Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBR Infected


  • This topic is locked This topic is locked
49 replies to this topic

#1 Fhoosa

Fhoosa

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Seabrook, TX
  • Local time:04:50 PM

Posted 13 December 2012 - 09:07 AM

I am getting redirected whenever I try to search in Google. At first it was random but now it's happening all the time. I ran a report and found out the my MBR is infected and I don't have the foggiest idea of how to correct this.

Here is the DDS report you requested:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Debbie at 5:54:34 on 2012-12-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3034.1359 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Atheros\AWiCMgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\BitComet\tools\BitCometService.exe
C:\Program Files\BitComet\plugin_emule\plugin_eMule.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mURLSearchHooks: IPT bar Toolbar: {2e9dddba-a2c0-4b42-998d-24dc8ad5c2d7} - LocalServer32 - <no file>
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - LocalServer32 - <no file>
BHO: AutorunsDisabled - <orphaned>
BHO: Coupon Companion: {11111111-1111-1111-1111-110011441193} - LocalServer32 - <no file>
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Groove GFS Browser Helper: {4DB74D06-491C-440D-305E-012400990F3E} - C:\WINDOWS\SysWOW64\d33dxof.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: IPT bar Toolbar: {2E9DDDBA-A2C0-4B42-998D-24DC8AD5C2D7} - LocalServer32 - <no file>
TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - LocalServer32 - <no file>
TB: IPT bar Toolbar: {2e9dddba-a2c0-4b42-998d-24dc8ad5c2d7} - LocalServer32 - <no file>
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7EFE49C3-3F89-4E0A-984B-7B6655B99F9C} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7EFE49C3-3F89-4E0A-984B-7B6655B99F9C}\6486F6F63716 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7EFE49C3-3F89-4E0A-984B-7B6655B99F9C}\84F4D454D244339323 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{9D01566B-5377-44DA-87A5-DBEDFA3006E7} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AWiC] "C:\Program Files (x86)\Atheros\AWiCMgr.exe" -nogui
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: AutorunsDisabled - <no file>
x64-Notify: igfxcui - igfxdev.dll
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-4-21 55856]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-21 98208]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-4-21 172704]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-21 76912]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-12 25928]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 PCTDMDefrag;PCTDMDefrag;C:\Windows\System32\drivers\PCTDMDefrag.sys [2012-4-8 162328]
S3 PCTDSMon;PCTDSMon;C:\Windows\System32\drivers\PCTDSMon.sys [2012-4-8 189880]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-18 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-4-21 232480]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-18 57856]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2012-12-13 09:31:49 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{752182A1-F6EC-4F9E-ABE4-D77842A01600}\mpengine.dll
2012-12-13 01:21:34 -------- d-----w- C:\Sophos
2012-12-13 01:20:00 -------- d-----w- C:\ProgramData\Sophos
2012-12-13 01:19:24 -------- d-----w- C:\Program Files (x86)\Sophos
2012-12-13 00:57:04 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-12 20:59:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-12 20:59:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-07 16:32:22 -------- d-----w- C:\Games
2012-12-07 09:47:33 -------- d-----w- C:\Users\Debbie\AppData\Roaming\Gogii Games
2012-12-06 17:52:40 -------- d-----w- C:\Users\Debbie\Library
2012-12-06 17:21:05 -------- d-----w- C:\Program Files (x86)\PrintMaster 2012 Platinum
2012-12-06 17:21:05 -------- d-----w- C:\Program Files (x86)\Common Files\i4j_jres
2012-12-06 01:54:44 489712 ----a-w- C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-12-05 23:46:33 -------- d-----w- C:\ProgramData\Elephant Games
2012-12-05 11:44:23 -------- d-----w- C:\Windows\Christmas Stories - Nutcracker Collector's Edition
2012-12-05 11:44:23 -------- d-----w- C:\Program Files (x86)\Christmas Stories - Nutcracker Collector's Edition
2012-12-04 19:29:29 -------- d-----w- C:\Windows\Fairy Tale Mysteries - The Puppet Thief CE
2012-12-04 19:29:28 -------- d-----w- C:\Program Files (x86)\Fairy Tale Mysteries - The Puppet Thief CE
2012-12-04 19:25:25 -------- d-----w- C:\Users\Debbie\AppData\Roaming\flashInstall
2012-12-04 19:23:00 -------- d-----w- C:\Windows\SysWow64\3045
2012-12-04 15:16:13 -------- d-----w- C:\ImportReports
2012-12-04 15:15:58 -------- d-----w- C:\ProgramData\Transparent
2012-11-28 14:02:05 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{98C81F94-FFA8-470A-A8BB-070B31D41D94}\gapaengine.dll
2012-11-24 10:25:15 -------- d-----w- C:\Users\Debbie\AppData\Roaming\inkscape
2012-11-24 10:07:43 -------- d-----w- C:\Program Files (x86)\Inkscape
2012-11-24 09:56:31 -------- d-----w- C:\Users\Debbie\.thumbnails
2012-11-24 09:51:02 -------- d-----w- C:\Users\Debbie\AppData\Local\webkit
2012-11-24 09:46:47 -------- d-----w- C:\Users\Debbie\AppData\Local\gegl-0.2
2012-11-24 09:46:47 -------- d-----w- C:\Users\Debbie\.gimp-2.8
2012-11-24 09:43:21 -------- d-----w- C:\Program Files\GIMP 2
2012-11-24 09:23:50 -------- d-----w- C:\Users\Debbie\AppData\Local\{E4845F8B-6A66-403C-95DB-C431BE685629}
2012-11-22 08:45:12 -------- d-----w- C:\Users\Debbie\AppData\Roaming\Wise Care 365
2012-11-21 05:17:09 -------- d-----w- C:\Windows\en
2012-11-21 05:14:45 19696 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-11-21 05:13:46 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2012-11-21 05:13:46 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2012-11-21 05:13:45 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2012-11-21 05:13:45 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2012-11-21 05:13:19 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2012-11-21 05:13:19 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2012-11-21 05:12:27 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cca2dd661cdc7a602\MeshBetaRemover.exe
2012-11-21 05:12:20 -------- d-----w- C:\Users\Debbie\AppData\Local\Windows Live
2012-11-18 15:15:25 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-11-18 15:15:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-11-18 15:15:25 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-11-18 15:15:24 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-11-18 15:15:24 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-18 15:15:24 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-18 15:15:24 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-11-18 15:15:24 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-11-18 15:15:24 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-11-17 22:12:51 -------- d-----w- C:\Windows\The Beast of Lycan Isle Collector's Edition
2012-11-17 22:12:51 -------- d-----w- C:\Program Files (x86)\The Beast of Lycan Isle Collector's Edition
2012-11-17 22:00:46 -------- d-----w- C:\Users\Debbie\AppData\Roaming\Wise Registry Cleaner
2012-11-17 22:00:05 -------- d-----w- C:\Program Files (x86)\Wise
2012-11-17 20:39:19 -------- d-----w- C:\Windows\Haunted Legends 3- The Undertaker Collector's Edition
2012-11-17 20:39:19 -------- d-----w- C:\Program Files (x86)\Haunted Legends 3- The Undertaker Collector's Edition
2012-11-17 19:44:00 -------- d-----w- C:\Windows\Zodiac Prophecies - The Serpent Bearer With Guide
2012-11-17 19:44:00 -------- d-----w- C:\Program Files (x86)\Zodiac Prophecies - The Serpent Bearer With Guide
2012-11-15 11:13:42 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-15 11:13:41 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-15 11:13:41 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-15 11:13:41 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-15 11:01:28 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-15 11:01:27 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-15 11:01:25 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-15 11:01:24 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-15 11:01:21 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 11:01:21 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-15 11:01:20 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-15 06:39:52 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-15 06:39:52 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
.
==================== Find3M ====================
.
2012-12-12 03:13:41 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 03:13:41 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-05 21:35:16 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-11-05 20:41:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-11-05 20:32:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-11-05 20:32:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-30 07:51:41 39184 ----a-w- C:\Windows\System32\Partizan.exe
2012-10-30 07:49:25 2 --shatr- C:\Windows\winstart.bat
2012-10-24 18:00:00 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-10-19 16:27:40 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-10-19 16:27:37 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-10-19 16:27:37 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-10-19 16:26:30 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-19 16:26:26 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-10-19 16:26:26 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-30 02:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 5:55:50.09 ===============

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:50 PM

Posted 13 December 2012 - 11:31 AM

Hello Fhoosa,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.


Do you have a Usb Flash Drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Fhoosa

Fhoosa
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Seabrook, TX
  • Local time:04:50 PM

Posted 15 December 2012 - 10:02 AM

Here are the revised reports.

And YES, I do have a USB Flash Drive.

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:50 PM

Posted 15 December 2012 - 11:39 AM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Fhoosa

Fhoosa
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Seabrook, TX
  • Local time:04:50 PM

Posted 15 December 2012 - 03:55 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012
Ran by SYSTEM at 15-12-2012 11:49:56
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10918504 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [AWiC] "C:\Program Files (x86)\Atheros\AWiCMgr.exe" -nogui [167936 2010-09-11] (Atheros)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Debbie\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-23] (Google Inc.)
HKU\Debbie\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Debbie\...\Run: [Google Update] "C:\Users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-17] (Google Inc.)
HKLM-x32\...\runonceex: [Title] UnHackMe Rootkit Check
Winlogon\Notify\AutorunsDisabled:
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com)
2 FlipShare Service; "C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe" [460144 2010-09-17] ()
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
4 GoToAssist; "C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe" Start=service [x]

==================== Drivers (Whitelisted) =====================

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
3 PCTDMDefrag; C:\Windows\System32\Drivers\PCTDMDefrag.sys [162328 2011-02-04] (PC Tools)
3 PCTDMDefrag; C:\Windows\SysWow64\Drivers\PCTDMDefrag.sys [108056 2011-02-04] (PC Tools)
3 PCTDSMon; C:\Windows\System32\Drivers\PCTDSMon.sys [189880 2011-02-04] (PC Tools)
0 Partizan; C:\Windows\System32\drivers\Partizan.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-15 11:57 - 2012-12-15 11:57 - 00000575 ____A C:\Users\Debbie\Downloads\181-buzz.1355594226.asx
2012-12-15 11:49 - 2012-12-15 11:49 - 00000000 ____D C:\FRST
2012-12-15 10:40 - 2012-12-15 10:41 - 00001231 ____A C:\Windows\IE9_main.log
2012-12-15 08:37 - 2012-12-15 08:37 - 00004360 ____A C:\Users\Debbie\Desktop\attach.zip
2012-12-15 08:12 - 2012-12-15 08:12 - 00013476 ____A C:\Users\Debbie\Desktop\attach.txt
2012-12-15 08:12 - 2012-12-15 08:11 - 00025887 ____A C:\Users\Debbie\Desktop\dds.txt
2012-12-15 08:07 - 2012-12-15 08:07 - 00688992 ____R (Swearware) C:\Users\Debbie\Desktop\dds.com
2012-12-15 04:43 - 2012-12-15 11:30 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-12-15 04:43 - 2012-12-15 11:30 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-12-15 04:43 - 2012-12-15 11:30 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-12-15 04:43 - 2012-12-15 11:30 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-12-15 04:43 - 2012-12-15 11:30 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-12-15 04:43 - 2012-12-15 11:30 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-12-15 04:31 - 2012-12-15 04:31 - 00000000 ____D C:\_OTM
2012-12-15 04:25 - 2012-12-15 04:25 - 00001798 ____A C:\Users\Debbie\My Documents\aswMBR.txt
2012-12-15 04:25 - 2012-12-15 04:25 - 00001798 ____A C:\Users\Debbie\Documents\aswMBR.txt
2012-12-15 04:25 - 2012-12-15 04:25 - 00000512 ____A C:\Users\Debbie\My Documents\MBR.dat
2012-12-15 04:25 - 2012-12-15 04:25 - 00000512 ____A C:\Users\Debbie\Documents\MBR.dat
2012-12-14 22:56 - 2012-12-14 22:56 - 00009728 __ASH C:\Users\Debbie\Application Data\Thumbs.db
2012-12-14 22:56 - 2012-12-14 22:56 - 00009728 __ASH C:\Users\Debbie\AppData\Roaming\Thumbs.db
2012-12-14 22:46 - 2012-11-08 23:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-14 22:46 - 2012-11-08 22:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-14 22:45 - 2012-11-21 21:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-14 22:45 - 2012-10-04 11:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-14 22:45 - 2012-10-04 11:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-14 22:45 - 2012-10-04 11:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-14 22:45 - 2012-10-04 11:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-14 22:45 - 2012-10-04 11:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-14 22:45 - 2012-10-04 11:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-14 22:45 - 2012-10-04 11:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-14 22:45 - 2012-10-04 10:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-14 22:45 - 2012-10-04 10:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 09:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-14 22:45 - 2012-10-04 08:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-14 22:45 - 2012-10-04 08:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-14 22:45 - 2012-10-04 08:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-14 22:45 - 2012-10-04 08:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-14 22:45 - 2012-10-04 08:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 08:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 08:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-14 22:45 - 2012-10-04 08:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-14 22:39 - 2012-11-01 23:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-14 22:39 - 2012-11-01 23:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-14 20:21 - 2012-12-14 20:38 - 00000000 ____D C:\Users\All Users\Dumps
2012-12-14 20:21 - 2012-12-14 20:38 - 00000000 ____D C:\Users\All Users\Application Data\Dumps
2012-12-14 19:30 - 2012-12-14 19:30 - 00000684 ___AH C:\bdr-cf01
2012-12-14 19:29 - 2012-12-14 19:30 - 00253404 ___AH C:\bdr-ld01
2012-12-14 19:29 - 2012-12-14 19:30 - 00009216 ___AH C:\bdr-ld01.mbr
2012-12-14 19:29 - 2012-10-19 13:17 - 37133532 ___AH C:\bdr-im01.gz
2012-12-14 19:29 - 2012-08-15 16:28 - 02510608 ___AH C:\bdr-bz01
2012-12-14 19:14 - 2012-12-14 19:27 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2012-12-14 05:41 - 2012-12-14 05:41 - 00000000 ____D C:\Users\Debbie\Application Data\Chayowo Games
2012-12-14 05:41 - 2012-12-14 05:41 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Chayowo Games
2012-12-14 05:24 - 2012-12-14 05:24 - 00000000 ____D C:\Users\Debbie\Application Data\ERS Game Studios
2012-12-14 05:24 - 2012-12-14 05:24 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\ERS Game Studios
2012-12-14 04:53 - 2012-12-14 04:53 - 00000000 ____D C:\Users\Debbie\Application Data\anngames
2012-12-14 04:53 - 2012-12-14 04:53 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\anngames
2012-12-14 04:31 - 2012-12-14 04:31 - 00007680 __ASH C:\Users\Debbie\My Documents\Thumbs.db
2012-12-14 04:31 - 2012-12-14 04:31 - 00007680 __ASH C:\Users\Debbie\Documents\Thumbs.db
2012-12-14 02:30 - 2012-12-14 02:30 - 00000000 ____D C:\Users\Debbie\Application Data\cerasus.media
2012-12-14 02:30 - 2012-12-14 02:30 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\cerasus.media
2012-12-14 01:32 - 2012-12-14 01:32 - 00000000 ____D C:\Program Files (x86)\AnnGames
2012-12-13 22:55 - 2012-12-13 22:55 - 00000000 ____D C:\Users\All Users\Cozi
2012-12-13 22:55 - 2012-12-13 22:55 - 00000000 ____D C:\Users\All Users\Application Data\Cozi
2012-12-12 19:21 - 2012-12-12 19:21 - 00000000 ____D C:\Sophos
2012-12-12 19:20 - 2012-12-12 19:24 - 00000000 ____D C:\Users\All Users\Sophos
2012-12-12 19:20 - 2012-12-12 19:24 - 00000000 ____D C:\Users\All Users\Application Data\Sophos
2012-12-12 19:19 - 2012-12-12 19:19 - 00000000 ____D C:\Program Files (x86)\Sophos
2012-12-08 18:03 - 2012-12-14 22:16 - 00000000 ____D C:\Users\Debbie\My Documents\Cocktail Meatballs Recipe - Allrecipes_com_files
2012-12-08 18:03 - 2012-12-14 22:16 - 00000000 ____D C:\Users\Debbie\Documents\Cocktail Meatballs Recipe - Allrecipes_com_files
2012-12-08 18:03 - 2012-12-08 18:03 - 00199716 ____A C:\Users\Debbie\My Documents\Cocktail Meatballs Recipe - Allrecipes_com.htm
2012-12-08 18:03 - 2012-12-08 18:03 - 00199716 ____A C:\Users\Debbie\Documents\Cocktail Meatballs Recipe - Allrecipes_com.htm
2012-12-07 03:47 - 2012-12-07 03:47 - 00000000 ____D C:\Users\Debbie\Application Data\Gogii Games
2012-12-07 03:47 - 2012-12-07 03:47 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Gogii Games
2012-12-06 14:08 - 2012-12-06 14:08 - 00012516 ____A C:\Users\Debbie\My Documents\Credit One Bank - Credit Card Application.htm
2012-12-06 14:08 - 2012-12-06 14:08 - 00012516 ____A C:\Users\Debbie\Documents\Credit One Bank - Credit Card Application.htm
2012-12-06 14:08 - 2012-12-06 14:08 - 00000000 ____D C:\Users\Debbie\My Documents\Credit One Bank - Credit Card Application_files
2012-12-06 14:08 - 2012-12-06 14:08 - 00000000 ____D C:\Users\Debbie\Documents\Credit One Bank - Credit Card Application_files
2012-12-06 11:52 - 2012-12-06 12:20 - 00001174 ____A C:\Users\Debbie\PrintMaster-2012-Platinum.prefs
2012-12-06 11:52 - 2012-12-06 12:07 - 00000000 ____D C:\Users\Debbie\My Documents\PrintMaster Projects
2012-12-06 11:52 - 2012-12-06 12:07 - 00000000 ____D C:\Users\Debbie\Documents\PrintMaster Projects
2012-12-06 11:52 - 2012-12-06 11:52 - 00000000 ____D C:\Users\Debbie\Library
2012-12-06 11:48 - 2012-12-06 11:48 - 00002055 ____A C:\Users\Public\Desktop\PrintMaster 2012 Platinum.lnk
2012-12-06 11:48 - 2012-12-06 11:48 - 00002055 ____A C:\Users\All Users\Desktop\PrintMaster 2012 Platinum.lnk
2012-12-06 11:21 - 2012-12-14 22:21 - 00000000 ____D C:\Program Files (x86)\PrintMaster 2012 Platinum
2012-12-06 11:21 - 2012-12-06 11:53 - 00000000 ____D C:\Users\Public\StoryRock
2012-12-06 03:43 - 2012-12-06 03:43 - 00000000 ____D C:\Users\Debbie\My Documents\Fax
2012-12-06 03:43 - 2012-12-06 03:43 - 00000000 ____D C:\Users\Debbie\Documents\Fax
2012-12-04 13:31 - 2012-12-04 13:31 - 00002415 ____A C:\Users\Debbie\Desktop\Fairy Tale Mysteries - The Puppet Thief CE.lnk
2012-12-04 13:29 - 2012-12-14 22:21 - 00000000 ____D C:\Windows\Fairy Tale Mysteries - The Puppet Thief CE
2012-12-04 13:29 - 2012-12-04 13:29 - 00000000 ____D C:\Program Files (x86)\Fairy Tale Mysteries - The Puppet Thief CE
2012-12-04 13:23 - 2012-12-14 22:21 - 00000000 ____D C:\Windows\SysWOW64\3045
2012-12-04 00:58 - 2012-12-04 00:58 - 00000468 ____A C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2012-12-03 16:07 - 2012-12-03 16:07 - 00007258 ____A C:\Users\Debbie\My Documents\Confirmation of Application Form Submission - federal Lifeline.htm
2012-12-03 16:07 - 2012-12-03 16:07 - 00007258 ____A C:\Users\Debbie\Documents\Confirmation of Application Form Submission - federal Lifeline.htm
2012-11-29 11:09 - 2012-11-29 11:12 - 15837184 ____A ( ) C:\Users\Debbie\Downloads\K-Lite_Codec_Pack_955_Full.exe
2012-11-28 18:29 - 2012-12-02 14:17 - 00000000 ____D C:\Users\Debbie\Application Data\dvdcss
2012-11-28 18:29 - 2012-12-02 14:17 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\dvdcss
2012-11-24 12:18 - 2012-12-15 14:39 - 01180966 ____A C:\Windows\WindowsUpdate.log
2012-11-24 12:15 - 2012-12-07 03:39 - 00045474 ____A C:\Windows\PFRO.log
2012-11-24 12:12 - 2012-11-09 02:46 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\IEUDINIT.EXE
2012-11-24 12:07 - 2012-11-24 12:07 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 02434560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01885696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01643008 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2012-11-24 11:57 - 2012-11-24 11:57 - 00000218 ____A C:\Users\Debbie\.recently-used.xbel
2012-11-24 09:23 - 2012-12-14 22:21 - 00000000 ___RD C:\Users\Debbie\Desktop\Registry and Virus Tools
2012-11-24 04:25 - 2012-11-24 04:25 - 00000000 ____D C:\Users\Debbie\Application Data\inkscape
2012-11-24 04:25 - 2012-11-24 04:25 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\inkscape
2012-11-24 04:07 - 2012-12-14 22:21 - 00000000 ____D C:\Program Files (x86)\Inkscape
2012-11-24 03:56 - 2012-12-06 12:02 - 00000000 ____D C:\Users\Debbie\.thumbnails
2012-11-24 03:56 - 2012-11-24 03:56 - 00000857 ____A C:\Users\Debbie\Local Settings\recently-used.xbel
2012-11-24 03:56 - 2012-11-24 03:56 - 00000857 ____A C:\Users\Debbie\Local Settings\Application Data\recently-used.xbel
2012-11-24 03:56 - 2012-11-24 03:56 - 00000857 ____A C:\Users\Debbie\AppData\Local\recently-used.xbel
2012-11-24 03:51 - 2012-11-24 03:51 - 00000000 ____D C:\Users\Debbie\Local Settings\webkit
2012-11-24 03:51 - 2012-11-24 03:51 - 00000000 ____D C:\Users\Debbie\Local Settings\Application Data\webkit
2012-11-24 03:51 - 2012-11-24 03:51 - 00000000 ____D C:\Users\Debbie\AppData\Local\webkit
2012-11-24 03:46 - 2012-11-24 04:07 - 00000000 ____D C:\Users\Debbie\.gimp-2.8
2012-11-24 03:46 - 2012-11-24 03:46 - 00000000 ____D C:\Users\Debbie\Local Settings\gegl-0.2
2012-11-24 03:46 - 2012-11-24 03:46 - 00000000 ____D C:\Users\Debbie\Local Settings\Application Data\gegl-0.2
2012-11-24 03:46 - 2012-11-24 03:46 - 00000000 ____D C:\Users\Debbie\AppData\Local\gegl-0.2
2012-11-24 03:43 - 2012-11-24 03:44 - 00000000 ____D C:\Program Files\GIMP 2
2012-11-24 03:23 - 2012-11-24 03:24 - 00000000 ____D C:\Users\Debbie\Local Settings\Application Data\{E4845F8B-6A66-403C-95DB-C431BE685629}
2012-11-24 03:23 - 2012-11-24 03:24 - 00000000 ____D C:\Users\Debbie\Local Settings\{E4845F8B-6A66-403C-95DB-C431BE685629}
2012-11-24 03:23 - 2012-11-24 03:24 - 00000000 ____D C:\Users\Debbie\AppData\Local\{E4845F8B-6A66-403C-95DB-C431BE685629}
2012-11-22 10:05 - 2012-11-22 10:05 - 00000000 ____A C:\Windows\setuperr.log
2012-11-22 03:07 - 2012-11-22 03:07 - 00000414 ____A C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job
2012-11-22 02:46 - 2012-11-22 02:46 - 00000424 ____A C:\Windows\Tasks\Wise Care 365.job
2012-11-22 02:45 - 2012-11-24 12:12 - 00000000 ____D C:\Users\Debbie\Application Data\Wise Care 365
2012-11-22 02:45 - 2012-11-24 12:12 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Wise Care 365
2012-11-20 23:17 - 2012-11-20 23:17 - 00000000 ____D C:\Windows\en
2012-11-20 23:13 - 2009-09-04 19:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2012-11-20 23:13 - 2009-09-04 19:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2012-11-20 23:13 - 2009-09-04 19:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2012-11-20 23:13 - 2009-09-04 19:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2012-11-20 23:13 - 2006-11-29 15:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2012-11-20 23:13 - 2006-11-29 15:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2012-11-20 23:12 - 2012-11-24 03:24 - 00000000 ____D C:\Users\Debbie\Local Settings\Windows Live
2012-11-20 23:12 - 2012-11-24 03:24 - 00000000 ____D C:\Users\Debbie\Local Settings\Application Data\Windows Live
2012-11-20 23:12 - 2012-11-24 03:24 - 00000000 ____D C:\Users\Debbie\AppData\Local\Windows Live
2012-11-18 09:16 - 2012-08-23 08:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2012-11-18 09:16 - 2012-08-23 08:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2012-11-18 09:16 - 2012-08-23 08:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2012-11-18 09:16 - 2012-08-23 07:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2012-11-18 09:16 - 2012-08-23 07:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2012-11-18 09:16 - 2012-08-23 07:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-18 09:16 - 2012-08-23 07:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-18 09:16 - 2012-08-23 07:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2012-11-18 09:16 - 2012-08-23 07:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2012-11-18 09:16 - 2012-08-23 07:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2012-11-18 09:16 - 2012-08-23 07:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2012-11-18 09:16 - 2012-08-23 07:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-11-18 09:16 - 2012-08-23 06:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2012-11-18 09:16 - 2012-08-23 05:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2012-11-18 09:16 - 2012-08-23 05:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2012-11-18 09:16 - 2012-08-23 05:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2012-11-18 09:16 - 2012-08-23 05:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2012-11-18 09:16 - 2012-08-23 04:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2012-11-18 09:16 - 2012-08-23 04:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2012-11-18 09:16 - 2012-08-23 04:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2012-11-18 09:16 - 2012-08-23 04:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-11-18 09:16 - 2012-08-23 03:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-11-18 09:16 - 2012-08-23 02:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2012-11-18 09:16 - 2012-08-23 02:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-11-18 09:15 - 2012-08-24 12:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-11-18 09:15 - 2012-08-24 12:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-11-18 09:15 - 2012-08-24 12:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-11-18 09:15 - 2012-08-24 12:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-11-18 09:15 - 2012-08-24 12:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-11-18 09:15 - 2012-08-24 10:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-11-18 09:15 - 2012-08-24 10:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-11-18 09:15 - 2012-08-24 10:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-11-18 09:15 - 2012-08-24 10:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-11-17 16:12 - 2012-12-14 22:21 - 00000000 ____D C:\Windows\The Beast of Lycan Isle Collector's Edition
2012-11-17 16:12 - 2012-11-17 16:12 - 00000000 ____D C:\Program Files (x86)\The Beast of Lycan Isle Collector's Edition
2012-11-17 16:00 - 2012-12-14 22:21 - 00000000 ____D C:\Users\Debbie\Application Data\Wise Registry Cleaner
2012-11-17 16:00 - 2012-12-14 22:21 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Wise Registry Cleaner
2012-11-17 16:00 - 2012-11-22 02:44 - 00000000 ____D C:\Program Files (x86)\Wise
2012-11-17 14:39 - 2012-12-14 22:21 - 00000000 ____D C:\Windows\Haunted Legends 3- The Undertaker Collector's Edition
2012-11-17 14:39 - 2012-11-17 14:39 - 00000000 ____D C:\Program Files (x86)\Haunted Legends 3- The Undertaker Collector's Edition
2012-11-17 13:44 - 2012-12-14 22:21 - 00000000 ____D C:\Windows\Zodiac Prophecies - The Serpent Bearer With Guide
2012-11-17 13:44 - 2012-11-17 13:45 - 00000000 ____D C:\Program Files (x86)\Zodiac Prophecies - The Serpent Bearer With Guide
2012-11-17 03:15 - 2012-11-17 03:15 - 00000000 ____D C:\Users\Debbie\My Documents\PC Tools Performance Toolkit
2012-11-17 03:15 - 2012-11-17 03:15 - 00000000 ____D C:\Users\Debbie\Documents\PC Tools Performance Toolkit
2012-11-15 05:13 - 2012-07-25 22:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-15 05:13 - 2012-07-25 22:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-15 05:13 - 2012-07-25 20:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-15 05:13 - 2012-06-02 08:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-15 05:06 - 2012-10-08 06:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-15 05:06 - 2012-10-08 05:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-15 05:06 - 2012-10-08 05:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-15 05:06 - 2012-10-08 05:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-15 05:06 - 2012-10-08 05:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-15 05:06 - 2012-10-08 05:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-15 05:06 - 2012-10-08 05:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-15 05:06 - 2012-10-08 05:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-15 05:06 - 2012-10-08 05:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-15 05:06 - 2012-10-08 05:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-15 05:06 - 2012-10-08 05:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-15 05:06 - 2012-10-08 05:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-15 05:06 - 2012-10-08 05:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-15 05:06 - 2012-10-08 05:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-15 05:06 - 2012-10-08 05:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-15 05:06 - 2012-10-08 02:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-15 05:06 - 2012-10-08 01:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-15 05:06 - 2012-10-08 01:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-15 05:06 - 2012-10-08 01:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-15 05:06 - 2012-10-08 01:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-15 05:06 - 2012-10-08 01:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-15 05:06 - 2012-10-08 01:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-15 05:06 - 2012-10-08 01:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-15 05:06 - 2012-10-08 01:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-15 05:06 - 2012-10-08 01:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-15 05:06 - 2012-10-08 01:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-15 05:06 - 2012-10-08 01:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-15 05:06 - 2012-10-08 01:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-15 05:06 - 2012-10-08 01:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-15 05:06 - 2012-10-08 01:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-15 05:05 - 2012-10-08 05:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-15 05:05 - 2012-10-08 02:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-15 05:01 - 2012-07-25 21:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-15 05:01 - 2012-07-25 21:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-15 05:01 - 2012-07-25 21:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-15 05:01 - 2012-07-25 21:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-15 05:01 - 2012-07-25 21:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 05:01 - 2012-07-25 20:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-15 05:01 - 2012-07-25 20:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-15 05:01 - 2012-06-02 08:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-15 01:02 - 2012-10-09 12:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-15 01:02 - 2012-10-09 12:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-15 01:02 - 2012-10-09 11:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-15 01:02 - 2012-10-09 11:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-15 01:02 - 2012-10-03 11:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-15 01:02 - 2012-10-03 11:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-15 01:02 - 2012-10-03 11:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-15 01:02 - 2012-10-03 11:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-15 01:02 - 2012-10-03 11:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-15 01:02 - 2012-10-03 11:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-15 01:02 - 2012-10-03 11:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-15 01:02 - 2012-10-03 10:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-15 01:02 - 2012-10-03 10:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-15 01:02 - 2012-10-03 10:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-15 01:02 - 2012-10-03 10:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-15 01:02 - 2012-01-13 01:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-15 00:39 - 2012-09-25 16:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-15 00:39 - 2012-09-25 16:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll

==================== One Month Modified Files and Folders =======

2012-12-15 14:39 - 2012-11-24 12:18 - 01180966 ____A C:\Windows\WindowsUpdate.log
2012-12-15 14:37 - 2012-04-08 20:06 - 00000000 ____D C:\Users\Debbie\Application Data\BitComet
2012-12-15 14:37 - 2012-04-08 20:06 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\BitComet
2012-12-15 14:37 - 2009-07-13 23:13 - 00779700 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-15 14:13 - 2012-04-08 22:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-15 14:11 - 2012-04-16 20:55 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-15 13:47 - 2012-05-02 11:36 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3197802315-1125251100-3617295894-1000UA.job
2012-12-15 11:57 - 2012-12-15 11:57 - 00000575 ____A C:\Users\Debbie\Downloads\181-buzz.1355594226.asx
2012-12-15 11:49 - 2012-12-15 11:49 - 00000000 ____D C:\FRST
2012-12-15 11:49 - 2009-07-13 21:20 - 00000000 __RHD C:\users\Default
2012-12-15 11:30 - 2012-12-15 04:43 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-12-15 11:30 - 2012-12-15 04:43 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-12-15 11:30 - 2012-12-15 04:43 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-12-15 11:30 - 2012-12-15 04:43 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-12-15 11:30 - 2012-12-15 04:43 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-12-15 11:30 - 2012-12-15 04:43 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-12-15 11:26 - 2012-04-08 14:57 - 00000000 ____D C:\users\Debbie
2012-12-15 11:05 - 2009-07-13 22:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-15 11:05 - 2009-07-13 22:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-15 10:59 - 2011-04-21 18:33 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-12-15 10:57 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-15 10:55 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-12-15 10:41 - 2012-12-15 10:40 - 00001231 ____A C:\Windows\IE9_main.log
2012-12-15 10:11 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\NDF
2012-12-15 08:37 - 2012-12-15 08:37 - 00004360 ____A C:\Users\Debbie\Desktop\attach.zip
2012-12-15 08:12 - 2012-12-15 08:12 - 00013476 ____A C:\Users\Debbie\Desktop\attach.txt
2012-12-15 08:11 - 2012-12-15 08:12 - 00025887 ____A C:\Users\Debbie\Desktop\dds.txt
2012-12-15 08:07 - 2012-12-15 08:07 - 00688992 ____R (Swearware) C:\Users\Debbie\Desktop\dds.com
2012-12-15 06:44 - 2012-07-29 19:32 - 00000000 ____D C:\Users\Debbie\Application Data\BitTorrent
2012-12-15 06:44 - 2012-07-29 19:32 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\BitTorrent
2012-12-15 06:37 - 2012-04-08 14:59 - 00000000 ____D C:\Users\Debbie\Local Settings\SoftThinks
2012-12-15 06:37 - 2012-04-08 14:59 - 00000000 ____D C:\Users\Debbie\Local Settings\Application Data\SoftThinks
2012-12-15 06:37 - 2012-04-08 14:59 - 00000000 ____D C:\Users\Debbie\AppData\Local\SoftThinks
2012-12-15 05:06 - 2009-07-13 22:45 - 00701448 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-15 05:01 - 2012-04-09 09:55 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-15 04:31 - 2012-12-15 04:31 - 00000000 ____D C:\_OTM
2012-12-15 04:25 - 2012-12-15 04:25 - 00001798 ____A C:\Users\Debbie\My Documents\aswMBR.txt
2012-12-15 04:25 - 2012-12-15 04:25 - 00001798 ____A C:\Users\Debbie\Documents\aswMBR.txt
2012-12-15 04:25 - 2012-12-15 04:25 - 00000512 ____A C:\Users\Debbie\My Documents\MBR.dat
2012-12-15 04:25 - 2012-12-15 04:25 - 00000512 ____A C:\Users\Debbie\Documents\MBR.dat
2012-12-14 23:13 - 2012-04-08 22:23 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-14 23:13 - 2012-04-08 22:23 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-14 22:56 - 2012-12-14 22:56 - 00009728 __ASH C:\Users\Debbie\Application Data\Thumbs.db
2012-12-14 22:56 - 2012-12-14 22:56 - 00009728 __ASH C:\Users\Debbie\AppData\Roaming\Thumbs.db
2012-12-14 22:54 - 2012-04-08 16:53 - 00000000 ____D C:\Users\Debbie\Application Data\PCDr
2012-12-14 22:54 - 2012-04-08 16:53 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\PCDr
2012-12-14 22:27 - 2012-09-12 17:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-14 22:27 - 2012-08-04 00:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-12-14 22:27 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\servicing
2012-12-14 22:21 - 2012-12-06 11:21 - 00000000 ____D C:\Program Files (x86)\PrintMaster 2012 Platinum
2012-12-14 22:21 - 2012-12-04 13:29 - 00000000 ____D C:\Windows\Fairy Tale Mysteries - The Puppet Thief CE
2012-12-14 22:21 - 2012-12-04 13:23 - 00000000 ____D C:\Windows\SysWOW64\3045
2012-12-14 22:21 - 2012-11-24 09:23 - 00000000 ___RD C:\Users\Debbie\Desktop\Registry and Virus Tools
2012-12-14 22:21 - 2012-11-24 04:07 - 00000000 ____D C:\Program Files (x86)\Inkscape
2012-12-14 22:21 - 2012-11-17 16:12 - 00000000 ____D C:\Windows\The Beast of Lycan Isle Collector's Edition
2012-12-14 22:21 - 2012-11-17 16:00 - 00000000 ____D C:\Users\Debbie\Application Data\Wise Registry Cleaner
2012-12-14 22:21 - 2012-11-17 16:00 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Wise Registry Cleaner
2012-12-14 22:21 - 2012-11-17 14:39 - 00000000 ____D C:\Windows\Haunted Legends 3- The Undertaker Collector's Edition
2012-12-14 22:21 - 2012-11-17 13:44 - 00000000 ____D C:\Windows\Zodiac Prophecies - The Serpent Bearer With Guide
2012-12-14 22:21 - 2012-10-30 00:47 - 00000000 ____D C:\Windows\Unfinished Tales - Illicit Love Collectors Edition
2012-12-14 22:21 - 2012-10-23 12:03 - 00000000 ____D C:\Windows\Witch Hunters - Stolen Beauty CE Updated
2012-12-14 22:21 - 2012-10-23 12:01 - 00000000 ____D C:\Windows\Tales of Terror - Crimson Dawn With Guide [Updated]
2012-12-14 22:21 - 2012-10-23 09:27 - 00000000 ____D C:\Windows\Tales of Sorrow - Strawsbrough Town
2012-12-14 22:21 - 2012-04-08 23:10 - 00000000 ____D C:\HOGs
2012-12-14 22:21 - 2011-04-21 18:10 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2012-12-14 22:21 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Defender
2012-12-14 22:21 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\DVD Maker
2012-12-14 22:20 - 2012-11-04 04:04 - 00000000 ____D C:\Windows\Mysteries of the Mind - Coma Collectors Edition
2012-12-14 22:20 - 2012-11-02 18:25 - 00000000 ____D C:\Windows\Cruel Games Red Riding Hood
2012-12-14 22:20 - 2012-10-23 12:45 - 00000000 ____D C:\Windows\Awakening 4- The Skyward Castle CE
2012-12-14 22:20 - 2012-10-23 11:58 - 00000000 ____D C:\Windows\Mystery Heritage - Sign of the Spirit Collector's Edition
2012-12-14 22:20 - 2012-04-09 11:23 - 00000000 ____D C:\Users\Debbie\Application Data\vlc
2012-12-14 22:20 - 2012-04-09 11:23 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\vlc
2012-12-14 22:20 - 2012-04-08 22:23 - 00000000 ____D C:\Windows\System32\Macromed
2012-12-14 22:20 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\Offline Web Pages
2012-12-14 22:20 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2012-12-14 22:19 - 2012-07-29 19:32 - 00000000 ____D C:\Program Files (x86)\BitTorrent
2012-12-14 22:19 - 2012-07-25 15:12 - 00000000 ____D C:\Program Files (x86)\MpcStar
2012-12-14 22:19 - 2012-07-13 14:56 - 00000000 ____D C:\Program Files (x86)\Atheros
2012-12-14 22:19 - 2012-05-20 16:31 - 00000000 ____D C:\Program Files (x86)\Morphyre
2012-12-14 22:19 - 2012-05-05 22:51 - 00000000 ____D C:\Program Files (x86)\OpenAL
2012-12-14 22:19 - 2012-05-03 11:37 - 00000000 ____D C:\Program Files (x86)\Veetle
2012-12-14 22:19 - 2012-05-01 01:28 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-12-14 22:19 - 2012-05-01 01:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-12-14 22:19 - 2012-04-27 12:14 - 00000000 ____D C:\Program Files\BitComet
2012-12-14 22:19 - 2012-04-18 05:51 - 00000000 ____D C:\Program Files (x86)\Winamp
2012-12-14 22:19 - 2012-04-16 20:14 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Online
2012-12-14 22:19 - 2012-04-12 08:12 - 00000000 ____D C:\Program Files\Microsoft IntelliPoint
2012-12-14 22:19 - 2012-04-09 13:32 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2012-12-14 22:19 - 2012-04-08 20:10 - 00000000 ____D C:\Program Files\WinRAR
2012-12-14 22:19 - 2012-04-08 20:06 - 00000000 ____D C:\Program Files (x86)\BitComet
2012-12-14 22:19 - 2012-04-08 20:02 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-12-14 22:19 - 2012-04-08 20:02 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-12-14 22:19 - 2012-04-08 20:02 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-12-14 22:19 - 2012-04-08 19:53 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2012-12-14 22:19 - 2011-04-21 18:27 - 00000000 ____D C:\Program Files\Dell Support Center
2012-12-14 22:19 - 2011-04-21 18:20 - 00000000 ____D C:\Program Files (x86)\System Registration
2012-12-14 22:19 - 2011-04-21 18:19 - 00000000 __HDC C:\Users\All Users\Application Data\{04A07C23-5821-4F25-BF46-1188636AE238}
2012-12-14 22:19 - 2011-04-21 18:19 - 00000000 __HDC C:\Users\All Users\{04A07C23-5821-4F25-BF46-1188636AE238}
2012-12-14 22:19 - 2011-04-21 18:12 - 00000000 ____D C:\Program Files\DellTPad
2012-12-14 22:19 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-12-14 22:16 - 2012-12-08 18:03 - 00000000 ____D C:\Users\Debbie\My Documents\Cocktail Meatballs Recipe - Allrecipes_com_files
2012-12-14 22:16 - 2012-12-08 18:03 - 00000000 ____D C:\Users\Debbie\Documents\Cocktail Meatballs Recipe - Allrecipes_com_files
2012-12-14 22:16 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2012-12-14 20:38 - 2012-12-14 20:21 - 00000000 ____D C:\Users\All Users\Dumps
2012-12-14 20:38 - 2012-12-14 20:21 - 00000000 ____D C:\Users\All Users\Application Data\Dumps
2012-12-14 19:30 - 2012-12-14 19:30 - 00000684 ___AH C:\bdr-cf01
2012-12-14 19:30 - 2012-12-14 19:29 - 00253404 ___AH C:\bdr-ld01
2012-12-14 19:30 - 2012-12-14 19:29 - 00009216 ___AH C:\bdr-ld01.mbr
2012-12-14 19:27 - 2012-12-14 19:14 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2012-12-14 18:24 - 2012-04-08 14:59 - 00000000 ____D C:\Users\Debbie\Local Settings\VirtualStore
2012-12-14 18:24 - 2012-04-08 14:59 - 00000000 ____D C:\Users\Debbie\Local Settings\Application Data\VirtualStore
2012-12-14 18:24 - 2012-04-08 14:59 - 00000000 ____D C:\Users\Debbie\AppData\Local\VirtualStore
2012-12-14 05:41 - 2012-12-14 05:41 - 00000000 ____D C:\Users\Debbie\Application Data\Chayowo Games
2012-12-14 05:41 - 2012-12-14 05:41 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Chayowo Games
2012-12-14 05:24 - 2012-12-14 05:24 - 00000000 ____D C:\Users\Debbie\Application Data\ERS Game Studios
2012-12-14 05:24 - 2012-12-14 05:24 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\ERS Game Studios
2012-12-14 04:53 - 2012-12-14 04:53 - 00000000 ____D C:\Users\Debbie\Application Data\anngames
2012-12-14 04:53 - 2012-12-14 04:53 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\anngames
2012-12-14 04:31 - 2012-12-14 04:31 - 00007680 __ASH C:\Users\Debbie\My Documents\Thumbs.db
2012-12-14 04:31 - 2012-12-14 04:31 - 00007680 __ASH C:\Users\Debbie\Documents\Thumbs.db
2012-12-14 02:30 - 2012-12-14 02:30 - 00000000 ____D C:\Users\Debbie\Application Data\cerasus.media
2012-12-14 02:30 - 2012-12-14 02:30 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\cerasus.media
2012-12-14 01:32 - 2012-12-14 01:32 - 00000000 ____D C:\Program Files (x86)\AnnGames
2012-12-13 22:55 - 2012-12-13 22:55 - 00000000 ____D C:\Users\All Users\Cozi
2012-12-13 22:55 - 2012-12-13 22:55 - 00000000 ____D C:\Users\All Users\Application Data\Cozi
2012-12-13 13:28 - 2012-10-31 08:01 - 00000000 ____D C:\Users\Debbie\Application Data\Elephant Games
2012-12-13 13:28 - 2012-10-31 08:01 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Elephant Games
2012-12-12 19:24 - 2012-12-12 19:20 - 00000000 ____D C:\Users\All Users\Sophos
2012-12-12 19:24 - 2012-12-12 19:20 - 00000000 ____D C:\Users\All Users\Application Data\Sophos
2012-12-12 19:21 - 2012-12-12 19:21 - 00000000 ____D C:\Sophos
2012-12-12 19:19 - 2012-12-12 19:19 - 00000000 ____D C:\Program Files (x86)\Sophos
2012-12-09 21:38 - 2012-11-01 08:47 - 00000000 ____D C:\Users\All Users\boost_interprocess
2012-12-09 21:38 - 2012-11-01 08:47 - 00000000 ____D C:\Users\All Users\Application Data\boost_interprocess
2012-12-08 18:03 - 2012-12-08 18:03 - 00199716 ____A C:\Users\Debbie\My Documents\Cocktail Meatballs Recipe - Allrecipes_com.htm
2012-12-08 18:03 - 2012-12-08 18:03 - 00199716 ____A C:\Users\Debbie\Documents\Cocktail Meatballs Recipe - Allrecipes_com.htm
2012-12-07 03:47 - 2012-12-07 03:47 - 00000000 ____D C:\Users\Debbie\Application Data\Gogii Games
2012-12-07 03:47 - 2012-12-07 03:47 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Gogii Games
2012-12-07 03:39 - 2012-11-24 12:15 - 00045474 ____A C:\Windows\PFRO.log
2012-12-06 14:08 - 2012-12-06 14:08 - 00012516 ____A C:\Users\Debbie\My Documents\Credit One Bank - Credit Card Application.htm
2012-12-06 14:08 - 2012-12-06 14:08 - 00012516 ____A C:\Users\Debbie\Documents\Credit One Bank - Credit Card Application.htm
2012-12-06 14:08 - 2012-12-06 14:08 - 00000000 ____D C:\Users\Debbie\My Documents\Credit One Bank - Credit Card Application_files
2012-12-06 14:08 - 2012-12-06 14:08 - 00000000 ____D C:\Users\Debbie\Documents\Credit One Bank - Credit Card Application_files
2012-12-06 12:20 - 2012-12-06 11:52 - 00001174 ____A C:\Users\Debbie\PrintMaster-2012-Platinum.prefs
2012-12-06 12:07 - 2012-12-06 11:52 - 00000000 ____D C:\Users\Debbie\My Documents\PrintMaster Projects
2012-12-06 12:07 - 2012-12-06 11:52 - 00000000 ____D C:\Users\Debbie\Documents\PrintMaster Projects
2012-12-06 12:02 - 2012-11-24 03:56 - 00000000 ____D C:\Users\Debbie\.thumbnails
2012-12-06 12:01 - 2012-07-24 20:04 - 00212896 ____A C:\Users\Debbie\Local Settings\GDIPFONTCACHEV1.DAT
2012-12-06 12:01 - 2012-07-24 20:04 - 00212896 ____A C:\Users\Debbie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-12-06 12:01 - 2012-07-24 20:04 - 00212896 ____A C:\Users\Debbie\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-06 11:53 - 2012-12-06 11:21 - 00000000 ____D C:\Users\Public\StoryRock
2012-12-06 11:52 - 2012-12-06 11:52 - 00000000 ____D C:\Users\Debbie\Library
2012-12-06 11:48 - 2012-12-06 11:48 - 00002055 ____A C:\Users\Public\Desktop\PrintMaster 2012 Platinum.lnk
2012-12-06 11:48 - 2012-12-06 11:48 - 00002055 ____A C:\Users\All Users\Desktop\PrintMaster 2012 Platinum.lnk
2012-12-06 03:43 - 2012-12-06 03:43 - 00000000 ____D C:\Users\Debbie\My Documents\Fax
2012-12-06 03:43 - 2012-12-06 03:43 - 00000000 ____D C:\Users\Debbie\Documents\Fax
2012-12-04 13:31 - 2012-12-04 13:31 - 00002415 ____A C:\Users\Debbie\Desktop\Fairy Tale Mysteries - The Puppet Thief CE.lnk
2012-12-04 13:29 - 2012-12-04 13:29 - 00000000 ____D C:\Program Files (x86)\Fairy Tale Mysteries - The Puppet Thief CE
2012-12-04 13:23 - 2012-08-09 02:09 - 00000000 ____D C:\Windows\SysWOW64\1060
2012-12-04 00:58 - 2012-12-04 00:58 - 00000468 ____A C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2012-12-03 23:01 - 2012-04-08 20:06 - 00000814 ____A C:\Users\Public\Desktop\BitComet.lnk
2012-12-03 23:01 - 2012-04-08 20:06 - 00000814 ____A C:\Users\All Users\Desktop\BitComet.lnk
2012-12-03 16:07 - 2012-12-03 16:07 - 00007258 ____A C:\Users\Debbie\My Documents\Confirmation of Application Form Submission - federal Lifeline.htm
2012-12-03 16:07 - 2012-12-03 16:07 - 00007258 ____A C:\Users\Debbie\Documents\Confirmation of Application Form Submission - federal Lifeline.htm
2012-12-03 08:14 - 2012-07-12 21:51 - 00000302 ____A C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2012-12-02 14:17 - 2012-11-28 18:29 - 00000000 ____D C:\Users\Debbie\Application Data\dvdcss
2012-12-02 14:17 - 2012-11-28 18:29 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\dvdcss
2012-11-29 11:12 - 2012-11-29 11:09 - 15837184 ____A ( ) C:\Users\Debbie\Downloads\K-Lite_Codec_Pack_955_Full.exe
2012-11-24 12:16 - 2009-04-28 10:27 - 00000000 ____D C:\Windows\Panther
2012-11-24 12:12 - 2012-11-22 02:45 - 00000000 ____D C:\Users\Debbie\Application Data\Wise Care 365
2012-11-24 12:12 - 2012-11-22 02:45 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Wise Care 365
2012-11-24 12:07 - 2012-11-24 12:07 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 02434560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01885696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01643008 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2012-11-24 12:07 - 2012-11-24 12:07 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2012-11-24 11:57 - 2012-11-24 11:57 - 00000218 ____A C:\Users\Debbie\.recently-used.xbel
2012-11-24 11:00 - 2012-11-01 01:24 - 00000000 ____D C:\Users\Debbie\Application Data\AlawarEntertainment
2012-11-24 11:00 - 2012-11-01 01:24 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\AlawarEntertainment
2012-11-24 09:17 - 2012-11-02 16:39 - 00000000 ____D C:\MrFood Cookbooks
2012-11-24 04:25 - 2012-11-24 04:25 - 00000000 ____D C:\Users\Debbie\Application Data\inkscape
2012-11-24 04:25 - 2012-11-24 04:25 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\inkscape
2012-11-24 04:07 - 2012-11-24 03:46 - 00000000 ____D C:\Users\Debbie\.gimp-2.8
2012-11-24 03:56 - 2012-11-24 03:56 - 00000857 ____A C:\Users\Debbie\Local Settings\recently-used.xbel
2012-11-24 03:56 - 2012-11-24 03:56 - 00000857 ____A C:\Users\Debbie\Local Settings\Application Data\recently-used.xbel
2012-11-24 03:56 - 2012-11-24 03:56 - 00000857 ____A C:\Users\Debbie\AppData\Local\recently-used.xbel
2012-11-24 03:51 - 2012-11-24 03:51 - 00000000 ____D C:\Users\Debbie\Local Settings\webkit
2012-11-24 03:51 - 2012-11-24 03:51 - 00000000 ____D C:\Users\Debbie\Local Settings\Application Data\webkit
2012-11-24 03:51 - 2012-11-24 03:51 - 00000000 ____D C:\Users\Debbie\AppData\Local\webkit
2012-11-24 03:46 - 2012-11-24 03:46 - 00000000 ____D C:\Users\Debbie\Local Settings\gegl-0.2
2012-11-24 03:46 - 2012-11-24 03:46 - 00000000 ____D C:\Users\Debbie\Local Settings\Application Data\gegl-0.2
2012-11-24 03:46 - 2012-11-24 03:46 - 00000000 ____D C:\Users\Debbie\AppData\Local\gegl-0.2
2012-11-24 03:44 - 2012-11-24 03:43 - 00000000 ____D C:\Program Files\GIMP 2
2012-11-24 03:24 - 2012-11-24 03:23 - 00000000 ____D C:\Users\Debbie\Local Settings\Application Data\{E4845F8B-6A66-403C-95DB-C431BE685629}
2012-11-24 03:24 - 2012-11-24 03:23 - 00000000 ____D C:\Users\Debbie\Local Settings\{E4845F8B-6A66-403C-95DB-C431BE685629}
2012-11-24 03:24 - 2012-11-24 03:23 - 00000000 ____D C:\Users\Debbie\AppData\Local\{E4845F8B-6A66-403C-95DB-C431BE685629}
2012-11-24 03:24 - 2012-11-20 23:12 - 00000000 ____D C:\Users\Debbie\Local Settings\Windows Live
2012-11-24 03:24 - 2012-11-20 23:12 - 00000000 ____D C:\Users\Debbie\Local Settings\Application Data\Windows Live
2012-11-24 03:24 - 2012-11-20 23:12 - 00000000 ____D C:\Users\Debbie\AppData\Local\Windows Live
2012-11-22 10:05 - 2012-11-22 10:05 - 00000000 ____A C:\Windows\setuperr.log
2012-11-22 03:07 - 2012-11-22 03:07 - 00000414 ____A C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job
2012-11-22 02:46 - 2012-11-22 02:46 - 00000424 ____A C:\Windows\Tasks\Wise Care 365.job
2012-11-22 02:44 - 2012-11-17 16:00 - 00000000 ____D C:\Program Files (x86)\Wise
2012-11-21 21:26 - 2012-12-14 22:45 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-20 23:17 - 2012-11-20 23:17 - 00000000 ____D C:\Windows\en
2012-11-20 23:15 - 2011-04-21 18:29 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-11-20 23:14 - 2011-04-21 18:28 - 00000000 ____D C:\Program Files\Windows Live
2012-11-17 16:19 - 2012-04-12 11:50 - 00000000 ___RD C:\Users\Debbie\Desktop\HOGs
2012-11-17 16:12 - 2012-11-17 16:12 - 00000000 ____D C:\Program Files (x86)\The Beast of Lycan Isle Collector's Edition
2012-11-17 15:58 - 2012-04-08 23:23 - 00000000 ____D C:\Users\All Users\PC Tools
2012-11-17 15:58 - 2012-04-08 23:23 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-11-17 15:58 - 2012-04-08 23:23 - 00000000 ____D C:\Program Files (x86)\PC Tools Utilities
2012-11-17 14:39 - 2012-11-17 14:39 - 00000000 ____D C:\Program Files (x86)\Haunted Legends 3- The Undertaker Collector's Edition
2012-11-17 13:45 - 2012-11-17 13:44 - 00000000 ____D C:\Program Files (x86)\Zodiac Prophecies - The Serpent Bearer With Guide
2012-11-17 03:42 - 2009-07-13 20:34 - 77070336 ____A C:\Windows\System32\config\software.rmbak
2012-11-17 03:42 - 2009-07-13 20:34 - 05767168 ____A C:\Windows\System32\config\default.rmbak
2012-11-17 03:15 - 2012-11-17 03:15 - 00000000 ____D C:\Users\Debbie\My Documents\PC Tools Performance Toolkit
2012-11-17 03:15 - 2012-11-17 03:15 - 00000000 ____D C:\Users\Debbie\Documents\PC Tools Performance Toolkit

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-08 09:42:37
Restore point made on: 2012-12-11 11:16:22
Restore point made on: 2012-12-12 19:18:57
Restore point made on: 2012-12-12 19:21:21
Restore point made on: 2012-12-12 20:39:00
Restore point made on: 2012-12-12 20:44:50
Restore point made on: 2012-12-13 05:00:33
Restore point made on: 2012-12-14 22:04:22
Restore point made on: 2012-12-14 22:40:07
Restore point made on: 2012-12-15 04:40:21
Restore point made on: 2012-12-15 05:00:31
Restore point made on: 2012-12-15 10:52:01

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 3034.36 MB
Available physical RAM: 2399.43 MB
Total Pagefile: 3032.51 MB
Available Pagefile: 2396.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:205.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (FreeAgent GoFlex Drive) (Fixed) (Total:1397.26 GB) (Free:1131.97 GB) NTFS
4 Drive f: () (Removable) (Total:1.86 GB) (Free:1.76 GB) FAT32
5 Drive g: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1397 GB 1024 KB
Disk 2 Online 1910 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 283 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 DELLUTILITY FAT Partition 100 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 G Recovery NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1397 GB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FreeAgent G NTFS Partition 1397 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1910 MB 0 B

==================================================================================

Disk: 2
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2012-12-05 09:13

==================== End Of Log =============================

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:50 PM

Posted 15 December 2012 - 04:15 PM

1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
Still Redirecting? If so to what website is it redirecting?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Fhoosa

Fhoosa
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Seabrook, TX
  • Local time:04:50 PM

Posted 15 December 2012 - 10:10 PM

Hey...

Had to step for awhile...Here's the TDSSKiller reports...
I came up with two of them...
Don't know if that's normal but anyway, I'm sending both of them to you...
As for the ComboFix report, I think I might have screwed up...
It has to do with the Recovery Console...
I don't know if I have it or what but I didn't see anything come through until after the scan was through telling me that I need to get it...but when I clicked "yes", it wouldn't let me do anything...
See if you can make heads or tails out of what I've sent you...

#8 Fhoosa

Fhoosa
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Seabrook, TX
  • Local time:04:50 PM

Posted 15 December 2012 - 10:14 PM

Hi, it's me...

You asked if I was still having redirect problems...

I've roamed around the internet through the google search page and I'm happy to report that as of right now, I haven't been redirected...but I'm cautious...

Can't wait to hear back from you to see how you think my computer looks...

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:50 PM

Posted 15 December 2012 - 11:59 PM

Hello,

Your logs looks good except for one file we will have checked. We will also check for any leftovers.

1.
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\windows\SysWOW64\d33dxof.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/


2.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

3.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Posted Image
  • Click the Search button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.


Things to include in your next reply::
Jotti results
MBAM log
AdwCleaner[R1].txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 Fhoosa

Fhoosa
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Seabrook, TX
  • Local time:04:50 PM

Posted 16 December 2012 - 01:56 AM

Ok then...I am sending you the MBAM log and the Cleaner text right now...
It seems to be taking a long time for the file you requested to be scanned...
I'm trying at both places but nothing is happening...
Could you please tell me how long I should expect it to go on...???

As soon as it is done, I will send you the results...

Thank you so much for what you have done for me so far...
You know your stuff and I really do appreciate it...

My computer seems to be working ok except it seems to be running slower then before it got sick...
Any thoughts on that...???

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:50 PM

Posted 16 December 2012 - 02:23 AM

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 Fhoosa

Fhoosa
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Seabrook, TX
  • Local time:04:50 PM

Posted 16 December 2012 - 04:15 AM

Here's the report...

What about the other file that wasn't doing anything...???

# AdwCleaner v2.100 - Logfile created 12/15/2012 at 23:32:11
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Debbie - HOME
# Boot Mode : Normal
# Running from : C:\Users\Debbie\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Debbie\AppData\Local\Conduit
Folder Deleted : C:\Users\Debbie\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Debbie\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\IPT_bar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32804100-B238-45F4-B15E-C5A2F2F7400B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90CA7391-AFD0-40C2-8F40-20C1B97164C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E9DDDBA-A2C0-4B42-998D-24DC8AD5C2D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32804100-B238-45F4-B15E-C5A2F2F7400B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90CA7391-AFD0-40C2-8F40-20C1B97164C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\Software\BitTorrentBar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2233703
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT851238
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\IPT_bar
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{32804100-B238-45F4-B15E-C5A2F2F7400B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90CA7391-AFD0-40C2-8F40-20C1B97164C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2E9DDDBA-A2C0-4B42-998D-24DC8AD5C2D7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32804100-B238-45F4-B15E-C5A2F2F7400B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{90CA7391-AFD0-40C2-8F40-20C1B97164C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F56089F-8F93-4DCC-9B7F-1D858BDBE17C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61F3B5F4-E7AE-406B-A502-10E5BE425172}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BE9C92B-7A5D-489B-9A57-46DFFE08B02E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7CAFB24-F7BE-4468-8117-F2FB4123AF6D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IPT_bar Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{2E9DDDBA-A2C0-4B42-998D-24DC8AD5C2D7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{2E9DDDBA-A2C0-4B42-998D-24DC8AD5C2D7}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"apps_promo_counter":11,"backup":{"_signature":"urGnKomkWkgQ5C3ueyGsWMk/BjS+6ftgJ4mbIPTkaYY=","_ver[...]

*************************

AdwCleaner[R1].txt - [39718 octets] - [15/12/2012 22:45:44]
AdwCleaner[R2].txt - [39779 octets] - [15/12/2012 23:31:43]
AdwCleaner[S1].txt - [7294 octets] - [15/12/2012 23:32:11]

########## EOF - C:\AdwCleaner[S1].txt - [7354 octets] ##########

#13 Fhoosa

Fhoosa
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Seabrook, TX
  • Local time:04:50 PM

Posted 16 December 2012 - 11:56 AM

I wanted to let you know that the redirect is happening again...
It seemed to be ok last night but when I tried to click on a search through Google, it started doing it again...

Am I doomed to never find whatever is causing this...??
Should I now consider doing a complete erase and bring it back to its original factory settings...???

#14 Fhoosa

Fhoosa
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Seabrook, TX
  • Local time:04:50 PM

Posted 16 December 2012 - 12:27 PM

I was checking into that file c:\windows\sysWOW64\d33dxof.dll and found out it's a Toolbar Browser Helper...
I found it in my add-ons and disabled it...

Can my computer be saved...???

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:50 PM

Posted 16 December 2012 - 02:14 PM

Hello,
Yes we can save your machine
Are the redirects happening in all the browsers or just a specific one? Firefox? Chrome? Imnnet Explorer?

1.
Download the yorkyt.exe disinfection tool (1,31 MB).

Save the file to your hard disk; to the Windows Desktop, for example.
Double click the yorkyt.exe file.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
In order to ensure a full cleanup, run a scan of your PC with the antivirus installed.

2.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    c:\windows\*. /SL
    c:\windows\*. /RP 
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
2.

Edited by fireman4it, 16 December 2012 - 02:16 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users