Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a Trojan.Agent.MRGGen


  • This topic is locked This topic is locked
17 replies to this topic

#1 SueRon57

SueRon57

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lancaster Ca
  • Local time:05:06 AM

Posted 24 April 2013 - 08:54 AM

Mod Edit: Moved to proper forum.,  Virus, Trojan, Spyware, and Malware Removal Logs              

 

~~ boopme


Attached File  dds.txt   13.78KB   1 downloadsAttached File  attach.txt   11.38KB   0 downloadsMy laptop crashes when ever it goes into hybernation and I get bluescreen. It changes my homepage and malwarebytes continuely finds same Trojan Virius every 15 seconds. I need help please.Attached File  mbam-log-2013-04-24 (01-27-52).txt   2.25KB   4 downloadsAttached File  protection-log-2013-04-24.txt   11.58KB   0 downloads             Thank You Susan


Edited by boopme, 24 April 2013 - 09:24 AM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:06 PM

Posted 24 April 2013 - 11:25 AM

Hi SueRon57,

 

Welcome to the forum.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 



#3 SueRon57

SueRon57
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lancaster Ca
  • Local time:05:06 AM

Posted 24 April 2013 - 01:17 PM

Hi and thank you for your help with this. I ran the FRST and here is the log. I am unable to attach the Addition.txt where is the attach file on here?
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2013
Ran by Amy (administrator) on 24-04-2013 10:54:49
Running from C:\Users\Amy\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Network
==================== Processes (Whitelisted) =================
(Microsoft Corporation) [1492] C:\Windows\system32\ctfmon.exe
(Microsoft Corporation) [892] \\.\globalroot\systemroot\svchost.exe
(Malwarebytes Corporation) [2748] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) [4780] C:\Windows\SysWOW64\svchost.exe
(Farbar) [3328] C:\Users\Amy\Downloads\FRST64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false [3519928 2012-09-14] (PC Drivers Headquarters)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
SearchScopes: HKLM-x32 - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ie&s_qt=sb&tb_uuid=2013042272529455&tb_oid=22-04-2013
&tb_mrud=22-04-2013
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=111442&tt=120912_cpc_3812_5&babsrc=SP_ss&mntrId=f68497640000000000004c0f6e14aeb2
SearchScopes: HKCU - {438C5212-0607-4F59-9D91-BEDE02A82F01} URL = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=FM&apn_dtid=PFM010YYUS&apn_uid=3c0c4046-b1d9-41e2-af28-bed7885f1d48&apn_sauid=1F782EDE-344C-4A7F-93F4-550B070B696D
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ie&s_qt=sb&tb_uuid=2013042272529455&tb_oid=22-04-2013
&tb_mrud=22-04-2013
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO-x32: Software Assist - {11111111-1111-1111-1111-110011301126} - C:\Program Files (x86)\Software Assist\Software Assist.dll (Software Assist)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
PDF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
PDF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 4.2.2.2
Chrome:
=======
CHR HomePage: https://www.google.com/
CHR DefaultSearchURL: () -
CHR DefaultSuggestURL: () -
CHR Extension: (Docs) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Software Assist) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jenkhamomijcoocoblchfbobohfabaff\1.19.33_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: () - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lenicmgjbmpgagkhghjmkikfoljdcbhi\4.0_0
CHR Extension: (Gmail) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
==================== Services (Whitelisted) =================
S2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2569168 2013-03-26] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-11] (Symantec Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll [132984 2011-11-07] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3678720 2012-06-20] (Qualcomm Atheros Communications, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-04-24 10:54 - 2013-04-24 10:54 - 00000000 ____D C:\FRST
2013-04-24 10:53 - 2013-04-24 10:53 - 01708114 ____A (Farbar) C:\Users\Amy\Downloads\FRST64.exe
2013-04-24 07:11 - 2013-04-24 07:11 - 00014115 ____A C:\Users\Amy\Desktop\dds.txt
2013-04-24 07:11 - 2013-04-24 07:11 - 00011651 ____A C:\Users\Amy\Desktop\attach.txt
2013-04-24 07:02 - 2013-04-24 07:02 - 00688992 ____R (Swearware) C:\Users\Amy\Downloads\dds.com
2013-04-24 05:48 - 2009-07-13 18:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2013-04-24 01:27 - 2013-04-24 01:27 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-24 01:27 - 2013-04-24 01:27 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Malwarebytes
2013-04-24 01:27 - 2013-04-24 01:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-24 01:27 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-24 01:25 - 2013-04-24 01:25 - 10284816 ____A (Malwarebytes Corporation                                    ) C:\Users\Amy\Downloads\mbam-setup.exe
2013-04-24 00:49 - 2013-04-24 00:49 - 00274912 ____A C:\Windows\Minidump\042413-33134-01.dmp
2013-04-23 17:29 - 2013-04-23 17:29 - 00000032 ____A C:\Users\Amy\Downloads\textplain_2.txt
2013-04-23 12:34 - 2013-04-23 12:34 - 04126720 ____A C:\Program Files (x86)\GUTD57B.tmp
2013-04-23 12:33 - 2013-04-23 12:33 - 00000000 ____D C:\Users\Susie\AppData\Local\Google
2013-04-23 12:28 - 2013-04-23 12:39 - 00000000 ____D C:\Program Files (x86)\Google
2013-04-22 03:29 - 2013-04-22 03:29 - 00000000 ____A C:\Users\Susie\3782111.dll
2013-04-22 02:48 - 2013-04-22 02:48 - 00000000 ____D C:\Users\Susie\AppData\Roaming\Macromedia
2013-04-22 02:48 - 2013-04-22 02:48 - 00000000 ____D C:\Users\Susie\AppData\Roaming\Adobe
2013-04-22 02:43 - 2013-04-22 02:43 - 00058016 ____A C:\Users\Susie\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-22 02:43 - 2013-04-22 02:43 - 00000000 ____D C:\Users\Susie\AppData\Roaming\Apple Computer
2013-04-22 02:43 - 2013-04-22 02:43 - 00000000 ____D C:\Users\Susie\AppData\Local\VirtualStore
2013-04-22 02:42 - 2013-04-23 15:29 - 00000000 ____D C:\users\Susie
2013-04-22 02:42 - 2013-04-22 02:42 - 00000020 ___SH C:\Users\Susie\ntuser.ini
2013-04-18 19:24 - 2013-04-18 19:24 - 00003162 ____A C:\Users\Amy\Desktop\Ron Roofing - Shortcut.lnk
2013-04-18 19:23 - 2013-04-18 19:23 - 00000845 ____A C:\Users\Amy\.recently-used.xbel
2013-04-18 19:23 - 2013-04-18 19:23 - 00000000 ____D C:\Users\Amy\.thumbnails
2013-04-18 16:14 - 2013-04-18 16:14 - 00000000 ____D C:\Users\Amy\AppData\Local\Adobe
2013-04-18 16:13 - 2013-04-18 16:13 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-04-18 16:13 - 2013-04-18 16:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-04-17 09:02 - 2013-04-17 09:02 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-04-17 09:01 - 2011-11-03 05:00 - 00385024 ____A (CANON INC.) C:\Windows\System32\CNMLMB1.DLL
2013-04-17 09:01 - 2011-09-21 05:00 - 00302592 ____A (CANON INC.) C:\Windows\System32\CNCALB1.DLL
2013-04-16 06:19 - 2013-01-03 22:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-04-16 06:19 - 2013-01-03 21:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-04-16 06:19 - 2013-01-03 19:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-04-16 06:19 - 2013-01-03 19:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-04-16 06:19 - 2013-01-03 19:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-04-16 06:19 - 2013-01-03 19:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-04-16 01:39 - 2013-04-16 01:39 - 00000129 ____A C:\Windows\System32\MRT.INI
2013-04-16 01:28 - 2012-07-25 21:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-04-16 01:28 - 2012-07-25 21:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-04-16 01:28 - 2012-07-25 19:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-04-16 01:28 - 2012-06-02 07:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-04-16 01:18 - 2013-02-21 23:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-16 01:18 - 2013-02-21 23:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-16 01:18 - 2013-02-21 23:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-16 01:18 - 2013-02-21 23:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-16 01:18 - 2013-02-21 23:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-16 01:18 - 2013-02-21 23:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-16 01:18 - 2013-02-21 23:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-16 01:18 - 2013-02-21 23:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-16 01:18 - 2013-02-21 23:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-16 01:18 - 2013-02-21 23:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-16 01:18 - 2013-02-21 23:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-16 01:18 - 2013-02-21 23:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-16 01:18 - 2013-02-21 23:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-16 01:18 - 2013-02-21 23:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-16 01:18 - 2013-02-21 23:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-16 01:18 - 2013-02-21 23:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-16 01:18 - 2013-02-21 21:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-16 01:18 - 2013-02-21 20:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-16 01:18 - 2013-02-21 20:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-16 01:18 - 2013-02-21 20:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-16 01:18 - 2013-02-21 20:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-16 01:18 - 2013-02-21 20:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-16 01:18 - 2013-02-21 20:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-16 01:18 - 2013-02-21 20:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-16 01:18 - 2013-02-21 20:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-16 01:18 - 2013-02-21 20:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-16 01:18 - 2013-02-21 20:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-16 01:18 - 2013-02-21 20:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-16 01:18 - 2013-02-21 20:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-16 01:18 - 2013-02-21 20:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-16 01:18 - 2013-02-21 20:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-16 01:18 - 2013-02-21 20:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-15 17:18 - 2013-02-28 20:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-15 16:56 - 2013-02-14 23:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-15 16:56 - 2013-02-14 23:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-15 16:56 - 2013-02-14 23:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-15 16:56 - 2013-02-14 21:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-15 16:56 - 2013-02-14 21:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-15 16:56 - 2013-02-14 20:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-15 16:56 - 2012-11-08 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-04-15 16:51 - 2013-01-23 23:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-15 16:46 - 2012-10-09 11:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2013-04-15 16:46 - 2012-10-09 11:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2013-04-15 16:46 - 2012-10-09 10:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-04-15 16:46 - 2012-10-09 10:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-04-15 16:40 - 2012-08-21 14:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2013-04-15 16:37 - 2012-06-01 22:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-04-15 16:37 - 2012-06-01 22:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-04-15 16:37 - 2012-06-01 22:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-04-15 16:37 - 2012-06-01 21:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-04-15 16:37 - 2012-06-01 21:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-04-15 16:37 - 2012-06-01 21:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-04-15 16:30 - 2012-08-31 11:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-15 16:28 - 2012-11-08 22:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-04-15 16:28 - 2012-11-08 21:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-04-15 16:28 - 2012-10-03 10:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-04-15 16:28 - 2012-10-03 10:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2013-04-15 16:28 - 2012-10-03 10:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-04-15 16:28 - 2012-10-03 10:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-04-15 16:28 - 2012-10-03 10:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2013-04-15 16:28 - 2012-10-03 10:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-04-15 16:28 - 2012-10-03 09:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-04-15 16:28 - 2012-10-03 09:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-04-15 16:28 - 2012-10-03 09:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-04-15 16:28 - 2012-10-03 09:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-04-15 16:28 - 2012-01-13 00:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-04-15 16:27 - 2013-02-11 21:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-04-15 16:27 - 2012-11-19 22:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-04-15 16:27 - 2012-11-19 21:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-04-15 16:27 - 2012-11-01 22:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-04-15 16:27 - 2012-11-01 22:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-04-15 16:27 - 2012-10-31 22:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-04-15 16:27 - 2012-10-31 22:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-04-15 16:27 - 2012-10-31 21:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-04-15 16:27 - 2012-10-31 21:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-04-15 16:27 - 2012-08-24 11:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-04-15 16:27 - 2012-08-24 09:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-04-15 16:26 - 2013-01-02 23:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-04-15 16:26 - 2013-01-02 23:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-04-15 16:26 - 2012-12-07 06:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-04-15 16:26 - 2012-12-07 06:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-04-15 16:26 - 2012-12-07 05:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-04-15 16:26 - 2012-12-07 05:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-04-15 16:26 - 2012-12-07 04:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-04-15 16:26 - 2012-12-07 04:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-04-15 16:26 - 2012-12-07 04:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-04-15 16:26 - 2012-12-07 04:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-04-15 16:26 - 2012-12-07 04:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-04-15 16:26 - 2012-12-07 04:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-04-15 16:26 - 2012-12-07 04:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-04-15 16:26 - 2012-12-07 04:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-04-15 16:26 - 2012-12-07 04:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-04-15 16:26 - 2012-12-07 04:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-04-15 16:26 - 2012-12-07 04:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-04-15 16:26 - 2012-12-07 04:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-04-15 16:26 - 2012-12-07 04:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-04-15 16:26 - 2012-12-07 04:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-04-15 16:26 - 2012-11-21 22:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-04-15 16:26 - 2012-11-21 21:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-04-15 16:25 - 2012-11-29 22:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-04-15 16:25 - 2012-11-29 22:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-04-15 16:25 - 2012-11-29 22:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-04-15 16:25 - 2012-11-29 22:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-04-15 16:25 - 2012-11-29 22:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-04-15 16:25 - 2012-11-29 22:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-04-15 16:25 - 2012-11-29 21:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 20:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-04-15 16:25 - 2012-11-29 19:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 19:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 16:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-04-15 16:25 - 2012-11-29 16:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-04-15 16:25 - 2012-08-10 17:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-04-15 16:25 - 2012-08-10 16:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-04-15 16:24 - 2012-11-22 20:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-04-15 16:24 - 2012-09-25 15:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-04-15 16:24 - 2012-09-25 15:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-04-11 12:56 - 2012-12-16 10:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-04-11 12:56 - 2012-12-16 07:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-04-11 12:56 - 2012-12-16 07:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-04-11 12:56 - 2012-12-16 07:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-04-11 12:56 - 2012-07-25 20:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-04-11 12:56 - 2012-07-25 20:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-04-11 12:56 - 2012-07-25 20:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-04-11 12:56 - 2012-07-25 20:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-04-11 12:56 - 2012-07-25 20:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-04-11 12:56 - 2012-07-25 19:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-04-11 12:56 - 2012-07-25 19:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-04-11 12:56 - 2012-06-02 07:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-03-27 17:36 - 2012-11-08 22:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-03-27 17:31 - 2013-04-24 00:49 - 580067931 ____A C:\Windows\MEMORY.DMP
2013-03-27 17:31 - 2013-04-24 00:49 - 00000000 ____D C:\Windows\Minidump
2013-03-27 17:31 - 2013-03-27 17:31 - 00274912 ____A C:\Windows\Minidump\032713-35724-01.dmp
2013-03-27 16:50 - 2013-03-27 16:50 - 00002071 ____A C:\Users\Public\Desktop\Norton PC Checkup 3.0.lnk
==================== One Month Modified Files and Folders =======
2013-04-24 10:54 - 2013-04-24 10:54 - 00000000 ____D C:\FRST
2013-04-24 10:53 - 2013-04-24 10:53 - 01708114 ____A (Farbar) C:\Users\Amy\Downloads\FRST64.exe
2013-04-24 07:11 - 2013-04-24 07:11 - 00014115 ____A C:\Users\Amy\Desktop\dds.txt
2013-04-24 07:11 - 2013-04-24 07:11 - 00011651 ____A C:\Users\Amy\Desktop\attach.txt
2013-04-24 07:02 - 2013-04-24 07:02 - 00688992 ____R (Swearware) C:\Users\Amy\Downloads\dds.com
2013-04-24 05:45 - 2010-01-05 03:00 - 01253988 ____A C:\Windows\WindowsUpdate.log
2013-04-24 05:42 - 2009-07-13 21:45 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-24 05:42 - 2009-07-13 21:45 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-24 05:35 - 2012-09-01 15:15 - 00000320 ____A C:\Windows\Tasks\GlaryInitialize.job
2013-04-24 05:34 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-24 05:34 - 2009-07-13 21:51 - 00022931 ____A C:\Windows\setupact.log
2013-04-24 01:36 - 2012-09-01 11:13 - 00007848 ____A C:\Windows\PFRO.log
2013-04-24 01:27 - 2013-04-24 01:27 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-24 01:27 - 2013-04-24 01:27 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Malwarebytes
2013-04-24 01:27 - 2013-04-24 01:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-24 01:25 - 2013-04-24 01:25 - 10284816 ____A (Malwarebytes Corporation                                    ) C:\Users\Amy\Downloads\mbam-setup.exe
2013-04-24 01:00 - 2012-09-01 15:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-24 00:49 - 2013-04-24 00:49 - 00274912 ____A C:\Windows\Minidump\042413-33134-01.dmp
2013-04-24 00:49 - 2013-03-27 17:31 - 580067931 ____A C:\Windows\MEMORY.DMP
2013-04-24 00:49 - 2013-03-27 17:31 - 00000000 ____D C:\Windows\Minidump
2013-04-23 17:29 - 2013-04-23 17:29 - 00000032 ____A C:\Users\Amy\Downloads\textplain_2.txt
2013-04-23 15:29 - 2013-04-22 02:42 - 00000000 ____D C:\users\Susie
2013-04-23 15:29 - 2012-09-01 09:47 - 00000000 ____D C:\users\Amy
2013-04-23 15:28 - 2012-09-01 15:15 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2013-04-23 15:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2013-04-23 15:24 - 2012-09-21 12:29 - 00000000 ____D C:\Users\Amy\AppData\Local\Google
2013-04-23 12:39 - 2013-04-23 12:28 - 00000000 ____D C:\Program Files (x86)\Google
2013-04-23 12:34 - 2013-04-23 12:34 - 04126720 ____A C:\Program Files (x86)\GUTD57B.tmp
2013-04-23 12:33 - 2013-04-23 12:33 - 00000000 ____D C:\Users\Susie\AppData\Local\Google
2013-04-22 06:02 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\NDF
2013-04-22 03:29 - 2013-04-22 03:29 - 00000000 ____A C:\Users\Susie\3782111.dll
2013-04-22 02:48 - 2013-04-22 02:48 - 00000000 ____D C:\Users\Susie\AppData\Roaming\Macromedia
2013-04-22 02:48 - 2013-04-22 02:48 - 00000000 ____D C:\Users\Susie\AppData\Roaming\Adobe
2013-04-22 02:43 - 2013-04-22 02:43 - 00058016 ____A C:\Users\Susie\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-22 02:43 - 2013-04-22 02:43 - 00000000 ____D C:\Users\Susie\AppData\Roaming\Apple Computer
2013-04-22 02:43 - 2013-04-22 02:43 - 00000000 ____D C:\Users\Susie\AppData\Local\VirtualStore
2013-04-22 02:42 - 2013-04-22 02:42 - 00000020 ___SH C:\Users\Susie\ntuser.ini
2013-04-19 08:38 - 2009-07-13 22:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-18 21:00 - 2012-09-03 17:23 - 00000000 ____D C:\Users\Amy\AppData\Local\Microsoft Games
2013-04-18 19:24 - 2013-04-18 19:24 - 00003162 ____A C:\Users\Amy\Desktop\Ron Roofing - Shortcut.lnk
2013-04-18 19:24 - 2012-09-21 12:31 - 00000000 ____D C:\Users\Amy\.gimp-2.4
2013-04-18 19:23 - 2013-04-18 19:23 - 00000845 ____A C:\Users\Amy\.recently-used.xbel
2013-04-18 19:23 - 2013-04-18 19:23 - 00000000 ____D C:\Users\Amy\.thumbnails
2013-04-18 16:14 - 2013-04-18 16:14 - 00000000 ____D C:\Users\Amy\AppData\Local\Adobe
2013-04-18 16:14 - 2012-09-01 15:27 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Adobe
2013-04-18 16:13 - 2013-04-18 16:13 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-04-18 16:13 - 2013-04-18 16:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-04-18 11:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-04-17 09:02 - 2013-04-17 09:02 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-04-16 06:11 - 2012-09-01 10:34 - 00058016 ____A C:\Users\Amy\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-16 06:05 - 2009-07-13 21:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-16 01:39 - 2013-04-16 01:39 - 00000129 ____A C:\Windows\System32\MRT.INI
2013-04-15 16:08 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-04-11 15:16 - 2012-09-01 20:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-04-11 15:16 - 2012-09-01 20:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-04-11 12:59 - 2012-09-01 14:59 - 00001945 ____A C:\Windows\epplauncher.mif
2013-04-11 12:58 - 2012-09-01 14:55 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-04-11 12:58 - 2012-09-01 14:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-04-10 17:39 - 2009-07-13 20:20 - 00000000 __RSD C:\Windows\Media
2013-04-10 17:38 - 2012-09-21 10:33 - 00000000 ____D C:\Users\Amy\AppData\Local\PC_Drivers_Headquarters
2013-04-10 17:38 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2013-04-10 17:38 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-04-04 14:50 - 2013-04-24 01:27 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-02 03:34 - 2012-09-01 11:04 - 00282744 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-01 19:58 - 2012-09-01 11:35 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-03-27 17:31 - 2013-03-27 17:31 - 00274912 ____A C:\Windows\Minidump\032713-35724-01.dmp
2013-03-27 17:01 - 2012-09-01 15:26 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-03-27 17:01 - 2012-09-01 15:26 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-03-27 16:50 - 2013-03-27 16:50 - 00002071 ____A C:\Users\Public\Desktop\Norton PC Checkup 3.0.lnk
2013-03-27 16:49 - 2012-09-30 22:03 - 00000000 ____D C:\Program Files (x86)\Norton PC Checkup 3.0
Other Malware:
===========
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
TDL4: custom:26000022 <===== ATTENTION!
Last Boot: 2013-04-15 21:39
==================== End Of Log ============================

Attached Files


Edited by SueRon57, 24 April 2013 - 02:04 PM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:06 PM

Posted 24 April 2013 - 02:01 PM

Please attach both the logs. The posted log is broken and I would like to make sure it is not due to forum editor.

 

To attach the logs select More Reply Options from the down right of the reply post. Then browse to the file, selct the to open them and them attach them,



#5 SueRon57

SueRon57
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lancaster Ca
  • Local time:05:06 AM

Posted 24 April 2013 - 02:03 PM

here are both files you wanted.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2013
Ran by Amy (administrator) on 24-04-2013 10:54:49
Running from C:\Users\Amy\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Network
==================== Processes (Whitelisted) =================

(Microsoft Corporation) [1492] C:\Windows\system32\ctfmon.exe
(Microsoft Corporation) [892] \\.\globalroot\systemroot\svchost.exe
(Malwarebytes Corporation) [2748] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) [4780] C:\Windows\SysWOW64\svchost.exe
(Farbar) [3328] C:\Users\Amy\Downloads\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false [3519928 2012-09-14] (PC Drivers Headquarters)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
SearchScopes: HKLM-x32 - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ie&s_qt=sb&tb_uuid=2013042272529455&tb_oid=22-04-2013
&tb_mrud=22-04-2013

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=111442&tt=120912_cpc_3812_5&babsrc=SP_ss&mntrId=f68497640000000000004c0f6e14aeb2
SearchScopes: HKCU - {438C5212-0607-4F59-9D91-BEDE02A82F01} URL = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=FM&apn_dtid=PFM010YYUS&apn_uid=3c0c4046-b1d9-41e2-af28-bed7885f1d48&apn_sauid=1F782EDE-344C-4A7F-93F4-550B070B696D
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ie&s_qt=sb&tb_uuid=2013042272529455&tb_oid=22-04-2013
&tb_mrud=22-04-2013

SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO-x32: Software Assist - {11111111-1111-1111-1111-110011301126} - C:\Program Files (x86)\Software Assist\Software Assist.dll (Software Assist)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
PDF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
PDF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 4.2.2.2

Chrome:
=======
CHR HomePage: https://www.google.com/
CHR DefaultSearchURL: () -
CHR DefaultSuggestURL: () -
CHR Extension: (Docs) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Software Assist) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jenkhamomijcoocoblchfbobohfabaff\1.19.33_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: () - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lenicmgjbmpgagkhghjmkikfoljdcbhi\4.0_0
CHR Extension: (Gmail) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2569168 2013-03-26] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-11] (Symantec Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll [132984 2011-11-07] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3678720 2012-06-20] (Qualcomm Atheros Communications, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-24 10:54 - 2013-04-24 10:54 - 00000000 ____D C:\FRST
2013-04-24 10:53 - 2013-04-24 10:53 - 01708114 ____A (Farbar) C:\Users\Amy\Downloads\FRST64.exe
2013-04-24 07:11 - 2013-04-24 07:11 - 00014115 ____A C:\Users\Amy\Desktop\dds.txt
2013-04-24 07:11 - 2013-04-24 07:11 - 00011651 ____A C:\Users\Amy\Desktop\attach.txt
2013-04-24 07:02 - 2013-04-24 07:02 - 00688992 ____R (Swearware) C:\Users\Amy\Downloads\dds.com
2013-04-24 05:48 - 2009-07-13 18:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2013-04-24 01:27 - 2013-04-24 01:27 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-24 01:27 - 2013-04-24 01:27 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Malwarebytes
2013-04-24 01:27 - 2013-04-24 01:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-24 01:27 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-24 01:25 - 2013-04-24 01:25 - 10284816 ____A (Malwarebytes Corporation ) C:\Users\Amy\Downloads\mbam-setup.exe
2013-04-24 00:49 - 2013-04-24 00:49 - 00274912 ____A C:\Windows\Minidump\042413-33134-01.dmp
2013-04-23 17:29 - 2013-04-23 17:29 - 00000032 ____A C:\Users\Amy\Downloads\textplain_2.txt
2013-04-23 12:34 - 2013-04-23 12:34 - 04126720 ____A C:\Program Files (x86)\GUTD57B.tmp
2013-04-23 12:33 - 2013-04-23 12:33 - 00000000 ____D C:\Users\Susie\AppData\Local\Google
2013-04-23 12:28 - 2013-04-23 12:39 - 00000000 ____D C:\Program Files (x86)\Google
2013-04-22 03:29 - 2013-04-22 03:29 - 00000000 ____A C:\Users\Susie\3782111.dll
2013-04-22 02:48 - 2013-04-22 02:48 - 00000000 ____D C:\Users\Susie\AppData\Roaming\Macromedia
2013-04-22 02:48 - 2013-04-22 02:48 - 00000000 ____D C:\Users\Susie\AppData\Roaming\Adobe
2013-04-22 02:43 - 2013-04-22 02:43 - 00058016 ____A C:\Users\Susie\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-22 02:43 - 2013-04-22 02:43 - 00000000 ____D C:\Users\Susie\AppData\Roaming\Apple Computer
2013-04-22 02:43 - 2013-04-22 02:43 - 00000000 ____D C:\Users\Susie\AppData\Local\VirtualStore
2013-04-22 02:42 - 2013-04-23 15:29 - 00000000 ____D C:\users\Susie
2013-04-22 02:42 - 2013-04-22 02:42 - 00000020 ___SH C:\Users\Susie\ntuser.ini
2013-04-18 19:24 - 2013-04-18 19:24 - 00003162 ____A C:\Users\Amy\Desktop\Ron Roofing - Shortcut.lnk
2013-04-18 19:23 - 2013-04-18 19:23 - 00000845 ____A C:\Users\Amy\.recently-used.xbel
2013-04-18 19:23 - 2013-04-18 19:23 - 00000000 ____D C:\Users\Amy\.thumbnails
2013-04-18 16:14 - 2013-04-18 16:14 - 00000000 ____D C:\Users\Amy\AppData\Local\Adobe
2013-04-18 16:13 - 2013-04-18 16:13 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-04-18 16:13 - 2013-04-18 16:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-04-17 09:02 - 2013-04-17 09:02 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-04-17 09:01 - 2011-11-03 05:00 - 00385024 ____A (CANON INC.) C:\Windows\System32\CNMLMB1.DLL
2013-04-17 09:01 - 2011-09-21 05:00 - 00302592 ____A (CANON INC.) C:\Windows\System32\CNCALB1.DLL
2013-04-16 06:19 - 2013-01-03 22:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-04-16 06:19 - 2013-01-03 21:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-04-16 06:19 - 2013-01-03 19:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-04-16 06:19 - 2013-01-03 19:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-04-16 06:19 - 2013-01-03 19:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-04-16 06:19 - 2013-01-03 19:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-04-16 01:39 - 2013-04-16 01:39 - 00000129 ____A C:\Windows\System32\MRT.INI
2013-04-16 01:28 - 2012-07-25 21:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-04-16 01:28 - 2012-07-25 21:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-04-16 01:28 - 2012-07-25 19:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-04-16 01:28 - 2012-06-02 07:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-04-16 01:18 - 2013-02-21 23:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-16 01:18 - 2013-02-21 23:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-16 01:18 - 2013-02-21 23:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-16 01:18 - 2013-02-21 23:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-16 01:18 - 2013-02-21 23:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-16 01:18 - 2013-02-21 23:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-16 01:18 - 2013-02-21 23:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-16 01:18 - 2013-02-21 23:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-16 01:18 - 2013-02-21 23:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-16 01:18 - 2013-02-21 23:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-16 01:18 - 2013-02-21 23:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-16 01:18 - 2013-02-21 23:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-16 01:18 - 2013-02-21 23:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-16 01:18 - 2013-02-21 23:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-16 01:18 - 2013-02-21 23:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-16 01:18 - 2013-02-21 23:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-16 01:18 - 2013-02-21 21:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-16 01:18 - 2013-02-21 20:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-16 01:18 - 2013-02-21 20:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-16 01:18 - 2013-02-21 20:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-16 01:18 - 2013-02-21 20:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-16 01:18 - 2013-02-21 20:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-16 01:18 - 2013-02-21 20:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-16 01:18 - 2013-02-21 20:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-16 01:18 - 2013-02-21 20:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-16 01:18 - 2013-02-21 20:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-16 01:18 - 2013-02-21 20:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-16 01:18 - 2013-02-21 20:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-16 01:18 - 2013-02-21 20:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-16 01:18 - 2013-02-21 20:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-16 01:18 - 2013-02-21 20:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-16 01:18 - 2013-02-21 20:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-15 17:18 - 2013-02-28 20:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-15 16:56 - 2013-02-14 23:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-15 16:56 - 2013-02-14 23:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-15 16:56 - 2013-02-14 23:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-15 16:56 - 2013-02-14 21:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-15 16:56 - 2013-02-14 21:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-15 16:56 - 2013-02-14 20:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-15 16:56 - 2012-11-08 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-04-15 16:51 - 2013-01-23 23:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-15 16:46 - 2012-10-09 11:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2013-04-15 16:46 - 2012-10-09 11:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2013-04-15 16:46 - 2012-10-09 10:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-04-15 16:46 - 2012-10-09 10:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-04-15 16:40 - 2012-08-21 14:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2013-04-15 16:37 - 2012-06-01 22:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-04-15 16:37 - 2012-06-01 22:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-04-15 16:37 - 2012-06-01 22:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-04-15 16:37 - 2012-06-01 21:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-04-15 16:37 - 2012-06-01 21:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-04-15 16:37 - 2012-06-01 21:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-04-15 16:30 - 2012-08-31 11:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-15 16:28 - 2012-11-08 22:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-04-15 16:28 - 2012-11-08 21:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-04-15 16:28 - 2012-10-03 10:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-04-15 16:28 - 2012-10-03 10:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2013-04-15 16:28 - 2012-10-03 10:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-04-15 16:28 - 2012-10-03 10:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-04-15 16:28 - 2012-10-03 10:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2013-04-15 16:28 - 2012-10-03 10:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-04-15 16:28 - 2012-10-03 09:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-04-15 16:28 - 2012-10-03 09:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-04-15 16:28 - 2012-10-03 09:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-04-15 16:28 - 2012-10-03 09:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-04-15 16:28 - 2012-01-13 00:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-04-15 16:27 - 2013-02-11 21:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-04-15 16:27 - 2012-11-19 22:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-04-15 16:27 - 2012-11-19 21:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-04-15 16:27 - 2012-11-01 22:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-04-15 16:27 - 2012-11-01 22:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-04-15 16:27 - 2012-10-31 22:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-04-15 16:27 - 2012-10-31 22:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-04-15 16:27 - 2012-10-31 21:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-04-15 16:27 - 2012-10-31 21:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-04-15 16:27 - 2012-08-24 11:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-04-15 16:27 - 2012-08-24 09:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-04-15 16:26 - 2013-01-02 23:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-04-15 16:26 - 2013-01-02 23:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-04-15 16:26 - 2012-12-07 06:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-04-15 16:26 - 2012-12-07 06:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-04-15 16:26 - 2012-12-07 05:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-04-15 16:26 - 2012-12-07 05:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-04-15 16:26 - 2012-12-07 04:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-04-15 16:26 - 2012-12-07 04:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-04-15 16:26 - 2012-12-07 04:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-04-15 16:26 - 2012-12-07 04:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-04-15 16:26 - 2012-12-07 04:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-04-15 16:26 - 2012-12-07 04:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-04-15 16:26 - 2012-12-07 04:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-04-15 16:26 - 2012-12-07 04:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-04-15 16:26 - 2012-12-07 04:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-04-15 16:26 - 2012-12-07 04:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-04-15 16:26 - 2012-12-07 04:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-04-15 16:26 - 2012-12-07 04:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-04-15 16:26 - 2012-12-07 04:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-04-15 16:26 - 2012-12-07 04:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-04-15 16:26 - 2012-12-07 03:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-04-15 16:26 - 2012-11-21 22:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-04-15 16:26 - 2012-11-21 21:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-04-15 16:25 - 2012-11-29 22:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-04-15 16:25 - 2012-11-29 22:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-04-15 16:25 - 2012-11-29 22:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-04-15 16:25 - 2012-11-29 22:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-04-15 16:25 - 2012-11-29 22:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-04-15 16:25 - 2012-11-29 22:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 22:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-04-15 16:25 - 2012-11-29 21:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 21:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 20:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-04-15 16:25 - 2012-11-29 19:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 19:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-04-15 16:25 - 2012-11-29 16:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-04-15 16:25 - 2012-11-29 16:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-04-15 16:25 - 2012-08-10 17:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-04-15 16:25 - 2012-08-10 16:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-04-15 16:24 - 2012-11-22 20:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-04-15 16:24 - 2012-09-25 15:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-04-15 16:24 - 2012-09-25 15:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-04-11 12:56 - 2012-12-16 10:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-04-11 12:56 - 2012-12-16 07:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-04-11 12:56 - 2012-12-16 07:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-04-11 12:56 - 2012-12-16 07:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-04-11 12:56 - 2012-07-25 20:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-04-11 12:56 - 2012-07-25 20:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-04-11 12:56 - 2012-07-25 20:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-04-11 12:56 - 2012-07-25 20:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-04-11 12:56 - 2012-07-25 20:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-04-11 12:56 - 2012-07-25 19:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-04-11 12:56 - 2012-07-25 19:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-04-11 12:56 - 2012-06-02 07:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-03-27 17:36 - 2012-11-08 22:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-03-27 17:31 - 2013-04-24 00:49 - 580067931 ____A C:\Windows\MEMORY.DMP
2013-03-27 17:31 - 2013-04-24 00:49 - 00000000 ____D C:\Windows\Minidump
2013-03-27 17:31 - 2013-03-27 17:31 - 00274912 ____A C:\Windows\Minidump\032713-35724-01.dmp
2013-03-27 16:50 - 2013-03-27 16:50 - 00002071 ____A C:\Users\Public\Desktop\Norton PC Checkup 3.0.lnk

==================== One Month Modified Files and Folders =======

2013-04-24 10:54 - 2013-04-24 10:54 - 00000000 ____D C:\FRST
2013-04-24 10:53 - 2013-04-24 10:53 - 01708114 ____A (Farbar) C:\Users\Amy\Downloads\FRST64.exe
2013-04-24 07:11 - 2013-04-24 07:11 - 00014115 ____A C:\Users\Amy\Desktop\dds.txt
2013-04-24 07:11 - 2013-04-24 07:11 - 00011651 ____A C:\Users\Amy\Desktop\attach.txt
2013-04-24 07:02 - 2013-04-24 07:02 - 00688992 ____R (Swearware) C:\Users\Amy\Downloads\dds.com
2013-04-24 05:45 - 2010-01-05 03:00 - 01253988 ____A C:\Windows\WindowsUpdate.log
2013-04-24 05:42 - 2009-07-13 21:45 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-24 05:42 - 2009-07-13 21:45 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-24 05:35 - 2012-09-01 15:15 - 00000320 ____A C:\Windows\Tasks\GlaryInitialize.job
2013-04-24 05:34 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-24 05:34 - 2009-07-13 21:51 - 00022931 ____A C:\Windows\setupact.log
2013-04-24 01:36 - 2012-09-01 11:13 - 00007848 ____A C:\Windows\PFRO.log
2013-04-24 01:27 - 2013-04-24 01:27 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-24 01:27 - 2013-04-24 01:27 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Malwarebytes
2013-04-24 01:27 - 2013-04-24 01:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-24 01:25 - 2013-04-24 01:25 - 10284816 ____A (Malwarebytes Corporation ) C:\Users\Amy\Downloads\mbam-setup.exe
2013-04-24 01:00 - 2012-09-01 15:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-24 00:49 - 2013-04-24 00:49 - 00274912 ____A C:\Windows\Minidump\042413-33134-01.dmp
2013-04-24 00:49 - 2013-03-27 17:31 - 580067931 ____A C:\Windows\MEMORY.DMP
2013-04-24 00:49 - 2013-03-27 17:31 - 00000000 ____D C:\Windows\Minidump
2013-04-23 17:29 - 2013-04-23 17:29 - 00000032 ____A C:\Users\Amy\Downloads\textplain_2.txt
2013-04-23 15:29 - 2013-04-22 02:42 - 00000000 ____D C:\users\Susie
2013-04-23 15:29 - 2012-09-01 09:47 - 00000000 ____D C:\users\Amy
2013-04-23 15:28 - 2012-09-01 15:15 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2013-04-23 15:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2013-04-23 15:24 - 2012-09-21 12:29 - 00000000 ____D C:\Users\Amy\AppData\Local\Google
2013-04-23 12:39 - 2013-04-23 12:28 - 00000000 ____D C:\Program Files (x86)\Google
2013-04-23 12:34 - 2013-04-23 12:34 - 04126720 ____A C:\Program Files (x86)\GUTD57B.tmp
2013-04-23 12:33 - 2013-04-23 12:33 - 00000000 ____D C:\Users\Susie\AppData\Local\Google
2013-04-22 06:02 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\NDF
2013-04-22 03:29 - 2013-04-22 03:29 - 00000000 ____A C:\Users\Susie\3782111.dll
2013-04-22 02:48 - 2013-04-22 02:48 - 00000000 ____D C:\Users\Susie\AppData\Roaming\Macromedia
2013-04-22 02:48 - 2013-04-22 02:48 - 00000000 ____D C:\Users\Susie\AppData\Roaming\Adobe
2013-04-22 02:43 - 2013-04-22 02:43 - 00058016 ____A C:\Users\Susie\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-22 02:43 - 2013-04-22 02:43 - 00000000 ____D C:\Users\Susie\AppData\Roaming\Apple Computer
2013-04-22 02:43 - 2013-04-22 02:43 - 00000000 ____D C:\Users\Susie\AppData\Local\VirtualStore
2013-04-22 02:42 - 2013-04-22 02:42 - 00000020 ___SH C:\Users\Susie\ntuser.ini
2013-04-19 08:38 - 2009-07-13 22:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-18 21:00 - 2012-09-03 17:23 - 00000000 ____D C:\Users\Amy\AppData\Local\Microsoft Games
2013-04-18 19:24 - 2013-04-18 19:24 - 00003162 ____A C:\Users\Amy\Desktop\Ron Roofing - Shortcut.lnk
2013-04-18 19:24 - 2012-09-21 12:31 - 00000000 ____D C:\Users\Amy\.gimp-2.4
2013-04-18 19:23 - 2013-04-18 19:23 - 00000845 ____A C:\Users\Amy\.recently-used.xbel
2013-04-18 19:23 - 2013-04-18 19:23 - 00000000 ____D C:\Users\Amy\.thumbnails
2013-04-18 16:14 - 2013-04-18 16:14 - 00000000 ____D C:\Users\Amy\AppData\Local\Adobe
2013-04-18 16:14 - 2012-09-01 15:27 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Adobe
2013-04-18 16:13 - 2013-04-18 16:13 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-04-18 16:13 - 2013-04-18 16:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-04-18 11:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-04-17 09:02 - 2013-04-17 09:02 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-04-16 06:11 - 2012-09-01 10:34 - 00058016 ____A C:\Users\Amy\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-16 06:05 - 2009-07-13 21:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-16 01:39 - 2013-04-16 01:39 - 00000129 ____A C:\Windows\System32\MRT.INI
2013-04-15 16:08 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-04-11 15:16 - 2012-09-01 20:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-04-11 15:16 - 2012-09-01 20:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-04-11 12:59 - 2012-09-01 14:59 - 00001945 ____A C:\Windows\epplauncher.mif
2013-04-11 12:58 - 2012-09-01 14:55 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-04-11 12:58 - 2012-09-01 14:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-04-10 17:39 - 2009-07-13 20:20 - 00000000 __RSD C:\Windows\Media
2013-04-10 17:38 - 2012-09-21 10:33 - 00000000 ____D C:\Users\Amy\AppData\Local\PC_Drivers_Headquarters
2013-04-10 17:38 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2013-04-10 17:38 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-04-04 14:50 - 2013-04-24 01:27 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-02 03:34 - 2012-09-01 11:04 - 00282744 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-01 19:58 - 2012-09-01 11:35 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-03-27 17:31 - 2013-03-27 17:31 - 00274912 ____A C:\Windows\Minidump\032713-35724-01.dmp
2013-03-27 17:01 - 2012-09-01 15:26 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-03-27 17:01 - 2012-09-01 15:26 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-03-27 16:50 - 2013-03-27 16:50 - 00002071 ____A C:\Users\Public\Desktop\Norton PC Checkup 3.0.lnk
2013-03-27 16:49 - 2012-09-30 22:03 - 00000000 ____D C:\Program Files (x86)\Norton PC Checkup 3.0

Other Malware:
===========
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.
==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!


Last Boot: 2013-04-15 21:39

==================== End Of Log ============================

Attached Files


Edited by SueRon57, 24 April 2013 - 02:06 PM.


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:06 PM

Posted 24 April 2013 - 02:33 PM

We see the partition bootkit on the log. We will fix it the next post. Do you have a Windows installation CD or a boot CD just in case we needed it?



#7 SueRon57

SueRon57
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lancaster Ca
  • Local time:05:06 AM

Posted 24 April 2013 - 04:44 PM

Hi, I do not have a Windows installation disk or a boot disk. I bought this laptop at a repair shop. So what do I need to do? Thanks, Susan

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:06 PM

Posted 24 April 2013 - 05:01 PM

Do you have access to another computer with Windows 7 in case we needed it?

 

If not please follow the steps to Create a Windows 7 System Repair Disc

 

That is just a precaution to be able to boot to the recovery mode in case we needed it. It is in any case good to have it even if we don't use it at all. Some malware prevent the system from booting to recovery mode from Windows.

 

After that please run the following tool, if it detected Pihar.C select Cure and let the computer reboot.

 

Please download TDSSKiller.zip and and extract it.

  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

FYI: It is too late here as we are in different time zones. I will see your reply tomorrow.



#9 SueRon57

SueRon57
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lancaster Ca
  • Local time:05:06 AM

Posted 24 April 2013 - 05:03 PM

Yes I do

#10 SueRon57

SueRon57
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lancaster Ca
  • Local time:05:06 AM

Posted 24 April 2013 - 05:50 PM

Ok I ran the TDSSKiller and it found Pihar.C I slected cure and my computer rebooted when it restarted it said do not turn off computer as it is installing up dates after a minute it said updades failed the it said windows is reverting back to previous settings. then it stared and I was on my desktopscan ran again and said no detections found. I am attaching both reports. Thank you, Susan

Attached Files



#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:06 PM

Posted 25 April 2013 - 01:01 AM

Well done Susan. The main infection is taken care of.

 

  • Turn off Windows automatic updates as it might lead to unexpected results at this stage:
    • Go to start > All Programs > Windows Update.
    • In the left pane select "Change Settings".
    • In the right pane check "Never Check for Updates"
    • Click OK.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it in the same directory the FRST tool is located as fixlist.txt

    start
    C:\Windows\svchost.exe
    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=111442&tt=120912_cpc_3812_5&babsrc=SP_ss&mntrId=f68497640000000000004c0f6e14aeb2
    SearchScopes: HKCU - {438C5212-0607-4F59-9D91-BEDE02A82F01} URL = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=FM&apn_dtid=PFM010YYUS&apn_uid=3c0c4046-b1d9-41e2-af28-bed7885f1d48&apn_sauid=1F782EDE-344C-4A7F-93F4-550B070B696D
    SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    2013-04-22 03:29 - 2013-04-22 03:29 - 00000000 ____A C:\Users\Susie\3782111.dll
    end

    Run FRST and press the Fix button just once and wait.
    The tool will make a log (Fixlog.txt) please post it to your reply.

     

  • Please download AdwCleaner and save it to your desktop.
    • Close all open programs.
    • Double click on AdwCleaner.exe to run it.
    • Click on Delete and confirm the prompt.
    • After it is finished the computer will be restarted. A text file will open after the restart.
    • Please post the content of that log to your reply.
    • A copy of the log will be saved at C:\AdwCleaner[S1].txt.

 



#12 SueRon57

SueRon57
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lancaster Ca
  • Local time:05:06 AM

Posted 25 April 2013 - 01:55 AM

Hi, I believe I have done what you asked. :clapping: Here are the logs. Thank you, Susan

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2013
Ran by Amy at 2013-04-24 23:40:15 Run:1
Running from C:\Users\Amy\Downloads
Boot Mode: Normal
==============================================

C:\Windows\svchost.exe not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms} not found.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms} not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{438C5212-0607-4F59-9D91-BEDE02A82F01} URL = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=kw&q={searchTerms} not found.
HKCR\CLSID\{438C5212-0607-4F59-9D91-BEDE02A82F01} URL = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=kw&q={searchTerms} not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully.
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} not found.
C:\Users\Susie\3782111.dll moved successfully.

==== End of Fixlog ====

 

 

# AdwCleaner v2.202 - Logfile created 04/24/2013 at 23:47:07
# Updated 23/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Amy - AMY-PC
# Boot Mode : Normal
# Running from : C:\Users\Amy\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager
File Deleted : C:\user.js
File Deleted : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Amy\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Amy\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Amy\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\Susie\AppData\LocalLow\BabylonToolbar

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261125~1.80\{16cdf~1\browse~1.dll
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011301126}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\d0d6ddbd3bea45
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003026.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003026.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003026.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003026.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044304426}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011301126}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011301126}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022302226}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055305526}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066306626}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\d0d6ddbd3bea45
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011301126}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011301126}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011301126}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055305526}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066306626}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=111442&tt=120912_cpc_3812_5&babsrc=NT_ss&mntrId=f68497640000000000004c0f6e14aeb2 --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5097 octets] - [24/04/2013 23:47:07]

########## EOF - C:\AdwCleaner[S1].txt - [5157 octets] ##########



#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:06 PM

Posted 25 April 2013 - 05:48 AM

Looks good.

 

 

 

  •  

    This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/

    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar or any other program uncheck the box next to it.
    • Run CCleaner. Under Application tab all the boxes should be checked except any option to remove saved passwords.
    • Click Run Cleaner.
    • Close CCleaner.
  • Let's set the Windows update:
    • Go to start > All Programs > Windows Update.
    • In the left pane select "Change Settings".
    • In the right pane check "Check for updates but let me choose..."
    • Click OK.
    • After that let Windows search for updates and install all the important updates and let me know how it went.

     

     

 



#14 SueRon57

SueRon57
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lancaster Ca
  • Local time:05:06 AM

Posted 25 April 2013 - 10:02 AM

Hi I have finished everything you asked me to do and it appears my computer is running correctly. I have just a couple of questions if I may.

 

The things below are things I do not understand so I am not sure what to do. If you could advise me that would be most helpful. Thank you so much for all your help in removing the infected Trojan from my laptop. I have spent the last day reading all the information on preventing spyware, Trojans, virus, and malware that is posted on your website and now have a greater understanding and hope to protect my computer and prevent these infections. You were great with your instructions to me and made it easy for me to follow and fix my problem. Ok the questions I have:

 

Action center: Under Maintenance: Red Bar Inside it says Insert removable media (important)
      Windows backup needs a CD\DVD or USB drive to continue.  Then gray bar More Information

      Yellow Bar Inside it says Solve a problem with Windows
      Windows has stopped working 1 time(s), last occurring on 4/23/2013 12:37 PM.
      To solve this problem, follow the update instructions. Then grey bar: View message details

The first message in Action center has been there since I bought this laptop. The second also gives me the option to archive this message.

 

Also a pop up on my task bar keeps coming up every time I start my computer is has the blue and yellow shield and it is asking jucheck.exe is
requesting your permission. What is this and do I allow it? if not how do I make it go away? This has been doing this since I bought my laptop.

 

Susan



#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:06 PM

Posted 25 April 2013 - 12:03 PM

Windows backup needs a CD\DVD or USB drive to continue.  Then gray bar More Information

This is a Windows backup action which is initialized but not finished.  To remove it go to Start => Control Panel => Action Center  => under "Set up backup" select: Turn off message about Windows Backup

 

The second action you may archive or delete. It is a malfunction from the time the system was infected.

 

The juckeck.exe should be related to Java update. Please do the following:

 

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
You may download both x32 and x64 versions of Java from http://www.java.com/en/download/manual.jsp

Uninstall the following older Java

Java 7 Update 6

Then install the downloaded Java versions.

 

Please tell me how it went.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users