Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan horse generic29.ajge


  • This topic is locked This topic is locked
6 replies to this topic

#1 squaremile

squaremile

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 21 May 2013 - 09:01 PM

Hello, I am new to this site and I have been infected with trojan horse generic29.ajge. I have looked through the forums and scanned with FRST64. See log attachedAttached File  log.txt   54.75KB   0 downloads. Any chance someone can help me create a fix file for this?

 

Thank you so much in advance! I have found these forums to be very informative.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2013 02
Ran by Will (administrator) on 21-05-2013 18:41:59
Running from C:\Users\Will\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(ClearwireCM) C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe
(SmithMicro Inc.) C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe
(SmithMicro Inc.) C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe
(Farbar) C:\Users\Will\Downloads\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2013-02-02] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2013-02-02] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2013-02-02] (Lenovo)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19662744 2013-04-16] (Google)
HKCU\...\Run: [ROC_ROC_APR2013_AV] C:\Users\Will\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid e1a52d94b70247d39e97d16aab1abf17-57907a6a0ad545eac6a30f28d1006168cc77dc29 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 [x]
HKCU\...\Run: [Google Update] "C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-05-06] (Google Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3186488514-1432718719-3201214136-1000\$39e016852a4af64304d9f5cd800bf0c8\n. ATTENTION! ====> ZeroAccess
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro)
HKLM-x32\...\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [152896 2012-06-25] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2012-01-26] (Lenovo, Inc.)
HKLM-x32\...\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [LockKey] C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [Clearwire Connection Manager] "C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" -a [54608 2010-05-25] (ClearwireCM)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 64.13.115.12 75.94.255.12

FireFox:
========
FF ProfilePath: C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\yw8xidk3.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
R3 CACLEARWIRE; C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [124240 2010-05-25] (SmithMicro Inc.)
S3 clearwireDeviceDiagnosticsService; C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [399872 2010-04-19] ()
R3 CLEARWIRERcAppSvc; C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [120144 2010-05-25] (SmithMicro Inc.)
R2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-17] (Conexant Systems Inc.)
S4 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 SMSI Device Launch Service; C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [107856 2010-05-25] ()

==================== Drivers (Whitelisted) ====================

R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2811904 2012-05-31] (Qualcomm Atheros Communications, Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)
R3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [359040 2010-03-26] (Beceem communications pvt ltd.)
R3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [62976 2010-03-26] (Beceem communications pvt ltd.)
S4 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-10] (Lenovo)
S4 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-05-25] (Smith Micro Inc.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation)
U3 BcmSqlStartupSvc;
R1 BPntDrv; system32\drivers\BPntDrv.sys [x]
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
R0 fbfmon; system32\drivers\fbfmon.sys [x]
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-21 18:41 - 2013-05-21 18:41 - 00000000 ____D C:\FRST
2013-05-21 18:38 - 2013-05-21 18:38 - 01878328 ____A (Farbar) C:\Users\Will\Downloads\FRST64.exe
2013-05-21 16:18 - 2013-05-21 16:18 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-21 16:18 - 2013-05-21 16:18 - 00000000 ____D C:\Users\Will\AppData\Roaming\Malwarebytes
2013-05-21 16:18 - 2013-05-21 16:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-21 16:18 - 2013-05-21 16:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-21 16:18 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-21 16:17 - 2013-05-21 16:18 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Will\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-18 09:12 - 2013-04-04 23:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-18 09:12 - 2013-04-04 23:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-18 09:12 - 2013-04-04 23:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-18 09:12 - 2013-04-04 23:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-18 09:12 - 2013-04-04 23:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-18 09:12 - 2013-04-04 23:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-18 09:12 - 2013-04-04 23:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-18 09:12 - 2013-04-04 23:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-18 09:12 - 2013-04-04 23:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-18 09:12 - 2013-04-04 22:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-18 09:12 - 2013-04-04 22:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-18 09:12 - 2013-04-04 22:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-18 09:12 - 2013-04-04 22:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-18 09:12 - 2013-04-04 22:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-18 09:12 - 2013-04-04 22:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-18 09:12 - 2013-04-04 22:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-18 09:12 - 2013-04-04 22:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-18 09:12 - 2013-04-04 21:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-18 09:12 - 2013-04-04 21:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-18 09:12 - 2013-04-04 20:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-18 09:12 - 2013-04-04 20:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-18 09:11 - 2013-04-04 23:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-18 09:11 - 2013-04-04 23:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-18 09:11 - 2013-04-04 23:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-18 09:11 - 2013-04-04 23:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-18 09:11 - 2013-04-04 23:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-18 09:11 - 2013-04-04 22:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-18 09:11 - 2013-04-04 22:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-18 09:11 - 2013-04-04 22:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-18 09:11 - 2013-04-04 22:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-18 09:11 - 2013-04-04 22:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 23:26 - 2013-05-16 23:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-15 08:40 - 2013-04-09 23:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 08:40 - 2013-04-09 23:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 08:40 - 2013-04-09 20:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 08:40 - 2013-03-18 22:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 08:40 - 2013-03-18 22:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 08:40 - 2013-02-26 23:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 08:40 - 2013-02-26 22:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 08:40 - 2013-02-26 22:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 08:40 - 2013-02-26 22:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 08:40 - 2013-02-26 22:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 08:40 - 2013-02-26 21:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 08:40 - 2013-02-26 21:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 08:40 - 2013-02-26 21:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 08:40 - 2011-02-03 04:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 15:51 - 2013-05-14 15:51 - 09195912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-13 09:32 - 2013-05-13 09:35 - 00046080 ____A C:\Users\Will\Downloads\UnivPortlandClientDataSpreadsheet - KF CH (with OSWD codes).xls
2013-05-13 08:58 - 2013-05-13 09:31 - 00028560 ____A C:\Users\Will\Documents\UnivPortlandClientDataSpreadsheet - KF CH (with OSWD codes).ods
2013-05-08 08:34 - 2013-05-08 08:34 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-08 08:34 - 2013-05-08 08:34 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-08 08:34 - 2013-05-08 08:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-08 08:34 - 2013-05-08 08:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-08 08:34 - 2013-05-08 08:34 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-08 08:34 - 2013-05-08 08:34 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-08 08:34 - 2013-05-08 08:34 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-08 08:34 - 2013-05-08 08:34 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-08 08:34 - 2013-05-08 08:34 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-05-08 08:33 - 2013-05-08 08:33 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-07 23:26 - 2013-05-07 23:26 - 00002759 ____A C:\Users\Will\AppData\Local\recently-used.xbel
2013-05-06 13:35 - 2013-05-21 18:40 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3186488514-1432718719-3201214136-1000UA.job
2013-05-06 13:35 - 2013-05-21 13:40 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3186488514-1432718719-3201214136-1000Core.job
2013-05-06 12:52 - 2013-05-09 11:51 - 00000000 __SHD C:\Users\Will\Documents\cache
2013-05-06 12:52 - 2013-05-09 09:57 - 00000000 ____D C:\Users\Will\AppData\Roaming\webex
2013-05-06 12:52 - 2013-05-06 12:52 - 00000000 ____D C:\ProgramData\WebEx
2013-05-03 15:25 - 2013-05-03 15:25 - 00000000 ____D C:\Users\Will\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files
2013-04-28 10:25 - 2013-04-28 10:25 - 00002243 ____A C:\Users\Will\Desktop\Free Audio Converter.lnk
2013-04-28 10:25 - 2013-04-28 10:25 - 00000000 ____D C:\Users\Will\AppData\Roaming\DVDVideoSoft
2013-04-28 10:25 - 2013-04-28 10:25 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-04-25 23:26 - 2013-04-25 23:26 - 00000000 ____D C:\Users\Will\AppData\Roaming\Apple Computer
2013-04-24 08:41 - 2013-04-12 07:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2013-05-21 18:41 - 2013-05-21 18:41 - 00000550 ____A C:\Users\Will\Downloads\fixlist.txt
2013-05-21 18:41 - 2013-05-21 18:41 - 00000000 ____D C:\FRST
2013-05-21 18:40 - 2013-05-06 13:35 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3186488514-1432718719-3201214136-1000UA.job
2013-05-21 18:38 - 2013-05-21 18:38 - 01878328 ____A (Farbar) C:\Users\Will\Downloads\FRST64.exe
2013-05-21 18:36 - 2013-04-12 18:32 - 01762041 ____A C:\Windows\WindowsUpdate.log
2013-05-21 18:35 - 2013-02-27 10:04 - 00000000 ____D C:\ProgramData\MFAData
2013-05-21 18:35 - 2009-07-13 22:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-21 18:32 - 2013-02-08 09:40 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-21 18:32 - 2013-02-07 22:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-21 16:18 - 2013-05-21 16:18 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-21 16:18 - 2013-05-21 16:18 - 00000000 ____D C:\Users\Will\AppData\Roaming\Malwarebytes
2013-05-21 16:18 - 2013-05-21 16:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-21 16:18 - 2013-05-21 16:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-21 16:18 - 2013-05-21 16:17 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Will\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-21 16:09 - 2009-07-13 21:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-21 16:09 - 2009-07-13 21:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-21 16:04 - 2013-02-02 00:40 - 00801976 ____A C:\Windows\System32\fastboot.set
2013-05-21 16:03 - 2013-02-08 09:42 - 00000000 ___SD C:\Users\Will\Google Drive
2013-05-21 16:03 - 2013-02-08 09:40 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-21 16:02 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-21 16:01 - 2013-02-07 21:32 - 00000000 ____D C:\users\Will
2013-05-21 16:01 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-05-21 16:00 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2013-05-21 13:40 - 2013-05-06 13:35 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3186488514-1432718719-3201214136-1000Core.job
2013-05-19 23:28 - 2013-02-08 12:48 - 00000000 ____D C:\Users\Will\AppData\Roaming\uTorrent
2013-05-19 23:28 - 2011-02-24 10:03 - 00000000 ____D C:\Windows\Panther
2013-05-18 18:50 - 2009-07-13 21:45 - 00309208 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-18 18:49 - 2013-02-07 22:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-18 09:16 - 2013-02-09 23:52 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-16 23:26 - 2013-05-16 23:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-15 17:17 - 2013-03-03 16:59 - 00000000 ____D C:\Users\Will\AppData\Roaming\Skype
2013-05-14 15:51 - 2013-05-14 15:51 - 09195912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-14 15:51 - 2013-02-07 22:37 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 15:51 - 2013-02-07 22:37 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-12 19:40 - 2013-02-07 22:05 - 00000000 ____D C:\Users\Will\AppData\Local\Google
2013-05-10 22:31 - 2013-02-08 15:46 - 00000000 ____D C:\Users\Will\AppData\Roaming\inkscape
2013-05-09 11:51 - 2013-05-06 12:52 - 00000000 __SHD C:\Users\Will\Documents\cache
2013-05-09 09:57 - 2013-05-06 12:52 - 00000000 ____D C:\Users\Will\AppData\Roaming\webex
2013-05-08 12:52 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-05-08 12:52 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-05-08 12:52 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-08 12:52 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-08 12:52 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-05-08 08:34 - 2013-05-08 08:34 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-08 08:34 - 2013-05-08 08:34 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-08 08:34 - 2013-05-08 08:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-08 08:34 - 2013-05-08 08:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-08 08:34 - 2013-05-08 08:34 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-08 08:34 - 2013-05-08 08:34 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-08 08:34 - 2013-05-08 08:34 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-08 08:34 - 2013-05-08 08:34 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-08 08:34 - 2013-05-08 08:34 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-08 08:34 - 2013-05-08 08:34 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-08 08:34 - 2013-05-08 08:34 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-05-08 08:33 - 2013-05-08 08:33 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-08 08:33 - 2013-05-08 08:33 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-07 23:26 - 2013-05-07 23:26 - 00020451 ____A C:\Users\Will\Downloads\threelevelsofemotions.svg
2013-05-07 23:26 - 2013-05-07 23:26 - 00002759 ____A C:\Users\Will\AppData\Local\recently-used.xbel
2013-05-06 12:52 - 2013-05-06 12:52 - 00000000 ____D C:\ProgramData\WebEx
2013-05-06 12:52 - 2013-02-07 22:20 - 00000000 ____D C:\Users\Will\AppData\Roaming\Mozilla
2013-05-03 15:27 - 2013-02-07 23:30 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-05-03 15:25 - 2013-05-03 15:25 - 00000000 ____D C:\Users\Will\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files
2013-04-30 12:03 - 2013-04-24 15:51 - 00017485 ____A C:\Users\Will\Downloads\client preferences evaluation.odt
2013-04-28 10:25 - 2013-04-28 10:25 - 00002243 ____A C:\Users\Will\Desktop\Free Audio Converter.lnk
2013-04-28 10:25 - 2013-04-28 10:25 - 00000000 ____D C:\Users\Will\AppData\Roaming\DVDVideoSoft
2013-04-28 10:25 - 2013-04-28 10:25 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-04-25 23:26 - 2013-04-25 23:26 - 00000000 ____D C:\Users\Will\AppData\Roaming\Apple Computer

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3186488514-1432718719-3201214136-1000\$39e016852a4af64304d9f5cd800bf0c8

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-14 13:18

==================== End Of Log ============================


Edited by squaremile, 21 May 2013 - 09:07 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 AM

Posted 22 May 2013 - 04:48 PM


Hello squaremile

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 squaremile

squaremile
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 23 May 2013 - 11:26 AM

Problem solved, thank you!



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 AM

Posted 23 May 2013 - 01:38 PM

That is only step one - can you send me the reports


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 squaremile

squaremile
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 23 May 2013 - 03:38 PM

I actually took a fixlist.txt file from some previous posts on this while waiting for a reply, modified it based on my log and it worked! So thank you for the help, and if it is not cleared, or comes back, I will be back. This is a great forum and resource.



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 AM

Posted 23 May 2013 - 05:48 PM

Very Dangerous but OK thanks for letting me know




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 AM

Posted 26 May 2013 - 12:29 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users