Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE9 Vista Home sp2 will not download anything


  • This topic is locked This topic is locked
16 replies to this topic

#1 nlaperouse

nlaperouse

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 20 September 2013 - 08:25 AM

DDS Log File:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16506
Run by Sadie at 8:18:14 on 2013-09-20
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3062.2323 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uURLSearchHooks: {37153479-1976-43c3-a1ee-557513977b64} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
StartupFolder: c:\users\sadie\appdata\roaming\microsoft\windows\start menu\programs\startup\LimeWire On Startup.lnk.disabled
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: NameServer = 10.0.2.61 10.0.1.224
TCP: Interfaces\{8649E56B-21DA-4FB0-94D7-082A19E8C421} : DHCPNameServer = 10.0.2.61 10.0.1.224
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-9-18 40776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-11-25 19456]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2013-9-18 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-09-18 21:28:35 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-09-18 21:23:32 -------- d-----w- C:\RegBackup
2013-09-18 21:22:34 -------- d-----w- c:\program files\Tweaking.com
2013-09-18 14:54:29 -------- d-----w- c:\windows\en
2013-09-18 14:54:02 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2013-09-18 14:53:12 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-09-18 14:52:21 -------- d-----w- c:\windows\PCHEALTH
2013-09-18 14:50:47 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2013-09-18 14:50:47 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2013-09-18 14:50:47 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-09-18 14:50:42 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-09-18 14:21:34 7450888 ----a-w- c:\program files\common files\windows live\.cache\5f9d86d61ceb47a46\bingbarsetup.exe
2013-09-18 14:21:09 15712 ----a-w- c:\program files\common files\windows live\.cache\51ed9ed61ceb47a37\MeshBetaRemover.exe
2013-09-18 14:20:42 89944 ----a-w- c:\program files\common files\windows live\.cache\41d532b61ceb47a2a\DSETUP.dll
2013-09-18 14:20:42 537432 ----a-w- c:\program files\common files\windows live\.cache\41d532b61ceb47a2a\DXSETUP.exe
2013-09-18 14:20:42 1801048 ----a-w- c:\program files\common files\windows live\.cache\41d532b61ceb47a2a\dsetup32.dll
2013-09-18 14:20:41 94040 ----a-w- c:\program files\common files\windows live\.cache\40a6e4161ceb47a29\DSETUP.dll
2013-09-18 14:20:41 525656 ----a-w- c:\program files\common files\windows live\.cache\40a6e4161ceb47a29\DXSETUP.exe
2013-09-18 14:20:41 1691480 ----a-w- c:\program files\common files\windows live\.cache\40a6e4161ceb47a29\dsetup32.dll
2013-09-18 14:19:22 -------- d-----w- c:\users\sadie\appdata\local\Windows Live
2013-09-18 14:19:22 -------- d-----w- c:\program files\common files\Windows Live
2013-09-18 14:18:52 754688 ----a-w- c:\windows\system32\webservices.dll
2013-09-17 21:20:10 17188 ----a-w- C:\FixitRegBackup.reg
2013-09-17 20:31:36 -------- d-----w- c:\program files\Windows Portable Devices
2013-09-17 20:11:12 5120 ----a-w- c:\windows\system32\wmi.dll
2013-09-17 20:11:12 157696 ----a-w- c:\windows\system32\imagehlp.dll
2013-09-17 20:11:12 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-09-17 19:50:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-09-17 19:50:41 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-09-17 19:50:41 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-09-17 19:50:41 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-09-17 19:50:41 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-09-17 19:50:41 16896 ----a-w- c:\windows\system32\winusb.dll
2013-09-17 19:50:41 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-09-17 19:50:40 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-09-17 19:50:40 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-09-17 19:50:40 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-09-17 19:50:40 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-09-17 19:42:53 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-09-17 19:42:53 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-09-17 19:40:56 2048 ----a-w- c:\windows\system32\tzres.dll
2013-09-17 19:40:43 376320 ----a-w- c:\windows\system32\dpnet.dll
2013-09-17 19:40:43 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-09-17 19:40:42 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-09-17 19:40:39 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-09-17 19:40:36 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-09-17 19:40:31 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-09-17 19:40:24 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-09-17 19:40:24 37376 ----a-w- c:\windows\system32\cdd.dll
2013-09-17 19:40:22 66560 ----a-w- c:\windows\system32\packager.dll
2013-09-17 19:38:51 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2013-09-17 19:38:51 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2013-09-17 19:38:50 238080 ----a-w- c:\windows\system32\oleacc.dll
2013-09-17 19:38:49 563712 ----a-w- c:\windows\system32\oleaut32.dll
2013-09-17 19:38:42 505344 ----a-w- c:\windows\system32\qedit.dll
2013-09-17 19:38:41 1248768 ----a-w- c:\windows\system32\msxml3.dll
2013-09-17 19:38:31 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-09-17 19:38:27 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-09-17 19:38:25 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-09-17 19:38:23 2049536 ----a-w- c:\windows\system32\win32k.sys
2013-09-17 19:38:19 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-09-17 19:38:16 707584 ----a-w- c:\program files\common files\system\wab32.dll
2013-09-17 19:25:12 613376 ----a-w- c:\windows\system32\rdpencom.dll
2013-09-17 19:12:37 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-09-17 19:12:24 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-09-17 19:12:19 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-09-17 19:12:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-09-17 18:58:42 98816 ----a-w- c:\windows\system32\mfps.dll
2013-09-17 18:56:40 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-09-17 18:56:40 519680 ----a-w- c:\windows\system32\d3d11.dll
2013-09-17 18:56:40 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2013-09-17 18:56:40 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2013-09-17 18:56:40 252928 ----a-w- c:\windows\system32\dxdiag.exe
2013-09-17 18:56:40 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2013-09-17 18:56:40 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-09-17 18:39:05 -------- d-----w- c:\windows\system32\eu-ES
2013-09-17 18:39:05 -------- d-----w- c:\windows\system32\ca-ES
2013-09-17 18:39:04 -------- d-----w- c:\windows\system32\vi-VN
2013-09-17 18:34:35 -------- d-----w- c:\windows\system32\SPReview
2013-09-17 18:18:17 928768 ----a-w- c:\windows\system32\scavenge.dll
2013-09-17 18:18:09 57856 ----a-w- c:\windows\system32\compcln.exe
2013-09-17 18:16:59 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2013-09-17 18:15:59 304128 ----a-w- c:\program files\common files\microsoft shared\ink\TabTip.exe
2013-09-17 18:10:58 -------- d-----w- c:\windows\system32\EventProviders
2013-09-16 21:22:15 -------- d-----w- c:\users\sadie\appdata\roaming\Malwarebytes
2013-09-16 21:20:55 -------- d-----w- c:\programdata\Malwarebytes
2013-09-16 21:20:52 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-16 21:20:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-15 19:52:01 -------- d-----w- c:\windows\pss
.
==================== Find3M  ====================
.
2013-09-17 18:58:42 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2013-09-17 18:56:42 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2013-08-07 09:22:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 04:09:35 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-16 04:35:16 615936 ----a-w- c:\windows\system32\themeui.dll
2013-07-09 12:10:36 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-07-08 04:55:51 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-08 04:55:51 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-08 04:20:04 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-07-08 04:16:55 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-08 04:16:55 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-08 04:16:54 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-07-05 03:20:37 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-05 01:43:04 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
============= FINISH:  8:19:09.14 ===============
 

 

 

Attach Log File:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/13/2008 10:54:20 PM
System Uptime: 9/19/2013 8:56:08 PM (12 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | Benicia
Processor: Intel® Pentium® Dual  CPU  E2180  @ 2.00GHz | CPU 1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 457 GiB total, 366.801 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.255 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0057
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter
PNP Device ID: ROOT\*6TO4MP\0057
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0101
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #3
PNP Device ID: ROOT\*6TO4MP\0101
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0154
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #6
PNP Device ID: ROOT\*6TO4MP\0154
Service: tunnel
.
==== System Restore Points ===================
.
RP1472: 9/17/2013 1:14:58 PM - Windows Vista™ Service Pack 2
RP1473: 9/17/2013 1:52:31 PM - Windows Update
RP1474: 9/17/2013 1:54:19 PM - Windows Update
RP1475: 9/17/2013 1:56:10 PM - Windows Modules Installer
RP1476: 9/17/2013 2:12:09 PM - Windows Update
RP1477: 9/17/2013 2:42:11 PM - Windows Update
RP1478: 9/17/2013 3:42:43 PM - Windows Update
RP1479: 9/17/2013 4:19:53 PM - Installed Microsoft Fix it 50535
RP1480: 9/18/2013 8:59:58 AM - Installed MSXML 4.0 SP3 Parser
RP1481: 9/18/2013 9:08:08 AM - Windows Update
RP1482: 9/18/2013 9:11:01 AM - Windows Update
RP1483: 9/18/2013 1:39:05 PM - Windows Update
RP1484: 9/18/2013 4:23:20 PM - Tweaking.com - Windows Repair
RP1485: 9/20/2013 7:45:01 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bonjour
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
D3DX10
DeviceManagementQFolder
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
Enhanced Multimedia Keyboard Solution
eSupportQFolder
ffdshow [rev 2527] [2008-12-19]
GPBaseService
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Feedback
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
HP Games
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5
HP Picasso Media Center Add-In
HP Solution Center 11.0
HP Total Care Advisor
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
iCloud
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java™ SE Runtime Environment 6 Update 1
Junk Mail filter update
LabelPrint
LightScribe System Software  1.10.23.1
LightScribeTemplateLabeler
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
muvee autoProducer 6.1
OGA Notifier 2.0.0048.0
Power2Go
PowerDirector
PSSWCORE
Python 2.5
QuickTime
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Segoe UI
Skype™ 5.10
Soft Data Fax Modem with SmartCP
SolutionCenter
Toolbox
Tweaking.com - Windows Repair (All in One)
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
VideoToolkit01
WeatherBug Gadget
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
9/20/2013 7:48:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.159.314.0).
9/19/2013 7:05:03 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.159.53.0).
9/18/2013 9:50:36 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
9/18/2013 9:50:36 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/18/2013 9:50:36 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/18/2013 9:00:32 AM, Error: Service Control Manager [7000]  - The Microsoft Antimalware Service service failed to start due to the following error:  Access is denied.
9/18/2013 8:57:55 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/18/2013 8:43:27 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  i8042prt MpFilter spldr Wanarpv6
9/18/2013 8:43:27 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
9/18/2013 8:42:54 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/18/2013 8:42:53 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/18/2013 8:42:48 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/18/2013 8:42:39 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/18/2013 4:27:33 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  i8042prt
9/18/2013 4:27:33 PM, Error: Service Control Manager [7023]  - The WinDefend service terminated with the following error:  Access is denied.
9/18/2013 4:27:33 PM, Error: Service Control Manager [7000]  - The Microsoft Antimalware Service service failed to start due to the following error:  The system cannot find the file specified.
9/18/2013 1:45:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Security Essentials - KB2866470.
9/17/2013 4:24:19 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  to the user POLK-PC\Sadie SID (S-1-5-21-2003097071-1709909009-3854296526-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/17/2013 4:03:59 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.159.97.0).
9/17/2013 3:35:00 PM, Error: Service Control Manager [7001]  - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:  The operation completed successfully.
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4385]  - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4375]  - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4375]  - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4375]  - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4375]  - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4375]  - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state
9/17/2013 2:13:42 PM, Error: Microsoft-Windows-Servicing [4375]  - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state
9/17/2013 1:54:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.159.9.0).
9/17/2013 1:54:19 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.3.215.0 (KB2855265).
.
==== End Of File ===========================
 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:04 PM

Posted 22 September 2013 - 08:40 PM





Hello nlaperouse

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 nlaperouse

nlaperouse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 23 September 2013 - 09:13 AM

FRST File:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-09-2013
Ran by Sadie (administrator) on POLK-PC on 23-09-2013 08:12:47
Running from K:\polk pc
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2008-06-02] (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {f58ba721-f8b6-11de-b426-001fc66f6670} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.garmin.com/agent
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-01-18] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-01-18] (Hewlett-Packard)
HKU\Riana Wilson\...\Policies\system: [LogonHoursAction] 2
HKU\Riana Wilson\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Russ\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Russ\...\Policies\system: [LogonHoursAction] 2
HKU\Russ\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Sadie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk.disabled
ShortcutTarget: LimeWire On Startup.lnk.disabled -> C:\Program Files\LimeWire\LimeWire.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
URLSearchHook: (No Name) - {37153479-1976-43c3-a1ee-557513977b64} -  No File
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
SearchScopes: HKLM - {0059C19C-12EF-43FB-8B1E-1BC5D481330D} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM - {7A562EDB-CAA5-4A46-83A8-336CB306F61B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
SearchScopes: HKCU - DefaultScope {0059C19C-12EF-43FB-8B1E-1BC5D481330D} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {0059C19C-12EF-43FB-8B1E-1BC5D481330D} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {7A562EDB-CAA5-4A46-83A8-336CB306F61B} URL =
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {37153479-1976-43C3-A1EE-557513977B64} -  No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.2.61 10.0.1.224

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\Users\Sadie\AppData\Local\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx

========================== Services (Whitelisted) =================

S4 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] ()
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2008-11-25] (LeapFrog)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-09-18] (Malwarebytes Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]
U3 mbr; \??\C:\Users\Sadie\AppData\Local\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-23 08:12 - 2013-09-23 08:12 - 00000000 ____D C:\FRST
2013-09-20 08:19 - 2013-09-20 08:19 - 00024537 _____ C:\Users\Sadie\Desktop\attach.txt
2013-09-20 08:19 - 2013-09-20 08:19 - 00014402 _____ C:\Users\Sadie\Desktop\dds.txt
2013-09-18 16:28 - 2013-09-18 16:28 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-09-18 16:25 - 2013-09-18 16:25 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-09-18 16:24 - 2013-09-18 16:24 - 00000207 _____ C:\Windows\tweaking.com-regbackup-POLK-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-09-18 16:23 - 2013-09-18 16:23 - 00000000 ____D C:\RegBackup
2013-09-18 16:22 - 2013-09-18 16:22 - 00001954 _____ C:\Users\Sadie\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-09-18 16:22 - 2013-09-18 16:22 - 00000000 ____D C:\Users\Sadie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2013-09-18 16:22 - 2013-09-18 16:22 - 00000000 ____D C:\Program Files\Tweaking.com
2013-09-18 09:54 - 2012-03-08 18:32 - 00039272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2013-09-18 09:53 - 2013-09-18 09:53 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-09-18 09:52 - 2013-09-18 09:54 - 00000000 ____D C:\Program Files\Windows Live
2013-09-18 09:52 - 2013-09-18 09:52 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-18 09:50 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-09-18 09:50 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-09-18 09:50 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-09-18 09:50 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-09-18 09:19 - 2013-09-18 09:19 - 00000000 ____D C:\Users\Sadie\AppData\Local\Windows Live
2013-09-18 09:19 - 2013-09-18 09:19 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-09-18 09:18 - 2009-08-04 03:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2013-09-18 09:08 - 2013-09-18 09:08 - 00269084 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-09-17 16:31 - 2013-09-17 16:35 - 00000318 _____ C:\rkill.log
2013-09-17 16:20 - 2013-09-17 16:20 - 00017188 _____ C:\FixitRegBackup.reg
2013-09-17 15:31 - 2013-09-17 15:31 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-09-17 15:30 - 2013-09-17 15:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2013-09-17 15:30 - 2013-09-17 15:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2013-09-17 15:16 - 2009-09-30 20:02 - 02537472 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2013-09-17 15:16 - 2009-09-30 20:02 - 00334848 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2013-09-17 15:16 - 2009-09-30 20:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2013-09-17 15:16 - 2009-09-30 20:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\BthMtpContextHandler.dll
2013-09-17 15:16 - 2009-09-30 20:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2013-09-17 15:16 - 2009-09-30 20:01 - 00546816 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2013-09-17 15:16 - 2009-09-30 20:01 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2013-09-17 15:16 - 2009-09-30 20:01 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll
2013-09-17 15:16 - 2009-09-30 20:01 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll
2013-09-17 15:16 - 2009-09-30 20:01 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll
2013-09-17 15:16 - 2009-09-30 20:01 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll
2013-09-17 15:16 - 2009-09-30 20:01 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2013-09-17 15:16 - 2009-09-30 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll
2013-09-17 15:16 - 2009-09-30 20:01 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll
2013-09-17 15:16 - 2009-09-30 20:01 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WpdUsb.sys
2013-09-17 15:16 - 2009-09-30 20:01 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\WpdConns.dll
2013-09-17 15:16 - 2009-09-09 21:01 - 03023360 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2013-09-17 15:16 - 2009-09-09 21:00 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2013-09-17 15:16 - 2009-09-09 21:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-09-17 15:11 - 2012-02-29 10:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2013-09-17 15:11 - 2012-02-29 10:09 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-09-17 15:11 - 2012-02-29 08:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2013-09-17 14:50 - 2012-07-25 22:39 - 00526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-09-17 14:50 - 2012-07-25 22:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-09-17 14:50 - 2012-07-25 22:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-09-17 14:50 - 2012-07-25 22:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-09-17 14:50 - 2012-07-25 22:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-09-17 14:50 - 2012-07-25 22:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-09-17 14:50 - 2012-07-25 22:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-09-17 14:50 - 2012-07-25 21:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-09-17 14:50 - 2012-07-25 21:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-09-17 14:50 - 2012-07-25 21:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-09-17 14:50 - 2012-06-02 09:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-09-17 14:50 - 2012-06-02 09:34 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-09-17 14:50 - 2009-07-14 07:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2013-09-17 14:42 - 2012-12-16 08:12 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-09-17 14:42 - 2012-12-16 05:50 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-09-17 14:41 - 2013-07-04 22:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-17 14:41 - 2013-07-04 20:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-09-17 14:41 - 2013-06-15 08:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-09-17 14:41 - 2013-06-15 06:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-17 14:41 - 2012-09-25 11:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-09-17 14:41 - 2012-06-08 12:47 - 11586048 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-17 14:41 - 2012-05-11 10:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-17 14:41 - 2011-10-14 11:03 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-09-17 14:41 - 2011-10-14 11:02 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2013-09-17 14:41 - 2011-10-14 11:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\mciseq.dll
2013-09-17 14:41 - 2011-07-29 11:01 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2013-09-17 14:41 - 2011-07-29 11:01 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2013-09-17 14:41 - 2011-07-29 11:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2013-09-17 14:41 - 2011-07-29 11:00 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2013-09-17 14:40 - 2013-09-17 14:40 - 00000951 _____ C:\Users\Sadie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-17 14:40 - 2013-07-17 14:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-17 14:40 - 2013-07-10 04:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-17 14:40 - 2013-04-15 09:20 - 00638328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-09-17 14:40 - 2013-04-13 05:56 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-09-17 14:40 - 2012-11-02 05:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-09-17 14:40 - 2012-11-02 03:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2013-09-17 14:40 - 2012-08-21 06:47 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-09-17 14:40 - 2012-06-29 11:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-09-17 14:40 - 2012-03-20 18:28 - 00053120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2013-09-17 14:40 - 2011-11-18 12:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2013-09-17 14:40 - 2011-02-22 09:13 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-09-17 14:39 - 2013-08-01 23:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-17 14:39 - 2013-07-15 23:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-17 14:39 - 2013-07-09 07:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-17 14:39 - 2013-07-07 23:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-17 14:39 - 2013-07-07 23:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-17 14:39 - 2013-05-01 23:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-09-17 14:39 - 2013-05-01 23:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2013-09-17 14:39 - 2013-04-23 23:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-09-17 14:39 - 2013-04-23 20:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-09-17 14:39 - 2013-04-17 06:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-17 14:39 - 2013-04-17 06:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-17 14:39 - 2013-04-17 06:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-17 14:39 - 2013-04-17 06:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-17 14:39 - 2013-04-17 05:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-17 14:39 - 2013-04-17 05:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-17 14:39 - 2013-04-17 05:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-17 14:39 - 2013-04-17 05:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-09-17 14:39 - 2013-04-17 05:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-17 14:39 - 2013-03-08 22:45 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-17 14:39 - 2013-03-08 20:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-17 14:39 - 2013-03-03 14:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-09-17 14:39 - 2012-11-21 22:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2013-09-17 14:39 - 2012-11-19 23:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-09-17 14:39 - 2012-11-07 22:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2013-09-17 14:39 - 2012-11-02 05:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-09-17 14:39 - 2012-09-28 11:11 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-17 14:39 - 2011-12-14 11:17 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2013-09-17 14:39 - 2011-11-16 11:23 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2013-09-17 14:39 - 2011-10-25 10:58 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-09-17 14:39 - 2011-03-12 16:55 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-09-17 14:38 - 2013-08-07 20:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-17 14:38 - 2013-05-31 23:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-09-17 14:38 - 2013-04-17 07:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-09-17 14:38 - 2013-03-07 22:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-17 14:38 - 2013-03-07 22:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-17 14:38 - 2012-06-05 11:47 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-09-17 14:38 - 2012-05-01 09:03 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2013-09-17 14:38 - 2011-08-25 11:15 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-09-17 14:38 - 2011-08-25 11:14 - 00563712 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-09-17 14:38 - 2011-08-25 11:14 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2013-09-17 14:38 - 2011-08-25 08:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\oleaccrc.dll
2013-09-17 14:38 - 2011-06-15 11:12 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2013-09-17 14:37 - 2013-07-07 23:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-17 14:37 - 2013-07-07 23:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-17 14:37 - 2013-07-07 23:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-17 14:37 - 2013-07-07 23:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-17 14:37 - 2013-02-11 20:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-09-17 14:37 - 2012-06-04 10:26 - 00440704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-09-17 14:37 - 2012-06-01 19:04 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-09-17 14:37 - 2011-11-16 11:23 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-09-17 14:37 - 2011-11-16 11:21 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-09-17 14:37 - 2011-11-16 09:12 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-09-17 14:37 - 2010-05-04 14:13 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll
2013-09-17 14:25 - 2012-01-09 10:54 - 00613376 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2013-09-17 14:12 - 2012-06-02 17:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-17 14:12 - 2012-06-02 17:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-09-17 14:12 - 2012-06-02 17:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-17 14:12 - 2012-06-02 17:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-17 14:12 - 2012-06-02 17:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-09-17 14:12 - 2012-06-02 17:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-17 14:12 - 2012-06-02 17:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-09-17 14:12 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-17 14:12 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-17 13:59 - 2013-09-17 13:59 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-17 13:59 - 2013-09-17 13:59 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-17 13:59 - 2013-09-17 13:59 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-17 13:59 - 2013-09-17 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-17 13:59 - 2013-09-17 13:59 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-17 13:59 - 2013-09-17 13:59 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-17 13:59 - 2013-09-17 13:59 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-17 13:59 - 2013-09-17 13:59 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-17 13:59 - 2013-09-17 13:59 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-17 13:59 - 2013-09-17 13:59 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-17 13:59 - 2013-09-17 13:59 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-17 13:59 - 2013-09-17 13:59 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-17 13:59 - 2013-09-17 13:59 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-17 13:58 - 2013-09-17 13:58 - 02873344 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 01554432 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 01075712 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00979456 _____ (Microsoft Corporation) C:\Windows\system32\MFH264Dec.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2013-09-17 13:58 - 2013-09-17 13:58 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\MFHEAACdec.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4src.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2013-09-17 13:58 - 2013-09-17 13:58 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2013-09-17 13:56 - 2013-09-17 13:56 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-09-17 13:56 - 2013-09-17 13:56 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-09-17 13:56 - 2013-09-17 13:56 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-09-17 13:56 - 2013-09-17 13:56 - 00321024 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2013-09-17 13:56 - 2013-09-17 13:56 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe
2013-09-17 13:56 - 2013-09-17 13:56 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2013-09-17 13:56 - 2013-09-17 13:56 - 00189440 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Windows\system32\vi-VN
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Windows\system32\eu-ES
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Windows\system32\ca-ES
2013-09-17 13:34 - 2013-09-17 13:34 - 00000000 ____D C:\Windows\system32\SPReview
2013-09-17 13:18 - 2009-04-10 23:28 - 00928768 _____ (Microsoft Corporation) C:\Windows\system32\scavenge.dll
2013-09-17 13:18 - 2009-04-10 23:27 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\compcln.exe
2013-09-17 13:17 - 2009-04-10 23:33 - 00614376 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2013-09-17 13:17 - 2009-04-10 23:32 - 00265688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2013-09-17 13:17 - 2009-04-10 23:32 - 00245736 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2013-09-17 13:17 - 2009-04-10 23:32 - 00190424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2013-09-17 13:17 - 2009-04-10 23:32 - 00149480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2013-09-17 13:17 - 2009-04-10 23:32 - 00141288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2013-09-17 13:17 - 2009-04-10 23:32 - 00125928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-09-17 13:17 - 2009-04-10 23:32 - 00099816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-09-17 13:17 - 2009-04-10 23:32 - 00053736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2013-09-17 13:17 - 2009-04-10 23:32 - 00050664 _____ (Microsoft Corporation) C:\Windows\system32\PSHED.DLL
2013-09-17 13:17 - 2009-04-10 23:32 - 00035304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-09-17 13:17 - 2009-04-10 23:32 - 00027624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys
2013-09-17 13:17 - 2009-04-10 23:28 - 06103040 _____ (Microsoft Corporation) C:\Windows\system32\chtbrkr.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 02515968 _____ (Microsoft Corporation) C:\Windows\system32\accessibilitycpl.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 02153472 _____ (Microsoft Corporation) C:\Windows\system32\oobefldr.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 02134528 _____ (Microsoft Corporation) C:\Windows\system32\FunctionDiscoveryFolder.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01985024 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01856512 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01823744 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01788416 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01730560 _____ (Microsoft Corporation) C:\Windows\system32\apds.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01671680 _____ (Microsoft Corporation) C:\Windows\system32\chsbrkr.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01645568 _____ (Microsoft Corporation) C:\Windows\system32\connect.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01591296 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01541120 _____ (Microsoft Corporation) C:\Windows\system32\onex.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01502720 _____ (Microsoft Corporation) C:\Windows\system32\certmgr.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01459200 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01342464 _____ (Microsoft Corporation) C:\Windows\system32\brcpl.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01324032 _____ (Microsoft Corporation) C:\Windows\system32\browseui.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\PerfCenterCPL.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayCpl.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01107968 _____ (Microsoft Corporation) C:\Windows\system32\pidgenx.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01078784 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 01053696 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00971264 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00807424 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\azroles.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\powercpl.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\rasgcw.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollUI.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe
2013-09-17 13:17 - 2009-04-10 23:28 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-09-17 13:17 - 2009-04-10 23:28 - 00593408 _____ (Microsoft Corporation) C:\Windows\system32\comuid.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00551936 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00550400 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\pnpui.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00516608 _____ (Microsoft Corporation) C:\Windows\system32\autoplay.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00483328 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00481792 _____ (Microsoft Corporation) C:\Windows\system32\cmdial32.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00464384 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\IasMigReader.exe
2013-09-17 13:17 - 2009-04-10 23:28 - 00454144 _____ (Microsoft) C:\Windows\system32\IasMigPlugin.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\dsound.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00441344 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2013-09-17 13:17 - 2009-04-10 23:28 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\msexch40.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\devmgr.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\rasplap.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\RelMon.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00334848 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-09-17 13:17 - 2009-04-10 23:28 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\P2PGraph.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\QAGENTRT.DLL
2013-09-17 13:17 - 2009-04-10 23:28 - 00297472 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\modemui.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2013-09-17 13:17 - 2009-04-10 23:28 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\es.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\scansetting.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\mscandui.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\adsldpc.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\offfilt.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2013-09-17 13:17 - 2009-04-10 23:28 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00181760 _____ (Microsoft Corporation) C:\Windows\system32\pnpsetup.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\rasmontr.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\fundisc.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\MMDevAPI.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iasnap.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\dsprop.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\nlhtml.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\ntmarta.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\EhStorAPI.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00117248 _____ C:\Windows\system32\EhStorAuthn.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\EhStorShell.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\regsvc.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\dmsynth.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayServices.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\dmusic.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\powrprof.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\oleprn.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\SCardSvr.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\fdBth.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2013-09-17 13:17 - 2009-04-10 23:28 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\msctfui.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\msctfp.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\propdefs.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\iashlpr.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\sendmail.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\PNPXAssoc.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\mpr.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\fdSSDP.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\regapi.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingProxy.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\feclient.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\fdeploy.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\dot3cfg.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\bthci.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\bthserv.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\rtffilt.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\EhStorPwdMgr.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\perfdisk.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\bitsigd.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\hidserv.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\MsCtfMonitor.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\CHxReadingStringIME.dll
2013-09-17 13:17 - 2009-04-10 23:28 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\fdBthProxy.dll
2013-09-17 13:17 - 2009-04-10 23:27 - 02926592 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 02092544 _____ (Microsoft Corporation) C:\Windows\system32\dfsr.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 01122304 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2013-09-17 13:17 - 2009-04-10 23:27 - 01102848 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2013-09-17 13:17 - 2009-04-10 23:27 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2013-09-17 13:17 - 2009-04-10 23:27 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00643072 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
2013-09-17 13:17 - 2009-04-10 23:27 - 00636416 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00407040 _____ (Microsoft Corporation) C:\Windows\system32\dpapimig.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00241128 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2013-09-17 13:17 - 2009-04-10 23:27 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\diskraid.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\certreq.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\eudcedit.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\PresentationSettings.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\PkgMgr.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00130024 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2013-09-17 13:17 - 2009-04-10 23:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\gpresult.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\diskpart.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\nslookup.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\dwm.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\hdwwiz.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\conime.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingWizard.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\reg.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\findstr.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\PnPUnattend.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\cipher.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\cmmon32.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\csrstub.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cbsra.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\rekeywiz.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\ocsetup.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\bthudtask.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\PnPutil.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEject.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\fc.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\rasdial.exe
2013-09-17 13:17 - 2009-04-10 23:27 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\gpupdate.exe
2013-09-17 13:17 - 2009-04-10 23:23 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2013-09-17 13:17 - 2009-04-10 23:23 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2013-09-17 13:17 - 2009-04-10 23:23 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2013-09-17 13:17 - 2009-04-10 23:23 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2013-09-17 13:17 - 2009-04-10 23:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2013-09-17 13:17 - 2009-04-10 23:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2013-09-17 13:17 - 2009-04-10 23:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\f3ahvoas.dll
2013-09-17 13:17 - 2009-04-10 22:42 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2013-09-17 13:17 - 2009-04-10 22:03 - 12240896 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0007.dll
2013-09-17 13:17 - 2009-04-10 22:03 - 02644480 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0009.dll
2013-09-17 13:17 - 2009-04-10 21:48 - 00344698 _____ C:\Windows\system32\eaphost.tmf
2013-09-17 13:17 - 2009-04-10 21:46 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys
2013-09-17 13:17 - 2009-04-10 21:46 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys
2013-09-17 13:17 - 2009-04-10 21:46 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-09-17 13:17 - 2009-04-10 21:45 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2013-09-17 13:17 - 2009-04-10 21:45 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2013-09-17 13:17 - 2009-04-10 21:43 - 00442788 _____ C:\Windows\system32\dot3.tmf
2013-09-17 13:17 - 2009-04-10 21:43 - 00392170 _____ C:\Windows\system32\onex.tmf
2013-09-17 13:17 - 2009-04-10 21:43 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2013-09-17 13:17 - 2009-04-10 21:43 - 00062208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys
2013-09-17 13:17 - 2009-04-10 21:42 - 00561152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2013-09-17 13:17 - 2009-04-10 21:42 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-09-17 13:17 - 2009-04-10 21:42 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-09-17 13:17 - 2009-04-10 21:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2013-09-17 13:17 - 2009-04-10 21:39 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys
2013-09-17 13:17 - 2009-04-10 21:39 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2013-09-17 13:17 - 2009-04-10 21:27 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2013-09-17 13:17 - 2009-04-10 21:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys
2013-09-17 13:17 - 2009-04-10 21:14 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2013-09-17 13:17 - 2009-04-10 21:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2013-09-17 13:17 - 2009-04-10 21:13 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2013-09-17 13:17 - 2009-04-10 21:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2013-09-17 13:17 - 2009-04-10 21:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2013-09-17 13:17 - 2009-03-29 21:42 - 00155456 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2013-09-17 13:17 - 2009-03-29 21:42 - 00080720 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2013-09-17 13:17 - 2009-02-19 17:20 - 00009212 _____ C:\Windows\system32\RacUR.xml
2013-09-17 13:17 - 2009-02-18 11:43 - 00000153 _____ C:\Windows\system32\RacUREx.xml
2013-09-17 13:17 - 2009-02-18 11:39 - 00779136 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2013-09-17 13:17 - 2009-02-18 11:39 - 00102816 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-09-17 13:16 - 2009-04-10 23:33 - 00986600 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-09-17 13:16 - 2009-04-10 23:33 - 00926184 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-09-17 13:16 - 2009-04-10 23:33 - 00292840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2013-09-17 13:16 - 2009-04-10 23:32 - 00527848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-09-17 13:16 - 2009-04-10 23:32 - 00438744 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2013-09-17 13:16 - 2009-04-10 23:32 - 00180712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2013-09-17 13:16 - 2009-04-10 23:32 - 00161752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2013-09-17 13:16 - 2009-04-10 23:32 - 00122344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Storport.sys
2013-09-17 13:16 - 2009-04-10 23:32 - 00048104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys
2013-09-17 13:16 - 2009-04-10 23:32 - 00019944 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2013-09-17 13:16 - 2009-04-10 23:32 - 00017896 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2013-09-17 13:16 - 2009-04-10 23:32 - 00017384 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe
2013-09-17 13:16 - 2009-04-10 23:28 - 03174400 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 03072000 _____ (Microsoft Corporation) C:\Windows\system32\networkmap.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 02226688 _____ (Microsoft Corporation) C:\Windows\system32\networkexplorer.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 02225664 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 02205184 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 02167808 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 02012160 _____ (Microsoft Corporation) C:\Windows\system32\milcore.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 01671680 _____ (Microsoft Corporation) C:\Windows\system32\wlanpref.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 01589248 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 01580544 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 01575936 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2013-09-17 13:16 - 2009-04-10 23:28 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 01533440 _____ (Microsoft Corporation) C:\Windows\system32\wcnwiz.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 01524736 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 01480704 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 01382912 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2013-09-17 13:16 - 2009-04-10 23:28 - 01224192 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\wercon.exe
2013-09-17 13:16 - 2009-04-10 23:28 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 01086464 _____ (Microsoft Corporation) C:\Windows\system32\NetProjW.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 01081344 _____ (Microsoft Corporation) C:\Windows\system32\SLCExt.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 01077248 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 01055232 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2013-09-17 13:16 - 2009-04-10 23:28 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 01017856 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00996352 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00968192 _____ (Microsoft Corporation) C:\Windows\system32\wcnwiz2.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2013-09-17 13:16 - 2009-04-10 23:28 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\mswdat10.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00852992 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00777216 _____ (Microsoft Corporation) C:\Windows\system32\slcc.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00759296 _____ (Microsoft Corporation) C:\Windows\system32\ipsecsnp.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2013-09-17 13:16 - 2009-04-10 23:28 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\SmiEngine.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\imapi2fs.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00670720 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00657408 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2013-09-17 13:16 - 2009-04-10 23:28 - 00643072 _____ (Microsoft Corporation) C:\Windows\system32\msrepl40.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00638976 _____ (Microsoft Corporation) C:\Windows\system32\Utilman.exe
2013-09-17 13:16 - 2009-04-10 23:28 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00618496 _____ (Microsoft Corporation) C:\Windows\system32\mswstr10.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2VDEC.DLL
2013-09-17 13:16 - 2009-04-10 23:28 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00582144 _____ (Microsoft Corporation) C:\Windows\system32\SLCommDlg.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00547840 _____ (Microsoft Corporation) C:\Windows\system32\wiaaut.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00532992 _____ (Microsoft Corporation) C:\Windows\system32\wpcao.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\sqlsrv32.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00507904 _____ (Microsoft Corporation) C:\Windows\system32\vdsdyn.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00469504 _____ (Microsoft Corporation) C:\Windows\system32\newdev.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\msxbde40.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptui.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-09-17 13:16 - 2009-04-10 23:28 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\shwebsvc.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\msvcp60.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\ipsmsnap.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-09-17 13:16 - 2009-04-10 23:28 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00368640 _____ C:\Windows\system32\msjetoledb40.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\mspbde40.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00364032 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2013-09-17 13:16 - 2009-04-10 23:28 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\SLUI.exe
2013-09-17 13:16 - 2009-04-10 23:28 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\MediaMetadataHandler.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x40.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2013-09-17 13:16 - 2009-04-10 23:28 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\mtxclu.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\WscEapPr.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\msjtes40.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\spinstall.exe
2013-09-17 13:16 - 2009-04-10 23:28 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\w32time.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\mstext40.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\SnippingTool.exe
2013-09-17 13:16 - 2009-04-10 23:28 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\wow32.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\iassdo.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2013-09-17 13:16 - 2009-04-10 23:28 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\msltus40.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\SLC.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\wscntfy.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wdscore.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-09-17 13:16 - 2009-04-10 23:28 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\wlanui.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00200704 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
2013-09-17 13:16 - 2009-04-10 23:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\sperror.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\SLLUA.exe
2013-09-17 13:16 - 2009-04-10 23:28 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\iassam.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\WcnNetsh.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\spwizui.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\wevtutil.exe
2013-09-17 13:16 - 2009-04-10 23:28 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\msutb.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\spoolss.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-09-17 13:16 - 2009-04-10 23:28 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\korwbrkr.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2013-09-17 13:16 - 2009-04-10 23:28 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wpcsvc.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\softkbd.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\imm32.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\spreview.exe
2013-09-17 13:16 - 2009-04-10 23:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\imapi.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\sysclass.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL
2013-09-17 13:16 - 2009-04-10 23:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\wshext.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mstlsapi.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00083456 _____ (Microsoft) C:\Windows\system32\SMBHelperClass.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\wlgpclnt.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\iassvcs.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\slwmi.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\msjter40.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\SLUINotify.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\xmlfilter.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Storprop.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\mmci.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\l2nacp.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msstrc.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\slcinst.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\networkitemfactory.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\TSTheme.exe
2013-09-17 13:16 - 2009-04-10 23:28 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\msscb.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iaspolcy.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\whealogr.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\msimtf.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\ifmon.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\wsepno.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\uxsms.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msjint40.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\version.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\winrnr.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\NcdProp.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wscisvif.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\vdmdbg.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\midimap.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\spcmsg.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mmcico.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\spwinsat.dll
2013-09-17 13:16 - 2009-04-10 23:28 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2013-09-17 13:16 - 2009-04-10 23:27 - 03408896 _____ (Microsoft Corporation) C:\Windows\system32\SLsvc.exe
2013-09-17 13:16 - 2009-04-10 23:27 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2013-09-17 13:16 - 2009-04-10 23:27 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2013-09-17 13:16 - 2009-04-10 23:27 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\mblctr.exe
2013-09-17 13:16 - 2009-04-10 23:27 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2013-09-17 13:16 - 2009-04-10 23:27 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2013-09-17 13:16 - 2009-04-10 23:27 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-09-17 13:16 - 2009-04-10 23:27 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
2013-09-17 13:16 - 2009-04-10 23:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\wdmaud.drv
2013-09-17 13:16 - 2009-04-10 23:27 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-09-17 13:16 - 2009-04-10 23:27 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2013-09-17 13:16 - 2009-04-10 23:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\Kswdmcap.ax
2013-09-17 13:16 - 2009-04-10 23:27 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2013-09-17 13:16 - 2009-04-10 23:27 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\newdev.exe
2013-09-17 13:16 - 2009-04-10 23:27 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2013-09-17 13:16 - 2009-04-10 23:27 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ipconfig.exe
2013-09-17 13:16 - 2009-04-10 23:27 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\msacm32.drv
2013-09-17 13:16 - 2009-04-10 23:23 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2013-09-17 13:16 - 2009-04-10 23:22 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2013-09-17 13:16 - 2009-04-10 21:46 - 00208966 _____ C:\Windows\system32\WFP.TMF
2013-09-17 13:16 - 2009-04-10 21:46 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2013-09-17 13:16 - 2009-04-10 21:45 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2013-09-17 13:16 - 2009-04-10 21:45 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys
2013-09-17 13:16 - 2009-04-10 21:43 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-09-17 13:16 - 2009-04-10 21:42 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-09-17 13:16 - 2009-04-10 21:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-09-17 13:16 - 2009-04-10 21:42 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-09-17 13:16 - 2009-04-10 21:42 - 00052992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2013-09-17 13:16 - 2009-04-10 21:42 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-09-17 13:16 - 2009-04-10 21:42 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys
2013-09-17 13:16 - 2009-04-10 21:42 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD.sys
2013-09-17 13:16 - 2009-04-10 21:39 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\iscsilog.dll
2013-09-17 13:16 - 2009-04-10 21:38 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2013-09-17 13:16 - 2009-04-10 21:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2013-09-17 13:16 - 2009-04-10 21:22 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys
2013-09-17 13:16 - 2009-04-10 21:14 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-09-17 13:16 - 2009-04-10 21:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-09-17 13:16 - 2009-04-10 19:52 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys
2013-09-17 13:16 - 2009-04-10 18:59 - 00107612 _____ C:\Windows\system32\StructuredQuerySchema.bin
2013-09-17 13:16 - 2009-04-10 18:54 - 03662128 _____ C:\Windows\system32\locale.nls
2013-09-17 13:16 - 2009-03-06 18:11 - 00130008 _____ C:\Windows\system32\systemsf.ebd
2013-09-17 13:16 - 2009-02-19 17:20 - 00009239 _____ C:\Windows\system32\spcinstrumentation.man
2013-09-17 13:16 - 2009-02-18 11:39 - 00092918 _____ C:\Windows\system32\slmgr.vbs
2013-09-17 13:16 - 2009-02-18 11:39 - 00035680 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2013-09-17 13:16 - 2009-02-18 11:38 - 00619864 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2013-09-17 13:16 - 2009-02-18 11:38 - 00099680 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2013-09-17 13:16 - 2009-02-18 11:38 - 00035168 _____ (Microsoft Corporation) C:\Windows\system32\infocardcpl.cpl
2013-09-17 13:16 - 2009-02-18 11:38 - 00009048 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2013-09-17 13:15 - 2009-04-10 23:32 - 00053224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2013-09-17 13:15 - 2009-04-10 23:28 - 01576960 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-09-17 13:15 - 2009-04-10 23:28 - 01152000 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2013-09-17 13:15 - 2009-04-10 23:28 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2013-09-17 13:15 - 2009-04-10 23:28 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\thawbrkr.dll
2013-09-17 13:15 - 2009-04-10 23:28 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll
2013-09-17 13:15 - 2009-04-10 23:28 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\tcpipcfg.dll
2013-09-17 13:15 - 2009-04-10 23:28 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll
2013-09-17 13:15 - 2009-04-10 23:23 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2013-09-17 13:15 - 2009-04-10 21:45 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2013-09-17 13:10 - 2013-09-17 13:10 - 00000000 ____D C:\Windows\system32\EventProviders
2013-09-17 12:47 - 2013-09-17 14:03 - 00005867 _____ C:\Windows\IE9_main.log
2013-09-17 12:34 - 2013-09-17 12:34 - 00000033 _____ C:\Users\Sadie\Desktop\mcafee license.txt
2013-09-16 16:22 - 2013-09-16 16:22 - 00000000 ____D C:\Users\Sadie\AppData\Roaming\Malwarebytes
2013-09-16 16:20 - 2013-09-16 16:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-16 16:20 - 2013-09-16 16:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-16 16:20 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-15 14:52 - 2013-09-15 14:52 - 00000000 ____D C:\Windows\pss

==================== One Month Modified Files and Folders =======

2013-09-23 08:12 - 2013-09-23 08:12 - 00000000 ____D C:\FRST
2013-09-23 07:42 - 2008-05-13 22:54 - 02085608 _____ C:\Windows\WindowsUpdate.log
2013-09-23 00:01 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-23 00:01 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-20 08:19 - 2013-09-20 08:19 - 00024537 _____ C:\Users\Sadie\Desktop\attach.txt
2013-09-20 08:19 - 2013-09-20 08:19 - 00014402 _____ C:\Users\Sadie\Desktop\dds.txt
2013-09-18 16:34 - 2006-11-02 05:33 - 00715776 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-18 16:28 - 2013-09-18 16:28 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-09-18 16:27 - 2008-01-20 21:47 - 00447162 _____ C:\Windows\PFRO.log
2013-09-18 16:27 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-18 16:27 - 2006-11-02 07:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-18 16:26 - 2006-11-02 08:01 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-18 16:25 - 2013-09-18 16:25 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-09-18 16:24 - 2013-09-18 16:24 - 00000207 _____ C:\Windows\tweaking.com-regbackup-POLK-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-09-18 16:23 - 2013-09-18 16:23 - 00000000 ____D C:\RegBackup
2013-09-18 16:22 - 2013-09-18 16:22 - 00001954 _____ C:\Users\Sadie\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-09-18 16:22 - 2013-09-18 16:22 - 00000000 ____D C:\Users\Sadie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2013-09-18 16:22 - 2013-09-18 16:22 - 00000000 ____D C:\Program Files\Tweaking.com
2013-09-18 15:46 - 2009-01-24 16:43 - 00077088 _____ C:\Users\Sadie\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-18 13:44 - 2011-08-22 20:33 - 00002150 _____ C:\Windows\epplauncher.mif
2013-09-18 13:42 - 2011-03-24 20:17 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-18 10:14 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
2013-09-18 10:04 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-18 09:58 - 2006-11-02 07:47 - 00309232 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-18 09:54 - 2013-09-18 09:52 - 00000000 ____D C:\Program Files\Windows Live
2013-09-18 09:53 - 2013-09-18 09:53 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-09-18 09:52 - 2013-09-18 09:52 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-18 09:52 - 2006-11-02 06:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-09-18 09:19 - 2013-09-18 09:19 - 00000000 ____D C:\Users\Sadie\AppData\Local\Windows Live
2013-09-18 09:19 - 2013-09-18 09:19 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-09-18 09:08 - 2013-09-18 09:08 - 00269084 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-09-18 09:02 - 2009-01-24 23:46 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-09-18 07:44 - 2009-02-08 13:22 - 00000000 ____D C:\Windows\Minidump
2013-09-18 07:39 - 2011-07-22 17:31 - 00000000 ____D C:\Users\Sadie\AppData\Local\Conduit
2013-09-17 16:35 - 2013-09-17 16:31 - 00000318 _____ C:\rkill.log
2013-09-17 16:20 - 2013-09-17 16:20 - 00017188 _____ C:\FixitRegBackup.reg
2013-09-17 16:19 - 2006-11-02 07:52 - 00086677 _____ C:\Windows\setupact.log
2013-09-17 16:09 - 2009-01-27 20:26 - 00000951 _____ C:\Users\Russ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-17 16:09 - 2009-01-27 20:24 - 00000917 _____ C:\Users\Russ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2013-09-17 15:31 - 2013-09-17 15:31 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-09-17 15:31 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-09-17 15:31 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\zh-TW
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\zh-HK
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\zh-CN
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\uk-UA
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\tr-TR
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\th-TH
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\sv-SE
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\sr-Latn-CS
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\sl-SI
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\sk-SK
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\ru-RU
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\ro-RO
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\pt-PT
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\pt-BR
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\pl-PL
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\nl-NL
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\nb-NO
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\lv-LV
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\lt-LT
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\ko-KR
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\ja-JP
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\it-IT
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\hu-HU
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\hr-HR
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\he-IL
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\fr-FR
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\fi-FI
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\et-EE
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\el-GR
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\bg-BG
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\ar-SA
2013-09-17 15:31 - 2006-11-02 06:18 - 00000000 ____D C:\Program Files\Common Files\System
2013-09-17 15:30 - 2013-09-17 15:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2013-09-17 15:30 - 2013-09-17 15:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2013-09-17 14:40 - 2013-09-17 14:40 - 00000951 _____ C:\Users\Sadie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-17 14:03 - 2013-09-17 12:47 - 00005867 _____ C:\Windows\IE9_main.log
2013-09-17 14:03 - 2006-11-02 06:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2013-09-17 13:59 - 2013-09-17 13:59 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-17 13:59 - 2013-09-17 13:59 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-17 13:59 - 2013-09-17 13:59 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-17 13:59 - 2013-09-17 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-17 13:59 - 2013-09-17 13:59 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-17 13:59 - 2013-09-17 13:59 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-17 13:59 - 2013-09-17 13:59 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-17 13:59 - 2013-09-17 13:59 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-17 13:59 - 2013-09-17 13:59 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-17 13:59 - 2013-09-17 13:59 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-17 13:59 - 2013-09-17 13:59 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-17 13:59 - 2013-09-17 13:59 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-17 13:59 - 2013-09-17 13:59 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-17 13:59 - 2013-09-17 13:59 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-17 13:59 - 2006-11-02 01:32 - 00008798 _____ C:\Windows\system32\icrav03.rat
2013-09-17 13:59 - 2006-11-02 01:32 - 00001988 _____ C:\Windows\system32\ticrf.rat
2013-09-17 13:58 - 2013-09-17 13:58 - 02873344 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 01554432 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 01075712 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00979456 _____ (Microsoft Corporation) C:\Windows\system32\MFH264Dec.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2013-09-17 13:58 - 2013-09-17 13:58 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\MFHEAACdec.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4src.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2013-09-17 13:58 - 2013-09-17 13:58 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2013-09-17 13:58 - 2013-09-17 13:58 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2013-09-17 13:56 - 2013-09-17 13:56 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-09-17 13:56 - 2013-09-17 13:56 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-09-17 13:56 - 2013-09-17 13:56 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-09-17 13:56 - 2013-09-17 13:56 - 00321024 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2013-09-17 13:56 - 2013-09-17 13:56 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe
2013-09-17 13:56 - 2013-09-17 13:56 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2013-09-17 13:56 - 2013-09-17 13:56 - 00189440 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-09-17 13:49 - 2009-01-24 16:42 - 00000917 _____ C:\Users\Sadie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Windows\system32\vi-VN
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Windows\system32\eu-ES
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Windows\system32\ca-ES
2013-09-17 13:39 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-09-17 13:39 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Photo Gallery
2013-09-17 13:39 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-17 13:39 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Collaboration
2013-09-17 13:39 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Calendar
2013-09-17 13:39 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Movie Maker
2013-09-17 13:39 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\SLUI
2013-09-17 13:39 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2013-09-17 13:39 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\IME
2013-09-17 13:37 - 2008-03-06 05:21 - 00000000 ____D C:\Windows\system32\RTCOM
2013-09-17 13:35 - 2012-03-04 22:09 - 00004651 _____ C:\Windows\system32\lvcoinst.log
2013-09-17 13:35 - 2012-03-04 22:09 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-09-17 13:34 - 2013-09-17 13:34 - 00000000 ____D C:\Windows\system32\SPReview
2013-09-17 13:10 - 2013-09-17 13:10 - 00000000 ____D C:\Windows\system32\EventProviders
2013-09-17 12:34 - 2013-09-17 12:34 - 00000033 _____ C:\Users\Sadie\Desktop\mcafee license.txt
2013-09-17 08:35 - 2009-04-30 19:56 - 00000000 ____D C:\Users\Sadie\AppData\Roaming\Move Networks
2013-09-17 08:24 - 2009-01-24 17:19 - 00001356 _____ C:\Users\Sadie\AppData\Local\d3d9caps.dat
2013-09-17 07:36 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Globalization
2013-09-16 16:25 - 2013-09-16 16:20 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-16 16:22 - 2013-09-16 16:22 - 00000000 ____D C:\Users\Sadie\AppData\Roaming\Malwarebytes
2013-09-16 16:20 - 2013-09-16 16:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-15 15:15 - 2013-05-31 17:05 - 00000000 ____D C:\Program Files\ffdshow
2013-09-15 15:12 - 2008-03-06 05:51 - 00000000 ____D C:\Program Files\Yahoo!
2013-09-15 14:52 - 2013-09-15 14:52 - 00000000 ____D C:\Windows\pss
2013-09-11 17:43 - 2013-08-14 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 17:41 - 2006-11-02 05:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2003097071-1709909009-3854296526-1000\$e2ffb47dd90fa8124fc00ca651cc0444

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$e2ffb47dd90fa8124fc00ca651cc0444

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Backup => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

LastRegBack: 2013-09-18 16:34

==================== End Of Log ============================

 

 

Addition File:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-09-2013
Ran by Sadie at 2013-09-23 08:13:52
Running from K:\polk pc
Boot Mode: Normal
==========================================================

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 2.1.4)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0.1)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.7)
Adobe Flash Player 10 Plugin (Version: 10.0.45.2)
Adobe Reader 8.1.0 (Version: 8.1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Bing Bar (Version: 7.0.619.0)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 110.0.180.000)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 5.0.0.1)
CyberLink DVD Suite Deluxe (Version: 5.5.1126)
D3DX10 (Version: 15.4.2368.0902)
DeviceManagementQFolder (Version: 1.00.0000)
DJ_AIO_03_F4200_Software (Version: 110.0.206.000)
DJ_AIO_03_F4200_Software_Min (Version: 110.0.206.000)
Enhanced Multimedia Keyboard Solution
eSupportQFolder (Version: 1.00.0000)
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
GPBaseService (Version: 110.0.180.000)
Hardware Diagnostic Tools (Version: 5.1.4708.19)
Hewlett-Packard Active Check (Version: 1.1.11.0)
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5)
HP Customer Feedback (Version: 1.0.0)
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 (Version: 11.0)
HP Games (Version: 1.0.0.66)
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Picasso Media Center Add-In (Version: 1.0.0)
HP Solution Center 11.0 (Version: 11.0)
HP Total Care Advisor (Version: 1.6.12.2542)
HP Update (Version: 5.003.001.001)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000)
HPProductAssistant (Version: 110.0.180.000)
iCloud (Version: 2.1.2.8)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 11.0.2.26)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Junk Mail filter update (Version: 15.4.3502.0922)
LabelPrint (Version: 2.2.2329)
LightScribe System Software  1.10.23.1 (Version: 1.10.23.1)
LightScribeTemplateLabeler (Version: 1.10.23.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
muvee autoProducer 6.1 (Version: 6.10.050)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Power2Go (Version: 5.6.3610)
PowerDirector (Version: 6.5.2420)
PSSWCORE (Version: 2.02.0000)
Python 2.5 (Version: 2.5.150)
QuickTime (Version: 7.73.80.64)
Realtek High Definition Audio Driver (Version: 6.0.1.5657)
Scan (Version: 11.0.0.0)
Segoe UI (Version: 15.4.2271.0615)
Skype™ 5.10 (Version: 5.10.116)
Soft Data Fax Modem with SmartCP (Version: 7.74.00)
SolutionCenter (Version: 110.0.180.000)
Toolbox (Version: 110.0.180.000)
Tweaking.com - Windows Repair (All in One) (Version: 1.9.16)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
VideoToolkit01 (Version: 100.0.128.000)
WeatherBug Gadget (Version: 1.0.0.6)
WebReg (Version: 110.0.180.000)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

==================== Restore Points  =========================

17-09-2013 18:14:58 Windows Vista™ Service Pack 2
17-09-2013 18:52:31 Windows Update
17-09-2013 18:54:19 Windows Update
17-09-2013 18:56:10 Windows Modules Installer
17-09-2013 19:12:09 Windows Update
17-09-2013 19:42:11 Windows Update
17-09-2013 20:42:43 Windows Update
17-09-2013 21:19:53 Installed Microsoft Fix it 50535
18-09-2013 13:59:58 Installed MSXML 4.0 SP3 Parser
18-09-2013 14:08:08 Windows Update
18-09-2013 14:11:01 Windows Update
18-09-2013 18:39:05 Windows Update
18-09-2013 21:23:20 Tweaking.com - Windows Repair
20-09-2013 12:45:01 Scheduled Checkpoint
21-09-2013 05:00:00 Scheduled Checkpoint
22-09-2013 14:18:21 Scheduled Checkpoint
22-09-2013 14:34:56 Windows Update
23-09-2013 05:00:00 Scheduled Checkpoint

==================== Hosts content: ==========================

2013-09-18 16:25 - 2013-09-18 16:25 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3D95DCB5-AAAB-494A-B13C-A495B5B1D83E} - System32\Tasks\Norton Internet Security - Run Full System Scan - Sadie => c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {4E620BB6-FAEF-45BE-8376-AF92B3260C08} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2007-10-04] (PC-Doctor, Inc.)
Task: {86A50B3B-5B87-4E3C-ADC7-6C5E431B339D} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor 5 for Windows\task_swap.bat [2008-03-06] ()
Task: {CFEBDE92-11FA-4CA9-BCE5-2A3575EB0CE7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Sadie.job => c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe

==================== Loaded Modules (whitelisted) =============

2008-03-25 17:24 - 2008-03-25 17:24 - 00172032 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2013-09-16 16:20 - 2011-06-01 10:16 - 00496976 _____ (vbAccelerator) C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
2013-09-16 16:20 - 2011-06-01 10:16 - 00046416 _____ (vbAccelerator) C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #3
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #6
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (09/23/2013 00:00:01 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (09/22/2013 09:34:57 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (09/22/2013 09:18:21 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (09/21/2013 00:00:00 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (09/20/2013 07:45:01 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (09/19/2013 09:47:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1919

Error: (09/19/2013 09:47:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1919

Error: (09/19/2013 09:47:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/19/2013 01:43:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1919

Error: (09/19/2013 01:43:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1919

System errors:
=============
Error: (09/23/2013 06:42:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Windows Defender - KB915597 (Definition 1.159.314.0){7FE7FC10-6AE7-491E-A640-F0608D150490}200

Error: (09/22/2013 09:50:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Windows Defender - KB915597 (Definition 1.159.314.0){7FE7FC10-6AE7-491E-A640-F0608D150490}200

Error: (09/21/2013 01:28:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Windows Defender - KB915597 (Definition 1.159.314.0){7FE7FC10-6AE7-491E-A640-F0608D150490}200

Error: (09/20/2013 07:48:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Windows Defender - KB915597 (Definition 1.159.314.0){7FE7FC10-6AE7-491E-A640-F0608D150490}200

Error: (09/19/2013 07:05:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Windows Defender - KB915597 (Definition 1.159.53.0){EAC7122F-BBF2-40BE-9F0D-5D56E8AB55D4}200

Error: (09/18/2013 04:27:33 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (09/18/2013 04:27:33 PM) (Source: Service Control Manager) (User: )
Description: WinDefend%%5

Error: (09/18/2013 04:27:33 PM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service%%2

Error: (09/18/2013 01:45:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Microsoft Security Essentials - KB2866470{0FD5A045-30B6-40DB-AC5E-2A51D6B6250D}201

Error: (09/18/2013 09:59:43 AM) (Source: Service Control Manager) (User: )
Description: i8042prt

Microsoft Office Sessions:
=========================
Error: (09/23/2013 00:00:01 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (09/22/2013 09:34:57 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (09/22/2013 09:18:21 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (09/21/2013 00:00:00 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (09/20/2013 07:45:01 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (09/19/2013 09:47:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1919

Error: (09/19/2013 09:47:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1919

Error: (09/19/2013 09:47:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/19/2013 01:43:28 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1919

Error: (09/19/2013 01:43:28 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1919

CodeIntegrity Errors:
===================================
  Date: 2013-09-17 17:52:03.279
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-17 17:52:02.951
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-17 17:52:02.639
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-17 17:52:02.312
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-17 17:52:02.000
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-17 17:52:01.672
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-17 17:52:01.313
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-17 17:52:00.986
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-17 17:52:00.658
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-17 17:52:00.346
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 3061.58 MB
Available physical RAM: 2064.56 MB
Total Pagefile: 6351.43 MB
Available Pagefile: 5334.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.95 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:456.51 GB) (Free:362.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.25 GB) (Free:1.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive k: (Lexar) (Removable) (Total:3.73 GB) (Free:3.46 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=457 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:04 PM

Posted 23 September 2013 - 12:54 PM

Hello nlaperouse



I need you to download this script I have made for you --> Attached File  fixlist.txt   467bytes   2 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 nlaperouse

nlaperouse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 23 September 2013 - 01:49 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-09-2013
Ran by Sadie at 2013-09-23 13:46:51 Run:1
Running from K:\polk pc
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
C:\$Recycle.Bin\S-1-5-21-2003097071-1709909009-3854296526-1000\$e2ffb47dd90fa8124fc00ca651cc0444
C:\$Recycle.Bin\S-1-5-18\$e2ffb47dd90fa8124fc00ca651cc0444
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
DeleteJunctionsIndirectory: C:\Windows\system64
cmd: Dir /b /a:l "C:\Program Files" /s
*****************

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
C:\$Recycle.Bin\S-1-5-21-2003097071-1709909009-3854296526-1000\$e2ffb47dd90fa8124fc00ca651cc0444 => Directory moved successfully.
C:\$Recycle.Bin\S-1-5-18\$e2ffb47dd90fa8124fc00ca651cc0444 => Deleted successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtMon.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtPlug.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSigDwn.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.
"C:\Windows\system64" => Not Found

=========  Dir /b /a:l "C:\Program Files" /s =========

File Not Found

========= End of CMD: =========

==== End of Fixlog ====



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:04 PM

Posted 23 September 2013 - 03:54 PM



Hello nlaperouse

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 nlaperouse

nlaperouse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 23 September 2013 - 04:09 PM

AdwCleaner File:

# AdwCleaner v3.005 - Report created 23/09/2013 at 16:00:51
# Updated 22/09/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Sadie - POLK-PC
# Running from : C:\Users\Sadie\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Sadie\AppData\Local\Conduit
Folder Deleted : C:\Users\Sadie\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Russ\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Riana Wilson\AppData\LocalLow\Conduit
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16506

-\\ Google Chrome v

[ File : C:\Users\Sadie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2294 octets] - [23/09/2013 16:00:10]
AdwCleaner[S0].txt - [2181 octets] - [23/09/2013 16:00:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2241 octets] ##########

-----------------------------------------------------------------------------------------------------------------------------

 

JRT File:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Sadie on Mon 09/23/2013 at 16:05:30.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/23/2013 at 16:07:40.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:04 PM

Posted 23 September 2013 - 04:37 PM


Hello nlaperouse

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 nlaperouse

nlaperouse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 24 September 2013 - 07:52 AM

ComboFix Log:

ComboFix 13-09-23.02 - Sadie 09/23/2013  16:45:30.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3062.2086 [GMT -5:00]
Running from: k:\polk pc\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-23 to 2013-09-23  )))))))))))))))))))))))))))))))
.
.
2013-09-23 21:52 . 2013-09-23 21:52 -------- d-----w- c:\users\Sadie\AppData\Local\temp
2013-09-23 21:52 . 2013-09-23 21:52 -------- d-----w- c:\users\Russ\AppData\Local\temp
2013-09-23 21:26 . 2013-09-23 21:26 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17CED18C-8AC9-4BCD-A8AC-7B0E468E7D1A}\offreg.dll
2013-09-23 21:22 . 2013-09-16 05:50 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17CED18C-8AC9-4BCD-A8AC-7B0E468E7D1A}\mpengine.dll
2013-09-23 21:05 . 2013-09-23 21:05 -------- d-----w- c:\windows\ERUNT
2013-09-23 21:00 . 2013-09-23 21:00 -------- d-----w- C:\AdwCleaner
2013-09-23 13:12 . 2013-09-23 13:12 -------- d-----w- C:\FRST
2013-09-18 21:25 . 2013-09-18 21:25 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-09-18 21:23 . 2013-09-18 21:23 -------- d-----w- C:\RegBackup
2013-09-18 21:22 . 2013-09-18 21:22 -------- d-----w- c:\program files\Tweaking.com
2013-09-18 14:54 . 2013-09-18 14:54 -------- d-----w- c:\windows\en
2013-09-18 14:54 . 2012-03-08 23:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2013-09-18 14:53 . 2013-09-18 14:53 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-09-18 14:52 . 2013-09-18 14:52 -------- d-----w- c:\windows\PCHEALTH
2013-09-18 14:52 . 2013-09-18 14:54 -------- d-----w- c:\program files\Windows Live
2013-09-18 14:50 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2013-09-18 14:50 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2013-09-18 14:50 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-09-18 14:50 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-09-18 14:19 . 2013-09-18 14:19 -------- d-----w- c:\users\Sadie\AppData\Local\Windows Live
2013-09-18 14:19 . 2013-09-18 14:19 -------- d-----w- c:\program files\Common Files\Windows Live
2013-09-18 14:18 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2013-09-17 21:20 . 2013-09-17 21:20 17188 ----a-w- C:\FixitRegBackup.reg
2013-09-17 20:31 . 2013-09-17 20:31 -------- d-----w- c:\program files\Windows Portable Devices
2013-09-17 20:11 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2013-09-17 20:11 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2013-09-17 20:11 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-09-17 19:50 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-09-17 19:50 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-09-17 19:50 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-09-17 19:50 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-09-17 19:50 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-09-17 19:50 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-09-17 19:50 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2013-09-17 19:50 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-09-17 19:50 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-09-17 19:50 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-09-17 19:50 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-09-17 19:42 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-09-17 19:42 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-09-17 19:40 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-09-17 19:40 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2013-09-17 19:40 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-09-17 19:40 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-09-17 19:40 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-09-17 19:40 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-09-17 19:40 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-09-17 19:40 . 2013-04-15 14:20 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-09-17 19:40 . 2013-04-13 10:56 37376 ----a-w- c:\windows\system32\cdd.dll
2013-09-17 19:40 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2013-09-17 19:38 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2013-09-17 19:38 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2013-09-17 19:38 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2013-09-17 19:38 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2013-09-17 19:38 . 2013-06-01 04:06 505344 ----a-w- c:\windows\system32\qedit.dll
2013-09-17 19:38 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2013-09-17 19:38 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-09-17 19:38 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-09-17 19:38 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-09-17 19:38 . 2013-08-08 01:45 2049536 ----a-w- c:\windows\system32\win32k.sys
2013-09-17 19:38 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-09-17 19:38 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2013-09-17 19:25 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2013-09-17 19:12 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-09-17 19:12 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-09-17 19:12 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-09-17 19:12 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-09-17 19:12 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-09-17 19:12 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-09-17 19:12 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-09-17 19:12 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-09-17 19:12 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-09-17 18:58 . 2013-09-17 18:58 98816 ----a-w- c:\windows\system32\mfps.dll
2013-09-17 18:56 . 2013-09-17 18:56 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-09-17 18:56 . 2013-09-17 18:56 519680 ----a-w- c:\windows\system32\d3d11.dll
2013-09-17 18:56 . 2013-09-17 18:56 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2013-09-17 18:56 . 2013-09-17 18:56 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2013-09-17 18:56 . 2013-09-17 18:56 252928 ----a-w- c:\windows\system32\dxdiag.exe
2013-09-17 18:56 . 2013-09-17 18:56 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2013-09-17 18:56 . 2013-09-17 18:56 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-09-17 18:39 . 2013-09-17 18:39 -------- d-----w- c:\windows\system32\ca-ES
2013-09-17 18:39 . 2013-09-17 18:39 -------- d-----w- c:\windows\system32\eu-ES
2013-09-17 18:39 . 2013-09-17 18:39 -------- d-----w- c:\windows\system32\vi-VN
2013-09-17 18:34 . 2013-09-17 18:34 -------- d-----w- c:\windows\system32\SPReview
2013-09-17 18:18 . 2009-04-11 04:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2013-09-17 18:18 . 2009-04-11 04:27 57856 ----a-w- c:\windows\system32\compcln.exe
2013-09-17 18:16 . 2009-04-11 04:28 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2013-09-17 18:15 . 2009-04-11 04:28 149504 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2013-09-17 18:10 . 2013-09-17 18:10 -------- d-----w- c:\windows\system32\EventProviders
2013-09-16 21:22 . 2013-09-16 21:22 -------- d-----w- c:\users\Sadie\AppData\Roaming\Malwarebytes
2013-09-16 21:20 . 2013-09-16 21:20 -------- d-----w- c:\programdata\Malwarebytes
2013-09-16 21:20 . 2013-09-16 21:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-16 21:20 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-18 18:38 . 2011-03-28 23:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-09-17 18:56 . 2013-09-17 18:56 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2013-08-07 09:22 . 2010-10-02 00:05 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
.
c:\users\Sadie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk.disabled [2010-5-15 1660]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Sadie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Sadie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Sadie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Network Client.lnk]
path=c:\users\Sadie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Network Client.lnk
backup=c:\windows\pss\Network Client.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 11:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 18:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-26 03:27 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 17:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 15:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 09:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-03 16:27 6266880 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 18:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-04-07 10:56 132760 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
2006-11-02 12:35 176128 ----a-w- c:\windows\System32\wpcumi.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 10.0.2.61 10.0.1.224
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{37153479-1976-43c3-a1ee-557513977b64} - (no file)
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\mssecex.exe
MSConfigStartUp-SS_MW - c:\program files\Radica\Stylin' Studio\SS_MW.exe
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files\Coupons\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-23 16:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-09-23  16:54:32
ComboFix-quarantined-files.txt  2013-09-23 21:54
.
Pre-Run: 391,401,480,192 bytes free
Post-Run: 391,662,436,352 bytes free
.
- - End Of File - - 230631EA4B8D3BB11A229E9FFD0BEE95
03BA8F890B47C0BE359A4D5A636D214D

---------------------------------------------------------------------------------------

 

I didn't have any problems running combo fix.

Now- the computer seems to be working up to par. I can actually download items from Internet Explorer!! :bananas:

THANK YOU SO MUCH, Gringo!!!

Someone in the previous post I made mentioned that this was probably the ZeroAccess Rootkit; any ideas where it might have been obtained from?
 



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:04 PM

Posted 24 September 2013 - 02:46 PM


Hello nlaperouse

It is impossible to know where it came from - it is one of the most popular virus at this time

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 nlaperouse

nlaperouse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 25 September 2013 - 08:08 AM

I was asked to update to a newer version of ComboFix after running it.

ComboFix Log:

ComboFix 13-09-24.02 - Sadie 09/24/2013  15:42:03.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3062.2231 [GMT -5:00]
Running from: c:\users\Sadie\Desktop\ComboFix.exe
Command switches used :: c:\users\Sadie\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-24 to 2013-09-24  )))))))))))))))))))))))))))))))
.
.
2013-09-24 20:49 . 2013-09-24 20:49 -------- d-----w- c:\users\Sadie\AppData\Local\temp
2013-09-24 20:49 . 2013-09-24 20:49 -------- d-----w- c:\users\Russ\AppData\Local\temp
2013-09-24 20:49 . 2013-09-24 20:49 -------- d-----w- c:\users\Riana Wilson\AppData\Local\temp
2013-09-24 20:49 . 2013-09-24 20:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-09-24 20:49 . 2013-09-24 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-24 12:55 . 2013-09-24 12:55 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD917D60-FF10-4074-A496-2B2C9874DE9D}\offreg.dll
2013-09-24 12:42 . 2013-09-16 05:50 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD917D60-FF10-4074-A496-2B2C9874DE9D}\mpengine.dll
2013-09-23 21:05 . 2013-09-23 21:05 -------- d-----w- c:\windows\ERUNT
2013-09-23 21:00 . 2013-09-23 21:00 -------- d-----w- C:\AdwCleaner
2013-09-23 13:12 . 2013-09-23 13:12 -------- d-----w- C:\FRST
2013-09-18 21:25 . 2013-09-18 21:25 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-09-18 21:23 . 2013-09-18 21:23 -------- d-----w- C:\RegBackup
2013-09-18 21:22 . 2013-09-18 21:22 -------- d-----w- c:\program files\Tweaking.com
2013-09-18 14:54 . 2013-09-18 14:54 -------- d-----w- c:\windows\en
2013-09-18 14:54 . 2012-03-08 23:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2013-09-18 14:53 . 2013-09-18 14:53 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-09-18 14:52 . 2013-09-18 14:52 -------- d-----w- c:\windows\PCHEALTH
2013-09-18 14:52 . 2013-09-18 14:54 -------- d-----w- c:\program files\Windows Live
2013-09-18 14:50 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2013-09-18 14:50 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2013-09-18 14:50 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-09-18 14:50 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-09-18 14:19 . 2013-09-18 14:19 -------- d-----w- c:\users\Sadie\AppData\Local\Windows Live
2013-09-18 14:19 . 2013-09-18 14:19 -------- d-----w- c:\program files\Common Files\Windows Live
2013-09-18 14:18 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2013-09-17 21:20 . 2013-09-17 21:20 17188 ----a-w- C:\FixitRegBackup.reg
2013-09-17 20:31 . 2013-09-17 20:31 -------- d-----w- c:\program files\Windows Portable Devices
2013-09-17 20:11 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2013-09-17 20:11 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2013-09-17 20:11 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-09-17 19:50 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-09-17 19:50 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-09-17 19:50 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-09-17 19:50 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-09-17 19:50 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-09-17 19:50 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-09-17 19:50 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2013-09-17 19:50 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-09-17 19:50 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-09-17 19:50 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-09-17 19:50 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-09-17 19:42 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-09-17 19:42 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-09-17 19:40 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-09-17 19:40 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2013-09-17 19:40 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-09-17 19:40 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-09-17 19:40 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-09-17 19:40 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-09-17 19:40 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-09-17 19:40 . 2013-04-15 14:20 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-09-17 19:40 . 2013-04-13 10:56 37376 ----a-w- c:\windows\system32\cdd.dll
2013-09-17 19:40 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2013-09-17 19:38 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2013-09-17 19:38 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2013-09-17 19:38 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2013-09-17 19:38 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2013-09-17 19:38 . 2013-06-01 04:06 505344 ----a-w- c:\windows\system32\qedit.dll
2013-09-17 19:38 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2013-09-17 19:38 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-09-17 19:38 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-09-17 19:38 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-09-17 19:38 . 2013-08-08 01:45 2049536 ----a-w- c:\windows\system32\win32k.sys
2013-09-17 19:38 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-09-17 19:38 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2013-09-17 19:25 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2013-09-17 19:12 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-09-17 19:12 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-09-17 19:12 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-09-17 19:12 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-09-17 19:12 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-09-17 19:12 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-09-17 19:12 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-09-17 19:12 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-09-17 19:12 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-09-17 18:58 . 2013-09-17 18:58 98816 ----a-w- c:\windows\system32\mfps.dll
2013-09-17 18:56 . 2013-09-17 18:56 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-09-17 18:56 . 2013-09-17 18:56 519680 ----a-w- c:\windows\system32\d3d11.dll
2013-09-17 18:56 . 2013-09-17 18:56 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2013-09-17 18:56 . 2013-09-17 18:56 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2013-09-17 18:56 . 2013-09-17 18:56 252928 ----a-w- c:\windows\system32\dxdiag.exe
2013-09-17 18:56 . 2013-09-17 18:56 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2013-09-17 18:56 . 2013-09-17 18:56 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-09-17 18:39 . 2013-09-17 18:39 -------- d-----w- c:\windows\system32\ca-ES
2013-09-17 18:39 . 2013-09-17 18:39 -------- d-----w- c:\windows\system32\eu-ES
2013-09-17 18:39 . 2013-09-17 18:39 -------- d-----w- c:\windows\system32\vi-VN
2013-09-17 18:34 . 2013-09-17 18:34 -------- d-----w- c:\windows\system32\SPReview
2013-09-17 18:18 . 2009-04-11 04:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2013-09-17 18:18 . 2009-04-11 04:27 57856 ----a-w- c:\windows\system32\compcln.exe
2013-09-17 18:16 . 2009-04-11 04:28 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2013-09-17 18:15 . 2009-04-11 04:28 149504 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2013-09-17 18:10 . 2013-09-17 18:10 -------- d-----w- c:\windows\system32\EventProviders
2013-09-16 21:22 . 2013-09-16 21:22 -------- d-----w- c:\users\Sadie\AppData\Roaming\Malwarebytes
2013-09-16 21:20 . 2013-09-16 21:20 -------- d-----w- c:\programdata\Malwarebytes
2013-09-16 21:20 . 2013-09-16 21:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-16 21:20 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-18 18:38 . 2011-03-28 23:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-09-17 18:56 . 2013-09-17 18:56 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2013-08-07 09:22 . 2010-10-02 00:05 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
.
c:\users\Sadie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk.disabled [2010-5-15 1660]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Sadie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Sadie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Sadie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Network Client.lnk]
path=c:\users\Sadie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Network Client.lnk
backup=c:\windows\pss\Network Client.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 11:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 18:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-26 03:27 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 17:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 15:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 09:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-03 16:27 6266880 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 18:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-04-07 10:56 132760 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
2006-11-02 12:35 176128 ----a-w- c:\windows\System32\wpcumi.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 10.0.2.61 10.0.1.224
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-24 15:49
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-09-24  15:50:46
ComboFix-quarantined-files.txt  2013-09-24 20:50
ComboFix2.txt  2013-09-23 21:54
.
Pre-Run: 385,292,308,480 bytes free
Post-Run: 385,274,740,736 bytes free
.
- - End Of File - - C16E3E4CB0B2696D1F4120764D2FBC4E
03BA8F890B47C0BE359A4D5A636D214D
 

-------------------------------------------------------------------------------------------------

The computer is working up to par, and Internet Explorer is actually downloading items.



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:04 PM

Posted 25 September 2013 - 02:41 PM



Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove

    • Adobe Reader 8.1.0
      Coupon Printer for Windows
      Java™ SE Runtime Environment 6 Update 1


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Update Adobe reader
  • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
    • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

Install Java:

Please go here to install Java
  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close
Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 nlaperouse

nlaperouse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 25 September 2013 - 04:53 PM

Mbam log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.25.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Sadie :: POLK-PC [administrator]

9/25/2013 3:48:19 PM
mbam-log-2013-09-25 (15-48-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271227
Time elapsed: 9 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

---------------------------------------------------------

Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:31 PM, on 9/25/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16506)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Explorer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
K:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Startup: LimeWire On Startup.lnk.disabled
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O23 - Service: McAfee Application Installer Cleanup (0031221380116888) (0031221380116888mcinstcleanup) - McAfee, Inc. - C:\Users\Sadie\AppData\Local\Temp\003122~1.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\MsMpEng.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8277 bytes

---------------------------------------------------------------------------

No problems with removal, install, or executables. Computer seems to be running very well.



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:04 PM

Posted 25 September 2013 - 08:03 PM


Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - Startup: LimeWire On Startup.lnk.disabled


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
    • NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 nlaperouse

nlaperouse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 30 September 2013 - 10:39 AM

Ran the fix for unnecessary startups, no threats found with eset.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users