Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to download anything, "(filename) contained a virus and was deleted"


  • This topic is locked This topic is locked
26 replies to this topic

#1 dvdadog

dvdadog

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 02 September 2013 - 11:58 AM

Hello,

  I removed an infection on a pc and this problem still persists.  Any attempt to download anything gives the error message "(filename) contained a virus and was deleted".  I've run several antivirus programs and all report clean and I've reset IE to defaults and the problem is still occuring.  Running Vista SP2 64-bit, other logs as to what has been run can be viewed here.  The administrator account has been enabled and ie is able to download and save files fine under that account, the main user account is still displaying the error though.

 

dds log---

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16502
Run by Missy at 9:44:41 on 2013-09-02
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.7934.6036 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Missy\AppData\Local\Temp\RarSFX0\9818458.exe
C:\Users\Missy\AppData\Local\Temp\7628591\9818458.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Bar = Preserve
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mWinlogon: Userinit = userinit.exe,
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [GrpConv] grpconv -o
StartupFolder: C:\Users\Missy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Missy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_UNINS~1.LNK - C:\Users\Missy\AppData\Local\Temp\_uninst_77304823.bat
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/default/mjolauncher.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 207.14.235.234 8.8.8.8 8.8.4.4
TCP: Interfaces\{6B7A56AD-ACFF-470F-ADBE-C4B385368145} : DHCPNameServer = 207.14.235.234 8.8.8.8 8.8.4.4
TCP: Interfaces\{B9BFFC92-34CB-4328-BEB0-C0913CCEDC15} : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 77304823;77304823;C:\Windows\System32\drivers\77304823.sys [2013-8-31 460888]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-9-2 771536]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-7-16 53488]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\EEK\Run\a2ddax64.sys [2013-8-28 26176]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-9-2 340216]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2009-9-23 120592]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-2 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-2 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-2 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-2 241456]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-2 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-2 182752]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-9-2 70112]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-9-2 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-9-2 515968]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-7-16 1152000]
RUnknown 9818458drv;9818458drv; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2013-8-28 57024]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-4 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-9-26 196440]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-9-2 106552]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
S3 USB_RNDIS_VISTA;Westell USB Network Interface;C:\Windows\System32\drivers\usb8023.sys [2013-3-20 19456]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]
S4 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-7-16 226832]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-22 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
.exe: <filetype is not registered>
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-09-01 05:30:09 460888 ----a-w- C:\Windows\System32\drivers\77304823.sys
2013-08-05 23:14:32 78161360 ----a-w- C:\Windows\System32\mrt.exe
2013-08-02 14:06:01 1706496 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-02 04:09:35 1548288 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-30 04:29:08 53760 ----a-w- C:\Windows\apppatch\iebrshim.dll
2013-07-30 00:29:38 146944 ----a-w- C:\Windows\apppatch\AppPatch64\iebrshim.dll
2013-07-25 03:28:31 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-07-17 20:01:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-17 19:41:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-10 09:47:49 677888 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-10 09:42:55 1303552 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 12:04:30 1585256 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 12:04:30 1168088 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-08 04:51:57 4691904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-08 04:20:17 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-08 04:20:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-08 04:18:51 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-08 04:16:55 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-08 04:16:55 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-08 04:16:54 992768 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-08 04:16:33 43008 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-08 04:15:39 234496 ----a-w- C:\Windows\System32\wow64.dll
2013-07-08 04:15:25 218624 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-08 04:14:21 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-07-08 04:12:34 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-08 04:12:34 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-08 04:12:34 1276416 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-08 01:39:04 26112 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-08 01:39:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-08 01:39:02 2560 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-05 04:45:27 1423808 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-15 13:27:51 20480 ----a-w- C:\Windows\System32\icaapi.dll
2013-06-15 11:38:39 29184 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
.
============= FINISH:  9:46:46.58 ===============
 

 

 

Thank you in advance,

 

dvdadog

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:45 AM

Posted 02 September 2013 - 04:33 PM





Hello dvdadog

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dvdadog

dvdadog
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 02 September 2013 - 05:22 PM

Hello,

Here are the requested logs, also thank you for your assistance.

 

FRST----

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-09-2013 06
Ran by Missy (administrator) on MISSY-PC on 02-09-2013 15:15:46
Running from J:\
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM-x32\...\Runonce: [GrpConv] - grpconv -o [x]
HKLM\...\Policies\Explorer: [NoDrives] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-24] (Google Inc.)
MountPoints2: {1265ce30-93e8-11e0-bbcd-00183a4bdca2} - K:\TLBootstrap_WPP.exe
MountPoints2: {14adecdc-87f1-11de-9cff-00183a4bdca2} - K:\LaunchU3.exe -a
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [17824256 2009-04-27] (VIA)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-09-24] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKU\Administrator\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-24] (Google Inc.)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_77304823.lnk
ShortcutTarget: _uninst_77304823.lnk -> C:\Users\Missy\AppData\Local\Temp\_uninst_77304823.bat ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = 
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
DPF: HKLM-x32 {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 207.14.235.234 8.8.8.8 8.8.4.4
 
==================== Services (Whitelisted) =================
 
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [120592 2013-05-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-08-28] (Emsisoft GmbH)
R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-08-28] (Emsisoft GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2013-08-28] (Emsisoft GmbH)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2013-08-28] (Emsisoft GmbH)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
R3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 USB_RNDIS_VISTA; C:\Windows\System32\DRIVERS\usb8023.sys [19456 2013-02-11] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U3 mfeavfk01; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-02 09:47 - 2013-09-02 09:46 - 00016396 _____ C:\Users\Missy\Desktop\dds.txt
2013-09-02 09:43 - 2013-09-02 09:43 - 00000000 ____D C:\Users\Missy\AppData\Local\{9B1222B7-E25E-49EC-BAD3-11CF39130D73}
2013-08-31 14:41 - 2013-08-31 14:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-31 14:39 - 2013-08-31 13:45 - 182146848 _____ C:\Users\Missy\Desktop\setup_11.0.1.1245.x01_2013_08_31_22_30.exe
2013-08-31 10:55 - 2013-08-31 10:56 - 00000000 ____D C:\Users\Missy\AppData\Local\{9D018849-6400-4B21-A4E8-B2B36A3CA763}
2013-08-30 10:52 - 2013-08-30 10:17 - 00994642 _____ C:\Users\Administrator\Desktop\adwcleaner (1).exe
2013-08-29 03:11 - 2013-08-29 03:11 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-08-29 03:11 - 2013-08-29 03:11 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-29 03:11 - 2013-08-29 03:11 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-29 03:11 - 2013-08-29 03:11 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-29 03:11 - 2013-08-29 03:11 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-29 03:11 - 2013-08-29 03:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-29 03:11 - 2013-08-29 03:11 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-29 03:11 - 2013-08-29 03:11 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-08-29 03:11 - 2013-08-29 03:11 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-29 03:11 - 2013-08-29 03:11 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-08-29 03:11 - 2013-08-29 03:11 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-28 15:22 - 2013-08-28 15:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\Stardock_Corporation
2013-08-28 15:19 - 2013-08-28 15:19 - 00002622 _____ C:\Users\Administrator\Desktop\a2scan_130828-131319.txt
2013-08-28 13:12 - 2013-08-28 13:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple
2013-08-28 12:42 - 2013-08-28 12:42 - 00000500 _____ C:\Users\Administrator\Desktop\Emsisoft Emergency Kit.lnk
2013-08-28 12:41 - 2013-08-28 12:42 - 00000000 ____D C:\EEK
2013-08-28 12:40 - 2013-08-28 12:41 - 00013966 _____ C:\Users\Administrator\Desktop\Result.txt
2013-08-28 12:34 - 2013-08-28 12:38 - 00002304 _____ C:\Users\Administrator\Desktop\JRT.txt
2013-08-28 12:24 - 2013-08-28 12:24 - 00000000 ____D C:\Windows\ERUNT
2013-08-28 10:28 - 2013-08-28 09:42 - 191149080 _____ C:\Users\Administrator\Desktop\EmsisoftEmergencyKit.exe
2013-08-28 09:25 - 2013-08-28 09:25 - 00000000 ____D C:\ProgramData\Sophos
2013-08-28 09:24 - 2013-08-28 09:24 - 00002066 _____ C:\Users\Administrator\Desktop\Sophos Virus Removal Tool.lnk
2013-08-28 09:24 - 2013-08-28 09:24 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-08-28 09:22 - 2013-08-28 09:04 - 00760937 _____ (Farbar) C:\Users\Administrator\Desktop\MiniToolBox.exe
2013-08-28 09:22 - 2013-08-28 09:03 - 01021434 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2013-08-28 09:22 - 2013-08-28 09:02 - 75837231 _____ (Sophos Limited) C:\Users\Administrator\Desktop\Sophos Virus Removal Tool.exe
2013-08-27 13:33 - 2013-08-27 13:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Google
2013-08-27 13:33 - 2013-08-27 13:33 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-08-27 11:21 - 2013-08-02 07:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-27 11:21 - 2013-08-01 21:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-27 09:42 - 2013-08-27 09:42 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-27 09:37 - 2013-08-27 09:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HpUpdate
2013-08-27 09:33 - 2013-08-27 09:33 - 00000000 ____D C:\Users\Administrator\AppData\Local\DataSafeOnline
2013-08-27 09:32 - 2013-08-27 09:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ATI
2013-08-27 09:32 - 2013-08-27 09:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-08-27 09:32 - 2013-08-27 09:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\PowerDVD DX
2013-08-27 09:32 - 2013-08-27 09:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\ATI
2013-08-27 09:16 - 2013-08-27 09:16 - 00000950 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-27 09:16 - 2013-08-27 09:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-08-27 09:16 - 2013-08-27 09:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-27 09:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-27 09:15 - 2013-08-26 15:33 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe
2013-08-27 09:15 - 2013-06-20 11:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Administrator\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-27 09:14 - 2013-08-26 15:17 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2013-08-26 15:36 - 2013-08-26 15:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-08-26 15:36 - 2013-08-26 15:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-08-26 15:23 - 2013-08-26 15:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Dell
2013-08-26 15:23 - 2013-08-26 15:23 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2013-08-26 15:22 - 2013-08-26 15:22 - 00063048 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-26 15:20 - 2013-08-26 15:21 - 00000000 ____D C:\Users\Administrator
2013-08-26 15:20 - 2013-08-26 15:20 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-08-26 15:20 - 2009-09-06 03:01 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-08-26 13:32 - 2013-08-26 13:32 - 00000258 __RSH C:\ProgramData\ntuser.pol
2013-08-26 12:18 - 2013-08-26 12:18 - 00000000 ____D C:\Users\Missy\AppData\Local\{DF841523-EA86-4644-9951-C46964029271}
2013-08-26 10:50 - 2013-08-26 10:50 - 00000000 ____D C:\Users\Missy\AppData\Local\{BC3A9244-CF38-46B3-9A43-8EF98E15C4CD}
2013-08-26 10:16 - 2013-08-26 10:16 - 00000000 ____D C:\Users\Missy\AppData\Local\{6D5C697D-2EFF-44AF-9D9F-9CD85D12AFBD}
2013-08-26 09:59 - 2013-08-26 12:16 - 00000000 ____D C:\Users\Missy\Desktop\backups
2013-08-26 09:58 - 2013-08-24 10:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Missy\Desktop\HijackThis.exe
2013-08-26 09:57 - 2013-08-24 10:42 - 14685208 _____ (Trend Micro Inc.) C:\Users\Missy\Desktop\RootkitBusterV5.0-1129x64.exe
2013-08-24 10:53 - 2013-07-09 05:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-24 10:53 - 2013-07-09 05:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-24 10:53 - 2013-07-07 21:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-24 10:53 - 2013-07-07 21:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-24 10:53 - 2013-07-07 21:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-24 10:53 - 2013-07-07 21:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-24 10:53 - 2013-07-07 21:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-08-24 10:53 - 2013-07-07 18:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-24 10:53 - 2013-07-07 18:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-24 10:53 - 2013-07-07 18:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-24 10:53 - 2013-05-31 21:19 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-24 10:53 - 2013-05-31 21:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-08-24 10:53 - 2013-04-17 05:32 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-24 10:53 - 2013-04-17 05:32 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-24 10:53 - 2013-04-17 05:32 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-24 10:53 - 2013-04-17 05:32 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-24 10:53 - 2013-04-17 04:29 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-24 10:53 - 2013-04-17 04:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-08-24 10:53 - 2013-04-17 04:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-08-24 10:53 - 2013-04-17 04:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-08-24 10:53 - 2013-04-17 04:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-08-24 10:53 - 2013-04-17 04:27 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-24 10:53 - 2013-04-17 04:02 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-24 10:53 - 2013-04-17 03:58 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-24 10:53 - 2013-04-17 03:58 - 01149440 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-24 10:53 - 2013-04-17 03:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-08-24 10:53 - 2013-04-17 03:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-08-24 10:53 - 2013-04-17 03:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-08-24 10:53 - 2013-04-17 03:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-24 10:51 - 2013-07-10 02:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-24 10:51 - 2013-07-10 02:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-24 10:51 - 2013-06-15 06:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-24 10:51 - 2013-06-15 04:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-24 10:40 - 2013-07-24 20:28 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-24 10:33 - 2013-08-24 10:33 - 00000000 ____D C:\Users\Missy\AppData\Local\{EE0F4EC9-58DD-4874-89E2-DE1FE01370CB}
2013-08-23 14:14 - 2013-07-04 21:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-23 13:20 - 2013-07-07 21:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-23 13:20 - 2013-07-07 21:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-23 13:20 - 2013-07-07 21:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-23 13:20 - 2013-07-07 21:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-23 13:20 - 2013-07-07 21:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-23 13:20 - 2013-07-07 21:12 - 01276416 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-23 13:20 - 2013-07-07 21:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-23 13:20 - 2013-07-07 21:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-23 13:17 - 2013-07-17 13:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-23 13:17 - 2013-07-17 12:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-23 13:14 - 2013-08-23 13:14 - 00003038 _____ C:\Windows\System32\Tasks\{EC7E6A60-4576-4929-85BD-EC42E5E9CF73}
2013-08-23 12:50 - 2013-08-23 12:50 - 00003000 _____ C:\Windows\System32\Tasks\{41E8014C-2752-4947-81DB-ACC7D504BC65}
2013-08-23 12:35 - 2013-08-23 12:35 - 00000000 ____D C:\Users\Missy\AppData\Local\StartNow
2013-08-23 09:16 - 2013-06-03 19:03 - 02775040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-23 08:55 - 2013-08-23 08:55 - 00000000 ____D C:\Users\Missy\AppData\Local\{1FBE17A4-0904-4383-9DD0-685DFAB28E6D}
2013-08-22 08:29 - 2013-08-22 08:29 - 00000000 ____D C:\Users\Missy\AppData\Local\{E0EEF0F5-9403-4579-99C9-08421E5E3420}
2013-08-22 01:46 - 2013-08-23 15:37 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-21 15:23 - 2013-08-21 15:45 - 00024235 _____ C:\Users\Missy\Desktop\Addition.txt
2013-08-21 15:22 - 2013-08-21 15:22 - 00000000 ____D C:\FRST
2013-08-21 12:57 - 2013-08-21 12:57 - 00000000 ____D C:\Users\Missy\AppData\Local\{B32B6F40-16B7-469A-8017-083753DAEF85}
2013-08-20 13:10 - 2013-08-30 10:54 - 00000000 ____D C:\AdwCleaner
2013-08-20 12:22 - 2013-08-20 12:35 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-20 11:13 - 2013-08-22 08:55 - 00000000 ____D C:\Users\Missy\AppData\Local\temp(11084)
2013-08-20 11:13 - 2013-08-20 11:13 - 00013641 _____ C:\ComboFix.txt
2013-08-20 11:05 - 2013-08-20 11:05 - 00000000 ____D C:\$RECYCLE(479).BIN
2013-08-20 10:41 - 2013-08-20 11:13 - 00000000 ____D C:\Qoobox
2013-08-19 15:47 - 2013-08-24 11:07 - 00000000 ____D C:\Windows\system32\MRT
2013-08-19 14:01 - 2013-08-19 14:01 - 00000000 ____D C:\Users\Missy\AppData\Local\{9D7BF142-F6A9-41D5-A8E3-13F8C356B1DF}
2013-08-19 11:45 - 2013-08-19 11:45 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Malwarebytes
2013-08-19 11:45 - 2013-08-19 11:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-18 16:43 - 2013-08-18 16:43 - 00000000 ____D C:\Users\Missy\AppData\Local\{9765DDDA-33B0-47CE-ACF3-3F066C759C22}
 
==================== One Month Modified Files and Folders =======
 
2013-09-02 15:11 - 2010-12-24 17:43 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-02 13:36 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-02 13:36 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-02 09:56 - 2009-07-16 07:35 - 01293003 _____ C:\Windows\WindowsUpdate.log
2013-09-02 09:47 - 2013-09-02 09:47 - 00011539 _____ C:\Users\Missy\Desktop\attach.txt
2013-09-02 09:46 - 2013-09-02 09:47 - 00016396 _____ C:\Users\Missy\Desktop\dds.txt
2013-09-02 09:44 - 2006-11-02 05:46 - 00703516 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-02 09:43 - 2013-09-02 09:43 - 00000000 ____D C:\Users\Missy\AppData\Local\{9B1222B7-E25E-49EC-BAD3-11CF39130D73}
2013-09-02 09:43 - 2010-12-24 17:43 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-02 09:43 - 2009-08-04 19:12 - 00000000 ____D C:\Users\Missy\Tracing
2013-09-02 09:42 - 2006-11-02 08:27 - 00182809 _____ C:\Windows\setupact.log
2013-09-02 09:36 - 2006-11-02 08:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-31 18:07 - 2006-11-02 08:42 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-31 14:41 - 2013-08-31 14:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-31 14:41 - 2009-07-31 20:49 - 00000000 ___RD C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-31 13:45 - 2013-08-31 14:39 - 182146848 _____ C:\Users\Missy\Desktop\setup_11.0.1.1245.x01_2013_08_31_22_30.exe
2013-08-31 10:56 - 2013-08-31 10:55 - 00000000 ____D C:\Users\Missy\AppData\Local\{9D018849-6400-4B21-A4E8-B2B36A3CA763}
2013-08-31 10:56 - 2010-11-04 08:02 - 00000000 ____D C:\Users\Missy\AppData\Local\Windows Live
2013-08-30 10:54 - 2013-08-20 13:10 - 00000000 ____D C:\AdwCleaner
2013-08-30 10:17 - 2013-08-30 10:52 - 00994642 _____ C:\Users\Administrator\Desktop\adwcleaner (1).exe
2013-08-29 03:47 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\rescache
2013-08-29 03:35 - 2012-12-15 03:35 - 00262144 _____ C:\Windows\system32\config\ELAM
2013-08-29 03:28 - 2006-11-02 06:33 - 00000000 ___RD C:\Windows\Offline Web Pages
2013-08-29 03:28 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-29 03:12 - 2011-11-09 19:16 - 00005660 _____ C:\Windows\IE9_main.log
2013-08-29 03:12 - 2006-11-02 05:16 - 00008798 _____ C:\Windows\SysWOW64\icrav03.rat
2013-08-29 03:12 - 2006-11-02 05:16 - 00001988 _____ C:\Windows\SysWOW64\ticrf.rat
2013-08-29 03:12 - 2006-11-01 23:36 - 00008798 _____ C:\Windows\system32\icrav03.rat
2013-08-29 03:12 - 2006-11-01 23:36 - 00001988 _____ C:\Windows\system32\ticrf.rat
2013-08-29 03:11 - 2013-08-29 03:11 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-08-29 03:11 - 2013-08-29 03:11 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-29 03:11 - 2013-08-29 03:11 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-29 03:11 - 2013-08-29 03:11 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-29 03:11 - 2013-08-29 03:11 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-29 03:11 - 2013-08-29 03:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-29 03:11 - 2013-08-29 03:11 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-29 03:11 - 2013-08-29 03:11 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-08-29 03:11 - 2013-08-29 03:11 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-29 03:11 - 2013-08-29 03:11 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-08-29 03:11 - 2013-08-29 03:11 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-28 15:22 - 2013-08-28 15:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\Stardock_Corporation
2013-08-28 15:19 - 2013-08-28 15:19 - 00002622 _____ C:\Users\Administrator\Desktop\a2scan_130828-131319.txt
2013-08-28 13:12 - 2013-08-28 13:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple
2013-08-28 12:42 - 2013-08-28 12:42 - 00000500 _____ C:\Users\Administrator\Desktop\Emsisoft Emergency Kit.lnk
2013-08-28 12:42 - 2013-08-28 12:41 - 00000000 ____D C:\EEK
2013-08-28 12:41 - 2013-08-28 12:40 - 00013966 _____ C:\Users\Administrator\Desktop\Result.txt
2013-08-28 12:38 - 2013-08-28 12:34 - 00002304 _____ C:\Users\Administrator\Desktop\JRT.txt
2013-08-28 12:24 - 2013-08-28 12:24 - 00000000 ____D C:\Windows\ERUNT
2013-08-28 09:42 - 2013-08-28 10:28 - 191149080 _____ C:\Users\Administrator\Desktop\EmsisoftEmergencyKit.exe
2013-08-28 09:25 - 2013-08-28 09:25 - 00000000 ____D C:\ProgramData\Sophos
2013-08-28 09:24 - 2013-08-28 09:24 - 00002066 _____ C:\Users\Administrator\Desktop\Sophos Virus Removal Tool.lnk
2013-08-28 09:24 - 2013-08-28 09:24 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-08-28 09:04 - 2013-08-28 09:22 - 00760937 _____ (Farbar) C:\Users\Administrator\Desktop\MiniToolBox.exe
2013-08-28 09:03 - 2013-08-28 09:22 - 01021434 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2013-08-28 09:02 - 2013-08-28 09:22 - 75837231 _____ (Sophos Limited) C:\Users\Administrator\Desktop\Sophos Virus Removal Tool.exe
2013-08-27 13:35 - 2009-07-31 20:51 - 00000976 _____ C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2013-08-27 13:33 - 2013-08-27 13:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Google
2013-08-27 13:33 - 2013-08-27 13:33 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-08-27 09:42 - 2013-08-27 09:42 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-27 09:37 - 2013-08-27 09:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HpUpdate
2013-08-27 09:33 - 2013-08-27 09:33 - 00000000 ____D C:\Users\Administrator\AppData\Local\DataSafeOnline
2013-08-27 09:32 - 2013-08-27 09:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ATI
2013-08-27 09:32 - 2013-08-27 09:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-08-27 09:32 - 2013-08-27 09:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\PowerDVD DX
2013-08-27 09:32 - 2013-08-27 09:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\ATI
2013-08-27 09:28 - 2008-01-20 20:26 - 00147472 _____ C:\Windows\PFRO.log
2013-08-27 09:16 - 2013-08-27 09:16 - 00000950 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-27 09:16 - 2013-08-27 09:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-08-27 09:16 - 2013-08-27 09:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-26 15:36 - 2013-08-26 15:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-08-26 15:36 - 2013-08-26 15:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-08-26 15:33 - 2013-08-27 09:15 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe
2013-08-26 15:23 - 2013-08-26 15:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Dell
2013-08-26 15:23 - 2013-08-26 15:23 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2013-08-26 15:22 - 2013-08-26 15:22 - 00063048 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-26 15:21 - 2013-08-26 15:20 - 00000000 ____D C:\Users\Administrator
2013-08-26 15:20 - 2013-08-26 15:20 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-08-26 15:17 - 2013-08-27 09:14 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2013-08-26 13:32 - 2013-08-26 13:32 - 00000258 __RSH C:\ProgramData\ntuser.pol
2013-08-26 13:32 - 2006-11-02 06:34 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-08-26 12:18 - 2013-08-26 12:18 - 00000000 ____D C:\Users\Missy\AppData\Local\{DF841523-EA86-4644-9951-C46964029271}
2013-08-26 12:16 - 2013-08-26 09:59 - 00000000 ____D C:\Users\Missy\Desktop\backups
2013-08-26 10:50 - 2013-08-26 10:50 - 00000000 ____D C:\Users\Missy\AppData\Local\{BC3A9244-CF38-46B3-9A43-8EF98E15C4CD}
2013-08-26 10:48 - 2006-11-02 08:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-08-26 10:48 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-26 10:16 - 2013-08-26 10:16 - 00000000 ____D C:\Users\Missy\AppData\Local\{6D5C697D-2EFF-44AF-9D9F-9CD85D12AFBD}
2013-08-26 09:53 - 2006-11-02 08:21 - 00281456 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-26 09:51 - 2009-07-16 13:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-24 11:12 - 2009-07-16 12:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-24 11:07 - 2013-08-19 15:47 - 00000000 ____D C:\Windows\system32\MRT
2013-08-24 10:43 - 2013-08-26 09:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Missy\Desktop\HijackThis.exe
2013-08-24 10:42 - 2013-08-26 09:57 - 14685208 _____ (Trend Micro Inc.) C:\Users\Missy\Desktop\RootkitBusterV5.0-1129x64.exe
2013-08-24 10:33 - 2013-08-24 10:33 - 00000000 ____D C:\Users\Missy\AppData\Local\{EE0F4EC9-58DD-4874-89E2-DE1FE01370CB}
2013-08-23 15:37 - 2013-08-22 01:46 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-23 15:36 - 2012-06-20 15:54 - 00001460 _____ C:\Users\Missy\AppData\Local\d3d9caps64.dat
2013-08-23 13:14 - 2013-08-23 13:14 - 00003038 _____ C:\Windows\System32\Tasks\{EC7E6A60-4576-4929-85BD-EC42E5E9CF73}
2013-08-23 12:52 - 2009-08-07 15:12 - 00000000 ____D C:\Program Files (x86)\LimeWire
2013-08-23 12:50 - 2013-08-23 12:50 - 00003000 _____ C:\Windows\System32\Tasks\{41E8014C-2752-4947-81DB-ACC7D504BC65}
2013-08-23 12:35 - 2013-08-23 12:35 - 00000000 ____D C:\Users\Missy\AppData\Local\StartNow
2013-08-23 09:06 - 2010-12-24 17:43 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-23 09:06 - 2010-12-24 17:43 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-23 09:06 - 2009-09-23 19:08 - 00000000 ____D C:\Program Files\McAfee
2013-08-23 08:55 - 2013-08-23 08:55 - 00000000 ____D C:\Users\Missy\AppData\Local\{1FBE17A4-0904-4383-9DD0-685DFAB28E6D}
2013-08-23 08:49 - 2009-07-31 20:49 - 00000000 ____D C:\Users\Missy
2013-08-22 15:38 - 2006-11-02 05:33 - 76021760 _____ C:\Windows\system32\config\software_previous
2013-08-22 15:35 - 2010-02-14 04:19 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-08-22 15:35 - 2010-02-14 04:19 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-08-22 15:35 - 2010-02-13 11:32 - 00000000 ____D C:\Windows\SysWOW64\vi-VN
2013-08-22 15:35 - 2010-02-13 11:32 - 00000000 ____D C:\Windows\SysWOW64\eu-ES
2013-08-22 15:35 - 2010-02-13 11:32 - 00000000 ____D C:\Windows\SysWOW64\ca-ES
2013-08-22 15:35 - 2010-02-13 11:32 - 00000000 ____D C:\Windows\system32\vi-VN
2013-08-22 15:35 - 2010-02-13 11:32 - 00000000 ____D C:\Windows\system32\eu-ES
2013-08-22 15:35 - 2010-02-13 11:32 - 00000000 ____D C:\Windows\system32\ca-ES
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Windows\ShellNew
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Windows\DigitalLocker
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files\Windows Photo Gallery
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files\Windows Collaboration
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files\Windows Calendar
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files\Movie Maker
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files (x86)\Windows Photo Gallery
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files (x86)\Windows Collaboration
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files (x86)\Windows Calendar
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\SLUI
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\setup
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\ras
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\ias
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\com
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\zh-HK
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\uk-UA
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\tr-TR
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\th-TH
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\sysprep
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\sr-Latn-CS
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\SLUI
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\sl-SI
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\sk-SK
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\setup
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\ro-RO
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\ras
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\oobe
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\migwiz
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\manifeststore
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\lv-LV
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\lt-LT
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\icsxml
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\ias
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\hr-HR
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\he-IL
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\et-EE
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 __RSD C:\Windows\Media
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\system32\com
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\system32\bg-BG
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\system32\ar-SA
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\servicing
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\MSAgent64
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\MSAgent
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\L2Schemas
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\IME
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\Cursors
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Program Files\Common Files\System
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Program Files\Common Files\Services
2013-08-22 15:29 - 2012-05-14 09:21 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-08-22 15:29 - 2010-02-14 17:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-08-22 15:29 - 2010-02-13 08:07 - 00000000 ____D C:\Windows\system32\EventProviders
2013-08-22 15:29 - 2006-11-02 08:07 - 00000000 ____D C:\Windows\system32\restore
2013-08-22 15:29 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\tapi
2013-08-22 15:29 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\spool
2013-08-22 15:29 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\Msdtc
2013-08-22 15:28 - 2010-11-04 08:11 - 00000000 ____D C:\Windows\en
2013-08-22 15:28 - 2010-01-11 22:40 - 00000000 ____D C:\Windows\Minidump
2013-08-22 15:28 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\Help
2013-08-22 15:27 - 2012-05-14 09:21 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-08-22 15:27 - 2011-09-16 18:16 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab Video Converter
2013-08-22 15:27 - 2010-12-24 17:49 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Luxor
2013-08-22 15:27 - 2010-12-12 21:03 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-08-22 15:27 - 2010-12-12 21:03 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-08-22 15:27 - 2010-12-12 21:01 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-08-22 15:27 - 2010-12-12 20:56 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-22 15:27 - 2010-11-25 22:54 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - 13th Skull Collector's Edition
2013-08-22 15:27 - 2010-11-18 09:38 - 00000000 ____D C:\Program Files (x86)\FrostWire
2013-08-22 15:27 - 2010-11-09 21:12 - 00000000 ____D C:\Program Files\iTunes
2013-08-22 15:27 - 2010-11-09 21:12 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-22 15:27 - 2010-11-09 21:09 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-08-22 15:27 - 2010-11-09 21:01 - 00000000 ____D C:\Program Files (x86)\Safari
2013-08-22 15:27 - 2010-10-30 14:49 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystic Diary - Haunted Island
2013-08-22 15:27 - 2010-10-22 23:19 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twisted Lands - Shadow Town
2013-08-22 15:27 - 2010-09-06 13:23 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Escape from Frankensteins Castle
2013-08-22 15:27 - 2010-09-02 10:50 - 00000000 ____D C:\Program Files\Bonjour
2013-08-22 15:27 - 2010-09-02 10:50 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-08-22 15:27 - 2010-08-24 22:06 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Echoes of the Past - The Castle of Shadows
2013-08-22 15:27 - 2010-08-03 20:59 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elixir of Immortality
2013-08-22 15:27 - 2010-07-31 14:37 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hidden Mysteries - The Fateful Voyage - Titanic
2013-08-22 15:27 - 2010-07-30 21:39 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Redemption Cemetery - Curse of the Raven Collector's Edition
2013-08-22 15:27 - 2010-06-27 15:06 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A Gypsy's Tale - The Tower of Secrets
2013-08-22 15:27 - 2010-06-23 20:17 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blood Oath
2013-08-22 15:27 - 2010-06-16 18:29 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Midnight Mysteries - Salem Witch Trials
2013-08-22 15:27 - 2010-03-22 10:55 - 00000000 ____D C:\Users\Missy\Desktop\Games
2013-08-22 15:27 - 2009-11-29 19:02 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Dire Grove Collector's Edition
2013-08-22 15:27 - 2009-11-25 16:10 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazing Adventures - The Caribbean Secret
2013-08-22 15:27 - 2009-11-25 16:10 - 00000000 ____D C:\Program Files (x86)\Amazing Adventures - The Caribbean Secret
2013-08-22 15:27 - 2009-11-24 23:08 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincarnations - Awakening
2013-08-22 15:27 - 2009-11-24 23:08 - 00000000 ____D C:\Program Files (x86)\Reincarnations - Awakening
2013-08-22 15:27 - 2009-11-21 22:55 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Luxor Adventures
2013-08-22 15:27 - 2009-11-21 22:55 - 00000000 ____D C:\Program Files (x86)\Luxor Adventures
2013-08-22 15:27 - 2009-11-17 19:31 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Return of Monte Cristo
2013-08-22 15:27 - 2009-11-17 19:31 - 00000000 ____D C:\Program Files (x86)\The Return of Monte Cristo
2013-08-22 15:27 - 2009-11-13 19:42 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghost Town Mysteries - Bodie
2013-08-22 15:27 - 2009-11-13 19:42 - 00000000 ____D C:\Program Files (x86)\Ghost Town Mysteries - Bodie
2013-08-22 15:27 - 2009-11-11 15:29 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hidden Magic
2013-08-22 15:27 - 2009-11-11 15:29 - 00000000 ____D C:\Program Files (x86)\Hidden Magic
2013-08-22 15:27 - 2009-10-17 19:19 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PuppetShow - Mystery of Joyville
2013-08-22 15:27 - 2009-10-17 19:19 - 00000000 ____D C:\Program Files (x86)\PuppetShow - Mystery of Joyville
2013-08-22 15:27 - 2009-10-16 12:16 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hide & Secret 3 - Pharaoh's Quest
2013-08-22 15:27 - 2009-10-16 12:16 - 00000000 ____D C:\Program Files (x86)\Hide & Secret 3 - Pharaoh's Quest
2013-08-22 15:27 - 2009-09-06 10:58 - 00000000 ____D C:\Users\Missy\AppData\Local\Microsoft Help
2013-08-22 15:27 - 2009-08-30 10:34 - 00000000 ____D C:\ProgramData\FLEXnet
2013-08-22 15:27 - 2009-08-18 20:07 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc
2013-08-22 15:27 - 2009-07-31 20:51 - 00000000 ___RD C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-22 15:27 - 2009-07-31 20:49 - 00000000 ___RD C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-08-22 15:27 - 2009-07-31 20:49 - 00000000 ___RD C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-08-22 15:27 - 2009-07-16 13:02 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Online
2013-08-22 15:27 - 2009-07-16 12:59 - 00000000 ____D C:\Program Files (x86)\Roxio
2013-08-22 15:27 - 2009-07-16 12:56 - 00000000 ____D C:\ProgramData\McAfee
2013-08-22 15:27 - 2009-07-16 12:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-08-22 15:16 - 2006-11-02 06:33 - 00000000 __RHD C:\Users\Default
2013-08-22 15:16 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\registration
2013-08-22 13:24 - 2009-07-16 12:49 - 00000000 ____D C:\Program Files\Java
2013-08-22 13:16 - 2006-11-02 05:33 - 22544384 _____ C:\Windows\system32\config\system_previous
2013-08-22 08:55 - 2013-08-20 11:13 - 00000000 ____D C:\Users\Missy\AppData\Local\temp(11084)
2013-08-22 08:29 - 2013-08-22 08:29 - 00000000 ____D C:\Users\Missy\AppData\Local\{E0EEF0F5-9403-4579-99C9-08421E5E3420}
2013-08-22 08:29 - 2010-02-20 10:41 - 00001356 _____ C:\Users\Missy\AppData\Local\d3d9caps.dat
2013-08-21 15:45 - 2013-08-21 15:23 - 00024235 _____ C:\Users\Missy\Desktop\Addition.txt
2013-08-21 15:22 - 2013-08-21 15:22 - 00000000 ____D C:\FRST
2013-08-21 12:57 - 2013-08-21 12:57 - 00000000 ____D C:\Users\Missy\AppData\Local\{B32B6F40-16B7-469A-8017-083753DAEF85}
2013-08-20 12:35 - 2013-08-20 12:22 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-20 11:13 - 2013-08-20 11:13 - 00013641 _____ C:\ComboFix.txt
2013-08-20 11:13 - 2013-08-20 10:41 - 00000000 ____D C:\Qoobox
2013-08-20 11:05 - 2013-08-20 11:05 - 00000000 ____D C:\$RECYCLE(479).BIN
2013-08-20 11:03 - 2006-11-02 05:33 - 76283904 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-08-20 11:03 - 2006-11-02 05:33 - 60555264 _____ C:\Windows\system32\config\COMPONENTS.bak
2013-08-20 11:03 - 2006-11-02 05:33 - 22544384 _____ C:\Windows\system32\config\SYSTEM.bak
2013-08-20 11:03 - 2006-11-02 05:33 - 00786432 _____ C:\Windows\system32\config\DEFAULT.bak
2013-08-20 11:03 - 2006-11-02 05:33 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-08-20 11:03 - 2006-11-02 05:33 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-08-19 14:36 - 2009-07-16 12:49 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-19 14:01 - 2013-08-19 14:01 - 00000000 ____D C:\Users\Missy\AppData\Local\{9D7BF142-F6A9-41D5-A8E3-13F8C356B1DF}
2013-08-19 11:45 - 2013-08-19 11:45 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Malwarebytes
2013-08-19 11:45 - 2013-08-19 11:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-18 16:43 - 2013-08-18 16:43 - 00000000 ____D C:\Users\Missy\AppData\Local\{9765DDDA-33B0-47CE-ACF3-3F066C759C22}
2013-08-05 16:14 - 2006-11-02 05:35 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
Files to move or delete:
====================
C:\Program Files\Windows Sidebar\Sidebar.exe
C:\Users\Administrator\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\Missy\AppData\Local\Temp\AskSLib.dll
C:\Users\Missy\AppData\Local\Temp\bfguni.exe
C:\Users\Missy\AppData\Local\Temp\jna1556226989820507750.dll
C:\Users\Missy\AppData\Local\Temp\jna2002456859155762683.dll
C:\Users\Missy\AppData\Local\Temp\jna2331062514162212213.dll
C:\Users\Missy\AppData\Local\Temp\jna2355986696262325669.dll
C:\Users\Missy\AppData\Local\Temp\jna2467734058843611480.dll
C:\Users\Missy\AppData\Local\Temp\jna2587542405074147886.dll
C:\Users\Missy\AppData\Local\Temp\jna3324832626392750145.dll
C:\Users\Missy\AppData\Local\Temp\jna3604634407575408226.dll
C:\Users\Missy\AppData\Local\Temp\jna3649307962293818662.dll
C:\Users\Missy\AppData\Local\Temp\jna3902341660231880286.dll
C:\Users\Missy\AppData\Local\Temp\jna5101864246072040005.dll
C:\Users\Missy\AppData\Local\Temp\jna5192316737345187005.dll
C:\Users\Missy\AppData\Local\Temp\jna5452044597866381432.dll
C:\Users\Missy\AppData\Local\Temp\jna5680582138372107645.dll
C:\Users\Missy\AppData\Local\Temp\jna5953159715845775426.dll
C:\Users\Missy\AppData\Local\Temp\jna6214937536017828096.dll
C:\Users\Missy\AppData\Local\Temp\jna6222063870116741207.dll
C:\Users\Missy\AppData\Local\Temp\jna6644649065932553396.dll
C:\Users\Missy\AppData\Local\Temp\jna6848220391819521905.dll
C:\Users\Missy\AppData\Local\Temp\jna6997590306762542424.dll
C:\Users\Missy\AppData\Local\Temp\jna8250192535611638292.dll
C:\Users\Missy\AppData\Local\Temp\jna8391246215504811474.dll
C:\Users\Missy\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Missy\AppData\Local\Temp\MSNBBFD.exe
C:\Users\Missy\AppData\Local\Temp\setup.exe
C:\Users\Missy\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\Missy\AppData\Local\Temp\Zynga.exe
C:\Users\Missy\AppData\Local\Temp\{2229EE32-E8FF-4f67-A132-194F07576117}\Luxor\core.dll
C:\Users\Missy\AppData\Local\Temp\{2229EE32-E8FF-4f67-A132-194F07576117}\Luxor\crash.dll
C:\Users\Missy\AppData\Local\Temp\{2229EE32-E8FF-4f67-A132-194F07576117}\Luxor\dsetup.dll
C:\Users\Missy\AppData\Local\Temp\{2229EE32-E8FF-4f67-A132-194F07576117}\Luxor\file.dll
C:\Users\Missy\AppData\Local\Temp\{2229EE32-E8FF-4f67-A132-194F07576117}\Luxor\fmod.dll
C:\Users\Missy\AppData\Local\Temp\{2229EE32-E8FF-4f67-A132-194F07576117}\Luxor\gfx2d.dll
C:\Users\Missy\AppData\Local\Temp\{2229EE32-E8FF-4f67-A132-194F07576117}\Luxor\gfx2d_dd7.dll
C:\Users\Missy\AppData\Local\Temp\{2229EE32-E8FF-4f67-A132-194F07576117}\Luxor\gfx2d_dx8.dll
C:\Users\Missy\AppData\Local\Temp\{2229EE32-E8FF-4f67-A132-194F07576117}\Luxor\gfx2d_ogl.dll
C:\Users\Missy\AppData\Local\Temp\{2229EE32-E8FF-4f67-A132-194F07576117}\Luxor\imglib.dll
C:\Users\Missy\AppData\Local\Temp\{2229EE32-E8FF-4f67-A132-194F07576117}\Luxor\jpeg.dll
C:\Users\Missy\AppData\Local\Temp\{2229EE32-E8FF-4f67-A132-194F07576117}\Luxor\logger.dll
C:\Users\Missy\AppData\Local\Temp\{2229EE32-E8FF-4f67-A132-194F07576117}\Luxor\Luxor.exe
C:\Users\Missy\AppData\Local\Temp\{2229EE32-E8FF-4f67-A132-194F07576117}\Luxor\net.dll
C:\Users\Missy\AppData\Local\Temp\{2229EE32-E8FF-4f67-A132-194F07576117}\Luxor\snd3d.dll
C:\Users\Missy\AppData\Local\Temp\{2229EE32-E8FF-4f67-A132-194F07576117}\Luxor\snd3d_fmod.dll
C:\Users\Missy\AppData\Local\Temp\{2229EE32-E8FF-4f67-A132-194F07576117}\Luxor\ui2.dll
C:\Users\Missy\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
C:\Users\Missy\AppData\Local\Temp\_ir_sf_temp_0\npCouponPrinter.dll
C:\Users\Missy\AppData\Local\Temp\_ir_sf_temp_0\npMozCouponPrinter.dll
C:\Users\Missy\AppData\Local\Temp\RootkitBuster\vsapi.dll
C:\Users\Missy\AppData\Local\Temp\RootkitBuster\update\iau_sdk\iau.dll
C:\Users\Missy\AppData\Local\Temp\RootkitBuster\update\iau_sdk\iaucore\7z.dll
C:\Users\Missy\AppData\Local\Temp\RootkitBuster\update\iau_sdk\iaucore\iaucore.dll
C:\Users\Missy\AppData\Local\Temp\RootkitBuster\update\iau_sdk\iaucore\libs\ciuas64.dll
C:\Users\Missy\AppData\Local\Temp\RootkitBuster\update\iau_sdk\iaucore\libs\ciussi64.dll
C:\Users\Missy\AppData\Local\Temp\RootkitBuster\update\iau_sdk\iaucore\libs\patchw64.dll
C:\Users\Missy\AppData\Local\Temp\RarSFX0\9818458.exe
C:\Users\Missy\AppData\Local\Temp\RarSFX0\9818458rar.exe
C:\Users\Missy\AppData\Local\Temp\RarSFX0\helper64.exe
C:\Users\Missy\AppData\Local\Temp\nsxD740.tmp\uac.dll
C:\Users\Missy\AppData\Local\Temp\nsq14A9.tmp\uac.dll
C:\Users\Missy\AppData\Local\Temp\nsl8286.tmp\uac.dll
C:\Users\Missy\AppData\Local\Temp\nsl7A10.tmp\InstallOptions.dll
C:\Users\Missy\AppData\Local\Temp\nsk499B.tmp\zplugins.dll
C:\Users\Missy\AppData\Local\Temp\nsgFB8C.tmp\inetc.dll
C:\Users\Missy\AppData\Local\Temp\nsgFB8C.tmp\LangDLL.dll
C:\Users\Missy\AppData\Local\Temp\nsgFB8C.tmp\md5dll.dll
C:\Users\Missy\AppData\Local\Temp\nsgFB8C.tmp\nsDialogs.dll
C:\Users\Missy\AppData\Local\Temp\nsgFB8C.tmp\stack.dll
C:\Users\Missy\AppData\Local\Temp\nsgFB8C.tmp\System.dll
C:\Users\Missy\AppData\Local\Temp\nsgFB8C.tmp\zplugins.dll
C:\Users\Missy\AppData\Local\Temp\nsdD82C.tmp\uac.dll
C:\Users\Missy\AppData\Local\Temp\nsdCF34.tmp\zplugins.dll
C:\Users\Missy\AppData\Local\Temp\nsd139E.tmp\uac.dll
C:\Users\Missy\AppData\Local\Temp\nsc2FC7.tmp\nsProcess.dll
C:\Users\Missy\AppData\Local\Temp\nsaACBB.tmp\uac.dll
C:\Users\Missy\AppData\Local\Temp\ICReinstall\VideoConverterSetup.exe
C:\Users\Missy\AppData\Local\Temp\HpUpdate\9764\ModelUpdate.exe
C:\Users\Missy\AppData\Local\Temp\HpUpdate\9763\ModelUpdate.exe
C:\Users\Missy\AppData\Local\Temp\HpUpdate\9762\ModelUpdate.exe
C:\Users\Missy\AppData\Local\Temp\HpUpdate\8632\HpHPSUAxKB.exe
C:\Users\Missy\AppData\Local\Temp\HpUpdate\26578\4250_DiagnosticAlert_000_000_010_000.exe
C:\Users\Missy\AppData\Local\Temp\HpUpdate\25919\CIOUMUpdate_3545_000_009_hpu.exe
C:\Users\Missy\AppData\Local\Temp\HPISPz\unzip.exe
C:\Users\Missy\AppData\Local\Temp\HPISPz\hprceu\wm_hooks.dll
C:\Users\Missy\AppData\Local\Temp\HPDiagnosticAlert\DiagnosticAlert.exe
C:\Users\Missy\AppData\Local\Temp\GameHouse\checkinst.dll
C:\Users\Missy\AppData\Local\Temp\9933.dir\InstallFlashPlayer.exe
C:\Users\Missy\AppData\Local\Temp\7zS3B12\InstallDiagnosticAlert.exe
C:\Users\Missy\AppData\Local\Temp\7zS3AB7\Dot4Scrubber.exe
C:\Users\Missy\AppData\Local\Temp\7zS3AB7\ExecuteProcess.exe
C:\Users\Missy\AppData\Local\Temp\7zS3AB7\HPeDiag.dll
C:\Users\Missy\AppData\Local\Temp\6C4A.dir\InstallFlashPlayer.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-02 09:48
 
==================== End Of Log ============================

 

 

Addition------

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-09-2013 06
Ran by Missy at 2013-09-02 15:16:34
Running from J:\
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
 Update for Microsoft Office 2007 (KB2508958) (x32)
64 Bit HP CIO Components Installer (Version: 7.2.8)
A Gypsy's Tale: The Tower of Secrets (x32)
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.1.377)
Adobe AIR (x32 Version: 1.1.0.5790)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.12.36)
Adobe Flash Player 11 ActiveX (x32 Version: 11.4.402.265)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0.0.3)
Adobe Photoshop.com Inspiration Browser (x32 Version: 2.61)
Adobe Reader 9.2 (x32 Version: 9.2.0)
Amazing Adventures: The Caribbean Secret (x32)
Apple Application Support (x32 Version: 1.3.2)
Apple Mobile Device Support (Version: 3.2.0.47)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Control Center (x32 Version: 2.008.1210.1622)
Bing Bar (x32 Version: 7.1.361.0)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
Blood Oath (x32)
Bonjour (Version: 2.0.3.0)
BufferChm (x32 Version: 140.0.212.000)
C310 (x32 Version: 140.0.304.000)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Full Existing (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Full New (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Light (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Previews Common (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center InstallProxy (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Chinese Standard (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Chinese Traditional (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Czech (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Danish (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Dutch (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Finnish (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization French (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization German (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Greek (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Hungarian (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Italian (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Japanese (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Korean (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Norwegian (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Polish (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Portuguese (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Russian (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Spanish (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Swedish (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Thai (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Turkish (x32 Version: 2008.1210.1623.29379)
CCC Help Chinese Standard (x32 Version: 2008.1210.1622.29379)
CCC Help Chinese Traditional (x32 Version: 2008.1210.1622.29379)
CCC Help Czech (x32 Version: 2008.1210.1622.29379)
CCC Help Danish (x32 Version: 2008.1210.1622.29379)
CCC Help Dutch (x32 Version: 2008.1210.1622.29379)
CCC Help English (x32 Version: 2008.1210.1622.29379)
CCC Help Finnish (x32 Version: 2008.1210.1622.29379)
CCC Help French (x32 Version: 2008.1210.1622.29379)
CCC Help German (x32 Version: 2008.1210.1622.29379)
CCC Help Greek (x32 Version: 2008.1210.1622.29379)
CCC Help Hungarian (x32 Version: 2008.1210.1622.29379)
CCC Help Italian (x32 Version: 2008.1210.1622.29379)
CCC Help Japanese (x32 Version: 2008.1210.1622.29379)
CCC Help Korean (x32 Version: 2008.1210.1622.29379)
CCC Help Norwegian (x32 Version: 2008.1210.1622.29379)
CCC Help Polish (x32 Version: 2008.1210.1622.29379)
CCC Help Portuguese (x32 Version: 2008.1210.1622.29379)
CCC Help Russian (x32 Version: 2008.1210.1622.29379)
CCC Help Spanish (x32 Version: 2008.1210.1622.29379)
CCC Help Swedish (x32 Version: 2008.1210.1622.29379)
CCC Help Thai (x32 Version: 2008.1210.1622.29379)
CCC Help Turkish (x32 Version: 2008.1210.1622.29379)
ccc-core-static (x32 Version: 2008.1210.1623.29379)
ccc-utility64 (Version: 2008.1210.1623.29379)
Coupon Printer for Windows (x32 Version: 5.0.0.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Dell DataSafe Online (x32 Version: 1.2.0009)
Dell Dock (Version: 1.0.0)
Dell Driver Download Manager (HKCU Version: 1.0.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell-eBay (x32 Version: 1.00.0000)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 140.0.212.000)
Echoes of the Past: The Castle of Shadows (x32)
Elixir of Immortality (x32)
Escape from Frankenstein's Castle (x32)
ESET Online Scanner v3 (x32)
Ghost Town Mysteries: Bodie (x32)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
GPBaseService2 (x32 Version: 140.0.211.000)
Hidden Magic (x32)
Hidden Mysteries: The Fateful Voyage - Titanic (x32)
Hide & Secret 3: Pharaoh's Quest (x32)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Photo Creations (x32 Version: 1.0.0.${CAB_VERSION})
HP Photosmart Plus B210 series Basic Device Software (Version: 22.50.231.0)
HP Photosmart Plus B210 series Help (x32 Version: 140.0.54.54)
HP Photosmart Plus B210 series Product Improvement Study (Version: 22.50.231.0)
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (x32 Version: 5.002.006.003)
HPAppStudio (x32 Version: 140.0.95.000)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPPhotoGadget (x32 Version: 140.0.524.000)
HPProductAssistant (x32 Version: 140.0.212.000)
HPSSupply (x32 Version: 140.0.211.000)
Imaging Device Functions 14.0 (Version: 14.0)
iTunes (Version: 10.0.1.22)
Java Auto Updater (x32 Version: 2.0.5.1)
Java™ 6 Update 13 (64-bit) (Version: 6.0.130)
Java™ 6 Update 26 (x32 Version: 6.0.260)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Luxor (x32)
Luxor Adventures (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 140.0.212.000)
McAfee Total Protection (x32 Version: 11.6.511)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (x32 Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Midnight Mysteries: Salem Witch Trials (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (x32 Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mystery Case Files &reg;: 13th Skull ™ Collector's Edition (x32)
Mystery Case Files&reg;: Dire Grove™ Collector's Edition (x32)
Mystic Diary: Haunted Island (x32)
Network64 (Version: 140.0.215.000)
PhotoshopdotcomInspirationBrowser (x32 Version: 0.0.0)
Platform (x32 Version: 1.34)
PowerDVD DX (x32 Version: 8.2.5024)
PS_AIO_07_C310_SW_Min (x32 Version: 140.0.304.000)
PuppetShow: Mystery of Joyville ™ (x32)
QuickTime (x32 Version: 7.68.75.0)
QuickTransfer (x32 Version: 140.0.98.000)
Redemption Cemetery: Curse of the Raven Collector's Edition (x32)
Reincarnations: Awakening (x32)
Roxio Creator Audio (x32 Version: 3.7.0)
Roxio Creator Copy (x32 Version: 3.7.0)
Roxio Creator Data (x32 Version: 3.7.0)
Roxio Creator DE (x32 Version: 10.1)
Roxio Creator DE (x32 Version: 3.7.0)
Roxio Creator Tools (x32 Version: 3.7.0)
Roxio Express Labeler 3 (x32 Version: 3.2.1)
Roxio Update Manager (x32 Version: 6.0.0)
Safari (x32 Version: 5.33.18.5)
Scan (x32 Version: 140.0.80.000)
Segoe UI (x32 Version: 15.4.2271.0615)
Shared C Run-time for x64 (Version: 10.0.0)
Shop for HP Supplies (Version: 14.0)
Skins (x32 Version: 2008.1210.1623.29379)
SmartWebPrinting (x32 Version: 140.0.186.000)
SolutionCenter (x32 Version: 140.0.214.000)
Sophos Virus Removal Tool (x32 Version: 2.4)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
Status (x32 Version: 140.0.256.000)
The Return of Monte Cristo (x32)
Toolbox (x32 Version: 140.0.428.000)
TrayApp (x32 Version: 140.0.212.000)
Treasure Seekers: Follow the Ghosts (x32)
Twisted Lands: Shadow Town (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (x32 Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
VIA Platform Device Manager (x32 Version: 1.34)
WebReg (x32 Version: 140.0.212.017)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
 
==================== Restore Points  =========================
 
26-08-2013 17:18:35 Windows Update
26-08-2013 19:23:15 Windows Update
27-08-2013 16:11:57 Scheduled Checkpoint
27-08-2013 20:52:48 Windows Modules Installer
28-08-2013 16:12:37 Windows Update
28-08-2013 16:23:15 Installed Sophos Virus Removal Tool.
29-08-2013 10:00:28 Windows Update
29-08-2013 10:00:35 Scheduled Checkpoint
29-08-2013 10:08:21 Windows Modules Installer
30-08-2013 17:19:19 Scheduled Checkpoint
31-08-2013 15:31:16 Scheduled Checkpoint
02-09-2013 17:41:03 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2006-11-02 05:34 - 2006-09-18 14:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {02E5A0E9-4734-490B-AF57-3B5F2C8A9FB3} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {37F5B265-8A4E-483D-AC21-CF7238754FE5} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\pla.dll [2008-01-20] (Microsoft Corporation)
Task: {6A03C052-4A62-4464-BD68-58B7F6EAFDF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24] (Google Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7E8F0A8B-4956-4FBA-9C47-2A6DEA5F9416} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24] (Google Inc.)
Task: {863B43FE-657E-4F34-A167-5CB0382AD479} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8BB27C8C-1B4F-45E0-B666-D6E35EA52D30} - System32\Tasks\HPCustParticipation HP Photosmart Plus B210 series => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation)
Task: {B0AA22EA-635B-4F4F-A287-EB70D8DFA860} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-20] (Microsoft Corp.)
Task: {DCB6B697-5F0F-4602-8E24-042382772E54} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F5876A91-E501-48C6-A019-899F524DB9AC} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-10-22 18:44 - 2009-04-11 00:11 - 02570240 _____ (Microsoft Corporation) C:\Windows\system32\milcore.dll
2009-10-22 18:44 - 2009-04-11 00:11 - 01650688 _____ (Microsoft Corporation) C:\Windows\system32\BROWSEUI.dll
2010-10-12 22:23 - 2010-05-04 12:40 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\msshsq.dll
2010-06-24 03:01 - 2009-11-08 10:55 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2013-04-26 06:36 - 2013-04-26 06:36 - 09797768 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
2010-03-18 14:27 - 2010-03-18 14:27 - 00827744 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100_CLR0400.dll
2009-10-22 18:44 - 2009-04-11 00:11 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\FunDisc.dll
2009-10-22 18:44 - 2009-04-11 00:11 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\fdproxy.dll
2009-10-22 18:43 - 2009-04-11 00:11 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\wscntfy.dll
2008-01-20 19:49 - 2008-01-20 19:49 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Cabinet.dll
2009-10-22 18:44 - 2009-04-11 00:11 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2009-10-22 18:41 - 2009-04-11 00:11 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\WDSCORE.dll
2006-11-02 02:21 - 2006-11-02 04:19 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\tschannel.dll
2008-01-20 19:47 - 2008-01-20 19:47 - 01319424 _____ (Microsoft Corporation) C:\Windows\System32\TMM.dll
2009-07-16 15:19 - 2009-01-13 01:07 - 00118272 _____ () C:\Windows\system32\atitmm64.dll
2009-07-16 15:19 - 2009-01-13 01:07 - 00395264 _____ (ATI Technologies, Inc.) C:\Windows\system32\atipdl64.dll
2006-11-02 08:01 - 2006-11-02 08:01 - 00654440 _____ (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpRes.dll
2008-01-20 19:47 - 2008-01-20 19:47 - 01099832 _____ (Microsoft Corporation) C:\Program Files\Windows Defender\MpRtMon.DLL
2008-01-20 19:48 - 2008-01-20 19:48 - 00202296 _____ (Microsoft Corporation) C:\Windows\system32\dssenh.dll
2010-07-27 18:55 - 2010-07-27 18:55 - 00193824 _____ (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll
2008-01-20 19:51 - 2008-01-20 19:51 - 00382464 _____ (Microsoft Corporation) C:\Windows\eHome\ehProxy.dll
2013-08-24 10:54 - 2013-04-22 15:59 - 10021016 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
2013-08-26 10:53 - 2013-08-26 10:53 - 15574528 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\a5ae3cd99fb47ff37a7e8083425df4c2\mscorlib.ni.dll
2009-10-22 18:44 - 2009-03-29 21:39 - 00085312 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll
2013-08-26 10:53 - 2013-08-26 10:53 - 10639360 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\System\a3641e7f72c0aad0b1cbe3cf2c387b3a\System.ni.dll
2013-08-26 10:59 - 2013-08-26 10:59 - 00401408 _____ (Stardock) C:\Windows\assembly\NativeImages_v2.0.50727_64\MyDock.Util\dfd0260bebb16b98030e7e51657f469c\MyDock.Util.ni.dll
2013-08-26 10:59 - 2013-08-26 10:59 - 03373568 _____ (Stardock Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\DellDock\dc53b5731c361a82cc019b2b71566b5b\DellDock.ni.exe
2013-08-26 10:59 - 2013-08-26 10:59 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\6724ee8621c814b1516828984ae45c8a\VistaBridgeLibrary.ni.dll
2013-08-26 11:00 - 2013-08-26 11:00 - 22171136 _____ (DevComponents.com) C:\Windows\assembly\NativeImages_v2.0.50727_64\MenuSkinning\c87c07bbe4a05f807322807a495f0937\MenuSkinning.ni.dll
2013-08-26 10:56 - 2013-08-26 10:56 - 02321408 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b36c28f9eebe94d655c8df42f354d0cd\System.Drawing.ni.dll
2013-08-26 10:56 - 2013-08-26 10:56 - 17380864 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\90f176c554f6070e6f44d6ab0580480e\System.Windows.Forms.ni.dll
2013-08-26 10:57 - 2013-08-26 10:57 - 06963200 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\4069407bd70371eba7cd1d2d498b83f9\System.Xml.ni.dll
2013-08-26 10:58 - 2013-08-26 10:58 - 01320448 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\4dac99694f3d46a9bb11b529d4a28d21\System.Configuration.ni.dll
2009-02-06 14:20 - 2009-02-06 14:20 - 00482672 _____ (Stardock) C:\Program Files\Dell\DellDock\MyDockLib.dll
2013-08-26 10:59 - 2013-08-26 10:59 - 01408000 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\9ab13b74fc362634aeac38b67efae566\System.Management.ni.dll
2009-04-24 12:04 - 2008-07-27 11:01 - 00047112 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll
2013-01-09 03:24 - 2012-10-05 04:00 - 01575008 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
2013-08-26 10:58 - 2013-08-26 10:58 - 00078848 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\Accessibility\8ecb71232ab31650a7ac5c9a8c382080\Accessibility.ni.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00106496 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3266.29453__90ba9c70f846762e\MOM.Implementation.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00061440 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3266.29451__90ba9c70f846762e\LOG.Foundation.Implementation.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
2013-08-26 10:59 - 2013-08-26 10:59 - 01022464 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\645de7b75b1c096bee01e979efcd0e63\System.Runtime.Remoting.ni.dll
2013-08-26 10:59 - 2013-08-26 10:59 - 15245824 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\c8a72992ff6eff72ca3710ea41cc44c5\System.Web.ni.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3266.29452__90ba9c70f846762e\CCC.Implementation.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll
2009-07-16 12:52 - 2008-03-17 15:50 - 00072192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2009-07-16 12:52 - 2009-01-06 15:11 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2009-07-16 12:52 - 2008-01-18 12:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2009-07-16 12:52 - 2009-03-30 18:30 - 00993280 ____R (VIA Technologies, Inc.) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAPropPageExt.dll
2011-08-31 12:54 - 2011-08-31 12:54 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100.dll
2011-08-31 12:54 - 2011-08-31 12:54 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP100.dll
2011-08-31 12:54 - 2011-08-31 12:54 - 00158536 _____ (Microsoft Corporation) C:\Windows\system32\ATL100.DLL
2013-03-12 22:04 - 2013-03-12 22:04 - 00394896 _____ (McAfee, Inc.) c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\11_6_2~2\McUtil.dll
2010-09-02 10:57 - 2012-09-10 12:33 - 00238360 _____ (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MSC\McRtMui.dll
2010-09-02 10:57 - 2012-09-10 12:17 - 00167832 _____ (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MSC\LangSel.dll
2010-09-02 10:57 - 2012-06-22 22:31 - 00270952 _____ (McAfee, Inc.) C:\Program Files\McAfee\MSC\McOemRes.dll
2010-09-02 10:57 - 2011-09-08 02:37 - 00036648 _____ (McAfee, Inc.) C:\Program Files\McAfee\MSC\OemUI.dll
2010-09-02 10:57 - 2013-03-19 12:53 - 05470664 _____ (McAfee, Inc.) C:\Program Files\McAfee\MSC\mcprlres.dll
2010-09-02 10:57 - 2013-03-13 18:46 - 00874864 _____ (McAfee, Inc.) c:\PROGRA~1\mcafee\msc\mcmscshm.dll
2011-08-20 04:53 - 2013-03-13 18:45 - 00146112 _____ (McAfee, Inc.) c:\PROGRA~1\mcafee\msc\McMscHlp.dll
2010-09-02 10:57 - 2013-03-12 22:03 - 00557088 _____ (McAfee, Inc.) C:\PROGRA~1\COMMON~1\McAfee\MSC\McBrwsr2.dll
2010-09-02 10:57 - 2013-03-13 18:47 - 00130144 _____ (McAfee, Inc.) c:\PROGRA~1\mcafee\msc\mcupdshm.dll
2010-09-02 10:57 - 2013-03-13 18:46 - 00045720 _____ (McAfee, Inc.) c:\PROGRA~1\mcafee\msc\mcuicfg.dll
2013-03-13 18:46 - 2013-03-13 18:46 - 00655968 _____ (McAfee, Inc.) c:\PROGRA~1\mcafee\msc\mcsubmgr\11_6_5~1\mcsubmgr.dll
2010-09-02 10:54 - 2012-08-31 13:00 - 00054056 _____ (McAfee, Inc.) c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll
2010-09-02 10:57 - 2013-03-13 18:45 - 00161056 _____ (McAfee, Inc.) c:\PROGRA~1\mcafee\msc\mcmispps.dll
2013-02-12 00:30 - 2013-03-19 12:53 - 03969960 _____ (McAfee, Inc.) C:\Program Files\McAfee\MSC\mscjsres.dll
2013-02-12 00:30 - 2013-03-19 12:53 - 00411816 _____ (McAfee, Inc.) c:\progra~1\mcafee\msc\mscuild.dll
2010-09-02 10:57 - 2012-06-22 22:31 - 00007784 _____ (McAfee, Inc.) c:\progra~1\mcafee\msc\oemuild.dll
2013-08-24 10:53 - 2013-04-17 04:29 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\D3D10Warp.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 02312704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2010-09-02 11:00 - 2012-10-06 15:02 - 00371736 _____ (McAfee, Inc.) c:\PROGRA~1\mcafee\mpf\mpfshm.dll
2010-09-02 11:00 - 2012-09-10 23:41 - 00444896 _____ (McAfee, Inc.) c:\PROGRA~1\mcafee\msk\mskcshim.dll
2006-11-02 03:30 - 2006-11-02 04:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\TAPI32.dll
2010-09-02 10:58 - 2012-11-16 22:10 - 00352208 _____ (McAfee, Inc.) c:\PROGRA~1\mcafee\VIRUSS~1\mcoasshm.dll
2013-08-24 10:40 - 2013-07-24 20:28 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\VBScript.dll
2011-08-20 04:53 - 2012-09-10 17:50 - 01022232 _____ (McAfee, Inc.) c:\PROGRA~1\COMMON~1\mcafee\msc\mcdspwrp.dll
2010-09-02 10:57 - 2013-03-13 18:45 - 00154352 _____ (McAfee, Inc.) C:\PROGRA~1\McAfee\MSC\McLWAPI.DLL
2010-09-02 10:58 - 2012-11-16 22:10 - 01597424 _____ (McAfee, Inc.) C:\PROGRA~1\McAfee\VIRUSS~1\VsoRes.Dll
2010-09-02 10:57 - 2013-03-13 18:46 - 00212544 _____ (McAfee, Inc.) C:\PROGRA~1\McAfee\MSC\mcprlalt.dll
2010-09-02 10:57 - 2013-03-13 18:45 - 00272832 _____ (McAfee, Inc.) c:\PROGRA~1\mcafee\msc\mciptshm.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00057344 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3266.29368__90ba9c70f846762e\CLI.Component.SkinFactory.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00069632 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3266.29366__90ba9c70f846762e\CLI.Component.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3266.29366__90ba9c70f846762e\AEM.Server.dll
2008-09-18 08:30 - 2008-09-18 08:30 - 01186816 _____ () C:\PROGRA~2\ATITEC~1\ATI.ACE\CORE-I~1\64\wbocx.ocx
2009-07-16 12:51 - 2009-07-16 12:51 - 00013312 _____ ( ) C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00011264 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3266.29476__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
2006-08-12 14:05 - 2006-08-12 14:05 - 00126976 _____ (Stardock Corporation) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\dshelp64.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3266.29468__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00045056 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll
2009-07-16 15:19 - 2009-01-13 01:07 - 00425984 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIDEMGX.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00278528 _____ (Advanced Mirco Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3266.29368__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00061440 _____ (Advanced Mirco Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00024576 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll
2007-10-29 12:56 - 2007-10-29 12:56 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00073728 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3266.29367__90ba9c70f846762e\ATIDEMOS.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
2008-04-03 14:29 - 2008-04-03 14:29 - 00020480 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3266.29375__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00069632 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3266.29418__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00036864 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3266.29405__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
2008-05-15 12:51 - 2008-05-15 12:51 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0805.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00077824 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3266.29438__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00065536 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3266.29388__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00036864 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3266.29415__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3266.29407__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00032768 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3266.29417__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3266.29406__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
2008-01-18 09:35 - 2008-01-18 09:35 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00057344 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3266.29423__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00081920 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3266.29407__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3266.29458__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3218.28701__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3266.29365__90ba9c70f846762e\APM.Server.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00007168 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3266.29366__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00393216 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3266.29379__90ba9c70f846762e\CLI.Component.Wizard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00040960 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3266.29380__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00466944 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3266.29459__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00094208 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3266.29424__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 01691648 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3266.29383__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00204800 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3266.29384__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00006656 _____ ( ) C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00405504 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3266.29433__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 01073152 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3266.29372__90ba9c70f846762e\CLI.Component.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3266.29374__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00135168 _____ (Advanced Mirco Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3266.29460__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00225280 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3266.29385__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00716800 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3266.29376__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00122880 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3266.29416__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00438272 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3266.29406__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00450560 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3266.29403__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00344064 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3266.29424__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00589824 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3266.29385__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00811008 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3266.29408__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
2010-07-27 18:44 - 2010-07-27 18:44 - 00152864 _____ (Apple Inc.) C:\Program Files (x86)\Bonjour\mdnsNSP.dll
2009-11-18 05:42 - 2009-11-18 05:42 - 00210048 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpquio08.dll
2009-11-18 05:42 - 2009-11-18 05:42 - 00048128 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2009-11-18 05:42 - 2009-11-18 05:42 - 00154752 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtao08.dll
2010-04-15 22:35 - 2010-04-15 22:35 - 00280424 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpotradd.dll
2010-04-15 22:35 - 2010-04-15 22:35 - 00544104 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.dll
2010-04-15 22:35 - 2010-04-15 22:35 - 00020840 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
2009-11-17 22:39 - 2009-11-17 22:39 - 00330880 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqrif08.dll
2009-11-17 23:58 - 2009-11-17 23:58 - 00342656 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqmif08.dll
2009-11-18 05:16 - 2009-11-18 05:16 - 00053888 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddusr.dll
2009-11-18 05:16 - 2009-11-18 05:16 - 00217728 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddcmn.dll
2009-11-17 23:58 - 2009-11-17 23:58 - 00559232 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll
2010-12-12 20:58 - 2010-12-12 20:58 - 00161784 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e\ATL90.DLL
2013-08-24 10:54 - 2013-04-22 16:00 - 05920408 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
2013-08-26 10:50 - 2013-08-26 10:50 - 11497984 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
2009-10-22 18:44 - 2009-03-29 21:42 - 00074048 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
2013-01-09 03:24 - 2012-10-05 03:58 - 00364656 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
2013-08-26 10:51 - 2013-08-26 10:51 - 07977984 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00275696 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2013-08-26 10:52 - 2013-08-26 10:52 - 01593344 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
2013-08-26 10:52 - 2013-08-26 10:52 - 12434432 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f575e4c534a93294c72fea670ca73492\System.Windows.Forms.ni.dll
2009-04-09 14:29 - 2009-04-09 14:29 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2013-08-26 11:19 - 2013-08-26 11:19 - 01840640 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64fe2235e06dc8fd69a2fd3f6022553c\System.Web.Services.ni.dll
2013-08-26 10:53 - 2013-08-26 10:53 - 05462016 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
2013-08-26 11:18 - 2013-08-26 11:18 - 00978944 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b8e424ef545f262fd6cb9f35b97fc8b9\System.Configuration.ni.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00152816 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00338160 _____ (TODO: <Company name>) C:\Program Files (x86)\Dell DataSafe Online\OlbEng.dll
2009-11-13 16:57 - 2009-11-13 16:57 - 01441792 _____ (SwapDrive, Inc.) C:\Program Files (x86)\Dell DataSafe Online\BuEng.dll
2013-08-26 11:20 - 2013-08-26 11:20 - 00998400 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
2009-04-24 12:04 - 2008-07-27 11:03 - 00037896 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2009-10-22 18:45 - 2009-03-29 21:42 - 00572248 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
2009-07-16 13:09 - 2009-02-04 19:26 - 01060864 _____ (Microsoft Corporation) C:\Program Files\CyberLink\PowerDVD DX\MFC71.DLL
2009-07-16 13:09 - 2009-02-04 19:26 - 00074984 _____ (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll
2010-09-24 03:10 - 2010-09-24 03:10 - 00173344 _____ (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.dll
2010-08-10 00:00 - 2010-08-10 00:00 - 00828704 _____ (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
2009-09-04 23:14 - 2009-09-04 23:14 - 00053024 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2010-08-10 00:00 - 2010-08-10 00:00 - 00120096 _____ (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
2010-08-10 00:00 - 2010-08-10 00:00 - 00042272 _____ (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
2010-08-10 00:00 - 2010-08-10 00:00 - 01041696 _____ (IBM Corporation and others) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuin40.dll
2010-08-10 00:00 - 2010-08-10 00:00 - 00922912 _____ (IBM Corporation and others) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuuc40.dll
2010-08-10 00:00 - 2010-08-10 00:00 - 14013728 _____ (IBM Corporation and others) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt40.dll
2010-08-10 00:00 - 2010-08-10 00:00 - 00075040 _____ (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
2010-09-24 03:10 - 2010-09-24 03:10 - 00048928 _____ (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
2010-09-24 03:10 - 2010-09-24 03:10 - 00047904 _____ (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
2010-09-08 12:17 - 2010-09-08 12:17 - 12115968 _____ (Apple Inc.) C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts
2010-09-08 12:17 - 2010-09-08 12:17 - 00180224 _____ (Apple Inc.) C:\Program Files (x86)\QuickTime\QTSystem\QTCF.dll
2010-08-10 00:00 - 2010-08-10 00:00 - 00628000 _____ (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.DLL
2009-09-04 23:14 - 2009-09-04 23:14 - 00406816 _____ (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
2009-09-04 23:15 - 2009-09-04 23:15 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2010-08-13 12:59 - 2010-08-13 12:59 - 01250592 _____ (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
AlternateDataStreams: C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website:favicon
AlternateDataStreams: C:\ProgramData\TEMP:041C0562
AlternateDataStreams: C:\ProgramData\TEMP:0696EC8E
AlternateDataStreams: C:\ProgramData\TEMP:0F38B460
AlternateDataStreams: C:\ProgramData\TEMP:16ADBA30
AlternateDataStreams: C:\ProgramData\TEMP:2495D97A
AlternateDataStreams: C:\ProgramData\TEMP:3086B95F
AlternateDataStreams: C:\ProgramData\TEMP:386B39C3
AlternateDataStreams: C:\ProgramData\TEMP:6017A808
AlternateDataStreams: C:\ProgramData\TEMP:737160C1
AlternateDataStreams: C:\ProgramData\TEMP:7FCB9D0D
AlternateDataStreams: C:\ProgramData\TEMP:80EA2EA3
AlternateDataStreams: C:\ProgramData\TEMP:8B4B9596
AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F
AlternateDataStreams: C:\ProgramData\TEMP:9491C9C7
AlternateDataStreams: C:\ProgramData\TEMP:996104FC
AlternateDataStreams: C:\ProgramData\TEMP:9E76E7F3
AlternateDataStreams: C:\ProgramData\TEMP:A5584049
AlternateDataStreams: C:\ProgramData\TEMP:AECF4772
AlternateDataStreams: C:\ProgramData\TEMP:C76CFF82
AlternateDataStreams: C:\ProgramData\TEMP:CC4C59B4
AlternateDataStreams: C:\ProgramData\TEMP:D4D38596
AlternateDataStreams: C:\ProgramData\TEMP:E91ADC66
AlternateDataStreams: C:\ProgramData\TEMP:FAFEC4B9
AlternateDataStreams: C:\ProgramData\TEMP:FC2D0F32
AlternateDataStreams: C:\ProgramData\TEMP:FED25C29
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/02/2013 09:43:28 AM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()
 
Error: (09/02/2013 09:43:06 AM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()
 
Error: (09/02/2013 09:38:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/31/2013 02:38:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
Error: (08/31/2013 02:38:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
Error: (08/31/2013 10:59:41 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/31/2013 10:59:41 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/31/2013 10:55:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/30/2013 11:00:48 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/30/2013 11:00:48 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (08/31/2013 10:54:32 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DVDADOG-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6B7A56AD-ACFF-470F-ADBE-C4B385368145}.
The master browser is stopping or an election is being forced.
 
Error: (08/30/2013 10:55:35 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DVDADOG-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6B7A56AD-ACFF-470F-ADBE-C4B385368145}.
The master browser is stopping or an election is being forced.
 
Error: (08/30/2013 10:36:33 AM) (Source: netbt) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.102.
The computer with the IP address 192.168.0.100 did not allow the name to be claimed by
this computer.
 
Error: (08/29/2013 03:31:19 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DVDADOG-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6B7A56AD-ACFF-470F-ADBE-C4B385368145}.
The master browser is stopping or an election is being forced.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-08-20 11:02:08.482
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-20 11:02:08.061
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 33%
Total physical RAM: 7934.2 MB
Available physical RAM: 5248.97 MB
Total Pagefile: 16074.93 MB
Available Pagefile: 13532.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:581.48 GB) (Free:467.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.86 GB) NTFS
Drive j: (WDO_MEDIA32) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 2B8A41B8)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=581 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 960 MB) (Disk ID: 04C11CA0)
Partition 1: (Active) - (Size=960 MB) - (Type=0B)
 
==================== End Of Log ============================


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:45 AM

Posted 02 September 2013 - 06:27 PM

Hello dvdadog



I need you to download this script I have made for you --> Attached File  fixlist.txt   287bytes   6 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 dvdadog

dvdadog
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 03 September 2013 - 10:57 AM

Hi Gringo,

 

Here is the fixlog.  The problem persists under the user account.

 

--------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-09-2013 06
Ran by Missy at 2013-09-03 08:45:24 Run:1
Running from J:\
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Startup: C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_77304823.lnk
ShortcutTarget: _uninst_77304823.lnk -> C:\Users\Missy\AppData\Local\Temp\_uninst_77304823.bat ()
C:\Users\Administrator\AppData\Local\Temp
C:\Users\Missy\AppData\Local\Temp
 
 
*****************
 
C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_77304823.lnk not found.
C:\Users\Missy\AppData\Local\Temp\_uninst_77304823.bat not found.
C:\Users\Administrator\AppData\Local\Temp => Moved successfully.
C:\Users\Missy\AppData\Local\Temp => Moved successfully.
 
==== End of Fixlog ====

 

 

dvdadog



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:45 AM

Posted 03 September 2013 - 09:57 PM



Hello dvdadog

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 dvdadog

dvdadog
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 04 September 2013 - 11:51 AM

Hi Gringo,

 

  Here are the logs.  After running the JRT the browser was tested and was able to save without issues.  The computer was restarted and the browser is unable to save again.

 

 

ADW-----

 

# AdwCleaner v3.002 - Report created 04/09/2013 at 09:10:57
# Updated 01/09/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Missy - MISSY-PC
# Running from : C:\Users\Missy\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16502
 
 
*************************
 
AdwCleaner[R0].txt - [11239 octets] - [20/08/2013 13:10:19]
AdwCleaner[R1].txt - [786 octets] - [30/08/2013 10:52:55]
AdwCleaner[R2].txt - [2259 octets] - [04/09/2013 09:08:41]
AdwCleaner[S0].txt - [10852 octets] - [20/08/2013 13:36:38]
AdwCleaner[S1].txt - [846 octets] - [30/08/2013 10:54:02]
AdwCleaner[S2].txt - [1846 octets] - [04/09/2013 09:10:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1906 octets] ##########
 

 

JRT-------

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Windows ™ Vista Home Premium x64
Ran by Missy on Wed 09/04/2013 at  9:16:27.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Missy\AppData\Roaming\big fish games"
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{00DBD2FB-C2A7-4B0A-8B72-F6759D6564B1}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{03F1EDF2-65D2-4EE1-93A3-F0218537D58D}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{042B489D-141A-4B26-8494-3A13BE8B7224}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{0801757D-FA2C-41CC-9963-241DF1895D00}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{0AA9D6A0-1B9B-49BC-8128-CEFCAFC01BCB}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{0CDF14A5-2A92-4809-B52B-37D1AC3D1692}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{0DD6EA5A-7EA8-4880-9F6B-C29259023AEF}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{0F9D914C-F157-4C0E-89F8-EF6E6A28679F}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{0F9F43AD-A055-45E9-9ADE-B2C4D8235A4B}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{106665CB-8B6D-4A96-8D4E-1EBCAD6F4875}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{12D0BFFC-49CD-488C-ABD8-234FCB3F79B3}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{144E0395-BF45-4181-A209-022CB13AB9AC}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{188AE9B7-03C3-4E81-8E79-75F187F5D44C}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{1A71384F-47AB-43EC-867F-F7A0EF570195}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{1C325765-2CE4-404F-92D2-D1FBC52D064C}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{1E0403A9-612E-4322-B596-5EBB0A3A0C00}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{1FBE17A4-0904-4383-9DD0-685DFAB28E6D}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{2029B7BC-88A2-40FF-AC91-637BE4CE426F}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{21447DEC-B632-471D-9987-C0A7FE07E69B}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{21A8ADE5-ACE5-432F-9071-D4F2AADFCAB0}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{22CA0B85-CDFF-4C9D-ADE2-A0E1CAA9A143}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{23D8A4D1-0A11-4991-8A6A-B1B44607AEC4}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{244FD448-520E-49F3-A13D-43AEFE22F565}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{287D1510-105C-442A-90CA-0FCDF95AAEF5}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{2977958D-3922-4C72-989E-2BFA63BF2E28}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{2F5447CC-F3AC-4504-906A-33AF57232981}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{30E2D69E-313E-4E7A-B378-FBB8FCBBD68A}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{31B53931-EFAB-436C-9E6E-E40246181363}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{352A3384-36D2-474F-B1D6-3117B50B9ACF}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{361A1508-8A52-4A42-BDCE-5997D0C60E95}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{3DDD0055-1FDA-4534-B43A-D3D646C808D0}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{4049D6F1-409A-426B-BC8C-7CA543BC1FD5}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{43443907-E7CD-4B9F-859F-9EFEA6068B09}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{46F35C3B-5626-4FAA-AD59-D309475539C4}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{47B0CFB7-166C-4FB1-A356-909EEE03945E}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{4A820F0B-78B5-4357-92A9-C7309F3E3922}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{4BABB942-0783-4D1D-B905-B32D46CA598E}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{4CD2B226-E1C2-470D-B29F-5F14D8D387A0}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{4D35F80A-85E1-4CAF-B0FA-DEAF58BD6653}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{4DC8EB86-D4F1-44AA-870A-5F8F21C68BA7}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{50372124-E0D7-4991-8948-E764030AD0B5}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{54161DD1-5DC2-413F-9F7F-B99ED7BC3906}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{577B9467-D0EA-402E-9DAE-FC2A6272C62E}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{5A4BFD4C-8249-4B59-B4E5-8E36EF1569F3}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{5F3CD4A1-8C29-4EA0-A860-D1C2B530EB21}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{635E052E-C5B8-49CC-B559-F248672EE950}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{636620B8-40B4-411B-B25F-CACD98EA1E6B}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{63F8D764-94FF-43EB-9ACA-1E9289FFB67F}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{68666607-2B2A-405A-913B-DC486C1EA923}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{690925B8-8B83-4259-9618-A9D6B670D24C}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{693FB66C-789F-420A-AD1D-F26A15153D8F}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{69FA61A0-93EB-43CE-9FC6-CF6A6659BDEA}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{6D5C697D-2EFF-44AF-9D9F-9CD85D12AFBD}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{6DB33A09-9BE2-4E0F-985B-0B245B6461D0}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{6ECFED13-4A67-4D01-A744-262727333567}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{6F5774AF-9CCC-42C1-BF76-0D19E344FB72}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{6FAEF314-F9A3-429F-B14D-46A6525EDF76}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{750D962E-99D2-400C-BA1D-CC64626CA972}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{77581B8B-F9B0-4ADA-8232-61B5F728C4A6}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{7874D38E-0A6E-43F1-A1F5-EF2288C838F7}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{7A8D2562-3E20-48F1-B6F6-005154A9E85C}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{7B1D7348-C66D-4A6B-8DDE-6C166487E818}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{7EC24D3F-F990-4F9C-82B4-EFDA873581FC}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{80BB7909-52B8-4B16-9259-FC160544EA3A}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{84BEB655-26D2-452F-8D99-00A28E5E869F}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{8698FD8B-FE95-4885-AB13-99ED8F43A272}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{869FB80F-2D69-4C41-95C8-106735281EAE}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{86C361C2-A36F-4DDF-ABB5-E9503DC94FDE}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{87741A5E-2A2B-4CEB-A47F-7F6A7C03F384}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{8ABFA1EA-804A-4D57-8F71-68890F1D87FE}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{8B0CC52A-D41D-486F-90B3-53AB0885A01A}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{9040133F-77D9-4E8E-8CEC-B0D0EA07F973}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{90E56FFB-55ED-4A6E-BDFF-4E84F22A83B0}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{93EEB1C7-ABF5-4F3F-BE56-5F52455AE3E8}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{94E0F28A-7FB3-4509-9917-D5BE7CAD93A2}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{9765DDDA-33B0-47CE-ACF3-3F066C759C22}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{9B1222B7-E25E-49EC-BAD3-11CF39130D73}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{9D018849-6400-4B21-A4E8-B2B36A3CA763}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{9D7BF142-F6A9-41D5-A8E3-13F8C356B1DF}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{9DFFC622-5092-4C06-BF1F-15452F164F6F}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{9E55DBB7-0BF5-47EA-9618-B6CA4EB647CC}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{9EA7089C-DF4B-488C-BAD5-41388F0E2EA0}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{A0D8EEA7-C4CB-4D10-AEE7-E63DA7DC9A0D}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{A5E6DCF1-2313-49F0-A172-01264AE2EF7C}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{A8296171-3F09-4576-B381-6FCB3EAC3108}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{AA495E68-A99B-482D-9723-93FE1091F0EC}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{AEE8E683-FB7A-48C8-8B84-49E508FB36E7}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{B32B6F40-16B7-469A-8017-083753DAEF85}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{B3E9BFAD-076A-4009-8031-67A5DF8021E2}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{BA47D10C-6BE8-4BDC-9BDC-3B5D152B90B3}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{BC3A9244-CF38-46B3-9A43-8EF98E15C4CD}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{BF5AAE25-910B-4684-8959-48CBAAF57AE6}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{C17BECAA-4398-4D4B-880B-11B3FD1BE5C5}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{C2A859D4-04A0-4313-AB65-EB9F26573BA0}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{C435DD72-D474-427B-B2AD-99F9D5CE0114}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{CD7C3EE9-07AD-4B0F-886E-6548F8B7E666}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{CD82CDA0-B14E-4E33-B5DC-65F7DB7A9C9E}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{CFF353A2-74AD-49F1-BC48-2019D286345B}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{D0116E08-2D0B-4B2E-9F44-7D969C94165F}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{D01B9907-9ED5-4F26-92C8-D56F37CA5174}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{D0494A4A-43F7-419E-8F48-370379BA251F}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{D0AB6B63-759A-4C73-831C-80A857E0C5DE}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{D2197D40-7158-43B6-88D4-91A51391B75B}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{D921DD8E-26E7-4E3D-B8AA-917853416DE4}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{D925C17D-B484-4121-9F4A-A56182FA3829}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{D940F420-24FC-4D79-8C28-01BD862B1EB5}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{DD2117C5-CF57-4F7E-B0A2-C66164415108}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{DE31AADE-3FD1-4862-B353-BEB0C524F052}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{DF841523-EA86-4644-9951-C46964029271}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{E0EEF0F5-9403-4579-99C9-08421E5E3420}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{E3B9B50C-CE91-4D89-AE6C-58B1F175262E}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{E65D945F-F163-4FF4-812F-F7394F29C405}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{E76A9DFD-1024-4EC4-AFE5-318A05691B76}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{E77E0ED7-373F-433C-8131-EE345BE776E5}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{E838FBCC-5526-4021-A535-253E4511C3AA}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{EA27ABE8-0F4A-4F96-9AA4-4E4256E7434C}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{EC6ABB24-D78F-45BF-9F9B-467F0BFB2EB5}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{EE0F4EC9-58DD-4874-89E2-DE1FE01370CB}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{F0A5D828-00E6-416F-A299-38505EE79B2E}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{F0D7627F-8A7E-4015-91CC-063E7123BFC3}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{F34B9F24-67E0-4F32-8D62-398CDF6329B0}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{F65D2F54-475A-4268-8090-5BA1FFBFAB31}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{F931CCFF-70AC-4875-9083-7878E149BD8B}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{FAFB9F39-7FDD-4DF9-B215-AE4D96B3A85B}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{FBF1E824-B967-4B3B-A20F-7FC0AFF67ECF}
Successfully deleted: [Empty Folder] C:\Users\Missy\appdata\local\{FE705916-0933-4B04-88F9-A1126C485BE6}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/04/2013 at  9:26:21.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

-dvdadog



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:45 AM

Posted 04 September 2013 - 04:40 PM


Hello dvdadog

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 dvdadog

dvdadog
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 04 September 2013 - 05:48 PM

Hi Gringo,

 

  I disabled the Mcaffee antivirus and set to turn back on - Never, and ran Combofix.  Combofix completed on it's own and displayed the log.  I tested ie download and it is working, though I have not yet restarted the computer.  Restarting seems to cause the problem to remanifest.

 

Combofix ---

 

ComboFix 13-09-04.04 - Missy 09/04/2013  15:12:22.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.7934.6465 [GMT -7:00]
Running from: c:\users\Missy\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-04 to 2013-09-04  )))))))))))))))))))))))))))))))
.
.
2013-09-04 22:24 . 2013-09-04 22:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-03 15:57 . 2013-08-20 07:46 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3594497-90B7-4A02-9DED-AE9CDD2B06C7}\mpengine.dll
2013-09-03 15:47 . 2013-09-04 22:24 -------- d-----w- c:\users\Missy\AppData\Local\Temp
2013-08-31 21:41 . 2013-08-31 21:41 -------- d-----w- c:\programdata\Kaspersky Lab
2013-08-28 22:18 . 2013-07-29 22:57 379392 ----a-w- c:\program files\Internet Explorer\ieuser.exe
2013-08-28 22:18 . 2013-07-29 22:13 300544 ----a-w- c:\program files (x86)\Internet Explorer\ieuser.exe
2013-08-28 19:41 . 2013-08-28 19:42 -------- d-----w- C:\EEK
2013-08-28 19:24 . 2013-08-28 19:24 -------- d-----w- c:\windows\ERUNT
2013-08-28 16:25 . 2013-08-28 16:25 -------- d-----w- c:\programdata\Sophos
2013-08-28 16:24 . 2013-08-28 16:24 -------- d-----w- c:\program files (x86)\Sophos
2013-08-27 18:21 . 2013-08-02 14:06 1706496 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-27 18:21 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-27 16:42 . 2013-08-27 16:42 -------- d-----w- c:\program files (x86)\ESET
2013-08-27 16:16 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-27 16:16 . 2013-08-27 16:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-26 22:20 . 2013-08-26 22:21 -------- d-----w- c:\users\Administrator
2013-08-24 17:51 . 2013-06-15 13:27 20480 ----a-w- c:\windows\system32\icaapi.dll
2013-08-24 17:51 . 2013-06-15 11:38 29184 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-24 17:51 . 2013-07-10 09:47 677888 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-24 17:51 . 2013-07-10 09:42 1303552 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-24 17:40 . 2013-07-25 03:28 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-08-23 21:14 . 2013-07-05 04:45 1423808 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-23 20:20 . 2013-07-08 04:16 992768 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-23 20:20 . 2013-07-08 04:12 1276416 ----a-w- c:\windows\system32\crypt32.dll
2013-08-23 20:20 . 2013-07-08 04:16 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-23 20:20 . 2013-07-08 04:15 218624 ----a-w- c:\windows\system32\wintrust.dll
2013-08-23 20:20 . 2013-07-08 04:20 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-23 20:20 . 2013-07-08 04:16 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-23 20:20 . 2013-07-08 04:12 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-23 20:20 . 2013-07-08 04:12 132096 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-23 20:17 . 2013-07-17 20:01 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-23 20:17 . 2013-07-17 19:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-23 19:35 . 2013-08-23 19:35 -------- d-----w- c:\users\Missy\AppData\Local\StartNow
2013-08-23 16:16 . 2013-06-04 02:03 2775040 ----a-w- c:\windows\system32\win32k.sys
2013-08-22 08:46 . 2013-08-23 22:37 -------- d-----w- c:\program files (x86)\Windows Defender
2013-08-21 22:22 . 2013-08-21 22:22 -------- d-----w- C:\FRST
2013-08-20 20:10 . 2013-09-04 16:10 -------- d-----w- C:\AdwCleaner
2013-08-20 19:22 . 2013-08-20 19:35 -------- d-----w- c:\programdata\HitmanPro
2013-08-20 18:13 . 2013-08-22 15:55 -------- d-----w- c:\users\Missy\AppData\Local\temp(11084)
2013-08-20 18:05 . 2013-08-20 18:05 -------- d-----w- C:\$RECYCLE(479).BIN
2013-08-19 22:47 . 2013-08-24 18:07 -------- d-----w- c:\windows\system32\MRT
2013-08-19 21:40 . 2013-08-19 21:40 -------- d-----w- c:\program files (x86)\Common Files\Java(1642)
2013-08-19 18:45 . 2013-08-19 18:45 -------- d-----w- c:\users\Missy\AppData\Roaming\Malwarebytes
2013-08-19 18:45 . 2013-08-19 18:45 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-05 23:14 . 2006-11-02 12:35 78161360 ----a-w- c:\windows\system32\mrt.exe
2013-07-30 04:29 . 2013-08-28 22:18 53760 ----a-w- c:\windows\apppatch\iebrshim.dll
2013-07-30 00:29 . 2013-08-28 22:18 146944 ----a-w- c:\windows\apppatch\AppPatch64\iebrshim.dll
2013-07-08 04:16 . 2013-08-24 17:53 43008 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-04-28 17824256]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-14 1532992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\RUN\a2ddax64.sys;c:\eek\RUN\a2ddax64.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 00:43]
.
2013-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 00:43]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
TCP: DhcpNameServer = 207.14.235.234 8.8.8.8 8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2013-09-04  15:28:23
ComboFix-quarantined-files.txt  2013-09-04 22:28
ComboFix2.txt  2013-08-20 18:13
.
Pre-Run: 498,430,885,888 bytes free
Post-Run: 498,497,896,448 bytes free
.
- - End Of File - - 50BFAAD918F0AEF462E861A72D89BEAC
CDB4DE4BBD714F152979DA2DCBEF57EB
 

 

What's next boss?

dvdadog



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:45 AM

Posted 04 September 2013 - 10:05 PM


Hello dvdadog

Go ahead and restart we need to know if it stays working


At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\users\Missy\AppData\Local\StartNow
 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 dvdadog

dvdadog
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 05 September 2013 - 01:34 PM

Hi Gringo,

 

I restarted the computer and the problem is back again.  Here is the requested log report.  After Combofix finished I tested the computer and the problem was gone, then I restarted the computer and it's not saving again, i.e. file contained a virus and was deleted.

 

ComboFix 13-09-04.04 - Missy 09/05/2013   9:36.2.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.7934.6185 [GMT -7:00]
Running from: c:\users\Missy\Desktop\ComboFix.exe
Command switches used :: c:\users\Missy\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Missy\AppData\Local\StartNow
c:\users\Missy\AppData\Local\StartNow\protect.xml
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-05 to 2013-09-05  )))))))))))))))))))))))))))))))
.
.
2013-09-05 16:49 . 2013-09-05 16:49 -------- d-----w- c:\users\Missy\AppData\Local\temp
2013-09-05 16:49 . 2013-09-05 16:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-03 15:57 . 2013-08-20 07:46 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3594497-90B7-4A02-9DED-AE9CDD2B06C7}\mpengine.dll
2013-08-31 21:41 . 2013-08-31 21:41 -------- d-----w- c:\programdata\Kaspersky Lab
2013-08-28 22:18 . 2013-07-29 22:57 379392 ----a-w- c:\program files\Internet Explorer\ieuser.exe
2013-08-28 22:18 . 2013-07-29 22:13 300544 ----a-w- c:\program files (x86)\Internet Explorer\ieuser.exe
2013-08-28 19:41 . 2013-08-28 19:42 -------- d-----w- C:\EEK
2013-08-28 19:24 . 2013-08-28 19:24 -------- d-----w- c:\windows\ERUNT
2013-08-28 16:25 . 2013-08-28 16:25 -------- d-----w- c:\programdata\Sophos
2013-08-28 16:24 . 2013-08-28 16:24 -------- d-----w- c:\program files (x86)\Sophos
2013-08-27 18:21 . 2013-08-02 14:06 1706496 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-27 18:21 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-27 16:42 . 2013-08-27 16:42 -------- d-----w- c:\program files (x86)\ESET
2013-08-27 16:16 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-27 16:16 . 2013-08-27 16:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-26 22:20 . 2013-08-26 22:21 -------- d-----w- c:\users\Administrator
2013-08-24 17:51 . 2013-06-15 13:27 20480 ----a-w- c:\windows\system32\icaapi.dll
2013-08-24 17:51 . 2013-06-15 11:38 29184 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-24 17:51 . 2013-07-10 09:47 677888 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-24 17:51 . 2013-07-10 09:42 1303552 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-24 17:40 . 2013-07-25 03:28 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-08-23 21:14 . 2013-07-05 04:45 1423808 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-23 20:20 . 2013-07-08 04:16 992768 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-23 20:20 . 2013-07-08 04:12 1276416 ----a-w- c:\windows\system32\crypt32.dll
2013-08-23 20:20 . 2013-07-08 04:16 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-23 20:20 . 2013-07-08 04:15 218624 ----a-w- c:\windows\system32\wintrust.dll
2013-08-23 20:20 . 2013-07-08 04:20 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-23 20:20 . 2013-07-08 04:16 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-23 20:20 . 2013-07-08 04:12 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-23 20:20 . 2013-07-08 04:12 132096 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-23 20:17 . 2013-07-17 20:01 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-23 20:17 . 2013-07-17 19:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-23 16:16 . 2013-06-04 02:03 2775040 ----a-w- c:\windows\system32\win32k.sys
2013-08-22 08:46 . 2013-08-23 22:37 -------- d-----w- c:\program files (x86)\Windows Defender
2013-08-21 22:22 . 2013-08-21 22:22 -------- d-----w- C:\FRST
2013-08-20 20:10 . 2013-09-04 16:10 -------- d-----w- C:\AdwCleaner
2013-08-20 19:22 . 2013-08-20 19:35 -------- d-----w- c:\programdata\HitmanPro
2013-08-20 18:05 . 2013-08-20 18:05 -------- d-----w- C:\$RECYCLE(479).BIN
2013-08-19 22:47 . 2013-08-24 18:07 -------- d-----w- c:\windows\system32\MRT
2013-08-19 21:40 . 2013-08-19 21:40 -------- d-----w- c:\program files (x86)\Common Files\Java(1642)
2013-08-19 18:45 . 2013-08-19 18:45 -------- d-----w- c:\users\Missy\AppData\Roaming\Malwarebytes
2013-08-19 18:45 . 2013-08-19 18:45 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-05 23:14 . 2006-11-02 12:35 78161360 ----a-w- c:\windows\system32\mrt.exe
2013-07-30 04:29 . 2013-08-28 22:18 53760 ----a-w- c:\windows\apppatch\iebrshim.dll
2013-07-30 00:29 . 2013-08-28 22:18 146944 ----a-w- c:\windows\apppatch\AppPatch64\iebrshim.dll
2013-07-08 04:16 . 2013-08-24 17:53 43008 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-04-28 17824256]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-14 1532992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\RUN\a2ddax64.sys;c:\eek\RUN\a2ddax64.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 00:43]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 00:43]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
TCP: DhcpNameServer = 207.14.235.234 8.8.8.8 8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2013-09-05  09:52:39
ComboFix-quarantined-files.txt  2013-09-05 16:52
ComboFix2.txt  2013-09-04 22:28
ComboFix3.txt  2013-08-20 18:13
.
Pre-Run: 498,321,293,312 bytes free
Post-Run: 497,236,615,168 bytes free
.
- - End Of File - - B8BA5FF7CA94C201FA62C8F05DF14B2B
CDB4DE4BBD714F152979DA2DCBEF57EB
 

 

Ready for more.

 

-dvdadog



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:45 AM

Posted 05 September 2013 - 07:39 PM

Hello -dvdadog


I would like you to rerun the FRST program that we ran before


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 dvdadog

dvdadog
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 06 September 2013 - 01:01 PM

Hi Gringo

 

Here are the logs.

 

FRST-----

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2013
Ran by Missy (administrator) on MISSY-PC on 06-09-2013 10:56:54
Running from C:\Users\Missy\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Core\mchost.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-24] (Google Inc.)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [17824256 2009-04-27] (VIA)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-09-24] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKU\Administrator\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-24] (Google Inc.)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
DPF: HKLM-x32 {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 207.14.235.234 8.8.8.8 8.8.4.4
 
==================== Services (Whitelisted) =================
 
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [120592 2013-05-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-08-28] (Emsisoft GmbH)
R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-08-28] (Emsisoft GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2013-08-28] (Emsisoft GmbH)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2013-08-28] (Emsisoft GmbH)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 USB_RNDIS_VISTA; C:\Windows\System32\DRIVERS\usb8023.sys [19456 2013-02-11] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U3 mfeavfk01; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-05 09:52 - 2013-09-05 09:52 - 00015486 _____ C:\ComboFix.txt
2013-09-04 15:10 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-04 15:10 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-04 15:10 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-04 15:10 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-04 15:10 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-04 15:10 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-04 15:10 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-04 15:10 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-04 15:07 - 2013-09-04 15:26 - 00000000 ____D C:\Windows\erdnt
2013-09-04 09:39 - 2013-09-04 09:39 - 00000000 ____D C:\Users\Missy\AppData\Local\{545559A1-FF24-4427-B44F-21BB26B288F1}
2013-09-04 09:07 - 2013-09-04 09:00 - 01028757 _____ (Thisisu) C:\Users\Missy\Desktop\JRT.exe
2013-08-31 14:41 - 2013-08-31 14:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-30 10:52 - 2013-08-30 10:17 - 00994642 _____ C:\Users\Administrator\Desktop\adwcleaner (1).exe
2013-08-29 03:11 - 2013-08-29 03:11 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-08-29 03:11 - 2013-08-29 03:11 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-29 03:11 - 2013-08-29 03:11 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-29 03:11 - 2013-08-29 03:11 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-29 03:11 - 2013-08-29 03:11 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-29 03:11 - 2013-08-29 03:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-29 03:11 - 2013-08-29 03:11 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-29 03:11 - 2013-08-29 03:11 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-08-29 03:11 - 2013-08-29 03:11 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-29 03:11 - 2013-08-29 03:11 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-08-29 03:11 - 2013-08-29 03:11 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-28 15:22 - 2013-08-28 15:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\Stardock_Corporation
2013-08-28 15:19 - 2013-08-28 15:19 - 00002622 _____ C:\Users\Administrator\Desktop\a2scan_130828-131319.txt
2013-08-28 13:12 - 2013-08-28 13:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple
2013-08-28 12:42 - 2013-08-28 12:42 - 00000500 _____ C:\Users\Administrator\Desktop\Emsisoft Emergency Kit.lnk
2013-08-28 12:41 - 2013-08-28 12:42 - 00000000 ____D C:\EEK
2013-08-28 12:40 - 2013-08-28 12:41 - 00013966 _____ C:\Users\Administrator\Desktop\Result.txt
2013-08-28 12:34 - 2013-08-28 12:38 - 00002304 _____ C:\Users\Administrator\Desktop\JRT.txt
2013-08-28 12:24 - 2013-08-28 12:24 - 00000000 ____D C:\Windows\ERUNT
2013-08-28 10:28 - 2013-08-28 09:42 - 191149080 _____ C:\Users\Administrator\Desktop\EmsisoftEmergencyKit.exe
2013-08-28 09:25 - 2013-08-28 09:25 - 00000000 ____D C:\ProgramData\Sophos
2013-08-28 09:24 - 2013-08-28 09:24 - 00002066 _____ C:\Users\Administrator\Desktop\Sophos Virus Removal Tool.lnk
2013-08-28 09:24 - 2013-08-28 09:24 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-08-28 09:22 - 2013-08-28 09:04 - 00760937 _____ (Farbar) C:\Users\Administrator\Desktop\MiniToolBox.exe
2013-08-28 09:22 - 2013-08-28 09:03 - 01021434 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2013-08-28 09:22 - 2013-08-28 09:02 - 75837231 _____ (Sophos Limited) C:\Users\Administrator\Desktop\Sophos Virus Removal Tool.exe
2013-08-27 13:33 - 2013-08-27 13:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Google
2013-08-27 13:33 - 2013-08-27 13:33 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-08-27 11:21 - 2013-08-02 07:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-27 11:21 - 2013-08-01 21:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-27 09:42 - 2013-08-27 09:42 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-27 09:37 - 2013-08-27 09:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HpUpdate
2013-08-27 09:33 - 2013-08-27 09:33 - 00000000 ____D C:\Users\Administrator\AppData\Local\DataSafeOnline
2013-08-27 09:32 - 2013-08-27 09:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ATI
2013-08-27 09:32 - 2013-08-27 09:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-08-27 09:32 - 2013-08-27 09:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\PowerDVD DX
2013-08-27 09:32 - 2013-08-27 09:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\ATI
2013-08-27 09:16 - 2013-08-27 09:16 - 00000950 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-27 09:16 - 2013-08-27 09:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-08-27 09:16 - 2013-08-27 09:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-27 09:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-27 09:15 - 2013-08-26 15:33 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe
2013-08-27 09:15 - 2013-06-20 11:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Administrator\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-27 09:14 - 2013-08-26 15:17 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2013-08-26 15:36 - 2013-08-26 15:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-08-26 15:36 - 2013-08-26 15:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-08-26 15:23 - 2013-08-26 15:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Dell
2013-08-26 15:23 - 2013-08-26 15:23 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2013-08-26 15:22 - 2013-08-26 15:22 - 00063048 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-26 15:20 - 2013-08-26 15:21 - 00000000 ____D C:\Users\Administrator
2013-08-26 15:20 - 2013-08-26 15:20 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-08-26 15:20 - 2009-09-06 03:01 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-08-26 13:32 - 2013-08-26 13:32 - 00000258 __RSH C:\ProgramData\ntuser.pol
2013-08-26 09:59 - 2013-08-26 12:16 - 00000000 ____D C:\Users\Missy\Desktop\backups
2013-08-24 10:53 - 2013-07-09 05:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-24 10:53 - 2013-07-09 05:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-24 10:53 - 2013-07-07 21:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-24 10:53 - 2013-07-07 21:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-24 10:53 - 2013-07-07 21:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-24 10:53 - 2013-07-07 21:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-24 10:53 - 2013-07-07 21:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-08-24 10:53 - 2013-07-07 18:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-24 10:53 - 2013-07-07 18:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-24 10:53 - 2013-07-07 18:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-24 10:53 - 2013-05-31 21:19 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-24 10:53 - 2013-05-31 21:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-08-24 10:53 - 2013-04-17 05:32 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-24 10:53 - 2013-04-17 05:32 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-24 10:53 - 2013-04-17 05:32 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-24 10:53 - 2013-04-17 05:32 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-24 10:53 - 2013-04-17 04:29 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-24 10:53 - 2013-04-17 04:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-08-24 10:53 - 2013-04-17 04:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-08-24 10:53 - 2013-04-17 04:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-08-24 10:53 - 2013-04-17 04:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-08-24 10:53 - 2013-04-17 04:27 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-24 10:53 - 2013-04-17 04:02 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-24 10:53 - 2013-04-17 03:58 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-24 10:53 - 2013-04-17 03:58 - 01149440 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-24 10:53 - 2013-04-17 03:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-08-24 10:53 - 2013-04-17 03:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-08-24 10:53 - 2013-04-17 03:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-08-24 10:53 - 2013-04-17 03:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-24 10:51 - 2013-07-10 02:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-24 10:51 - 2013-07-10 02:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-24 10:51 - 2013-06-15 06:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-24 10:51 - 2013-06-15 04:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-24 10:40 - 2013-07-24 20:28 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-23 14:14 - 2013-07-04 21:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-23 13:20 - 2013-07-07 21:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-23 13:20 - 2013-07-07 21:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-23 13:20 - 2013-07-07 21:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-23 13:20 - 2013-07-07 21:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-23 13:20 - 2013-07-07 21:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-23 13:20 - 2013-07-07 21:12 - 01276416 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-23 13:20 - 2013-07-07 21:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-23 13:20 - 2013-07-07 21:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-23 13:17 - 2013-07-17 13:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-23 13:17 - 2013-07-17 12:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-23 13:14 - 2013-08-23 13:14 - 00003038 _____ C:\Windows\System32\Tasks\{EC7E6A60-4576-4929-85BD-EC42E5E9CF73}
2013-08-23 12:50 - 2013-08-23 12:50 - 00003000 _____ C:\Windows\System32\Tasks\{41E8014C-2752-4947-81DB-ACC7D504BC65}
2013-08-23 09:16 - 2013-06-03 19:03 - 02775040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-22 01:46 - 2013-08-23 15:37 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-21 15:22 - 2013-08-21 15:22 - 00000000 ____D C:\FRST
2013-08-20 13:10 - 2013-09-04 09:10 - 00000000 ____D C:\AdwCleaner
2013-08-20 12:22 - 2013-08-20 12:35 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-20 11:13 - 2013-08-22 08:55 - 00000000 ____D C:\Users\Missy\AppData\Local\temp(11084)
2013-08-20 11:05 - 2013-08-20 11:05 - 00000000 ____D C:\$RECYCLE(479).BIN
2013-08-20 10:41 - 2013-09-05 09:52 - 00000000 ____D C:\Qoobox
2013-08-19 15:47 - 2013-08-24 11:07 - 00000000 ____D C:\Windows\system32\MRT
2013-08-19 11:45 - 2013-08-19 11:45 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Malwarebytes
2013-08-19 11:45 - 2013-08-19 11:45 - 00000000 ____D C:\ProgramData\Malwarebytes
 
==================== One Month Modified Files and Folders =======
 
2013-09-06 10:55 - 2009-07-16 07:35 - 01409668 _____ C:\Windows\WindowsUpdate.log
2013-09-06 10:37 - 2013-09-06 10:56 - 01948360 _____ (Farbar) C:\Users\Missy\Desktop\FRST64.exe
2013-09-06 10:18 - 2010-12-24 17:43 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-06 10:11 - 2010-12-24 17:43 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-05 11:03 - 2008-01-20 20:26 - 00148540 _____ C:\Windows\PFRO.log
2013-09-05 11:03 - 2006-11-02 08:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-05 11:03 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 11:03 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 11:02 - 2006-11-02 08:42 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-05 09:52 - 2013-09-05 09:52 - 00015486 _____ C:\ComboFix.txt
2013-09-05 09:52 - 2013-08-20 10:41 - 00000000 ____D C:\Qoobox
2013-09-05 09:49 - 2006-11-02 05:34 - 00000215 _____ C:\Windows\system.ini
2013-09-05 09:07 - 2012-12-15 03:35 - 00262144 _____ C:\Windows\system32\config\ELAM
2013-09-04 15:28 - 2006-11-02 06:33 - 00000000 __RHD C:\Users\Default
2013-09-04 15:26 - 2013-09-04 15:07 - 00000000 ____D C:\Windows\erdnt
2013-09-04 09:39 - 2013-09-04 09:39 - 00000000 ____D C:\Users\Missy\AppData\Local\{545559A1-FF24-4427-B44F-21BB26B288F1}
2013-09-04 09:39 - 2010-11-04 08:02 - 00000000 ____D C:\Users\Missy\AppData\Local\Windows Live
2013-09-04 09:38 - 2009-08-04 19:12 - 00000000 ____D C:\Users\Missy\Tracing
2013-09-04 09:10 - 2013-08-20 13:10 - 00000000 ____D C:\AdwCleaner
2013-09-04 09:00 - 2013-09-04 09:07 - 01028757 _____ (Thisisu) C:\Users\Missy\Desktop\JRT.exe
2013-09-03 08:42 - 2009-07-31 20:49 - 00000000 ___RD C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-02 09:44 - 2006-11-02 05:46 - 00703516 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-02 09:42 - 2006-11-02 08:27 - 00182809 _____ C:\Windows\setupact.log
2013-08-31 14:41 - 2013-08-31 14:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-30 10:17 - 2013-08-30 10:52 - 00994642 _____ C:\Users\Administrator\Desktop\adwcleaner (1).exe
2013-08-29 03:47 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\rescache
2013-08-29 03:28 - 2006-11-02 06:33 - 00000000 ___RD C:\Windows\Offline Web Pages
2013-08-29 03:28 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-29 03:12 - 2011-11-09 19:16 - 00005660 _____ C:\Windows\IE9_main.log
2013-08-29 03:12 - 2006-11-02 05:16 - 00008798 _____ C:\Windows\SysWOW64\icrav03.rat
2013-08-29 03:12 - 2006-11-02 05:16 - 00001988 _____ C:\Windows\SysWOW64\ticrf.rat
2013-08-29 03:12 - 2006-11-01 23:36 - 00008798 _____ C:\Windows\system32\icrav03.rat
2013-08-29 03:12 - 2006-11-01 23:36 - 00001988 _____ C:\Windows\system32\ticrf.rat
2013-08-29 03:11 - 2013-08-29 03:11 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-08-29 03:11 - 2013-08-29 03:11 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-29 03:11 - 2013-08-29 03:11 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-29 03:11 - 2013-08-29 03:11 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-29 03:11 - 2013-08-29 03:11 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-29 03:11 - 2013-08-29 03:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-29 03:11 - 2013-08-29 03:11 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-29 03:11 - 2013-08-29 03:11 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-08-29 03:11 - 2013-08-29 03:11 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-29 03:11 - 2013-08-29 03:11 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-08-29 03:11 - 2013-08-29 03:11 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-08-29 03:11 - 2013-08-29 03:11 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-08-29 03:11 - 2013-08-29 03:11 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-28 15:22 - 2013-08-28 15:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\Stardock_Corporation
2013-08-28 15:19 - 2013-08-28 15:19 - 00002622 _____ C:\Users\Administrator\Desktop\a2scan_130828-131319.txt
2013-08-28 13:12 - 2013-08-28 13:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple
2013-08-28 12:42 - 2013-08-28 12:42 - 00000500 _____ C:\Users\Administrator\Desktop\Emsisoft Emergency Kit.lnk
2013-08-28 12:42 - 2013-08-28 12:41 - 00000000 ____D C:\EEK
2013-08-28 12:41 - 2013-08-28 12:40 - 00013966 _____ C:\Users\Administrator\Desktop\Result.txt
2013-08-28 12:38 - 2013-08-28 12:34 - 00002304 _____ C:\Users\Administrator\Desktop\JRT.txt
2013-08-28 12:24 - 2013-08-28 12:24 - 00000000 ____D C:\Windows\ERUNT
2013-08-28 09:42 - 2013-08-28 10:28 - 191149080 _____ C:\Users\Administrator\Desktop\EmsisoftEmergencyKit.exe
2013-08-28 09:25 - 2013-08-28 09:25 - 00000000 ____D C:\ProgramData\Sophos
2013-08-28 09:24 - 2013-08-28 09:24 - 00002066 _____ C:\Users\Administrator\Desktop\Sophos Virus Removal Tool.lnk
2013-08-28 09:24 - 2013-08-28 09:24 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-08-28 09:04 - 2013-08-28 09:22 - 00760937 _____ (Farbar) C:\Users\Administrator\Desktop\MiniToolBox.exe
2013-08-28 09:03 - 2013-08-28 09:22 - 01021434 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2013-08-28 09:02 - 2013-08-28 09:22 - 75837231 _____ (Sophos Limited) C:\Users\Administrator\Desktop\Sophos Virus Removal Tool.exe
2013-08-27 13:35 - 2009-07-31 20:51 - 00000976 _____ C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2013-08-27 13:33 - 2013-08-27 13:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Google
2013-08-27 13:33 - 2013-08-27 13:33 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-08-27 09:42 - 2013-08-27 09:42 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-27 09:37 - 2013-08-27 09:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HpUpdate
2013-08-27 09:33 - 2013-08-27 09:33 - 00000000 ____D C:\Users\Administrator\AppData\Local\DataSafeOnline
2013-08-27 09:32 - 2013-08-27 09:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ATI
2013-08-27 09:32 - 2013-08-27 09:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-08-27 09:32 - 2013-08-27 09:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\PowerDVD DX
2013-08-27 09:32 - 2013-08-27 09:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\ATI
2013-08-27 09:16 - 2013-08-27 09:16 - 00000950 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-27 09:16 - 2013-08-27 09:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-08-27 09:16 - 2013-08-27 09:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-26 15:36 - 2013-08-26 15:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-08-26 15:36 - 2013-08-26 15:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-08-26 15:33 - 2013-08-27 09:15 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe
2013-08-26 15:23 - 2013-08-26 15:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Dell
2013-08-26 15:23 - 2013-08-26 15:23 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2013-08-26 15:22 - 2013-08-26 15:22 - 00063048 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-26 15:21 - 2013-08-26 15:20 - 00000000 ____D C:\Users\Administrator
2013-08-26 15:20 - 2013-08-26 15:20 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-08-26 15:17 - 2013-08-27 09:14 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2013-08-26 13:32 - 2013-08-26 13:32 - 00000258 __RSH C:\ProgramData\ntuser.pol
2013-08-26 13:32 - 2006-11-02 06:34 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-08-26 12:16 - 2013-08-26 09:59 - 00000000 ____D C:\Users\Missy\Desktop\backups
2013-08-26 10:48 - 2006-11-02 08:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-08-26 10:48 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-26 09:53 - 2006-11-02 08:21 - 00281456 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-26 09:51 - 2009-07-16 13:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-24 11:12 - 2009-07-16 12:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-24 11:07 - 2013-08-19 15:47 - 00000000 ____D C:\Windows\system32\MRT
2013-08-23 15:37 - 2013-08-22 01:46 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-23 15:36 - 2012-06-20 15:54 - 00001460 _____ C:\Users\Missy\AppData\Local\d3d9caps64.dat
2013-08-23 13:14 - 2013-08-23 13:14 - 00003038 _____ C:\Windows\System32\Tasks\{EC7E6A60-4576-4929-85BD-EC42E5E9CF73}
2013-08-23 12:52 - 2009-08-07 15:12 - 00000000 ____D C:\Program Files (x86)\LimeWire
2013-08-23 12:50 - 2013-08-23 12:50 - 00003000 _____ C:\Windows\System32\Tasks\{41E8014C-2752-4947-81DB-ACC7D504BC65}
2013-08-23 09:06 - 2010-12-24 17:43 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-23 09:06 - 2010-12-24 17:43 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-23 09:06 - 2009-09-23 19:08 - 00000000 ____D C:\Program Files\McAfee
2013-08-23 08:49 - 2009-07-31 20:49 - 00000000 ____D C:\Users\Missy
2013-08-22 15:38 - 2006-11-02 05:33 - 76021760 _____ C:\Windows\system32\config\software_previous
2013-08-22 15:35 - 2010-02-14 04:19 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-08-22 15:35 - 2010-02-14 04:19 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-08-22 15:35 - 2010-02-13 11:32 - 00000000 ____D C:\Windows\SysWOW64\vi-VN
2013-08-22 15:35 - 2010-02-13 11:32 - 00000000 ____D C:\Windows\SysWOW64\eu-ES
2013-08-22 15:35 - 2010-02-13 11:32 - 00000000 ____D C:\Windows\SysWOW64\ca-ES
2013-08-22 15:35 - 2010-02-13 11:32 - 00000000 ____D C:\Windows\system32\vi-VN
2013-08-22 15:35 - 2010-02-13 11:32 - 00000000 ____D C:\Windows\system32\eu-ES
2013-08-22 15:35 - 2010-02-13 11:32 - 00000000 ____D C:\Windows\system32\ca-ES
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Windows\ShellNew
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Windows\DigitalLocker
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files\Windows Photo Gallery
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files\Windows Collaboration
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files\Windows Calendar
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files\Movie Maker
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files (x86)\Windows Photo Gallery
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files (x86)\Windows Collaboration
2013-08-22 15:35 - 2006-11-02 08:07 - 00000000 ____D C:\Program Files (x86)\Windows Calendar
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\SLUI
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\setup
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\ras
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\ias
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\com
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\zh-HK
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\uk-UA
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\tr-TR
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\th-TH
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\sysprep
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\sr-Latn-CS
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\SLUI
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\sl-SI
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\sk-SK
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\setup
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\ro-RO
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\ras
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\oobe
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\migwiz
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\manifeststore
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\lv-LV
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\lt-LT
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\icsxml
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\ias
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\hr-HR
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\he-IL
2013-08-22 15:35 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\et-EE
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 __RSD C:\Windows\Media
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\system32\com
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\system32\bg-BG
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\system32\ar-SA
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\servicing
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\MSAgent64
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\MSAgent
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\L2Schemas
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\IME
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\Cursors
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Program Files\Common Files\System
2013-08-22 15:35 - 2006-11-02 06:33 - 00000000 ____D C:\Program Files\Common Files\Services
2013-08-22 15:29 - 2012-05-14 09:21 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-08-22 15:29 - 2010-02-14 17:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-08-22 15:29 - 2010-02-13 08:07 - 00000000 ____D C:\Windows\system32\EventProviders
2013-08-22 15:29 - 2006-11-02 08:07 - 00000000 ____D C:\Windows\system32\restore
2013-08-22 15:29 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\tapi
2013-08-22 15:29 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\spool
2013-08-22 15:29 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\Msdtc
2013-08-22 15:28 - 2010-11-04 08:11 - 00000000 ____D C:\Windows\en
2013-08-22 15:28 - 2010-01-11 22:40 - 00000000 ____D C:\Windows\Minidump
2013-08-22 15:28 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\Help
2013-08-22 15:27 - 2012-05-14 09:21 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-08-22 15:27 - 2011-09-16 18:16 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab Video Converter
2013-08-22 15:27 - 2010-12-24 17:49 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Luxor
2013-08-22 15:27 - 2010-12-12 21:03 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-08-22 15:27 - 2010-12-12 21:03 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-08-22 15:27 - 2010-12-12 21:01 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-08-22 15:27 - 2010-12-12 20:56 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-22 15:27 - 2010-11-25 22:54 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - 13th Skull Collector's Edition
2013-08-22 15:27 - 2010-11-18 09:38 - 00000000 ____D C:\Program Files (x86)\FrostWire
2013-08-22 15:27 - 2010-11-09 21:12 - 00000000 ____D C:\Program Files\iTunes
2013-08-22 15:27 - 2010-11-09 21:12 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-22 15:27 - 2010-11-09 21:09 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-08-22 15:27 - 2010-11-09 21:01 - 00000000 ____D C:\Program Files (x86)\Safari
2013-08-22 15:27 - 2010-10-30 14:49 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystic Diary - Haunted Island
2013-08-22 15:27 - 2010-10-22 23:19 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twisted Lands - Shadow Town
2013-08-22 15:27 - 2010-09-06 13:23 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Escape from Frankensteins Castle
2013-08-22 15:27 - 2010-09-02 10:50 - 00000000 ____D C:\Program Files\Bonjour
2013-08-22 15:27 - 2010-09-02 10:50 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-08-22 15:27 - 2010-08-24 22:06 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Echoes of the Past - The Castle of Shadows
2013-08-22 15:27 - 2010-08-03 20:59 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elixir of Immortality
2013-08-22 15:27 - 2010-07-31 14:37 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hidden Mysteries - The Fateful Voyage - Titanic
2013-08-22 15:27 - 2010-07-30 21:39 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Redemption Cemetery - Curse of the Raven Collector's Edition
2013-08-22 15:27 - 2010-06-27 15:06 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A Gypsy's Tale - The Tower of Secrets
2013-08-22 15:27 - 2010-06-23 20:17 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blood Oath
2013-08-22 15:27 - 2010-06-16 18:29 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Midnight Mysteries - Salem Witch Trials
2013-08-22 15:27 - 2010-03-22 10:55 - 00000000 ____D C:\Users\Missy\Desktop\Games
2013-08-22 15:27 - 2009-11-29 19:02 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Dire Grove Collector's Edition
2013-08-22 15:27 - 2009-11-25 16:10 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazing Adventures - The Caribbean Secret
2013-08-22 15:27 - 2009-11-25 16:10 - 00000000 ____D C:\Program Files (x86)\Amazing Adventures - The Caribbean Secret
2013-08-22 15:27 - 2009-11-24 23:08 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincarnations - Awakening
2013-08-22 15:27 - 2009-11-24 23:08 - 00000000 ____D C:\Program Files (x86)\Reincarnations - Awakening
2013-08-22 15:27 - 2009-11-21 22:55 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Luxor Adventures
2013-08-22 15:27 - 2009-11-21 22:55 - 00000000 ____D C:\Program Files (x86)\Luxor Adventures
2013-08-22 15:27 - 2009-11-17 19:31 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Return of Monte Cristo
2013-08-22 15:27 - 2009-11-17 19:31 - 00000000 ____D C:\Program Files (x86)\The Return of Monte Cristo
2013-08-22 15:27 - 2009-11-13 19:42 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghost Town Mysteries - Bodie
2013-08-22 15:27 - 2009-11-13 19:42 - 00000000 ____D C:\Program Files (x86)\Ghost Town Mysteries - Bodie
2013-08-22 15:27 - 2009-11-11 15:29 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hidden Magic
2013-08-22 15:27 - 2009-11-11 15:29 - 00000000 ____D C:\Program Files (x86)\Hidden Magic
2013-08-22 15:27 - 2009-10-17 19:19 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PuppetShow - Mystery of Joyville
2013-08-22 15:27 - 2009-10-17 19:19 - 00000000 ____D C:\Program Files (x86)\PuppetShow - Mystery of Joyville
2013-08-22 15:27 - 2009-10-16 12:16 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hide & Secret 3 - Pharaoh's Quest
2013-08-22 15:27 - 2009-10-16 12:16 - 00000000 ____D C:\Program Files (x86)\Hide & Secret 3 - Pharaoh's Quest
2013-08-22 15:27 - 2009-09-06 10:58 - 00000000 ____D C:\Users\Missy\AppData\Local\Microsoft Help
2013-08-22 15:27 - 2009-08-30 10:34 - 00000000 ____D C:\ProgramData\FLEXnet
2013-08-22 15:27 - 2009-08-18 20:07 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc
2013-08-22 15:27 - 2009-07-31 20:51 - 00000000 ___RD C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-22 15:27 - 2009-07-31 20:49 - 00000000 ___RD C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-08-22 15:27 - 2009-07-31 20:49 - 00000000 ___RD C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-08-22 15:27 - 2009-07-16 13:02 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Online
2013-08-22 15:27 - 2009-07-16 12:59 - 00000000 ____D C:\Program Files (x86)\Roxio
2013-08-22 15:27 - 2009-07-16 12:56 - 00000000 ____D C:\ProgramData\McAfee
2013-08-22 15:27 - 2009-07-16 12:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-08-22 15:16 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\registration
2013-08-22 13:24 - 2009-07-16 12:49 - 00000000 ____D C:\Program Files\Java
2013-08-22 13:16 - 2006-11-02 05:33 - 22544384 _____ C:\Windows\system32\config\system_previous
2013-08-22 08:55 - 2013-08-20 11:13 - 00000000 ____D C:\Users\Missy\AppData\Local\temp(11084)
2013-08-22 08:29 - 2010-02-20 10:41 - 00001356 _____ C:\Users\Missy\AppData\Local\d3d9caps.dat
2013-08-21 15:22 - 2013-08-21 15:22 - 00000000 ____D C:\FRST
2013-08-20 12:35 - 2013-08-20 12:22 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-20 11:05 - 2013-08-20 11:05 - 00000000 ____D C:\$RECYCLE(479).BIN
2013-08-20 11:03 - 2006-11-02 05:33 - 76283904 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-08-20 11:03 - 2006-11-02 05:33 - 60555264 _____ C:\Windows\system32\config\COMPONENTS.bak
2013-08-20 11:03 - 2006-11-02 05:33 - 22544384 _____ C:\Windows\system32\config\SYSTEM.bak
2013-08-20 11:03 - 2006-11-02 05:33 - 00786432 _____ C:\Windows\system32\config\DEFAULT.bak
2013-08-20 11:03 - 2006-11-02 05:33 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-08-20 11:03 - 2006-11-02 05:33 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-08-19 14:36 - 2009-07-16 12:49 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-19 11:45 - 2013-08-19 11:45 - 00000000 ____D C:\Users\Missy\AppData\Roaming\Malwarebytes
2013-08-19 11:45 - 2013-08-19 11:45 - 00000000 ____D C:\ProgramData\Malwarebytes
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-05 11:16
 
==================== End Of Log ============================

 

 

Addition----

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2013
Ran by Missy at 2013-09-06 10:57:28
Running from C:\Users\Missy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
 Update for Microsoft Office 2007 (KB2508958) (x32)
64 Bit HP CIO Components Installer (Version: 7.2.8)
A Gypsy's Tale: The Tower of Secrets (x32)
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.1.377)
Adobe AIR (x32 Version: 1.1.0.5790)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.12.36)
Adobe Flash Player 11 ActiveX (x32 Version: 11.4.402.265)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0.0.3)
Adobe Photoshop.com Inspiration Browser (x32 Version: 2.61)
Adobe Reader 9.2 (x32 Version: 9.2.0)
Amazing Adventures: The Caribbean Secret (x32)
Apple Application Support (x32 Version: 1.3.2)
Apple Mobile Device Support (Version: 3.2.0.47)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Control Center (x32 Version: 2.008.1210.1622)
Bing Bar (x32 Version: 7.1.361.0)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
Blood Oath (x32)
Bonjour (Version: 2.0.3.0)
BufferChm (x32 Version: 140.0.212.000)
C310 (x32 Version: 140.0.304.000)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Full Existing (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Full New (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Light (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Previews Common (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center InstallProxy (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Chinese Standard (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Chinese Traditional (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Czech (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Danish (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Dutch (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Finnish (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization French (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization German (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Greek (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Hungarian (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Italian (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Japanese (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Korean (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Norwegian (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Polish (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Portuguese (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Russian (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Spanish (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Swedish (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Thai (x32 Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Turkish (x32 Version: 2008.1210.1623.29379)
CCC Help Chinese Standard (x32 Version: 2008.1210.1622.29379)
CCC Help Chinese Traditional (x32 Version: 2008.1210.1622.29379)
CCC Help Czech (x32 Version: 2008.1210.1622.29379)
CCC Help Danish (x32 Version: 2008.1210.1622.29379)
CCC Help Dutch (x32 Version: 2008.1210.1622.29379)
CCC Help English (x32 Version: 2008.1210.1622.29379)
CCC Help Finnish (x32 Version: 2008.1210.1622.29379)
CCC Help French (x32 Version: 2008.1210.1622.29379)
CCC Help German (x32 Version: 2008.1210.1622.29379)
CCC Help Greek (x32 Version: 2008.1210.1622.29379)
CCC Help Hungarian (x32 Version: 2008.1210.1622.29379)
CCC Help Italian (x32 Version: 2008.1210.1622.29379)
CCC Help Japanese (x32 Version: 2008.1210.1622.29379)
CCC Help Korean (x32 Version: 2008.1210.1622.29379)
CCC Help Norwegian (x32 Version: 2008.1210.1622.29379)
CCC Help Polish (x32 Version: 2008.1210.1622.29379)
CCC Help Portuguese (x32 Version: 2008.1210.1622.29379)
CCC Help Russian (x32 Version: 2008.1210.1622.29379)
CCC Help Spanish (x32 Version: 2008.1210.1622.29379)
CCC Help Swedish (x32 Version: 2008.1210.1622.29379)
CCC Help Thai (x32 Version: 2008.1210.1622.29379)
CCC Help Turkish (x32 Version: 2008.1210.1622.29379)
ccc-core-static (x32 Version: 2008.1210.1623.29379)
ccc-utility64 (Version: 2008.1210.1623.29379)
Coupon Printer for Windows (x32 Version: 5.0.0.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Dell DataSafe Online (x32 Version: 1.2.0009)
Dell Dock (Version: 1.0.0)
Dell Driver Download Manager (HKCU Version: 1.0.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell-eBay (x32 Version: 1.00.0000)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 140.0.212.000)
Echoes of the Past: The Castle of Shadows (x32)
Elixir of Immortality (x32)
Escape from Frankenstein's Castle (x32)
ESET Online Scanner v3 (x32)
Ghost Town Mysteries: Bodie (x32)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
GPBaseService2 (x32 Version: 140.0.211.000)
Hidden Magic (x32)
Hidden Mysteries: The Fateful Voyage - Titanic (x32)
Hide & Secret 3: Pharaoh's Quest (x32)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Photo Creations (x32 Version: 1.0.0.${CAB_VERSION})
HP Photosmart Plus B210 series Basic Device Software (Version: 22.50.231.0)
HP Photosmart Plus B210 series Help (x32 Version: 140.0.54.54)
HP Photosmart Plus B210 series Product Improvement Study (Version: 22.50.231.0)
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (x32 Version: 5.002.006.003)
HPAppStudio (x32 Version: 140.0.95.000)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPPhotoGadget (x32 Version: 140.0.524.000)
HPProductAssistant (x32 Version: 140.0.212.000)
HPSSupply (x32 Version: 140.0.211.000)
Imaging Device Functions 14.0 (Version: 14.0)
iTunes (Version: 10.0.1.22)
Java Auto Updater (x32 Version: 2.0.5.1)
Java™ 6 Update 13 (64-bit) (Version: 6.0.130)
Java™ 6 Update 26 (x32 Version: 6.0.260)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Luxor (x32)
Luxor Adventures (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 140.0.212.000)
McAfee Total Protection (x32 Version: 11.6.511)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (x32 Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Midnight Mysteries: Salem Witch Trials (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (x32 Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mystery Case Files &reg;: 13th Skull ™ Collector's Edition (x32)
Mystery Case Files&reg;: Dire Grove™ Collector's Edition (x32)
Mystic Diary: Haunted Island (x32)
Network64 (Version: 140.0.215.000)
PhotoshopdotcomInspirationBrowser (x32 Version: 0.0.0)
Platform (x32 Version: 1.34)
PowerDVD DX (x32 Version: 8.2.5024)
PS_AIO_07_C310_SW_Min (x32 Version: 140.0.304.000)
PuppetShow: Mystery of Joyville ™ (x32)
QuickTime (x32 Version: 7.68.75.0)
QuickTransfer (x32 Version: 140.0.98.000)
Redemption Cemetery: Curse of the Raven Collector's Edition (x32)
Reincarnations: Awakening (x32)
Roxio Creator Audio (x32 Version: 3.7.0)
Roxio Creator Copy (x32 Version: 3.7.0)
Roxio Creator Data (x32 Version: 3.7.0)
Roxio Creator DE (x32 Version: 10.1)
Roxio Creator DE (x32 Version: 3.7.0)
Roxio Creator Tools (x32 Version: 3.7.0)
Roxio Express Labeler 3 (x32 Version: 3.2.1)
Roxio Update Manager (x32 Version: 6.0.0)
Safari (x32 Version: 5.33.18.5)
Scan (x32 Version: 140.0.80.000)
Segoe UI (x32 Version: 15.4.2271.0615)
Shared C Run-time for x64 (Version: 10.0.0)
Shop for HP Supplies (Version: 14.0)
Skins (x32 Version: 2008.1210.1623.29379)
SmartWebPrinting (x32 Version: 140.0.186.000)
SolutionCenter (x32 Version: 140.0.214.000)
Sophos Virus Removal Tool (x32 Version: 2.4)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
Status (x32 Version: 140.0.256.000)
The Return of Monte Cristo (x32)
Toolbox (x32 Version: 140.0.428.000)
TrayApp (x32 Version: 140.0.212.000)
Treasure Seekers: Follow the Ghosts (x32)
Twisted Lands: Shadow Town (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (x32 Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
VIA Platform Device Manager (x32 Version: 1.34)
WebReg (x32 Version: 140.0.212.017)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
 
==================== Restore Points  =========================
 
26-08-2013 17:18:35 Windows Update
26-08-2013 19:23:15 Windows Update
27-08-2013 16:11:57 Scheduled Checkpoint
27-08-2013 20:52:48 Windows Modules Installer
28-08-2013 16:12:37 Windows Update
28-08-2013 16:23:15 Installed Sophos Virus Removal Tool.
29-08-2013 10:00:28 Windows Update
29-08-2013 10:00:35 Scheduled Checkpoint
29-08-2013 10:08:21 Windows Modules Installer
30-08-2013 17:19:19 Scheduled Checkpoint
31-08-2013 15:31:16 Scheduled Checkpoint
02-09-2013 17:41:03 Scheduled Checkpoint
03-09-2013 15:56:43 Windows Update
04-09-2013 16:07:01 Scheduled Checkpoint
05-09-2013 16:01:30 Scheduled Checkpoint
06-09-2013 17:08:30 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2006-11-02 05:34 - 2013-09-05 09:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {02E5A0E9-4734-490B-AF57-3B5F2C8A9FB3} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {37F5B265-8A4E-483D-AC21-CF7238754FE5} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\pla.dll [2008-01-20] (Microsoft Corporation)
Task: {51645AA5-0AA5-40F0-9117-752AE5B47742} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {6A03C052-4A62-4464-BD68-58B7F6EAFDF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24] (Google Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7E66070D-6E6C-4958-BED8-F8A4A19BBAB6} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {7E8F0A8B-4956-4FBA-9C47-2A6DEA5F9416} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24] (Google Inc.)
Task: {863B43FE-657E-4F34-A167-5CB0382AD479} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8BB27C8C-1B4F-45E0-B666-D6E35EA52D30} - System32\Tasks\HPCustParticipation HP Photosmart Plus B210 series => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation)
Task: {B0AA22EA-635B-4F4F-A287-EB70D8DFA860} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-20] (Microsoft Corp.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-07-16 15:19 - 2009-01-13 01:07 - 00118272 _____ () C:\Windows\system32\atitmm64.dll
2008-01-20 19:51 - 2008-01-20 19:51 - 00382464 _____ (Microsoft Corporation) C:\Windows\eHome\ehProxy.dll
2013-08-26 10:59 - 2013-08-26 10:59 - 00401408 _____ (Stardock) C:\Windows\assembly\NativeImages_v2.0.50727_64\MyDock.Util\dfd0260bebb16b98030e7e51657f469c\MyDock.Util.ni.dll
2013-08-26 10:59 - 2013-08-26 10:59 - 03373568 _____ (Stardock Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\DellDock\dc53b5731c361a82cc019b2b71566b5b\DellDock.ni.exe
2013-08-26 10:59 - 2013-08-26 10:59 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\6724ee8621c814b1516828984ae45c8a\VistaBridgeLibrary.ni.dll
2013-08-26 11:00 - 2013-08-26 11:00 - 22171136 _____ (DevComponents.com) C:\Windows\assembly\NativeImages_v2.0.50727_64\MenuSkinning\c87c07bbe4a05f807322807a495f0937\MenuSkinning.ni.dll
2009-02-06 14:20 - 2009-02-06 14:20 - 00482672 _____ (Stardock) C:\Program Files\Dell\DellDock\MyDockLib.dll
2009-07-16 12:52 - 2008-03-17 15:50 - 00072192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2009-07-16 12:52 - 2009-01-06 15:11 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2009-07-16 12:52 - 2008-01-18 12:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2009-07-16 12:52 - 2009-03-30 18:30 - 00993280 ____R (VIA Technologies, Inc.) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAPropPageExt.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00106496 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3266.29453__90ba9c70f846762e\MOM.Implementation.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00061440 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3266.29451__90ba9c70f846762e\LOG.Foundation.Implementation.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3266.29452__90ba9c70f846762e\CCC.Implementation.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00057344 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3266.29368__90ba9c70f846762e\CLI.Component.SkinFactory.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-09-18 08:30 - 2008-09-18 08:30 - 01186816 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx
2009-07-16 12:51 - 2009-07-16 12:51 - 00013312 _____ ( ) C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00069632 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3266.29366__90ba9c70f846762e\CLI.Component.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3266.29366__90ba9c70f846762e\AEM.Server.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00011264 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3266.29476__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
2006-08-12 14:05 - 2006-08-12 14:05 - 00126976 _____ (Stardock Corporation) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\dshelp64.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3266.29468__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00045056 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00278528 _____ (Advanced Mirco Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3266.29368__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00061440 _____ (Advanced Mirco Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00024576 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00073728 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3266.29367__90ba9c70f846762e\ATIDEMOS.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3266.29375__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00069632 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3266.29418__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00036864 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3266.29405__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00077824 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3266.29438__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00065536 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3266.29388__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00036864 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3266.29415__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3266.29407__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00032768 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3266.29417__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3266.29406__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00057344 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3266.29423__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00081920 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3266.29407__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3266.29458__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3218.28701__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3266.29365__90ba9c70f846762e\APM.Server.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00007168 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3266.29366__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00393216 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3266.29379__90ba9c70f846762e\CLI.Component.Wizard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00040960 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3266.29380__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00466944 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3266.29459__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00094208 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3266.29424__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 01691648 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3266.29383__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00204800 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3266.29384__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00006656 _____ ( ) C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00405504 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3266.29433__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 01073152 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3266.29372__90ba9c70f846762e\CLI.Component.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3266.29374__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00135168 _____ (Advanced Mirco Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3266.29460__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00225280 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3266.29385__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00716800 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3266.29376__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00122880 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3266.29416__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00438272 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3266.29406__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00450560 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3266.29403__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00344064 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3266.29424__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00589824 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3266.29385__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
2009-07-16 12:51 - 2009-07-16 12:51 - 00811008 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3266.29408__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
2009-11-18 05:42 - 2009-11-18 05:42 - 00210048 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpquio08.dll
2009-11-18 05:42 - 2009-11-18 05:42 - 00048128 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2009-11-18 05:42 - 2009-11-18 05:42 - 00154752 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtao08.dll
2010-04-15 22:35 - 2010-04-15 22:35 - 00280424 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpotradd.dll
2010-04-15 22:35 - 2010-04-15 22:35 - 00544104 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.dll
2010-04-15 22:35 - 2010-04-15 22:35 - 00020840 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
2009-11-17 22:39 - 2009-11-17 22:39 - 00330880 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqrif08.dll
2009-11-17 23:58 - 2009-11-17 23:58 - 00342656 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqmif08.dll
2009-11-18 05:16 - 2009-11-18 05:16 - 00053888 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddusr.dll
2009-11-18 05:16 - 2009-11-18 05:16 - 00217728 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddcmn.dll
2009-11-17 23:58 - 2009-11-17 23:58 - 00559232 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00275696 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-04-09 14:29 - 2009-04-09 14:29 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00152816 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00338160 _____ (TODO: <Company name>) C:\Program Files (x86)\Dell DataSafe Online\OlbEng.dll
2009-11-13 16:57 - 2009-11-13 16:57 - 01441792 _____ (SwapDrive, Inc.) C:\Program Files (x86)\Dell DataSafe Online\BuEng.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2009-09-04 23:14 - 2009-09-04 23:14 - 00053024 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2010-08-10 00:00 - 2010-08-10 00:00 - 01041696 _____ (IBM Corporation and others) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuin40.dll
2010-08-10 00:00 - 2010-08-10 00:00 - 00922912 _____ (IBM Corporation and others) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuuc40.dll
2010-08-10 00:00 - 2010-08-10 00:00 - 14013728 _____ (IBM Corporation and others) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt40.dll
2009-09-04 23:15 - 2009-09-04 23:15 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
AlternateDataStreams: C:\Users\Missy\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website:favicon
AlternateDataStreams: C:\ProgramData\TEMP:041C0562
AlternateDataStreams: C:\ProgramData\TEMP:0696EC8E
AlternateDataStreams: C:\ProgramData\TEMP:0F38B460
AlternateDataStreams: C:\ProgramData\TEMP:16ADBA30
AlternateDataStreams: C:\ProgramData\TEMP:2495D97A
AlternateDataStreams: C:\ProgramData\TEMP:3086B95F
AlternateDataStreams: C:\ProgramData\TEMP:386B39C3
AlternateDataStreams: C:\ProgramData\TEMP:6017A808
AlternateDataStreams: C:\ProgramData\TEMP:737160C1
AlternateDataStreams: C:\ProgramData\TEMP:7FCB9D0D
AlternateDataStreams: C:\ProgramData\TEMP:80EA2EA3
AlternateDataStreams: C:\ProgramData\TEMP:8B4B9596
AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F
AlternateDataStreams: C:\ProgramData\TEMP:9491C9C7
AlternateDataStreams: C:\ProgramData\TEMP:996104FC
AlternateDataStreams: C:\ProgramData\TEMP:9E76E7F3
AlternateDataStreams: C:\ProgramData\TEMP:A5584049
AlternateDataStreams: C:\ProgramData\TEMP:AECF4772
AlternateDataStreams: C:\ProgramData\TEMP:C76CFF82
AlternateDataStreams: C:\ProgramData\TEMP:CC4C59B4
AlternateDataStreams: C:\ProgramData\TEMP:D4D38596
AlternateDataStreams: C:\ProgramData\TEMP:E91ADC66
AlternateDataStreams: C:\ProgramData\TEMP:FAFEC4B9
AlternateDataStreams: C:\ProgramData\TEMP:FC2D0F32
AlternateDataStreams: C:\ProgramData\TEMP:FED25C29
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/05/2013 11:05:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/05/2013 09:27:47 AM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()
 
Error: (09/05/2013 09:04:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/04/2013 09:39:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (09/06/2013 10:08:28 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.102 for the Network Card with network address 0024E8218F35 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (09/05/2013 11:05:33 AM) (Source: Service Control Manager) (User: )
Description: Beep
 
Error: (09/05/2013 11:04:20 AM) (Source: netbt) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.102.
The computer with the IP address 192.168.0.100 did not allow the name to be claimed by
this computer.
 
Error: (09/05/2013 09:49:20 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart
 
Error: (09/05/2013 09:48:45 AM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (09/05/2013 09:41:04 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart
 
Error: (09/05/2013 09:32:31 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service1
 
Error: (09/05/2013 09:32:31 AM) (Source: Service Control Manager) (User: )
Description: hpqcxs081
 
Error: (09/05/2013 09:04:48 AM) (Source: Service Control Manager) (User: )
Description: Beep
 
Error: (09/05/2013 09:03:38 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DVDADOG-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6B7A56AD-ACFF-470F-ADBE-C4B385368145}.
The master browser is stopping or an election is being forced.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-05 09:48:45.222
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-05 09:48:44.816
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-20 11:02:08.482
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-20 11:02:08.061
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 16%
Total physical RAM: 7934.2 MB
Available physical RAM: 6618.86 MB
Total Pagefile: 15930.95 MB
Available Pagefile: 13822.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:581.48 GB) (Free:458.66 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.86 GB) NTFS
Drive j: (WDO_MEDIA32) (Removable) (Total:0.93 GB) (Free:0.9 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 2B8A41B8)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=581 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 960 MB) (Disk ID: 04C11CA0)
Partition 1: (Active) - (Size=960 MB) - (Type=0B)
 
==================== End Of Log ============================

 

 

 

dvdadog



#14 dvdadog

dvdadog
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 09 September 2013 - 10:54 AM

Bump



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:45 AM

Posted 10 September 2013 - 12:54 AM


Please read these steps thoroughly before proceeding.


download Malwarebytes Anti-Rootkit (MBAR) from here http://downloads.malwarebytes.org/file/mbar and save it to your desktop.

•Be sure to print out and follow the instructions provided on that same page.

•Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

•Doubleclick on the MBAR file you downloaded.
•Approve the UAC prompt in Vista and newer operating systems.
•Click OK on the next screen, to allow the package to extract the contents of the file to it's own folder, mbar.
•By default, this will be on your desktop, though you can choose another location if you wish. We advise using the default location for simplicity.
•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
•After reading the Introduction, click 'Next' if you agree.
•On the Update Database screen, click on the 'Update' button.
•Once you see 'Success: Database was successfully updated' click on 'Next'.
•Click the 'Scan' button.

A.With some infections, you may see two messages boxes.
1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

----------------
Please monitor the scan. If during the scan you see a message that says this:
"could not be remediated because backup file is not available"

Do NOT click Cleanup when it becomes available, but rather click Exit, and provide the same logs as requested below.
-----------------



•If malware is found, click the 'Cleanup' button with the above mentioned exception.

Once the system restore point is created and the cleanup is scheduled, a 'Reboot required' message will appear.
Click 'Yes' and allow the computer to reboot.

Once back in Windows, run mbar.exe once again to ensure all previously detected items have been removed, and no additional threats found.

Please send all logs which were generated.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users