MpFilter;Microsoft Malware Protection Driver
S? mwlPSDFilter;mwlPSDFilter
S? mwlPSDNServ;mwlPSDNServ
S? mwlPSDVDisk;mwlPSDVDisk
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? NOBU;Norton Online Backup
S? NTI IScheduleSvc;NTI IScheduleSvc
S? PTSimBus;PenTablet Bus Enumerator
S? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
S? Updater Service;Updater Service
S? usbfilter;AMD USB Filter Driver
S? WarrantyWare;WarrantyWare
S? WDBackup;WD Backup
S? WDDriveService;WD Drive Manager
S? WDRulesService;WD Rules
.
=============== Created Last 30 ================
.
2012-11-24 02:09:42 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BE2D04F-30D3-44D2-BC9A-A7A5DAFA8DCE}\mpengine.dll
2012-11-22 21:38:29 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-22 21:32:22 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-11-22 21:32:22 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-11-22 21:32:22 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-11-22 21:32:22 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-11-22 21:31:34 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-22 21:25:03 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-22 21:25:03 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-22 21:25:03 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-22 21:25:02 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-22 21:24:14 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-11-22 21:04:28 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-22 21:04:27 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-22 21:04:24 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-22 21:04:23 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-22 21:04:20 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-22 21:04:19 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-22 21:04:19 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-20 10:56:11 208216 ----a-w- C:\Windows\System32\drivers\09890803.sys
2012-11-20 06:48:52 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-11-20 06:48:52 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-11-20 06:48:52 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-11-20 06:48:52 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-11-20 06:48:51 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-11-20 06:48:51 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-11-20 06:48:51 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-11-20 06:48:50 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2012-11-20 06:48:50 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-11-20 06:48:49 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-11-20 06:48:49 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-11-20 06:48:49 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-11-20 06:47:59 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-20 06:47:58 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-20 06:17:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-14 23:40:19 -------- d-----w- C:\Users\Elizabeth Polk\AppData\Roaming\FLEXnet
2012-11-14 23:40:18 -------- d-----w- C:\Users\Elizabeth Polk\AppData\Roaming\Nuance
2012-11-14 23:37:36 -------- d-----w- C:\Program Files (x86)\Common Files\IVA
2012-11-14 23:36:31 -------- d-----w- C:\Program Files (x86)\Common Files\Nuance
2012-11-14 23:32:38 -------- d-----w- C:\ProgramData\Nuance
2012-11-14 23:32:38 -------- d-----w- C:\Program Files (x86)\Nuance
2012-11-14 16:54:17 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3E0F0EB9-4404-42B0-B2CF-48F35D6CD592}\gapaengine.dll
2012-11-14 16:51:51 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-11-14 16:51:41 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-11-14 16:37:16 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F12F7910-3A66-42EB-B7E3-D873076BDEB9}\mpengine.dll
2012-11-14 16:37:13 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-11-12 01:59:45 -------- d-----w- C:\Program Files\Western Digital
2012-11-12 01:59:45 -------- d-----w- C:\Program Files (x86)\Western Digital
2012-11-07 23:57:55 -------- d-----w- C:\ProgramData\Freemake
2012-11-07 23:57:33 -------- d-----w- C:\Program Files (x86)\Freemake
2012-11-03 18:53:50 -------- d-----w- C:\Users\Elizabeth Polk\AppData\Local\Windows Live
2012-11-02 00:29:58 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2012-11-02 00:21:36 -------- d--h--w- C:\Windows\msdownld.tmp
2012-11-02 00:21:29 -------- d-----w- C:\Windows\SysWow64\directx
2012-11-01 23:16:08 -------- d--h--w- C:\SkyDriveTemp
2012-11-01 23:14:15 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2012-11-01 23:14:13 -------- d-----r- C:\Users\Elizabeth Polk\SkyDrive
2012-11-01 23:13:27 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2012-10-29 22:52:34 -------- d-----w- C:\Program Files (x86)\WinPcap
2012-10-29 06:08:50 -------- d-----w- C:\Users\Elizabeth Polk\AppData\Local\mypaint
2012-10-28 02:45:39 -------- d-----w- C:\Program Files\MyPaint
.
==================== Find3M ====================
.
2012-10-18 01:48:43 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-18 01:48:42 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-26 20:17:16 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-09-26 20:17:16 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-09-21 22:18:05 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-21 22:17:57 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-21 22:17:56 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-20 01:36:20 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-09-20 01:36:19 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-09-20 01:36:19 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-09-20 01:26:09 0 ----a-w- C:\Windows\ativpsrm.bin
2012-09-20 01:25:13 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-31 03:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 03:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 22:33:08.59 ===============

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:33 AM

Posted 25 November 2012 - 07:34 AM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 ~Polky

~Polky
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Behind the screen
  • Local time:04:33 AM

Posted 25 November 2012 - 09:30 PM

0/////^/////0 A whole month of file names? How personal, I feel so exposed.
And thank you for helping me.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012
Ran by SYSTEM at 25-11-2012 21:19:44
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11444840 2010-09-21] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [x]
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot [363752 2012-09-19] (BillP Studios)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-10-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [WTClient] WTClient.exe [x]
HKLM-x32\...\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [363752 2012-09-19] (BillP Studios)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s [4543232 2010-09-23] (World Community Grid)
HKLM-x32\...\Run: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe" [58112 2010-09-23] (Space Sciences Laboratory)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini [344 2012-11-23] ()
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-01-14] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-01-14] ()
HKU\Elizabeth Polk\...\Run: [Google Update] "C:\Users\Elizabeth Polk\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-09-20] (Google Inc.)
HKU\Elizabeth Polk\...\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2498048 2012-07-24] ()
HKU\Elizabeth Polk\...\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2225401P05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1 [2676584 2011-06-08] (Hewlett-Packard Co.)
HKU\Elizabeth Polk\...\Run: [AdobeBridge] [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\Elizabeth Polk\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
Startup: C:\Users\Elizabeth Polk\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk -> C:\Windows\System32\RunDll32.exe (Microsoft Corporation)
Startup: C:\Users\Elizabeth Polk\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 McAfee SiteAdvisor Service; C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [103472 2012-06-15] (McAfee, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
2 WarrantyWare; "C:\Program Files (x86)\PC Care Center\Bin\EndUserService.exe" [459408 2008-09-19] (N.E.W. North America, Corp.)
2 WDBackup; "C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe" [1157056 2012-09-19] (Western Digital )
2 WDDriveService; "C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe" [248248 2012-09-19] (Western Digital)
2 WDRulesService; "C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe" [1177536 2012-09-19] (Western Digital )
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) =====================

0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-25 21:19 - 2012-11-25 21:19 - 00000000 ____D C:\FRST
2012-11-25 17:50 - 2012-11-25 17:50 - 01461039 ____A (Farbar) C:\Users\Elizabeth Polk\Downloads\FRST64.exe
2012-11-24 22:00 - 2012-11-24 22:00 - 00000000 ____A C:\Windows\setupact.log
2012-11-24 20:36 - 2012-11-24 20:36 - 03351040 ____A C:\Users\Elizabeth Polk\Downloads\sfa.exe
2012-11-24 16:10 - 2012-11-24 16:10 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Local\Macromedia
2012-11-24 16:08 - 2012-11-25 17:46 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-24 16:06 - 2012-11-24 16:06 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-11-24 16:06 - 2012-11-24 16:06 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-11-24 16:06 - 2012-11-24 16:06 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-11-24 16:06 - 2012-11-24 16:06 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-11-24 16:06 - 2012-11-24 16:06 - 00000000 ____D C:\Program Files (x86)\Java
2012-11-24 16:04 - 2012-11-24 16:03 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-11-24 16:04 - 2012-11-24 16:03 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-11-24 16:04 - 2012-11-24 16:03 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-11-24 16:04 - 2012-11-24 16:03 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-11-24 16:04 - 2012-11-24 16:03 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-11-24 16:04 - 2012-11-24 16:03 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2012-11-24 16:03 - 2012-11-24 16:03 - 31160808 ____A (Oracle Corporation) C:\Users\Elizabeth Polk\Downloads\jre-7u9-windows-i586.exe
2012-11-24 16:03 - 2012-11-24 16:03 - 00000000 ____D C:\Program Files\Java
2012-11-24 16:02 - 2012-11-24 16:02 - 32699368 ____A (Oracle Corporation) C:\Users\Elizabeth Polk\Downloads\jre-7u9-windows-x64.exe
2012-11-24 15:56 - 2012-11-24 15:56 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Local\Mozilla
2012-11-24 12:29 - 2012-11-24 12:29 - 00000000 ____D C:\Users\Elizabeth Polk\Desktop\Well bleep
2012-11-23 20:13 - 2012-07-23 08:07 - 00003802 ____A C:\Windows\System32\Drivers\etc\hosts.20121123-231344.backup
2012-11-23 20:08 - 2012-11-23 20:52 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-11-23 20:08 - 2012-11-23 20:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-11-23 20:08 - 2009-01-25 09:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2012-11-23 20:04 - 2012-11-23 20:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-23 20:04 - 2012-11-23 20:04 - 00000000 ____D C:\Users\All Users\Mozilla
2012-11-23 20:04 - 2012-11-23 20:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-23 10:34 - 2012-11-23 10:38 - 00295268 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-11-22 13:32 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-22 13:32 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-22 13:32 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-22 13:32 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-22 13:31 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-22 13:25 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-22 13:25 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-22 13:25 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-22 13:25 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-22 13:24 - 2012-11-22 13:24 - 00294280 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-11-22 13:24 - 2012-11-22 13:24 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-11-22 13:14 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-22 13:14 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-22 13:14 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-22 13:14 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-22 13:14 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-22 13:14 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-22 13:14 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-22 13:14 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-22 13:14 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-22 13:14 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-22 13:14 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-22 13:14 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-22 13:14 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-22 13:14 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-22 13:14 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-22 13:14 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-22 13:14 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-22 13:14 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-22 13:14 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-22 13:14 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-22 13:14 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-22 13:14 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-22 13:14 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-22 13:14 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-22 13:14 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-22 13:14 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-22 13:14 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-22 13:14 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-22 13:14 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-22 13:14 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-22 13:14 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-22 13:14 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-22 13:04 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-22 13:04 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-22 13:04 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-22 13:04 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-22 13:04 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-22 13:04 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-22 13:04 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-22 13:04 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-20 02:56 - 2012-11-20 02:56 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\09890803.sys
2012-11-20 02:54 - 2012-11-20 02:54 - 00688992 ____R (Swearware) C:\Users\Elizabeth Polk\Downloads\dds.com
2012-11-20 01:00 - 2012-11-20 01:33 - 00002120 ____A C:\scu.dat
2012-11-19 22:48 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-19 22:48 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-19 22:48 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-19 22:48 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-19 22:48 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-19 22:48 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-19 22:48 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-19 22:48 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-19 22:48 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-19 22:48 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-19 22:48 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-19 22:48 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-19 22:47 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-19 22:47 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-19 22:17 - 2012-11-19 22:26 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-19 22:11 - 2012-11-19 22:12 - 00283432 ____A C:\Windows\Minidump\112012-21668-01.dmp
2012-11-19 22:03 - 2012-11-19 22:03 - 00000000 ____D C:\Users\Elizabeth Polk\Downloads\tdsskiller
2012-11-19 22:01 - 2012-11-19 22:02 - 02195061 ____A C:\Users\Elizabeth Polk\Downloads\tdsskiller.zip
2012-11-19 21:56 - 2012-11-19 22:11 - 373955728 ____A C:\Windows\MEMORY.DMP
2012-11-19 21:56 - 2012-11-19 21:57 - 00275208 ____A C:\Windows\Minidump\112012-49499-01.dmp
2012-11-19 21:48 - 2012-11-23 17:47 - 00007912 ____A C:\Windows\PFRO.log
2012-11-19 14:26 - 2012-11-19 14:27 - 00000000 ____D C:\Users\Elizabeth Polk\Documents\Email to Kindle
2012-11-18 12:52 - 2012-11-18 13:14 - 01110016 ____A C:\Users\Elizabeth Polk\Documents\BOOKS! GOD I LOVE BOOKS! Dear Princess Celestia, I'm so alone.accdb
2012-11-18 12:51 - 2012-11-18 13:17 - 00000000 ____D C:\Users\Elizabeth Polk\Desktop\You Might Be a Zombie and Other Bad News (7872)
2012-11-18 12:49 - 2012-11-18 12:49 - 00000000 ____D C:\Users\Elizabeth Polk\Desktop\Mental Floss Presents Instant Knowledge (2679)
2012-11-18 12:47 - 2012-11-18 12:47 - 00000000 ____D C:\Users\Elizabeth Polk\Desktop\The 4-Hour Workweek, Expanded and Update (7337)
2012-11-18 12:47 - 2012-11-18 12:47 - 00000000 ____D C:\Users\Elizabeth Polk\Desktop\The 4-Hour Body_ An Uncommon Guide to Ra (7913)
2012-11-18 12:28 - 2012-11-18 12:28 - 00000000 ____D C:\Users\Elizabeth Polk\Desktop\What's Wrong with Eating People__ 33 Mor (5829)
2012-11-18 12:14 - 2012-11-18 12:14 - 00000000 ____D C:\Users\Elizabeth Polk\Desktop\Fat Vampire_ A Never Coming of Age Story (7398)
2012-11-17 21:47 - 2012-11-24 12:29 - 00000000 ____D C:\Users\Elizabeth Polk\Desktop\Library
2012-11-17 18:39 - 2012-11-17 18:39 - 00000000 ____A C:\Windows\setuperr.log
2012-11-15 09:28 - 2012-11-15 09:28 - 00000000 ____D C:\Users\Elizabeth Polk\Desktop\Math Today
2012-11-15 05:35 - 2012-11-15 05:35 - 00005927 ____A C:\Users\Elizabeth Polk\Documents\123.odf
2012-11-14 16:09 - 2012-11-16 16:21 - 00001515 ____A C:\Users\Elizabeth Polk\AppData\Roaming\SAS7_000.DAT
2012-11-14 15:40 - 2012-11-14 15:40 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Roaming\Nuance
2012-11-14 15:40 - 2012-11-14 15:40 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Roaming\FLEXnet
2012-11-14 15:32 - 2012-11-14 15:32 - 00000000 ____D C:\Users\All Users\Nuance
2012-11-14 15:32 - 2012-11-14 15:32 - 00000000 ____D C:\Program Files (x86)\Nuance
2012-11-14 14:45 - 2012-11-14 14:45 - 00034806 ____A C:\Users\Elizabeth Polk\Downloads\[kat.ph]nuance.dragon.naturally.speaking.11.premium.english.torrent
2012-11-14 12:19 - 2012-11-14 15:30 - 00014732 ____H C:\Users\Elizabeth Polk\Documents\~WRL1657.tmp
2012-11-14 09:27 - 2012-11-14 09:27 - 00009354 ____A C:\Users\Elizabeth Polk\AppData\Local\recently-used.xbel
2012-11-14 09:17 - 2012-11-14 09:17 - 00001382 ____A C:\Windows\Tablet5500x4000.ini
2012-11-14 08:52 - 2012-11-14 08:52 - 00001945 ____A C:\Windows\epplauncher.mif
2012-11-14 08:51 - 2012-11-14 08:52 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-11-14 08:51 - 2012-11-14 08:51 - 00025710 ____A C:\Users\Elizabeth Polk\Documents\cc_20121114_115119.reg
2012-11-14 08:51 - 2012-11-14 08:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-11-14 08:37 - 2012-05-31 09:25 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-11-13 10:18 - 2012-11-13 10:19 - 00687959 ____A C:\Users\Elizabeth Polk\Downloads\LegendofZelda-Labyrinth.mpeg
2012-11-13 10:18 - 2012-11-13 10:18 - 00005765 ____A C:\Users\Elizabeth Polk\Downloads\Zelda Ocarina of Time - Market (1).mid
2012-11-13 10:18 - 2012-11-13 10:18 - 00003317 ____A C:\Users\Elizabeth Polk\Downloads\Zelda Ocarina of Time - Song of Storms.mid
2012-11-13 10:17 - 2012-11-13 10:17 - 00007340 ____A C:\Users\Elizabeth Polk\Downloads\Zelda Ocarina of Time - Kakariko Village.mid
2012-11-13 10:17 - 2012-11-13 10:17 - 00005769 ____A C:\Users\Elizabeth Polk\Downloads\Zelda Ocarina of Time - Lost Woods.mid
2012-11-13 10:17 - 2012-11-13 10:17 - 00005765 ____A C:\Users\Elizabeth Polk\Downloads\Zelda Ocarina of Time - Market.mid
2012-11-13 10:17 - 2012-11-13 10:17 - 00003256 ____A C:\Users\Elizabeth Polk\Downloads\Zelda Ocarina of Time - Hyrule Castle Courtyard.mid
2012-11-13 10:17 - 2012-11-13 10:17 - 00001656 ____A C:\Users\Elizabeth Polk\Downloads\Zelda Ocarina of Time - Link's House.mid
2012-11-13 10:17 - 2012-11-13 10:17 - 00001347 ____A C:\Users\Elizabeth Polk\Downloads\Zelda Ocarina of Time - Prelude of Light.mid
2012-11-13 10:16 - 2012-11-13 10:16 - 00012215 ____A C:\Users\Elizabeth Polk\Downloads\Termina Field - Zelda Majoras Mask.mid
2012-11-13 10:16 - 2012-11-13 10:16 - 00004198 ____A C:\Users\Elizabeth Polk\Downloads\Clock Town Day 1 - Zelda Majoras Mask.MID
2012-11-13 10:16 - 2012-11-13 10:16 - 00002935 ____A C:\Users\Elizabeth Polk\Downloads\Zelda Ocarina of Time - Zelda's Lullaby.mid
2012-11-11 17:59 - 2012-11-11 17:59 - 00000000 ____D C:\Program Files\Western Digital
2012-11-11 17:59 - 2012-11-11 17:59 - 00000000 ____D C:\Program Files (x86)\Western Digital
2012-11-09 18:38 - 2012-11-09 19:05 - 00004150 ____A C:\Users\Elizabeth Polk\Desktop\WHAT IS THIS, I DON'T EVEN.txt
2012-11-08 17:37 - 2012-11-08 17:37 - 00000000 ____D C:\Users\Elizabeth Polk\Documents\MyPaint
2012-11-07 15:57 - 2012-11-07 15:59 - 00000000 ____D C:\Users\Elizabeth Polk\Documents\Freemake
2012-11-07 15:57 - 2012-11-07 15:59 - 00000000 ____D C:\Users\All Users\Freemake
2012-11-07 15:57 - 2012-11-07 15:57 - 00000000 ____D C:\Program Files (x86)\Freemake
2012-11-06 19:29 - 2012-11-06 19:29 - 00001609 ____A C:\Users\Elizabeth Polk\Desktop\Those Problem Skins.lnk
2012-11-05 16:15 - 2012-11-05 16:15 - 00385200 ____A C:\Users\Elizabeth Polk\Downloads\Pokemon DPPt.ttf
2012-11-05 16:15 - 2012-11-05 16:15 - 00062608 ____A C:\Users\Elizabeth Polk\Downloads\Pocket Monsters.ttf
2012-11-05 16:15 - 2012-11-05 16:15 - 00056944 ____A C:\Users\Elizabeth Polk\Downloads\Pokemon Hollow.ttf
2012-11-05 16:15 - 2012-11-05 16:15 - 00027384 ____A C:\Users\Elizabeth Polk\Downloads\Unown.ttf
2012-11-05 16:15 - 2012-11-05 16:15 - 00022952 ____A C:\Users\Elizabeth Polk\Downloads\Futura Extra Bold.ttf
2012-11-05 16:15 - 2012-11-05 16:15 - 00014692 ____A C:\Users\Elizabeth Polk\Downloads\Annon.ttf
2012-11-05 16:15 - 2012-11-05 16:15 - 00004677 ____A C:\Users\Elizabeth Polk\Downloads\Microgramma Bold Extended.pfm
2012-11-05 16:14 - 2012-11-05 16:15 - 00033868 ____A C:\Users\Elizabeth Polk\Downloads\Pokemon Solid.ttf
2012-11-03 11:37 - 2012-11-03 11:37 - 00025320 ____A C:\Users\Elizabeth Polk\Documents\Dad Makes Weights.wlmp
2012-11-03 10:53 - 2012-11-03 10:54 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Local\Windows Live
2012-11-02 18:29 - 2012-11-02 18:30 - 14959413 ____A C:\Users\Elizabeth Polk\Downloads\HELPME.txt
2012-11-01 16:30 - 2010-06-02 00:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2012-11-01 16:30 - 2010-06-02 00:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2012-11-01 16:30 - 2010-06-02 00:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2012-11-01 16:30 - 2010-06-02 00:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2012-11-01 16:30 - 2010-06-02 00:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2012-11-01 16:30 - 2010-06-02 00:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2012-11-01 16:30 - 2010-05-26 07:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2012-11-01 16:30 - 2010-05-26 07:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2012-11-01 16:30 - 2010-05-26 07:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2012-11-01 16:30 - 2010-05-26 07:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2012-11-01 16:30 - 2010-05-26 07:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2012-11-01 16:30 - 2010-05-26 07:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2012-11-01 16:30 - 2010-05-26 07:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2012-11-01 16:30 - 2010-05-26 07:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2012-11-01 16:30 - 2010-05-26 07:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2012-11-01 16:30 - 2010-05-26 07:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2012-11-01 16:30 - 2010-02-04 06:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2012-11-01 16:30 - 2010-02-04 06:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2012-11-01 16:30 - 2010-02-04 06:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2012-11-01 16:30 - 2010-02-04 06:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2012-11-01 16:30 - 2010-02-04 06:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2012-11-01 16:30 - 2010-02-04 06:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2012-11-01 16:30 - 2010-02-04 06:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2012-11-01 16:30 - 2010-02-04 06:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2012-11-01 16:30 - 2009-09-04 13:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2012-11-01 16:30 - 2009-09-04 13:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2012-11-01 16:30 - 2009-09-04 13:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2012-11-01 16:30 - 2009-09-04 13:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2012-11-01 16:30 - 2009-09-04 13:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2012-11-01 16:30 - 2009-09-04 13:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2012-11-01 16:30 - 2009-09-04 13:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2012-11-01 16:30 - 2009-09-04 13:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2012-11-01 16:30 - 2009-09-04 13:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2012-11-01 16:30 - 2009-09-04 13:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2012-11-01 16:30 - 2009-09-04 13:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2012-11-01 16:30 - 2009-09-04 13:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2012-11-01 16:30 - 2009-03-16 10:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2012-11-01 16:30 - 2009-03-16 10:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2012-11-01 16:30 - 2009-03-16 10:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2012-11-01 16:30 - 2009-03-16 10:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2012-11-01 16:30 - 2009-03-16 10:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2012-11-01 16:30 - 2009-03-16 10:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2012-11-01 16:30 - 2009-03-09 11:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2012-11-01 16:30 - 2009-03-09 11:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2012-11-01 16:30 - 2009-03-09 11:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2012-11-01 16:30 - 2009-03-09 11:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2012-11-01 16:30 - 2008-10-10 00:52 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-11-01 16:30 - 2008-10-10 00:52 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2012-11-01 16:30 - 2008-10-10 00:52 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2012-11-01 16:30 - 2008-10-10 00:52 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2012-11-01 16:29 - 2008-10-27 06:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2012-11-01 16:29 - 2008-10-27 06:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2012-11-01 16:29 - 2008-10-27 06:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2012-11-01 16:29 - 2008-10-27 06:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2012-11-01 16:29 - 2008-10-27 06:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2012-11-01 16:29 - 2008-10-27 06:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2012-11-01 16:29 - 2008-10-27 06:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2012-11-01 16:29 - 2008-10-27 06:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2012-11-01 16:29 - 2008-10-10 00:52 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-11-01 16:29 - 2008-10-10 00:52 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2012-11-01 16:29 - 2008-07-31 06:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2012-11-01 16:29 - 2008-07-31 06:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2012-11-01 16:29 - 2008-07-31 06:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2012-11-01 16:29 - 2008-07-31 06:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2012-11-01 16:29 - 2008-07-31 06:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2012-11-01 16:29 - 2008-07-31 06:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2012-11-01 16:29 - 2008-07-10 07:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2012-11-01 16:29 - 2008-07-10 07:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2012-11-01 16:29 - 2008-07-10 07:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-11-01 16:29 - 2008-07-10 07:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2012-11-01 16:29 - 2008-07-10 07:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-11-01 16:29 - 2008-07-10 07:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2012-11-01 16:29 - 2008-05-30 10:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2012-11-01 16:29 - 2008-05-30 10:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2012-11-01 16:29 - 2008-05-30 10:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2012-11-01 16:29 - 2008-05-30 10:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2012-11-01 16:29 - 2008-05-30 10:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2012-11-01 16:29 - 2008-05-30 10:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2012-11-01 16:29 - 2008-05-30 10:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2012-11-01 16:29 - 2008-05-30 10:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2012-11-01 16:29 - 2008-05-30 10:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2012-11-01 16:29 - 2008-05-30 10:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2012-11-01 16:29 - 2008-05-30 10:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2012-11-01 16:29 - 2008-05-30 10:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2012-11-01 16:29 - 2008-05-30 10:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2012-11-01 16:29 - 2008-05-30 10:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2012-11-01 16:29 - 2008-03-05 12:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2012-11-01 16:29 - 2008-03-05 12:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2012-11-01 16:29 - 2008-03-05 12:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2012-11-01 16:29 - 2008-03-05 12:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2012-11-01 16:29 - 2008-03-05 12:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2012-11-01 16:29 - 2008-03-05 12:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2012-11-01 16:29 - 2008-03-05 11:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2012-11-01 16:29 - 2008-03-05 11:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2012-11-01 16:29 - 2008-03-05 11:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2012-11-01 16:29 - 2008-03-05 11:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2012-11-01 16:29 - 2008-02-05 19:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2012-11-01 16:29 - 2008-02-05 19:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2012-11-01 16:29 - 2007-10-21 23:40 - 00411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2012-11-01 16:29 - 2007-10-21 23:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2012-11-01 16:29 - 2007-10-21 23:37 - 00021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2012-11-01 16:29 - 2007-10-21 23:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2012-11-01 16:29 - 2007-10-12 11:14 - 05081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2012-11-01 16:29 - 2007-10-12 11:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2012-11-01 16:29 - 2007-10-12 11:14 - 02006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2012-11-01 16:29 - 2007-10-12 11:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2012-11-01 16:29 - 2007-10-02 05:56 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2012-11-01 16:29 - 2007-10-02 05:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2012-11-01 16:29 - 2007-07-19 20:57 - 00411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2012-11-01 16:29 - 2007-07-19 20:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2012-11-01 16:29 - 2007-07-19 14:14 - 05073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2012-11-01 16:29 - 2007-07-19 14:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2012-11-01 16:29 - 2007-07-19 14:14 - 01985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2012-11-01 16:29 - 2007-07-19 14:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2012-11-01 16:29 - 2007-07-19 14:14 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2012-11-01 16:29 - 2007-07-19 14:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2012-11-01 16:29 - 2007-06-20 16:49 - 00409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2012-11-01 16:29 - 2007-06-20 16:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2012-11-01 16:29 - 2007-05-16 12:45 - 04496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2012-11-01 16:29 - 2007-05-16 12:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2012-11-01 16:29 - 2007-05-16 12:45 - 01401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2012-11-01 16:29 - 2007-05-16 12:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2012-11-01 16:29 - 2007-05-16 12:45 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2012-11-01 16:29 - 2007-05-16 12:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2012-11-01 16:29 - 2007-04-04 14:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2012-11-01 16:29 - 2007-04-04 14:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2012-11-01 16:29 - 2007-04-04 14:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2012-11-01 16:29 - 2007-04-04 14:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2012-11-01 16:29 - 2007-03-15 12:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2012-11-01 16:29 - 2007-03-15 12:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2012-11-01 16:29 - 2007-03-12 12:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2012-11-01 16:29 - 2007-03-12 12:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2012-11-01 16:29 - 2007-03-12 12:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2012-11-01 16:29 - 2007-03-12 12:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2012-11-01 16:29 - 2007-03-05 08:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2012-11-01 16:29 - 2007-03-05 08:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2012-11-01 16:29 - 2007-01-24 11:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2012-11-01 16:29 - 2007-01-24 11:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2012-11-01 16:29 - 2006-12-08 08:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2012-11-01 16:29 - 2006-12-08 08:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2012-11-01 16:29 - 2006-11-29 09:06 - 00469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2012-11-01 16:29 - 2006-11-29 09:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2012-11-01 16:29 - 2006-09-28 12:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2012-11-01 16:29 - 2006-09-28 12:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2012-11-01 16:29 - 2006-09-28 12:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2012-11-01 16:29 - 2006-09-28 12:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2012-11-01 16:29 - 2006-07-28 05:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2012-11-01 16:29 - 2006-07-28 05:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2012-11-01 16:29 - 2006-07-28 05:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2012-11-01 16:29 - 2006-07-28 05:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2012-11-01 16:29 - 2006-05-31 03:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2012-11-01 16:29 - 2006-05-31 03:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2012-11-01 16:29 - 2006-03-31 08:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2012-11-01 16:29 - 2006-03-31 08:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2012-11-01 16:29 - 2006-03-31 08:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2012-11-01 16:29 - 2006-03-31 08:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2012-11-01 16:28 - 2006-03-31 08:41 - 03927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2012-11-01 16:28 - 2006-03-31 08:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2012-11-01 16:28 - 2006-02-03 04:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2012-11-01 16:28 - 2006-02-03 04:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2012-11-01 16:28 - 2006-02-03 04:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2012-11-01 16:28 - 2006-02-03 04:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2012-11-01 16:28 - 2006-02-03 04:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2012-11-01 16:28 - 2006-02-03 04:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2012-11-01 16:28 - 2005-12-05 14:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2012-11-01 16:28 - 2005-12-05 14:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2012-11-01 16:28 - 2005-07-22 15:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2012-11-01 16:28 - 2005-07-22 15:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2012-11-01 16:28 - 2005-05-26 11:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2012-11-01 16:28 - 2005-05-26 11:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2012-11-01 16:28 - 2005-03-18 13:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2012-11-01 16:28 - 2005-03-18 13:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2012-11-01 16:28 - 2005-02-05 15:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2012-11-01 16:28 - 2005-02-05 15:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2012-11-01 16:21 - 2012-11-01 16:30 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-11-01 16:21 - 2012-11-01 16:27 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-11-01 15:14 - 2012-11-01 15:17 - 00000000 ___RD C:\Users\Elizabeth Polk\SkyDrive
2012-11-01 15:14 - 2012-11-01 15:14 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2012-11-01 15:13 - 2012-11-01 15:13 - 00000000 ____D C:\Users\All Users\Microsoft SkyDrive
2012-11-01 14:41 - 2012-11-01 14:41 - 00190728 ____A C:\Users\Elizabeth Polk\Downloads\Desktop Ponies V1.42 TEST 1.zip
2012-11-01 08:54 - 2012-11-01 08:55 - 00745472 ____A C:\Users\Elizabeth Polk\Downloads\Polk_Elizabeth_a02_Outings.accdb
2012-10-29 14:52 - 2012-10-29 14:52 - 00000000 ____D C:\Program Files (x86)\WinPcap
2012-10-29 14:50 - 2012-10-29 14:50 - 03370204 ____A C:\Users\Elizabeth Polk\Downloads\DeSmuMe v.zip
2012-10-28 22:08 - 2012-10-28 22:18 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Local\mypaint
2012-10-27 18:45 - 2012-10-27 18:45 - 00000000 ____D C:\Program Files\MyPaint
2012-10-26 15:29 - 2012-10-26 15:29 - 00000000 ___HD C:\Users\Elizabeth Polk\Desktop\rkill registry back-up
2012-10-26 15:28 - 2012-10-26 15:29 - 00000000 ____D C:\Users\Elizabeth Polk\Downloads\Art programs I should someday install
2012-10-26 15:18 - 2012-10-26 15:18 - 13529576 ____A (Microsoft Corporation) C:\Users\Elizabeth Polk\Downloads\mseinstall.exe

==================== One Month Modified Files and Folders =======

2012-11-25 21:19 - 2012-11-25 21:19 - 00000000 ____D C:\FRST
2012-11-25 18:15 - 2012-10-08 11:05 - 00000000 ____D C:\Users\All Users\BOINC
2012-11-25 18:15 - 2012-09-19 17:23 - 01342407 ____A C:\Windows\WindowsUpdate.log
2012-11-25 18:00 - 2012-09-19 18:05 - 00000404 ____A C:\Windows\Tasks\Acer Registration - Data Sending task.job
2012-11-25 18:00 - 2009-07-13 20:45 - 00018512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-25 18:00 - 2009-07-13 20:45 - 00018512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-25 17:57 - 2012-09-20 17:47 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2192930033-3488979145-768369785-1001UA.job
2012-11-25 17:55 - 2012-10-17 17:56 - 00000266 ____A C:\Windows\Tasks\AutoKMS.job
2012-11-25 17:50 - 2012-11-25 17:50 - 01461039 ____A (Farbar) C:\Users\Elizabeth Polk\Downloads\FRST64.exe
2012-11-25 17:46 - 2012-11-24 16:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-25 12:02 - 2012-09-24 10:18 - 00000000 ____D C:\Users\Elizabeth Polk\.rainlendar2
2012-11-24 22:00 - 2012-11-24 22:00 - 00000000 ____A C:\Windows\setupact.log
2012-11-24 20:57 - 2012-09-20 17:47 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2192930033-3488979145-768369785-1001Core.job
2012-11-24 20:38 - 2012-10-09 16:12 - 00000000 ____D C:\Users\Elizabeth Polk\Games
2012-11-24 20:36 - 2012-11-24 20:36 - 03351040 ____A C:\Users\Elizabeth Polk\Downloads\sfa.exe
2012-11-24 16:10 - 2012-11-24 16:10 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Local\Macromedia
2012-11-24 16:09 - 2012-10-17 17:48 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-24 16:09 - 2012-10-17 17:48 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-24 16:09 - 2010-11-16 03:59 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-24 16:06 - 2012-11-24 16:06 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-11-24 16:06 - 2012-11-24 16:06 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-11-24 16:06 - 2012-11-24 16:06 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-11-24 16:06 - 2012-11-24 16:06 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-11-24 16:06 - 2012-11-24 16:06 - 00000000 ____D C:\Program Files (x86)\Java
2012-11-24 16:06 - 2012-09-21 14:18 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-11-24 16:06 - 2012-09-21 14:18 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-11-24 16:03 - 2012-11-24 16:04 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-11-24 16:03 - 2012-11-24 16:04 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-11-24 16:03 - 2012-11-24 16:04 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-11-24 16:03 - 2012-11-24 16:04 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-11-24 16:03 - 2012-11-24 16:04 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-11-24 16:03 - 2012-11-24 16:04 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2012-11-24 16:03 - 2012-11-24 16:03 - 31160808 ____A (Oracle Corporation) C:\Users\Elizabeth Polk\Downloads\jre-7u9-windows-i586.exe
2012-11-24 16:03 - 2012-11-24 16:03 - 00000000 ____D C:\Program Files\Java
2012-11-24 16:02 - 2012-11-24 16:02 - 32699368 ____A (Oracle Corporation) C:\Users\Elizabeth Polk\Downloads\jre-7u9-windows-x64.exe
2012-11-24 15:57 - 2012-09-19 18:10 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Roaming\Mozilla
2012-11-24 15:56 - 2012-11-24 15:56 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Local\Mozilla
2012-11-24 12:29 - 2012-11-24 12:29 - 00000000 ____D C:\Users\Elizabeth Polk\Desktop\Well bleep
2012-11-24 12:29 - 2012-11-17 21:47 - 00000000 ____D C:\Users\Elizabeth Polk\Desktop\Library
2012-11-23 20:52 - 2012-11-23 20:08 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-11-23 20:08 - 2012-11-23 20:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-11-23 20:05 - 2012-11-23 20:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-23 20:04 - 2012-11-23 20:04 - 00000000 ____D C:\Users\All Users\Mozilla
2012-11-23 20:04 - 2012-11-23 20:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-23 19:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources
2012-11-23 19:27 - 2012-09-19 18:03 - 00153616 ____A C:\Users\Elizabeth Polk\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-23 17:54 - 2009-07-13 20:45 - 09650128 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-23 17:49 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-23 17:47 - 2012-11-19 21:48 - 00007912 ____A C:\Windows\PFRO.log
2012-11-23 10:38 - 2012-11-23 10:34 - 00295268 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-11-22 13:31 - 2012-09-19 18:13 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-22 13:28 - 2009-07-13 21:13 - 00740374 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-22 13:24 - 2012-11-22 13:24 - 00294280 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-11-22 13:24 - 2012-11-22 13:24 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-11-22 13:07 - 2012-09-26 10:44 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-22 13:02 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-11-21 09:39 - 2012-09-24 16:27 - 00000000 ____D C:\Users\Elizabeth Polk\Documents\American Literature
2012-11-20 02:56 - 2012-11-20 02:56 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\09890803.sys
2012-11-20 02:54 - 2012-11-20 02:54 - 00688992 ____R (Swearware) C:\Users\Elizabeth Polk\Downloads\dds.com
2012-11-20 01:33 - 2012-11-20 01:00 - 00002120 ____A C:\scu.dat
2012-11-19 22:26 - 2012-11-19 22:17 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-19 22:12 - 2012-11-19 22:11 - 00283432 ____A C:\Windows\Minidump\112012-21668-01.dmp
2012-11-19 22:11 - 2012-11-19 21:56 - 373955728 ____A C:\Windows\MEMORY.DMP
2012-11-19 22:11 - 2012-10-06 22:21 - 00000000 ____D C:\Windows\Minidump
2012-11-19 22:03 - 2012-11-19 22:03 - 00000000 ____D C:\Users\Elizabeth Polk\Downloads\tdsskiller
2012-11-19 22:02 - 2012-11-19 22:01 - 02195061 ____A C:\Users\Elizabeth Polk\Downloads\tdsskiller.zip
2012-11-19 21:57 - 2012-11-19 21:56 - 00275208 ____A C:\Windows\Minidump\112012-49499-01.dmp
2012-11-19 21:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2012-11-19 20:00 - 2012-09-20 09:10 - 00000000 ____D C:\Users\Elizabeth Polk\Documents\My Kindle Content
2012-11-19 14:27 - 2012-11-19 14:26 - 00000000 ____D C:\Users\Elizabeth Polk\Documents\Email to Kindle
2012-11-18 13:17 - 2012-11-18 12:51 - 00000000 ____D C:\Users\Elizabeth Polk\Desktop\You Might Be a Zombie and Other Bad News (7872)
2012-11-18 13:14 - 2012-11-18 12:52 - 01110016 ____A C:\Users\Elizabeth Polk\Documents\BOOKS! GOD I LOVE BOOKS! Dear Princess Celestia, I'm so alone.accdb
2012-11-18 12:49 - 2012-11-18 12:49 - 00000000 ____D C:\Users\Elizabeth Polk\Desktop\Mental Floss Presents Instant Knowledge (2679)
2012-11-18 12:47 - 2012-11-18 12:47 - 00000000 ____D C:\Users\Elizabeth Polk\Desktop\The 4-Hour Workweek, Expanded and Update (7337)
2012-11-18 12:47 - 2012-11-18 12:47 - 00000000 ____D C:\Users\Elizabeth Polk\Desktop\The 4-Hour Body_ An Uncommon Guide to Ra (7913)
2012-11-18 12:28 - 2012-11-18 12:28 - 00000000 ____D C:\Users\Elizabeth Polk\Desktop\What's Wrong with Eating People__ 33 Mor (5829)
2012-11-18 12:14 - 2012-11-18 12:14 - 00000000 ____D C:\Users\Elizabeth Polk\Desktop\Fat Vampire_ A Never Coming of Age Story (7398)
2012-11-17 19:17 - 2012-10-09 20:09 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Roaming\Media Player Classic
2012-11-17 18:39 - 2012-11-17 18:39 - 00000000 ____A C:\Windows\setuperr.log
2012-11-17 18:22 - 2012-09-23 13:19 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Local\CrashDumps
2012-11-17 10:39 - 2012-09-20 11:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-16 19:31 - 2012-09-20 08:56 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Local\Digsby
2012-11-16 16:21 - 2012-11-14 16:09 - 00001515 ____A C:\Users\Elizabeth Polk\AppData\Roaming\SAS7_000.DAT
2012-11-15 09:28 - 2012-11-15 09:28 - 00000000 ____D C:\Users\Elizabeth Polk\Desktop\Math Today
2012-11-15 09:03 - 2012-09-20 17:33 - 00000000 ____D C:\Users\Elizabeth Polk\Documents\Microcomputer Applications
2012-11-15 08:20 - 2012-09-20 09:06 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Roaming\Audacity
2012-11-15 05:35 - 2012-11-15 05:35 - 00005927 ____A C:\Users\Elizabeth Polk\Documents\123.odf
2012-11-14 20:28 - 2012-09-20 17:00 - 00000000 ___RD C:\Users\Elizabeth Polk\Desktop\Proggies
2012-11-14 15:40 - 2012-11-14 15:40 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Roaming\Nuance
2012-11-14 15:40 - 2012-11-14 15:40 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Roaming\FLEXnet
2012-11-14 15:32 - 2012-11-14 15:32 - 00000000 ____D C:\Users\All Users\Nuance
2012-11-14 15:32 - 2012-11-14 15:32 - 00000000 ____D C:\Program Files (x86)\Nuance
2012-11-14 15:32 - 2012-09-19 17:44 - 00000000 ____D C:\Users\All Users\FLEXnet
2012-11-14 15:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Speech
2012-11-14 15:30 - 2012-11-14 12:19 - 00014732 ____H C:\Users\Elizabeth Polk\Documents\~WRL1657.tmp
2012-11-14 14:45 - 2012-11-14 14:45 - 00034806 ____A C:\Users\Elizabeth Polk\Downloads\[kat.ph]nuance.dragon.naturally.speaking.11.premium.english.torrent
2012-11-14 10:33 - 2010-11-16 03:50 - 00000000 ____D C:\Users\All Users\McAfee
2012-11-14 10:33 - 2010-11-16 03:50 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-11-14 10:32 - 2010-11-16 03:50 - 00000000 ____D C:\Program Files\mcafee
2012-11-14 09:27 - 2012-11-14 09:27 - 00009354 ____A C:\Users\Elizabeth Polk\AppData\Local\recently-used.xbel
2012-11-14 09:17 - 2012-11-14 09:17 - 00001382 ____A C:\Windows\Tablet5500x4000.ini
2012-11-14 08:52 - 2012-11-14 08:52 - 00001945 ____A C:\Windows\epplauncher.mif
2012-11-14 08:52 - 2012-11-14 08:51 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-11-14 08:51 - 2012-11-14 08:51 - 00025710 ____A C:\Users\Elizabeth Polk\Documents\cc_20121114_115119.reg
2012-11-14 08:51 - 2012-11-14 08:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-11-13 18:46 - 2012-09-29 08:08 - 00001456 ____A C:\Users\Elizabeth Polk\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-11-13 10:19 - 2012-11-13 10:18 - 00687959 ____A C:\Users\Elizabeth Polk\Downloads\LegendofZelda-Labyrinth.mpeg
2012-11-13 10:18 - 2012-11-13 10:18 - 00005765 ____A C:\Users\Elizabeth Polk\Downloads\Zelda Ocarina of Time - Market (1).mid
2012-11-13 10:18 - 2012-11-13 10:18 - 00003317 ____A C:\Users\Elizabeth Polk\Downloads\Zelda Ocarina of Time - Song of Storms.mid
2012-11-13 10:17 - 2012-11-13 10:17 - 00007340 ____A C:\Users\Elizabeth Polk\Downloads\Zelda Ocarina of Time - Kakariko Village.mid
2012-11-13 10:17 - 2012-11-13 10:17 - 00005769 ____A C:\Users\Elizabeth Polk\Downloads\Zelda Ocarina of Time - Lost Woods.mid
2012-11-13 10:17 - 2012-11-13 10:17 - 00005765 ____A C:\Users\Elizabeth Polk\Downloads\Zelda Ocarina of Time - Market.mid
2012-11-13 10:17 - 2012-11-13 10:17 - 00003256 ____A C:\Users\Elizabeth Polk\Downloads\Zelda Ocarina of Time - Hyrule Castle Courtyard.mid
2012-11-13 10:17 - 2012-11-13 10:17 - 00001656 ____A C:\Users\Elizabeth Polk\Downloads\Zelda Ocarina of Time - Link's House.mid
2012-11-13 10:17 - 2012-11-13 10:17 - 00001347 ____A C:\Users\Elizabeth Polk\Downloads\Zelda Ocarina of Time - Prelude of Light.mid
2012-11-13 10:16 - 2012-11-13 10:16 - 00012215 ____A C:\Users\Elizabeth Polk\Downloads\Termina Field - Zelda Majoras Mask.mid
2012-11-13 10:16 - 2012-11-13 10:16 - 00004198 ____A C:\Users\Elizabeth Polk\Downloads\Clock Town Day 1 - Zelda Majoras Mask.MID
2012-11-13 10:16 - 2012-11-13 10:16 - 00002935 ____A C:\Users\Elizabeth Polk\Downloads\Zelda Ocarina of Time - Zelda's Lullaby.mid
2012-11-13 10:09 - 2012-10-09 16:49 - 00005632 ____A C:\Users\Elizabeth Polk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-11 21:36 - 2012-09-19 18:43 - 00000000 ____D C:\Users\All Users\Western Digital
2012-11-11 20:00 - 2012-09-23 14:20 - 00000132 ____A C:\Users\Elizabeth Polk\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-11-11 18:03 - 2012-09-19 18:04 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Roaming\Adobe
2012-11-11 17:59 - 2012-11-11 17:59 - 00000000 ____D C:\Program Files\Western Digital
2012-11-11 17:59 - 2012-11-11 17:59 - 00000000 ____D C:\Program Files (x86)\Western Digital
2012-11-11 16:53 - 2012-09-20 08:58 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Roaming\Skype
2012-11-09 19:05 - 2012-11-09 18:38 - 00004150 ____A C:\Users\Elizabeth Polk\Desktop\WHAT IS THIS, I DON'T EVEN.txt
2012-11-08 17:37 - 2012-11-08 17:37 - 00000000 ____D C:\Users\Elizabeth Polk\Documents\MyPaint
2012-11-08 09:06 - 2012-09-20 16:15 - 00000000 ____D C:\Users\Elizabeth Polk\Documents\Phi Theta Kappa
2012-11-07 15:59 - 2012-11-07 15:57 - 00000000 ____D C:\Users\Elizabeth Polk\Documents\Freemake
2012-11-07 15:59 - 2012-11-07 15:57 - 00000000 ____D C:\Users\All Users\Freemake
2012-11-07 15:57 - 2012-11-07 15:57 - 00000000 ____D C:\Program Files (x86)\Freemake
2012-11-06 19:29 - 2012-11-06 19:29 - 00001609 ____A C:\Users\Elizabeth Polk\Desktop\Those Problem Skins.lnk
2012-11-05 16:15 - 2012-11-05 16:15 - 00385200 ____A C:\Users\Elizabeth Polk\Downloads\Pokemon DPPt.ttf
2012-11-05 16:15 - 2012-11-05 16:15 - 00062608 ____A C:\Users\Elizabeth Polk\Downloads\Pocket Monsters.ttf
2012-11-05 16:15 - 2012-11-05 16:15 - 00056944 ____A C:\Users\Elizabeth Polk\Downloads\Pokemon Hollow.ttf
2012-11-05 16:15 - 2012-11-05 16:15 - 00027384 ____A C:\Users\Elizabeth Polk\Downloads\Unown.ttf
2012-11-05 16:15 - 2012-11-05 16:15 - 00022952 ____A C:\Users\Elizabeth Polk\Downloads\Futura Extra Bold.ttf
2012-11-05 16:15 - 2012-11-05 16:15 - 00014692 ____A C:\Users\Elizabeth Polk\Downloads\Annon.ttf
2012-11-05 16:15 - 2012-11-05 16:15 - 00004677 ____A C:\Users\Elizabeth Polk\Downloads\Microgramma Bold Extended.pfm
2012-11-05 16:15 - 2012-11-05 16:14 - 00033868 ____A C:\Users\Elizabeth Polk\Downloads\Pokemon Solid.ttf
2012-11-04 16:41 - 2010-11-16 03:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-11-04 16:38 - 2012-09-19 18:04 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Local\Adobe
2012-11-03 11:37 - 2012-11-03 11:37 - 00025320 ____A C:\Users\Elizabeth Polk\Documents\Dad Makes Weights.wlmp
2012-11-03 10:54 - 2012-11-03 10:53 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Local\Windows Live
2012-11-02 18:30 - 2012-11-02 18:29 - 14959413 ____A C:\Users\Elizabeth Polk\Downloads\HELPME.txt
2012-11-01 16:30 - 2012-11-01 16:21 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-11-01 16:27 - 2012-11-01 16:21 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-11-01 15:17 - 2012-11-01 15:14 - 00000000 ___RD C:\Users\Elizabeth Polk\SkyDrive
2012-11-01 15:14 - 2012-11-01 15:14 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2012-11-01 15:14 - 2012-09-19 18:02 - 00000000 ____D C:\users\Elizabeth Polk
2012-11-01 15:13 - 2012-11-01 15:13 - 00000000 ____D C:\Users\All Users\Microsoft SkyDrive
2012-11-01 14:41 - 2012-11-01 14:41 - 00190728 ____A C:\Users\Elizabeth Polk\Downloads\Desktop Ponies V1.42 TEST 1.zip
2012-11-01 08:55 - 2012-11-01 08:54 - 00745472 ____A C:\Users\Elizabeth Polk\Downloads\Polk_Elizabeth_a02_Outings.accdb
2012-10-29 14:52 - 2012-10-29 14:52 - 00000000 ____D C:\Program Files (x86)\WinPcap
2012-10-29 14:50 - 2012-10-29 14:50 - 03370204 ____A C:\Users\Elizabeth Polk\Downloads\DeSmuMe v.zip
2012-10-28 22:18 - 2012-10-28 22:08 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Local\mypaint
2012-10-28 21:11 - 2012-09-19 18:07 - 00000000 ____D C:\Users\Elizabeth Polk\AppData\Local\VirtualStore
2012-10-27 18:45 - 2012-10-27 18:45 - 00000000 ____D C:\Program Files\MyPaint
2012-10-27 07:22 - 2012-10-22 16:16 - 00002772 ____A C:\Users\Elizabeth Polk\Homepage.html
2012-10-26 16:13 - 2012-09-21 17:52 - 00000000 ___RD C:\Users\Elizabeth Polk\Desktop\Danny Phantom Pony
2012-10-26 16:13 - 2012-09-20 17:26 - 00000000 ____D C:\Users\Elizabeth Polk\.gimp-2.8
2012-10-26 15:29 - 2012-10-26 15:29 - 00000000 ___HD C:\Users\Elizabeth Polk\Desktop\rkill registry back-up
2012-10-26 15:29 - 2012-10-26 15:28 - 00000000 ____D C:\Users\Elizabeth Polk\Downloads\Art programs I should someday install
2012-10-26 15:18 - 2012-10-26 15:18 - 13529576 ____A (Microsoft Corporation) C:\Users\Elizabeth Polk\Downloads\mseinstall.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-19 22:52:32
Restore point made on: 2012-11-19 22:57:24
Restore point made on: 2012-11-20 03:38:13
Restore point made on: 2012-11-21 10:34:23
Restore point made on: 2012-11-21 10:35:42
Restore point made on: 2012-11-21 10:36:57
Restore point made on: 2012-11-21 10:37:58
Restore point made on: 2012-11-21 10:40:57
Restore point made on: 2012-11-21 12:23:59
Restore point made on: 2012-11-22 12:58:07
Restore point made on: 2012-11-22 13:00:04
Restore point made on: 2012-11-22 13:02:47
Restore point made on: 2012-11-22 13:04:00
Restore point made on: 2012-11-22 13:05:25
Restore point made on: 2012-11-22 13:19:58
Restore point made on: 2012-11-22 13:41:53
Restore point made on: 2012-11-23 10:33:29
Restore point made on: 2012-11-23 10:35:24
Restore point made on: 2012-11-23 10:43:37
Restore point made on: 2012-11-23 10:50:41
Restore point made on: 2012-11-23 11:03:25
Restore point made on: 2012-11-23 11:04:24
Restore point made on: 2012-11-23 12:40:18
Restore point made on: 2012-11-23 12:47:15
Restore point made on: 2012-11-23 13:05:15
Restore point made on: 2012-11-23 13:16:15
Restore point made on: 2012-11-23 17:45:20
Restore point made on: 2012-11-23 19:58:55
Restore point made on: 2012-11-24 16:03:25
Restore point made on: 2012-11-24 16:04:50
Restore point made on: 2012-11-24 16:06:20
Restore point made on: 2012-11-24 16:07:18
Restore point made on: 2012-11-24 16:24:56
Restore point made on: 2012-11-25 18:03:24
Restore point made on: 2012-11-25 18:15:29

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3834.9 MB
Available physical RAM: 3185.11 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3161.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (Acer) (Fixed) (Total:232.79 GB) (Free:121.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (Kodak) (Removable) (Total:1.87 GB) (Free:0.78 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 1914 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 232 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partition 232 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1914 MB 127 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Kodak FAT Removable 1914 MB Healthy

=========================================================

Last Boot: 2012-11-11 22:31

==================== End Of Log =============================

Edited by ~Polky, 25 November 2012 - 09:33 PM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:33 AM

Posted 25 November 2012 - 11:18 PM

Please run the following


Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT



Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 ~Polky

~Polky
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Behind the screen
  • Local time:04:33 AM

Posted 28 November 2012 - 07:10 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.5.9 (11.28.2012:3)
OS: Windows 7 Home Premium x64
Ran by Elizabeth Polk on Wed 11/28/2012 at 17:15:43.47
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\installmate"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/28/2012 at 17:20:43.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



ComboFix 12-11-28.02 - Elizabeth Polk 11/28/2012 17:24:48.1.2 - x64
Running from: c:\users\Elizabeth Polk\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Elizabeth Polk\AppData\Roaming\Love
c:\users\Elizabeth Polk\AppData\Roaming\Love\mari0\options.txt
c:\users\Elizabeth Polk\Documents\~WRL1657.tmp
c:\windows\SysWow64\ST~4887.tmp
c:\windows\SysWow64\ST~49B1.tmp
c:\windows\SysWow64\ST~49B2.tmp
c:\windows\SysWow64\ST~4B39.tmp
c:\windows\SysWow64\ST~4C34.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))
.
.
2012-11-28 23:23 . 2012-11-28 23:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-28 22:17 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{571E24EB-2F72-4E47-B5CC-DF43390A0C32}\mpengine.dll
2012-11-28 22:15 . 2012-11-28 22:15 -------- d-----w- c:\windows\ERUNT
2012-11-28 22:12 . 2012-11-28 22:12 -------- d-----w- C:\JRT
2012-11-26 22:54 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-26 05:19 . 2012-11-26 05:19 -------- d-----w- C:\FRST
2012-11-25 00:10 . 2012-11-25 00:10 -------- d-----w- c:\users\Elizabeth Polk\AppData\Local\Macromedia
2012-11-25 00:06 . 2012-11-25 00:06 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-25 00:06 . 2012-11-25 00:06 -------- d-----w- c:\program files (x86)\Java
2012-11-25 00:04 . 2012-11-25 00:03 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-25 00:04 . 2012-11-25 00:03 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-25 00:04 . 2012-11-25 00:03 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-25 00:04 . 2012-11-25 00:03 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-25 00:04 . 2012-11-25 00:03 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-25 00:04 . 2012-11-25 00:03 188904 ----a-w- c:\windows\system32\java.exe
2012-11-25 00:03 . 2012-11-25 00:03 -------- d-----w- c:\program files\Java
2012-11-24 23:56 . 2012-11-24 23:56 -------- d-----w- c:\users\Elizabeth Polk\AppData\Local\Mozilla
2012-11-24 04:08 . 2012-11-24 04:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-24 04:08 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2012-11-24 04:08 . 2012-11-24 04:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-11-24 04:07 . 2012-11-24 04:07 -------- d-----w- c:\users\Elizabeth Polk\AppData\Local\Programs
2012-11-24 04:04 . 2012-11-24 04:05 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-11-22 21:32 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-22 21:32 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-22 21:32 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-22 21:32 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-22 21:31 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-22 21:25 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-22 21:25 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-22 21:25 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-22 21:25 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-22 21:24 . 2012-11-22 21:24 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-11-22 21:04 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-22 21:04 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-22 21:04 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-22 21:04 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-22 21:04 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-22 21:04 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-22 21:04 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-20 10:56 . 2012-11-20 10:56 208216 ----a-w- c:\windows\system32\drivers\09890803.sys
2012-11-20 06:48 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-20 06:48 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-20 06:48 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-11-20 06:48 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-11-20 06:48 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-20 06:48 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-20 06:48 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-11-20 06:48 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-20 06:48 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2012-11-20 06:48 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-20 06:48 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-20 06:48 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-11-20 06:47 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-20 06:47 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-20 06:17 . 2012-11-20 06:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-14 23:40 . 2012-11-14 23:40 -------- d-----w- c:\users\Elizabeth Polk\AppData\Roaming\FLEXnet
2012-11-14 23:40 . 2012-11-14 23:40 -------- d-----w- c:\users\Elizabeth Polk\AppData\Roaming\Nuance
2012-11-14 23:37 . 2012-11-14 23:37 -------- d-----w- c:\program files (x86)\Common Files\IVA
2012-11-14 23:36 . 2012-11-14 23:37 -------- d-----w- c:\program files (x86)\Common Files\Nuance
2012-11-14 23:32 . 2012-11-14 23:32 -------- d-----w- c:\programdata\Nuance
2012-11-14 23:32 . 2012-11-14 23:32 -------- d-----w- c:\program files (x86)\Nuance
2012-11-14 16:54 . 2012-11-14 16:53 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E0F0EB9-4404-42B0-B2CF-48F35D6CD592}\gapaengine.dll
2012-11-14 16:51 . 2012-11-14 16:51 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-11-14 16:51 . 2012-11-14 16:52 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-14 16:37 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F12F7910-3A66-42EB-B7E3-D873076BDEB9}\mpengine.dll
2012-11-14 16:37 . 2012-05-31 17:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-11-12 01:59 . 2012-11-12 01:59 -------- d-----w- c:\program files (x86)\Western Digital
2012-11-12 01:59 . 2012-11-12 01:59 -------- d-----w- c:\program files\Western Digital
2012-11-07 23:57 . 2012-11-07 23:59 -------- d-----w- c:\programdata\Freemake
2012-11-07 23:57 . 2012-11-07 23:57 -------- d-----w- c:\program files (x86)\Freemake
2012-11-03 18:53 . 2012-11-03 18:54 -------- d-----w- c:\users\Elizabeth Polk\AppData\Local\Windows Live
2012-11-02 00:29 . 2008-10-10 08:52 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-11-02 00:28 . 2006-03-31 16:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll
2012-11-02 00:21 . 2012-11-02 00:27 -------- d--h--w- c:\windows\msdownld.tmp
2012-11-01 23:16 . 2012-11-01 23:16 -------- d-----w- C:\SkyDriveTemp
2012-11-01 23:14 . 2012-11-01 23:14 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2012-11-01 23:14 . 2012-11-01 23:17 -------- d-----r- c:\users\Elizabeth Polk\SkyDrive
2012-11-01 23:13 . 2012-11-01 23:13 -------- d-----w- c:\programdata\Microsoft SkyDrive
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-25 00:09 . 2012-10-18 01:48 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-25 00:09 . 2012-10-18 01:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-25 00:06 . 2012-09-21 22:18 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-25 00:06 . 2012-09-21 22:18 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-22 21:07 . 2012-09-26 18:44 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-09-30 00:54 . 2012-09-20 19:01 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 20:17 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-26 20:17 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-20 02:33 . 2012-09-20 02:33 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-20 02:33 . 2012-09-20 02:33 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-20 02:33 . 2012-09-20 02:33 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-20 02:33 . 2012-09-20 02:33 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-20 02:33 . 2012-09-20 02:33 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-20 02:33 . 2012-09-20 02:33 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-20 02:33 . 2012-09-20 02:33 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-20 02:33 . 2012-09-20 02:33 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-20 02:33 . 2012-09-20 02:33 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-20 02:33 . 2012-09-20 02:33 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-20 02:33 . 2012-09-20 02:33 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-20 02:33 . 2012-09-20 02:33 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-20 02:33 . 2012-09-20 02:33 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-20 02:33 . 2012-09-20 02:33 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-20 02:33 . 2012-09-20 02:33 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-20 02:33 . 2012-09-20 02:33 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-20 02:33 . 2012-09-20 02:33 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-20 02:33 . 2012-09-20 02:33 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-20 02:33 . 2012-09-20 02:33 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-20 02:33 . 2012-09-20 02:33 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-20 02:33 . 2012-09-20 02:33 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-20 02:33 . 2012-09-20 02:33 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-20 02:33 . 2012-09-20 02:33 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-20 02:33 . 2012-09-20 02:33 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-20 02:33 . 2012-09-20 02:33 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-20 02:33 . 2012-09-20 02:33 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-20 02:33 . 2012-09-20 02:33 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-20 02:33 . 2012-09-20 02:33 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-20 02:33 . 2012-09-20 02:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-20 02:33 . 2012-09-20 02:33 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-20 02:33 . 2012-09-20 02:33 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-20 02:33 . 2012-09-20 02:33 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-20 02:33 . 2012-09-20 02:33 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-20 02:33 . 2012-09-20 02:33 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-20 02:33 . 2012-09-20 02:33 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-20 02:33 . 2012-09-20 02:33 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-20 02:33 . 2012-09-20 02:33 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-20 02:33 . 2012-09-20 02:33 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-20 02:33 . 2012-09-20 02:33 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-20 02:33 . 2012-09-20 02:33 448512 ----a-w- c:\windows\system32\html.iec
2012-09-20 02:33 . 2012-09-20 02:33 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-20 02:33 . 2012-09-20 02:33 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-20 02:33 . 2012-09-20 02:33 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-20 02:33 . 2012-09-20 02:33 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-20 02:33 . 2012-09-20 02:33 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-20 02:33 . 2012-09-20 02:33 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-20 02:33 . 2012-09-20 02:33 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-20 02:33 . 2012-09-20 02:33 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-20 02:33 . 2012-09-20 02:33 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-20 02:03 . 2010-06-24 18:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-20 01:36 . 2012-09-20 01:36 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-09-20 01:36 . 2012-09-20 01:36 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-09-20 01:36 . 2012-09-20 01:36 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-09-20 01:25 . 2012-09-20 01:25 3 ----a-w- c:\windows\system32\PLD_Framework.cmd
2012-09-14 19:19 . 2012-10-10 14:33 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 14:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 14:35 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2012-08-31 03:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-01 23:13 220632 ----a-w- c:\users\Elizabeth Polk\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-01 23:13 220632 ----a-w- c:\users\Elizabeth Polk\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-01 23:13 220632 ----a-w- c:\users\Elizabeth Polk\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2012-07-24 2498048]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-28 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-09-20 363752]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"boincmgr"="c:\program files (x86)\BOINC\boincmgr.exe" [2010-09-23 4543232]
"boinctray"="c:\program files (x86)\BOINC\boinctray.exe" [2010-09-23 58112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-09-20 5236664]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\25036364.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\74302088.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\89679260.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\93497742.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2007-04-23 14336]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-28 203264]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-06-15 103472]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S2 WarrantyWare;WarrantyWare;c:\program files (x86)\PC Care Center\Bin\EndUserService.exe [2008-09-19 459408]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-09-20 1157056]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-09-20 248248]
S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-09-20 1177536]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-14 384040]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2007-06-07 28672]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-28 38528]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-28 c:\windows\Tasks\Acer Registration - Data Sending task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2010-04-28 02:47]
.
2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 00:09]
.
2012-11-28 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-10-18 01:56]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2192930033-3488979145-768369785-1001Core.job
- c:\users\Elizabeth Polk\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-21 01:47]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2192930033-3488979145-768369785-1001UA.job
- c:\users\Elizabeth Polk\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-21 01:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-01 23:14 244696 ----a-w- c:\users\Elizabeth Polk\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-01 23:14 244696 ----a-w- c:\users\Elizabeth Polk\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-01 23:14 244696 ----a-w- c:\users\Elizabeth Polk\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-21 11444840]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-09-20 363752]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = file:///C:/Users/Elizabeth%20Polk/Homepage.html
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Elizabeth Polk\AppData\Roaming\Mozilla\Firefox\Profiles\ugc11p2q.default\
FF - prefs.js: browser.startup.homepage - file:///C:/Users/Elizabeth%20Polk/Homepage.html
FF - ExtSQL: 2012-11-24 12:58; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-28 18:27:15
ComboFix-quarantined-files.txt 2012-11-28 23:27
.
Pre-Run: 129,288,183,808 bytes free
Post-Run: 129,011,404,800 bytes free
.
- - End Of File - - 458B08B4BB7EC3B56200EE0ECFD998A5

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:33 AM

Posted 28 November 2012 - 07:34 PM

Please run the following:

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.
Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.


NEXT

Please advise if your copy of Office is licensed?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 ~Polky

~Polky
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Behind the screen
  • Local time:04:33 AM

Posted 28 November 2012 - 08:45 PM

"Please advise if your copy of Office is licensed?"

If by licensed you mean, what the hay is
2012-11-28 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-10-18 01:56]
No, it is not licensed. I am a dirty, dirty accepter of forged goods and should be ashamed. Unfortunately, I have rationalized my dirty, dirty thievery and am therefore not ashamed.
I understand completely if you no longer wish to help a dirty, dirty thief though.
However the file is over a month old and I'm hoping that it didn't just recently become a problem.

Otherwise, yes. It is licensed.

Also, did not run fixdamage because the anti-rootkit did not clean any files.



Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.11.28.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Elizabeth Polk :: MRNOFUN [administrator]

11/28/2012 8:34:02 PM
mbar-log-2012-11-28 (20-34-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 28489
Time elapsed: 34 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 4021182464, free: 2006208512

------------ Kernel report ------------
11/28/2012 19:51:53
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\PTSimBus.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80042db420
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800426c060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.11.28.10
Downloaded database version: v2012.11.28.01
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80042db420, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80042dc040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80042db420, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800426c060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a0142075f0, 0xfffffa80042db420, 0xfffffa800671e260
Lower DeviceData: 0xfffff8a017598600, 0xfffffa800426c060, 0xfffffa8006765090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C63F29E

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 206848 Numsec = 488187904
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:33 AM

Posted 28 November 2012 - 09:00 PM

"Please advise if your copy of Office is licensed?"
If by licensed you mean, what the hay is
2012-11-28 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-10-18 01:56]
No, it is not licensed. I am a dirty, dirty accepter of forged goods and should be ashamed. Unfortunately, I have rationalized my dirty, dirty thievery and am therefore not ashamed.
I understand completely if you no longer wish to help a dirty, dirty thief though.
However the file is over a month old and I'm hoping that it didn't just recently become a problem.
Otherwise, yes. It is licensed.


As it is impossible to understand the tone of your post in 2D I am not certain whether you are being condescending, sarcastic or trying to be funny, your last line leaves me confused as to whether it is pirated or properly licenced?
The file your have referred to AutoKMS is associated with a cracked version of Office. If the program you have is pirated, then I urge you to remove it from your machine. There is no justification for stealing software especially when open source programs exist (Open Office) It has been my experience that malware code is often injected into pirated software (nothing comes for free) that may lie in wait to wreak havoc on your machine and then others as you now become a conduit of the bad source code once you connect to the internet. Maybe you think I'm being melodramatic and have no idea what I'm talking about but my colleagues and I spend countless hours battling malware that many users bring onto their machines by downloading cracks, keygens and torrents.



How is the machine running now?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 ~Polky

~Polky
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Behind the screen
  • Local time:04:33 AM

Posted 03 December 2012 - 11:28 PM

My options were textbooks for 4 classes or Microsoft Office 2010 (absolutely no substitutions, had to be on a Windows 7 computer too) for one class plus one textbook. Otherwise, I have Open Office already on this machine for my other classes and a totally legal Microsoft Office 2007 on another machine. After finals week I will remove AutoKMS because I do not like being a dirty, dirty forger. (That's about 50% of my rationalization right there.)


I was being completely serious, I am a dirty, dirty person and should be ashamed, but I'm not. I would like to think it's post-conventional morality, but it's most likely me going to the dark-side.
The last line means it's got full functionality in-case the question was not about the AutoKMS.


I actually think this infection came from visiting a site called passiveaggressivenotes.com and saving a few pictures as the crazy stuff began within around 30 minutes of visiting the site when I tried powering down.

I haven't had any issues recently.

*Edit*: Correcting my memory derp. Open office was on the other computer that has 2007. This one never got it because it originally had Microsoft Office Starter.

*Reedit*: I think my brain has a virus. I do have open office on this machine.

Edited by ~Polky, 03 December 2012 - 11:57 PM.


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:33 AM

Posted 04 December 2012 - 06:11 PM

ok

how is the computer running now?

are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:33 AM

Posted 10 December 2012 - 09:51 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users