Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Department of Justice virus


  • Please log in to reply
21 replies to this topic

#1 gnomeaddict

gnomeaddict

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 17 July 2013 - 07:31 PM

Today while I was on my computer, I got the department of justice virus that I know a lot of people have gotten. However, after reseaching and testing various "solutions" to getting rid of this virus, none have proved successful. I have tried downloading antivirus software such as the Norton power eraser and Hitman pro. I have also tried using the "repair my computer" function after restarting my computer but it only comes up as a blank screen. Command prompts also failer to fix my problem. As I stated before, all of these tricks, along with a few others that I have tried, haven't fixed my problem. I'm hoping that someone on this forum has the answer that I might have missed. Also, I'm new to this forum, so if I posted this in the wrong spot or if I'm doing something wrong, please tell me. Thanks!

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,680 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:04 PM

Posted 17 July 2013 - 08:13 PM

I'll report this topic to appropriate helpers.

Hold on there....


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:04 PM

Posted 17 July 2013 - 08:29 PM

Hi and :welcome:

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:04 PM

Posted 17 July 2013 - 08:34 PM

Hello, just letting you know I moved this topic o here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 gnomeaddict

gnomeaddict
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 17 July 2013 - 08:45 PM

Thanks for the help but I was just wondering. The last time I tried to access "repair your computer" nothing happened. Will the usb fix this? Also, can I replace the usb flashdrive wish an external hard drive?

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:04 PM

Posted 17 July 2013 - 08:59 PM

Yes. An external drive will do as long as it is detected in the Repair Console.

 

If you are not able to reach the Command prompt throughout the Repair My Computer option in the Advanced menu, I would suggest, that if you have access to a Windows 7 Computer, running the same version, whether 32 or 64 bit, create a Recovery CD as follows:

 

 

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.
 

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe
  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-

WTSRD1.gif
 

  • Put a blank rewritable  CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-

WTSRD2.gif
 

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.

 

 

With this disk you may be able to reach the external drive and run FRST.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 gnomeaddict

gnomeaddict
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 18 July 2013 - 05:58 AM

When I try to download the farbar recovery tool, my computer says that it may harm the computer, and won't let me finish the download. What should I do?



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:04 PM

Posted 18 July 2013 - 08:25 AM

If the page you are downloading from is BleepingComputer, turn Off your security and allow the file to be downloaded.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 gnomeaddict

gnomeaddict
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 18 July 2013 - 11:41 AM

These are my results-

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Evan J. Vincent (administrator) on 18-07-2013 12:31:16
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Sunbelt Software) C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
(Sunbelt Software) C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-07-21] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Winlogon: [Shell] C:\Users\Evan J. Vincent\AppData\Roaming\Microsoft\Windows\Templates\DisplaySwitch.exe [x ] () <=== ATTENTION
HKCU\...\Run: [WebCake Desktop] - C:\Users\Evan J. Vincent\AppData\Roaming\WebCake\WebCakeDesktop.exe [47896 2013-06-20] (WebCake LLC)
HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [183800 2013-06-09] (PC Utilities Pro)
HKCU\...\Run: [BackupAgent] -  [x]
HKCU\...\Run: [SearchProtect] - C:\Users\Evan J. Vincent\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-08] (Conduit)
HKCU\...\Policies\system: [WallpaperStyle] 2
MountPoints2: {4041a59a-f171-11de-8ddf-00269e99a871} - F:\VZAccess_Manager.exe /z detect
MountPoints2: {4041a5a4-f171-11de-8ddf-00269e99a871} - F:\VZAccess_Manager.exe /z detect
MountPoints2: {632c881e-9155-11de-81da-806e6f6e6963} - E:\Installer.exe
HKLM-x32\...\Run: [HPCam_Menu] - "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] - "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FlyMonitor] - "C:\Program Files (x86)\Leapfrog\FlyWorld\bin\FlyMonitor.exe" [664904 2008-05-13] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [YWxuQkarbaeSd.exe] - C:\ProgramData\YWxuQkarbaeSd.exe [x]
HKLM-x32\...\Run: [SBAMTray] - "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [1357136 2011-09-06] (Sunbelt Software)
HKLM-x32\...\Run: [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-08] (Conduit)
HKLM-x32\...\Run: [SMessaging] - "C:\Users\Evan J. Vincent\AppData\Local\Strongvault Online Backup\SMessaging.exe" [31664 2012-04-04] (Stronghold Online Backup)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [1541584 2013-06-06] (APN)
HKLM-x32\...\Run: [DisplaySwitch] - "C:\Users\Evan J. Vincent\AppData\Roaming\Microsoft\Windows\Templates\DisplaySwitch.exe" [102912 2013-07-17] ()
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll [1651696 2013-06-21] ()
Startup: C:\Users\Evan J. Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
URLSearchHook: (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} -  No File
URLSearchHook: (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -  No File
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: (No Name) - {739df940-c5ee-4bab-9d7e-270894ae687a} -  No File
StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {22348997-7FD7-4759-AB9D-EB2B7A365617} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {22348997-7FD7-4759-AB9D-EB2B7A365617} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {9ED099E6-2E35-4999-A5B5-3EF40F2B9F59} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {22348997-7FD7-4759-AB9D-EB2B7A365617} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {9ED099E6-2E35-4999-A5B5-3EF40F2B9F59} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN22587009842095213&UM=2
SearchScopes: HKCU - {0809851D-6B6B-49C8-93A3-D43B32E2A276} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {22348997-7FD7-4759-AB9D-EB2B7A365617} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {47F1F829-4FEC-464F-B779-D5278DA4AB5D} URL = http://search.conduit.com/Results.aspx?ctid=CT3300025&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {908CE6A0-C003-4074-B489-DD645A0E80CE} URL = http://www.search.ask.com/web?p2=%5EADM%5EOSJ000%5EYY%5EUS&gct=sb&itbv=12.0.1.100&o=APN10614&tpid=ORJ-V7&apn_uid=313BB405-63B8-418E-92E0-B98B2A7ADA0B&apn_ptnrs=ADM&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_8.0.7600.16912&doi=2013-07-09&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {9ED099E6-2E35-4999-A5B5-3EF40F2B9F59} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN22587009842095213&UM=2
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80051&lng=en
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Evan J. Vincent\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: hpBHO Class - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO-x32: Shop to Win 13 - {D071359C-30AD-4645-9B78-7A3283571F25} - C:\Program Files (x86)\Shop to Win 13\Shop to Win 13.dll (Shop To Win, LLC)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKCU - No Name - {739DF940-C5EE-4BAB-9D7E-270894AE687A} -  No File
Toolbar: HKCU - No Name - {4F524A2D-5637-006A-76A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

==================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [169632 2013-06-06] (APN LLC.)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [97056 2013-05-08] (Conduit)
S2 DefaultTabUpdate; C:\Users\Evan J. Vincent\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-07-08] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 SBAMSvc; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2804280 2011-09-06] (Sunbelt Software)
R2 SBPIMSvc; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [181584 2011-09-06] (Sunbelt Software)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
S2 WebCake Desktop Updater; "C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe" "C:\Users\Evan J. Vincent\AppData\Roaming\WebCake\WebCakeDesktop.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [13408 2010-06-21] ()
S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [13408 2010-06-21] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-07-17] ()
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213120 2008-05-09] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213120 2008-05-09] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213120 2008-05-09] (Novatel Wireless Inc.)
S2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [71256 2011-08-29] (Sunbelt Software)
R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-08-29] (Sunbelt Software)
S1 SbTis; C:\Windows\System32\drivers\sbtis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)
S3 SMSIVZAM5X64; C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [43032 2009-03-20] (Smith Micro Inc.)
S3 SMSIVZAM5X64; C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [43032 2009-03-20] (Smith Micro Inc.)
U4 eabfiltr;
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-18 12:30 - 2013-07-18 12:30 - 00000000 ____D C:\FRST
2013-07-17 19:13 - 2013-07-17 19:13 - 00032000 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-07-17 19:12 - 2013-07-17 19:12 - 00034586 _____ C:\Windows\system32\.crusader
2013-07-17 19:05 - 2013-07-17 19:12 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-17 14:26 - 2013-07-17 14:26 - 02986440 _____ (Symantec Corporation) C:\Users\Evan J. Vincent\Downloads\NPE (1).exe
2013-07-17 14:07 - 2013-07-17 14:33 - 00000000 ____D C:\Users\EVANJ~1.VIN\AppData\Local\NPE
2013-07-17 14:06 - 2013-07-17 14:06 - 02986440 _____ (Symantec Corporation) C:\Users\Evan J. Vincent\Downloads\NPE.exe
2013-07-17 13:28 - 2013-07-17 13:28 - 499039875 _____ C:\Windows\MEMORY.DMP
2013-07-17 13:28 - 2013-07-17 13:28 - 00277672 _____ C:\Windows\Minidump\071713-30404-01.dmp
2013-07-17 13:28 - 2013-07-17 13:28 - 00000000 ____D C:\Windows\Minidump
2013-07-14 13:24 - 2013-07-14 13:30 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-07-14 13:23 - 2013-07-14 13:23 - 00000000 ____D C:\ProgramData\Battle.net
2013-07-12 18:50 - 2013-07-12 20:09 - 00000372 _____ C:\Windows\Tasks\HPCeeScheduleForEvan J. Vincent.job
2013-07-12 18:50 - 2013-07-12 18:50 - 00003246 _____ C:\Windows\System32\Tasks\HPCeeScheduleForEvan J. Vincent
2013-07-12 18:45 - 2013-07-12 18:45 - 00002185 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2013-07-12 18:41 - 2013-07-12 18:42 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-07-10 20:38 - 2013-02-22 02:57 - 17817088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 20:38 - 2013-02-22 02:29 - 10925568 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 20:38 - 2013-02-22 02:27 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 20:38 - 2013-02-22 02:21 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 20:38 - 2013-02-22 02:20 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 20:38 - 2013-02-22 02:19 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-10 20:38 - 2013-02-22 02:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 20:38 - 2013-02-22 02:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 20:38 - 2013-02-22 02:15 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 20:38 - 2013-02-22 02:15 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-10 20:38 - 2013-02-22 02:15 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-10 20:38 - 2013-02-22 02:14 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 20:38 - 2013-02-22 02:13 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 20:38 - 2013-02-22 02:13 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 20:38 - 2013-02-22 02:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 20:38 - 2013-02-22 02:09 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 20:38 - 2013-02-22 00:05 - 12324352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 20:38 - 2013-02-21 23:47 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 20:38 - 2013-02-21 23:46 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 20:38 - 2013-02-21 23:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 20:38 - 2013-02-21 23:38 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 20:38 - 2013-02-21 23:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-10 20:38 - 2013-02-21 23:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-10 20:38 - 2013-02-21 23:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 20:38 - 2013-02-21 23:34 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 20:38 - 2013-02-21 23:34 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-10 20:38 - 2013-02-21 23:34 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-10 20:38 - 2013-02-21 23:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 20:38 - 2013-02-21 23:32 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 20:38 - 2013-02-21 23:31 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 20:38 - 2013-02-21 23:31 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-10 20:38 - 2013-02-21 23:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 17:20 - 2013-02-12 11:42 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-07-10 17:20 - 2013-02-12 11:37 - 03138048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-07-10 17:20 - 2013-02-12 11:31 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-07-10 17:20 - 2013-02-12 11:13 - 02691072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-07-10 17:20 - 2013-02-12 11:07 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-07-10 17:20 - 2013-02-12 09:59 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-07-10 17:20 - 2012-11-09 01:34 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-07-10 17:20 - 2012-11-09 00:49 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-07-10 17:20 - 2012-03-03 02:29 - 01541120 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 17:20 - 2012-03-03 02:29 - 00320512 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-10 17:20 - 2012-03-03 01:40 - 01074176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 17:20 - 2012-03-03 01:40 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-10 17:19 - 2012-11-09 01:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-10 17:19 - 2012-11-09 00:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-07-10 17:19 - 2012-03-03 02:29 - 01837568 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-10 17:19 - 2012-03-03 02:29 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-10 17:19 - 2012-03-03 02:29 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-10 17:19 - 2012-03-03 01:40 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-10 17:19 - 2012-03-03 01:40 - 00739840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-10 17:19 - 2012-03-03 01:40 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-10 17:18 - 2013-04-12 10:36 - 01653096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-07-10 17:18 - 2013-02-28 23:32 - 03150848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 17:18 - 2012-01-04 05:58 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2013-07-10 17:18 - 2012-01-04 05:03 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2013-07-10 17:18 - 2012-01-03 02:24 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2013-07-10 17:18 - 2012-01-03 01:44 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2013-07-10 17:17 - 2013-02-12 10:02 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-07-10 17:17 - 2012-11-02 01:30 - 02001408 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-07-10 17:17 - 2012-08-02 13:55 - 00574464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-10 17:17 - 2012-08-02 13:05 - 00490496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-10 17:17 - 2012-06-09 01:30 - 14165504 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-07-10 17:17 - 2012-06-09 00:46 - 12868608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-07-10 17:17 - 2012-06-02 01:38 - 00152432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-07-10 17:17 - 2012-06-02 01:38 - 00095088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-07-10 17:17 - 2012-06-02 01:37 - 00459216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-07-10 17:17 - 2012-06-02 01:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-07-10 17:17 - 2012-06-02 00:48 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-07-10 17:17 - 2012-06-02 00:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-07-10 17:17 - 2012-06-02 00:42 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-07-10 17:17 - 2012-04-26 01:34 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2013-07-10 17:17 - 2012-04-26 01:34 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2013-07-10 17:17 - 2012-04-26 01:28 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2013-07-10 17:16 - 2012-11-02 01:30 - 01880064 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-07-10 17:16 - 2012-11-02 01:27 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-07-10 17:16 - 2012-11-02 00:50 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-07-10 17:16 - 2012-11-02 00:50 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-07-10 17:16 - 2012-11-02 00:48 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-07-10 17:16 - 2012-05-02 01:32 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2013-07-10 17:15 - 2013-01-04 01:37 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-07-10 17:15 - 2013-01-04 01:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-07-10 17:15 - 2013-01-04 01:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-07-10 17:15 - 2013-01-04 01:36 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-07-10 17:15 - 2013-01-04 01:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-07-10 17:15 - 2013-01-04 01:30 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-07-10 17:15 - 2013-01-04 01:30 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-07-10 17:15 - 2013-01-04 01:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:27 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:27 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:26 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 01:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:51 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-07-10 17:15 - 2013-01-04 00:51 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-07-10 17:15 - 2013-01-04 00:51 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-07-10 17:15 - 2013-01-04 00:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-07-10 17:15 - 2013-01-03 23:19 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-07-10 17:15 - 2013-01-03 22:48 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-07-10 17:15 - 2013-01-03 22:48 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-07-10 17:15 - 2013-01-03 22:48 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-07-10 17:15 - 2013-01-03 22:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-07-10 17:15 - 2013-01-03 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-07-10 17:15 - 2013-01-03 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-07-10 17:15 - 2013-01-03 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-07-10 17:15 - 2013-01-03 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-07-10 17:15 - 2012-11-22 06:32 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-07-10 17:15 - 2012-11-22 05:33 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-07-10 17:15 - 2012-11-20 01:55 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-07-10 17:15 - 2012-11-20 01:10 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-07-10 17:15 - 2012-09-06 13:38 - 00295792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-07-10 17:15 - 2012-08-24 14:05 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-07-10 17:15 - 2012-08-24 13:10 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-07-10 17:14 - 2013-01-04 01:41 - 01893224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-10 17:14 - 2013-01-04 01:40 - 00287576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-07-10 17:14 - 2012-12-07 01:41 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-07-10 17:14 - 2012-12-07 01:35 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-07-10 17:14 - 2012-12-07 01:04 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-07-10 17:14 - 2012-12-07 00:57 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-07-10 17:14 - 2012-12-06 23:45 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-07-10 17:14 - 2012-12-06 23:45 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-07-10 17:14 - 2012-12-06 23:45 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-07-10 17:14 - 2012-12-06 23:45 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-07-10 17:14 - 2012-12-06 23:45 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-07-10 17:14 - 2012-12-06 23:45 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-07-10 17:14 - 2012-12-06 23:45 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-07-10 17:14 - 2012-12-06 23:45 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-07-10 17:14 - 2012-12-06 23:45 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-07-10 17:14 - 2012-12-06 23:45 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-07-10 17:14 - 2012-12-06 23:45 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-07-10 17:14 - 2012-12-06 23:45 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-07-10 17:14 - 2012-12-06 23:45 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-07-10 17:14 - 2012-12-06 23:45 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-07-10 17:14 - 2012-12-06 23:21 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-07-10 17:14 - 2012-12-06 23:21 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-07-10 17:14 - 2012-12-06 23:21 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-07-10 17:14 - 2012-12-06 23:21 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-07-10 17:14 - 2012-12-06 23:21 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-07-10 17:14 - 2012-12-06 23:21 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-07-10 17:14 - 2012-12-06 23:21 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-07-10 17:14 - 2012-12-06 23:21 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-07-10 17:14 - 2012-12-06 23:21 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-07-10 17:14 - 2012-12-06 23:21 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-07-10 17:14 - 2012-12-06 23:21 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-07-10 17:14 - 2012-12-06 23:21 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-07-10 17:14 - 2012-12-06 23:21 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-07-10 17:14 - 2012-12-06 23:21 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-07-10 17:14 - 2012-04-27 23:50 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2013-07-10 17:13 - 2012-11-29 19:21 - 00420032 _____ C:\Windows\SysWOW64\locale.nls
2013-07-10 17:13 - 2012-11-29 19:19 - 00420032 _____ C:\Windows\system32\locale.nls
2013-07-10 17:13 - 2012-08-10 20:53 - 00714752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-07-10 17:13 - 2012-08-10 19:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-07-10 17:13 - 2012-04-07 08:18 - 03213824 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2013-07-10 17:13 - 2012-04-07 07:34 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2013-07-10 17:13 - 2012-03-17 03:55 - 00075632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2013-07-10 17:13 - 2011-12-27 23:59 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-07-10 17:12 - 2012-09-25 18:39 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-07-10 17:12 - 2012-09-25 17:55 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-07-10 17:11 - 2013-03-19 02:19 - 05497688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-10 17:11 - 2013-03-19 01:06 - 03958120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-07-10 17:11 - 2013-03-19 01:06 - 03902312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-07-10 17:11 - 2013-01-24 01:41 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-07-10 17:11 - 2012-07-04 18:04 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-07-10 17:11 - 2012-07-04 18:01 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-07-10 17:11 - 2012-07-04 18:01 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-07-10 17:11 - 2012-07-04 17:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-07-10 17:11 - 2012-07-04 17:23 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-07-10 17:11 - 2012-05-14 01:20 - 00956416 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-07-10 17:11 - 2012-05-05 04:30 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-07-10 17:11 - 2012-05-05 03:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-07-10 17:11 - 2011-12-16 04:42 - 00634368 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2013-07-10 17:11 - 2011-12-16 03:59 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2013-07-10 17:10 - 2013-03-19 01:54 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-07-10 17:10 - 2013-03-19 00:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-07-10 17:10 - 2013-03-18 23:19 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-07-10 17:10 - 2012-02-11 02:29 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-07-10 17:10 - 2012-02-11 02:29 - 00067584 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-07-10 17:09 - 2012-06-02 01:25 - 01462784 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-07-10 17:09 - 2012-06-02 01:25 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-07-10 17:09 - 2012-06-02 01:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-07-10 17:09 - 2012-06-02 00:45 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-07-10 17:09 - 2012-06-02 00:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-07-10 17:09 - 2012-06-02 00:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-07-10 11:55 - 2013-07-17 13:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-10 11:55 - 2013-07-10 11:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-10 10:13 - 2012-02-15 02:27 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2013-07-10 10:13 - 2012-02-15 01:44 - 00826368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2013-07-10 10:13 - 2012-02-15 00:46 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2013-07-09 11:53 - 2013-07-10 11:55 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-09 11:53 - 2013-07-10 11:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-09 11:53 - 2013-07-09 11:53 - 00000000 ____D C:\Windows\system32\Macromed
2013-07-08 23:27 - 2012-07-26 00:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-07-08 23:27 - 2012-07-26 00:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-07-08 23:27 - 2012-07-25 22:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-07-08 23:27 - 2012-06-02 10:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-07-08 23:23 - 2013-07-08 23:23 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-08 23:23 - 2013-07-08 23:23 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-08 23:23 - 2013-07-08 23:23 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-08 23:23 - 2013-07-08 23:23 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-08 23:23 - 2013-07-08 23:23 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-08 23:23 - 2013-07-08 23:23 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-08 23:23 - 2013-07-08 23:23 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-08 23:21 - 2013-07-08 23:24 - 00004069 _____ C:\Windows\IE9_main.log
2013-07-08 23:09 - 2013-07-08 23:09 - 00000000 ____D C:\Windows\system32\EventProviders
2013-07-08 23:08 - 2013-07-10 20:53 - 00000129 _____ C:\Windows\system32\MRT.INI
2013-07-08 23:04 - 2013-07-10 20:50 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-08 23:03 - 2012-12-16 12:52 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-07-08 23:03 - 2012-12-16 10:40 - 00367616 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-07-08 23:03 - 2012-12-16 10:25 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-07-08 23:03 - 2012-12-16 10:25 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-07-08 23:03 - 2012-07-25 23:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-07-08 23:03 - 2012-07-25 23:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-07-08 23:03 - 2012-07-25 23:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-07-08 23:03 - 2012-07-25 23:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-07-08 23:03 - 2012-07-25 22:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-07-08 23:03 - 2012-07-25 22:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-07-08 23:02 - 2012-07-25 23:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-07-08 23:02 - 2012-06-02 10:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-07-08 22:56 - 2013-07-10 20:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-08 22:55 - 2012-03-01 02:54 - 00022896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2013-07-08 22:55 - 2012-03-01 02:40 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-07-08 22:55 - 2012-03-01 02:35 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2013-07-08 22:55 - 2012-03-01 01:45 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-07-08 22:55 - 2012-03-01 01:40 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2013-07-08 22:30 - 2013-07-08 22:30 - 00000000 ____D C:\Users\EVANJ~1.VIN\AppData\Local\AskPartnerNetwork
2013-07-08 22:28 - 2013-07-08 22:28 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-07-08 22:28 - 2013-07-08 22:28 - 00000000 ____D C:\ProgramData\APN
2013-07-08 22:28 - 2013-07-08 22:28 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-07-08 22:25 - 2013-07-08 22:24 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-08 22:25 - 2013-07-08 22:24 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-08 22:25 - 2013-07-08 22:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-08 22:25 - 2013-07-08 22:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-08 22:25 - 2013-07-08 22:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-08 22:24 - 2013-07-08 22:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-08 22:21 - 2013-07-08 22:21 - 00000000 ____D C:\ProgramData\McAfee
2013-07-08 20:50 - 2013-07-17 19:15 - 00000396 _____ C:\Windows\Tasks\AmiUpdXp.job
2013-07-08 20:50 - 2013-07-17 14:16 - 00000000 ____D C:\Users\EVANJ~1.VIN\AppData\Local\Strongvault Online Backup
2013-07-08 20:50 - 2013-07-09 11:46 - 00000000 ____D C:\Users\EVANJ~1.VIN\AppData\Local\Strongvault
2013-07-08 20:50 - 2013-07-09 07:19 - 00000000 ____D C:\ProgramData\Strongvault Online Backup
2013-07-08 20:50 - 2013-07-08 20:50 - 00003436 _____ C:\Windows\System32\Tasks\AmiUpdXp
2013-07-08 20:50 - 2013-07-08 20:50 - 00000009 _____ C:\END
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 ____D C:\Users\EVANJ~1.VIN\AppData\Local\SwvUpdater
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 ____D C:\Users\Evan J. Vincent\AppData\Roaming\SearchProtect
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 ____D C:\Users\Evan J. Vincent\AppData\Roaming\Optimizer Pro
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 ____D C:\Program Files (x86)\Strongvault Online Backup
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-07-08 20:50 - 2013-05-08 02:10 - 00770384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-07-08 20:50 - 2013-05-08 02:10 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-07-08 20:49 - 2013-07-09 12:40 - 00000000 ____D C:\Users\Evan J. Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strongvault Online Backup
2013-07-08 20:49 - 2013-07-08 20:49 - 00000258 __RSH C:\Users\Evan J. Vincent\ntuser.pol
2013-07-08 20:49 - 2013-07-08 20:49 - 00000000 ____D C:\Users\Evan J. Vincent\Documents\My Web Backups
2013-07-08 20:49 - 2013-07-08 20:49 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-07-08 20:48 - 2013-07-17 19:14 - 00000000 ____D C:\Users\Evan J. Vincent\AppData\Roaming\WebCake
2013-07-08 20:48 - 2013-07-08 20:50 - 00000000 __SHD C:\AI_RecycleBin
2013-07-08 20:48 - 2013-07-08 20:49 - 00000000 ____D C:\Program Files (x86)\WhiteSmoke_New
2013-07-08 20:48 - 2013-07-08 20:49 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-07-08 20:48 - 2013-07-08 20:48 - 00000000 ____D C:\Users\EVANJ~1.VIN\AppData\Local\Conduit
2013-07-08 20:48 - 2013-07-08 20:48 - 00000000 ____D C:\Users\Evan J. Vincent\AppData\Roaming\DefaultTab
2013-07-08 20:47 - 2013-07-08 20:54 - 00000000 ____D C:\Users\Evan J. Vincent\AppData\Roaming\Strongvault
2013-07-08 20:42 - 2012-06-02 18:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-07-08 20:42 - 2012-06-02 18:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-07-08 20:42 - 2012-06-02 18:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-07-08 20:42 - 2012-06-02 18:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

==================== One Month Modified Files and Folders =======

2013-07-18 16:23 - 2010-01-17 08:09 - 00000000 ____D C:\ProgramData\Recovery
2013-07-18 12:30 - 2013-07-18 12:30 - 00000000 ____D C:\FRST
2013-07-18 12:29 - 2009-07-14 01:13 - 00732510 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-17 19:15 - 2013-07-08 20:50 - 00000396 _____ C:\Windows\Tasks\AmiUpdXp.job
2013-07-17 19:14 - 2013-07-08 20:48 - 00000000 ____D C:\Users\Evan J. Vincent\AppData\Roaming\WebCake
2013-07-17 19:14 - 2010-07-18 14:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-17 19:13 - 2013-07-17 19:13 - 00032000 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-07-17 19:13 - 2011-04-13 08:57 - 00029272 _____ C:\Windows\setupact.log
2013-07-17 19:13 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-17 19:12 - 2013-07-17 19:12 - 00034586 _____ C:\Windows\system32\.crusader
2013-07-17 19:12 - 2013-07-17 19:05 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-17 14:33 - 2013-07-17 14:07 - 00000000 ____D C:\Users\EVANJ~1.VIN\AppData\Local\NPE
2013-07-17 14:26 - 2013-07-17 14:26 - 02986440 _____ (Symantec Corporation) C:\Users\Evan J. Vincent\Downloads\NPE (1).exe
2013-07-17 14:16 - 2013-07-08 20:50 - 00000000 ____D C:\Users\EVANJ~1.VIN\AppData\Local\Strongvault Online Backup
2013-07-17 14:07 - 2009-08-09 03:16 - 00000000 ____D C:\ProgramData\Norton
2013-07-17 14:06 - 2013-07-17 14:06 - 02986440 _____ (Symantec Corporation) C:\Users\Evan J. Vincent\Downloads\NPE.exe
2013-07-17 13:48 - 2011-04-13 09:00 - 01608138 _____ C:\Windows\WindowsUpdate.log
2013-07-17 13:48 - 2010-07-18 14:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-17 13:48 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 13:48 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-17 13:47 - 2013-07-10 11:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-17 13:28 - 2013-07-17 13:28 - 499039875 _____ C:\Windows\MEMORY.DMP
2013-07-17 13:28 - 2013-07-17 13:28 - 00277672 _____ C:\Windows\Minidump\071713-30404-01.dmp
2013-07-17 13:28 - 2013-07-17 13:28 - 00000000 ____D C:\Windows\Minidump
2013-07-17 13:23 - 2009-07-14 01:08 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-16 18:00 - 2011-05-23 01:07 - 00000488 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2013-07-16 18:00 - 2010-01-13 10:32 - 00000486 _____ C:\Windows\Tasks\ParetoLogic Registration.job
2013-07-16 17:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-07-15 16:41 - 2011-05-22 08:29 - 00009702 _____ C:\Windows\PFRO.log
2013-07-14 13:30 - 2013-07-14 13:24 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-07-14 13:30 - 2010-01-24 13:21 - 00001392 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2013-07-14 13:23 - 2013-07-14 13:23 - 00000000 ____D C:\ProgramData\Battle.net
2013-07-12 20:09 - 2013-07-12 18:50 - 00000372 _____ C:\Windows\Tasks\HPCeeScheduleForEvan J. Vincent.job
2013-07-12 18:50 - 2013-07-12 18:50 - 00003246 _____ C:\Windows\System32\Tasks\HPCeeScheduleForEvan J. Vincent
2013-07-12 18:50 - 2009-08-09 03:00 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-07-12 18:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2013-07-12 18:45 - 2013-07-12 18:45 - 00002185 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2013-07-12 18:45 - 2009-08-09 02:58 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-07-12 18:42 - 2013-07-12 18:41 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-07-12 18:42 - 2009-12-25 20:56 - 00000000 ____D C:\Users\Evan J. Vincent\AppData\Roaming\hpqlog
2013-07-12 18:41 - 2009-08-09 05:54 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2013-07-12 18:38 - 2009-07-16 19:15 - 00000000 ____D C:\SwSetup
2013-07-12 17:43 - 2010-07-18 14:48 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 17:43 - 2010-07-18 14:48 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-11 14:34 - 2009-12-25 20:57 - 00000000 ___RD C:\Users\Evan J. Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-11 14:34 - 2009-12-25 20:57 - 00000000 ___RD C:\Users\Evan J. Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-11 14:34 - 2009-12-25 20:56 - 00084696 _____ C:\Users\EVANJ~1.VIN\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-11 14:30 - 2009-07-14 00:45 - 00355240 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 14:25 - 2009-08-09 03:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 20:55 - 2010-01-13 22:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 20:53 - 2013-07-08 23:08 - 00000129 _____ C:\Windows\system32\MRT.INI
2013-07-10 20:50 - 2013-07-08 23:04 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 20:31 - 2013-07-08 22:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 11:55 - 2013-07-10 11:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-10 11:55 - 2013-07-09 11:53 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-10 11:55 - 2013-07-09 11:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-10 11:55 - 2010-01-04 10:46 - 00000000 ____D C:\Users\EVANJ~1.VIN\AppData\Local\Adobe
2013-07-09 16:54 - 2009-08-25 05:32 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-09 12:40 - 2013-07-08 20:49 - 00000000 ____D C:\Users\Evan J. Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strongvault Online Backup
2013-07-09 11:53 - 2013-07-09 11:53 - 00000000 ____D C:\Windows\system32\Macromed
2013-07-09 11:46 - 2013-07-08 20:50 - 00000000 ____D C:\Users\EVANJ~1.VIN\AppData\Local\Strongvault
2013-07-09 11:42 - 2010-07-14 09:20 - 00000000 ____D C:\Users\EVANJ~1.VIN\AppData\Local\Google
2013-07-09 07:19 - 2013-07-08 20:50 - 00000000 ____D C:\ProgramData\Strongvault Online Backup
2013-07-09 07:18 - 2009-12-25 20:57 - 00001447 _____ C:\Users\Evan J. Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-09 07:18 - 2009-12-25 20:57 - 00001413 _____ C:\Users\Evan J. Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-09 07:14 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-08 23:24 - 2013-07-08 23:21 - 00004069 _____ C:\Windows\IE9_main.log
2013-07-08 23:23 - 2013-07-08 23:23 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-08 23:23 - 2013-07-08 23:23 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-08 23:23 - 2013-07-08 23:23 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-08 23:23 - 2013-07-08 23:23 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-08 23:23 - 2013-07-08 23:23 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-08 23:23 - 2013-07-08 23:23 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-08 23:23 - 2013-07-08 23:23 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-08 23:23 - 2013-07-08 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-08 23:23 - 2013-07-08 23:23 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-08 23:12 - 2009-08-09 03:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-07-08 23:09 - 2013-07-08 23:09 - 00000000 ____D C:\Windows\system32\EventProviders
2013-07-08 22:30 - 2013-07-08 22:30 - 00000000 ____D C:\Users\EVANJ~1.VIN\AppData\Local\AskPartnerNetwork
2013-07-08 22:28 - 2013-07-08 22:28 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-07-08 22:28 - 2013-07-08 22:28 - 00000000 ____D C:\ProgramData\APN
2013-07-08 22:28 - 2013-07-08 22:28 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-07-08 22:24 - 2013-07-08 22:25 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-08 22:24 - 2013-07-08 22:25 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-08 22:24 - 2013-07-08 22:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-08 22:24 - 2013-07-08 22:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-08 22:24 - 2013-07-08 22:25 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-08 22:24 - 2013-07-08 22:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-08 22:24 - 2010-09-30 07:59 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-08 22:21 - 2013-07-08 22:21 - 00000000 ____D C:\ProgramData\McAfee
2013-07-08 20:54 - 2013-07-08 20:47 - 00000000 ____D C:\Users\Evan J. Vincent\AppData\Roaming\Strongvault
2013-07-08 20:50 - 2013-07-08 20:50 - 00003436 _____ C:\Windows\System32\Tasks\AmiUpdXp
2013-07-08 20:50 - 2013-07-08 20:50 - 00000009 _____ C:\END
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 ____D C:\Users\EVANJ~1.VIN\AppData\Local\SwvUpdater
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 ____D C:\Users\Evan J. Vincent\AppData\Roaming\SearchProtect
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 ____D C:\Users\Evan J. Vincent\AppData\Roaming\Optimizer Pro
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 ____D C:\Program Files (x86)\Strongvault Online Backup
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-07-08 20:50 - 2013-07-08 20:48 - 00000000 __SHD C:\AI_RecycleBin
2013-07-08 20:49 - 2013-07-08 20:49 - 00000258 __RSH C:\Users\Evan J. Vincent\ntuser.pol
2013-07-08 20:49 - 2013-07-08 20:49 - 00000000 ____D C:\Users\Evan J. Vincent\Documents\My Web Backups
2013-07-08 20:49 - 2013-07-08 20:49 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-07-08 20:49 - 2013-07-08 20:48 - 00000000 ____D C:\Program Files (x86)\WhiteSmoke_New
2013-07-08 20:49 - 2013-07-08 20:48 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-07-08 20:49 - 2009-12-25 20:49 - 00000000 ____D C:\Users\Evan J. Vincent
2013-07-08 20:49 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-07-08 20:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-07-08 20:48 - 2013-07-08 20:48 - 00000000 ____D C:\Users\EVANJ~1.VIN\AppData\Local\Conduit
2013-07-08 20:48 - 2013-07-08 20:48 - 00000000 ____D C:\Users\Evan J. Vincent\AppData\Roaming\DefaultTab
2013-07-08 20:30 - 2010-01-24 15:39 - 00000812 _____ C:\Users\Evan
2013-07-08 20:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-07-16 17:41

==================== End Of Log ============================



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:04 PM

Posted 18 July 2013 - 02:12 PM

Download the enclosed file. [attachment=139987:fixlist.txt]

 

Save it next to FRST.

 

Run FRST as you did before, except that this time around click on the Fix button and wait.

 

The tool will make a log where FRST is located, (Fixlog.txt).  Please post it to your reply.

 

Restart in Normal Mode and let me know the outcome.
 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 gnomeaddict

gnomeaddict
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 18 July 2013 - 04:51 PM

I did what you told me and restarted my computer, but after about 35 seconds, my computer locked up again with the virus. This was the result of the fix scan-

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-07-2013 02
Ran by Evan J. Vincent at 2013-07-18 17:46:39 Run:1
Running from F:\
Boot Mode: Safe Mode (minimal)
==============================================

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\BackupAgent => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DisplaySwitch => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{D8278076-BC68-4484-9233-6E7F1628B56C} => Value deleted successfully.
HKCR\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} => Value deleted successfully.
HKCR\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Value deleted successfully.
HKCR\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{739df940-c5ee-4bab-9d7e-270894ae687a} => Value deleted successfully.
HKCR\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0809851D-6B6B-49C8-93A3-D43B32E2A276} => Key deleted successfully.
HKCR\CLSID\{0809851D-6B6B-49C8-93A3-D43B32E2A276} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0809851D-6B6B-49C8-93A3-D43B32E2A276} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0809851D-6B6B-49C8-93A3-D43B32E2A276} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0809851D-6B6B-49C8-93A3-D43B32E2A276} => Key deleted successfully.
HKCR\CLSID\{0809851D-6B6B-49C8-93A3-D43B32E2A276} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{908CE6A0-C003-4074-B489-DD645A0E80CE} => Key deleted successfully.
HKCR\CLSID\{908CE6A0-C003-4074-B489-DD645A0E80CE} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9ED099E6-2E35-4999-A5B5-3EF40F2B9F59} => Key deleted successfully.
HKCR\CLSID\{9ED099E6-2E35-4999-A5B5-3EF40F2B9F59} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739df940-c5ee-4bab-9d7e-270894ae687a} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5637-006A-76A7-7A786E7484D7} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Value deleted successfully.
HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{739DF940-C5EE-4BAB-9D7E-270894AE687A} => Value deleted successfully.
HKCR\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F524A2D-5637-006A-76A7-7A786E7484D7} => Value deleted successfully.
HKCR\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7} => Key not found.
CltMngSvc => Service deleted successfully.

==== End of Fixlog ====



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:04 PM

Posted 18 July 2013 - 04:57 PM

You are running in Safe Mode. Lets run these programs:

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

AdwCleaner.GIF

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

 

Please download ComboFix from Here or Here to your Desktop.

**Note:  In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.  
  • Please post the "C:\ComboFix.txt" .

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 gnomeaddict

gnomeaddict
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 18 July 2013 - 05:09 PM

Do I do all this through the infected computer, or through the usb?



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:04 PM

Posted 18 July 2013 - 05:13 PM

Either way should work.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 gnomeaddict

gnomeaddict
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 18 July 2013 - 06:24 PM

I have completed the first two steps of your last comment but now that I am on the ComboFix step, I am not sure on how to disable my antivirus software, VIPRE. I did not see it on the list you included.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users