Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to start windows - no startup repair fix, no ntbtlog, nothing!


  • This topic is locked This topic is locked
14 replies to this topic

#1 alhan1337

alhan1337

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 02 October 2013 - 12:33 PM

I'm running an Acer Aspire with Vista on it.  I've had a few problems with viruses in the past, but always able to clean with some combination of MS Security Essentials, rkill, and MBAM.  This morning I tried to come out of Hibernate mode and the system crashed.  Upon restart, the system initiated Startup Repair which identified NTOSKRNL.exe as being corrupt.  After replacing that file in the recovery console, Startup Repair could find no other errors, but I cannot boot my computer in any mode and it won't even get far enough to provide boot logging.

 

A search of this and other forums saw many other users with this kind of issue.  I ran FRST64 and it uncovered several other missing DLLs which I have mostly restored, again through the recovery console.  The FRST log still has several attention lines related to Windows Defender and the Recycle Bin, so at this point my last assumption is a pretty bad virus.

 

I've posted the most recent version of FRST.txt.  Can anyone help?

Attached Files

  • Attached File  FRST.txt   14.68KB   5 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:43 AM

Posted 02 October 2013 - 01:16 PM

Hello alhan1337

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!
  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt


 
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$306863da577cacc31c4d36d6249a8c52\n. ATTENTION! ====> ZeroAccess?
HKU\Alex\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [196608 2008-12-04] (Microsoft Corporation) <==== ATTENTION
C:\$Recycle.Bin\S-1-5-21-1452331884-2432219423-348578642-1000\$306863da577cacc31c4d36d6249a8c52
C:\$Recycle.Bin\S-1-5-18\$306863da577cacc31c4d36d6249a8c52
C:\Users\Alex\AppData\Local\Temp\0.exe
C:\Users\Alex\AppData\Local\Temp\02c9c3c35bdx5.exe
C:\Users\Alex\AppData\Local\Temp\1.exe
C:\Users\Alex\AppData\Local\Temp\17dkf.exe
C:\Users\Alex\AppData\Local\Temp\2.exe
C:\Users\Alex\AppData\Local\Temp\472a10e2ebxd9.exe
C:\Users\Alex\AppData\Local\Temp\5395.exe
C:\Users\Alex\AppData\Local\Temp\56493.exe
C:\Users\Alex\AppData\Local\Temp\ae0965a7157cd.exe
C:\Users\Alex\AppData\Local\Temp\al3erfa3.exe
C:\Users\Alex\AppData\Local\Temp\alerfa.exe
C:\Users\Alex\AppData\Local\Temp\backd-efq.exe
C:\Users\Alex\AppData\Local\Temp\cunifuc.exe
C:\Users\Alex\AppData\Local\Temp\dc_3.exe
C:\Users\Alex\AppData\Local\Temp\dd10x10.exe
C:\Users\Alex\AppData\Local\Temp\ddhelp.exe
C:\Users\Alex\AppData\Local\Temp\ddoll3342.exe
C:\Users\Alex\AppData\Local\Temp\dkfjd93.exe
C:\Users\Alex\AppData\Local\Temp\ds7hw.exe
C:\Users\Alex\AppData\Local\Temp\eelnvd13.exe
C:\Users\Alex\AppData\Local\Temp\eephilpe.exe
C:\Users\Alex\AppData\Local\Temp\fe.exe
C:\Users\Alex\AppData\Local\Temp\format.exe
C:\Users\Alex\AppData\Local\Temp\gedx_ae09.exe
C:\Users\Alex\AppData\Local\Temp\gpupz2a.exe
C:\Users\Alex\AppData\Local\Temp\hardwh.exe
C:\Users\Alex\AppData\Local\Temp\hhbboll_2.exe
C:\Users\Alex\AppData\Local\Temp\hiphop.exe
C:\Users\Alex\AppData\Local\Temp\hodeme.exe
C:\Users\Alex\AppData\Local\Temp\hvipws9.exe
C:\Users\Alex\AppData\Local\Temp\InstHelp.dll
C:\Users\Alex\AppData\Local\Temp\jdhellwo3.exe
C:\Users\Alex\AppData\Local\Temp\jofcdks.exe
C:\Users\Alex\AppData\Local\Temp\kjdh_gf_jjdhgd.exe
C:\Users\Alex\AppData\Local\Temp\kock.exe
C:\Users\Alex\AppData\Local\Temp\kt_setup.exe
C:\Users\Alex\AppData\Local\Temp\lols.exe
C:\Users\Alex\AppData\Local\Temp\lorsk.exe
C:\Users\Alex\AppData\Local\Temp\pswwg3c.exe
C:\Users\Alex\AppData\Local\Temp\qwedvor.exe
C:\Users\Alex\AppData\Local\Temp\qwklrvjhqlkj.exe
C:\Users\Alex\AppData\Local\Temp\r0life.exe
C:\Users\Alex\AppData\Local\Temp\rator.exe
C:\Users\Alex\AppData\Local\Temp\rtfme.exe
C:\Users\Alex\AppData\Local\Temp\safe.exe
C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Alex\AppData\Local\Temp\snowif.exe
C:\Users\Alex\AppData\Local\Temp\sycre.exe
C:\Users\Alex\AppData\Local\Temp\timem.exe
C:\Users\Alex\AppData\Local\Temp\wergfq.exe
C:\Users\Alex\AppData\Local\Temp\winlogoff.exe
C:\Users\Alex\AppData\Local\Temp\wqefqw7e.exe
C:\Users\Alex\AppData\Local\Temp\wrcud12.exe
safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 alhan1337

alhan1337
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 02 October 2013 - 05:44 PM

Hi Gringo,
Thanks for the quick reply. I wanted to give you a quick update from my phone that unfortunately the fixlist code did not solve the issue. Although the fixlog says everything was completed successfully (either moved or deleted), I still have the same startup issue. Safe mode will load the system config and then go no further.

Once I can get access to a friend's computer I will paste in the full contents of the log file for you to review. Do you need me to do anything else in the meantime?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:43 AM

Posted 02 October 2013 - 06:11 PM

I want you to run a scan from frst again and send me that report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 alhan1337

alhan1337
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 03 October 2013 - 08:37 AM

Gringo,

Ok, here are both the fixlog and the new RFST.txt after the attempt last night:

 

FIXLOG:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-02 15:34:25 Run:1
Running from E:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\Recycle.Bin\S-1-5-18\$306863da577cacc31c4d36d6249a8c5\n. ATTENION! ====> ZeroAccess?
HKU\Alex\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [196608 2008-12-04] (Microsoft Corporation) <==== ATTENTION
C:\$Recycle.Bin\S-1-5-21-1452331884-2432219423-348578642-1000\$306863da577cacc31c4d36d6249a8c52
C:\$Recycle.Bin\S-1-5-18\$306863da577cacc31c4d36d6249a8c52
C:\Users\Alex\AppData\Local\Temp\0.exe
C:\Users\Alex\AppData\Local\Temp\02c9c3c35bdx5.exe
C:\Users\Alex\AppData\Local\Temp\1.exe
C:\Users\Alex\AppData\Local\Temp\17dkf.exe
C:\Users\Alex\AppData\Local\Temp\2.exe
C:\Users\Alex\AppData\Local\Temp\472a10e2ebxd9.exe
C:\Users\Alex\AppData\Local\Temp\5395.exe
C:\Users\Alex\AppData\Local\Temp\56493.exe
C:\Users\Alex\AppData\Local\Temp\ae0965a7157cd.exe
C:\Users\Alex\AppData\Local\Temp\al3erfa3.exe
C:\Users\Alex\AppData\Local\Temp\alerfa.exe
C:\Users\Alex\AppData\Local\Temp\backd-efq.exe
C:\Users\Alex\AppData\Local\Temp\cunifuc.exe
C:\Users\Alex\AppData\Local\Temp\dc_3.exe
C:\Users\Alex\AppData\Local\Temp\dd10x10.exe
C:\Users\Alex\AppData\Local\Temp\ddhelp.exe
C:\Users\Alex\AppData\Local\Temp\ddoll3342.exe
C:\Users\Alex\AppData\Local\Temp\dkfjd93.exe
C:\Users\Alex\AppData\Local\Temp\ds7hw.exe
C:\Users\Alex\AppData\Local\Temp\eelnvd13.exe
C:\Users\Alex\AppData\Local\Temp\eephilpe.exe
C:\Users\Alex\AppData\Local\Temp\fe.exe
C:\Users\Alex\AppData\Local\Temp\format.exe
C:\Users\Alex\AppData\Local\Temp\gedx_ae09.exe
C:\Users\Alex\AppData\Local\Temp\gpupz2a.exe
C:\Users\Alex\AppData\Local\Temp\hardwh.exe
C:\Users\Alex\AppData\Local\Temp\hhbboll_2.exe
C:\Users\Alex\AppData\Local\Temp\hiphop.exe
C:\Users\Alex\AppData\Local\Temp\hodeme.exe
C:\Users\Alex\AppData\Local\Temp\hvipws9.exe
C:\Users\Alex\AppData\Local\Temp\InstHelp.dll
C:\Users\Alex\AppData\Local\Temp\jdhellwo3.exe
C:\Users\Alex\AppData\Local\Temp\jofcdks.exe
C:\Users\Alex\AppData\Local\Temp\kjdh_gf_jjdhgd.exe
C:\Users\Alex\AppData\Local\Temp\kock.exe
C:\Users\Alex\AppData\Local\Temp\kt_setup.exe
C:\Users\Alex\AppData\Local\Temp\lols.exe
C:\Users\Alex\AppData\Local\Temp\lorsk.exe
C:\Users\Alex\AppData\Local\Temp\pswwg3c.exe
C:\Users\Alex\AppData\Local\Temp\qwedvor.exe
C:\Users\Alex\AppData\Local\Temp\qwklrvjhqlkj.exe
C:\Users\Alex\AppData\Local\Temp\r0life.exe
C:\Users\Alex\AppData\Local\Temp\rator.exe
C:\Users\Alex\AppData\Local\Temp\rtfme.exe
C:\Users\Alex\AppData\Local\Temp\safe.exe
C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Alex\AppData\Local\Temp\snowif.exe
C:\Users\Alex\AppData\Local\Temp\sycre.exe
C:\Users\Alex\AppData\Local\Temp\timem.exe
C:\Users\Alex\AppData\Local\Temp\wergfq.exe
C:\Users\Alex\AppData\Local\Temp\winlogoff.exe
C:\Users\Alex\AppData\Local\Temp\wqefqw7e.exe
C:\Users\Alex\AppData\Local\Temp\wrcud12.exe
safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!
*****************

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKU\Mcx1\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Alex\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1452331884-2432219423-348578642-1000\$306863da577cacc31c4d36d6249a8c52 => Directory moved successfully.
C:\$Recycle.Bin\S-1-5-18\$306863da577cacc31c4d36d6249a8c52 => Deleted successfully.
C:\Users\Alex\AppData\Local\Temp\0.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\02c9c3c35bdx5.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\1.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\17dkf.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\2.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\472a10e2ebxd9.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\5395.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\56493.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\ae0965a7157cd.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\al3erfa3.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\alerfa.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\backd-efq.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\cunifuc.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\dc_3.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\dd10x10.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\ddhelp.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\ddoll3342.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\dkfjd93.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\ds7hw.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\eelnvd13.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\eephilpe.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\fe.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\format.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\gedx_ae09.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\gpupz2a.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\hardwh.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\hhbboll_2.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\hiphop.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\hodeme.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\hvipws9.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\InstHelp.dll => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\jdhellwo3.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\jofcdks.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\kjdh_gf_jjdhgd.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\kock.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\kt_setup.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\lols.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\lorsk.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\pswwg3c.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\qwedvor.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\qwklrvjhqlkj.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\r0life.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\rator.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\rtfme.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\safe.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\snowif.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\sycre.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\timem.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\wergfq.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\winlogoff.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\wqefqw7e.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\wrcud12.exe => Moved successfully.

The operation completed successfully.

==== End of Fixlog ====

 

NEW FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MINWINPC on 02-10-2013 15:58:40
Running from D:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - "C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe"
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1686824 2009-03-05] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [437280 2009-04-15] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1460096 2007-02-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] ()
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM-x32\...\Run: [Acer Assist Launcher] - C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [805384 2009-03-04] (Dritek System Inc.)
HKLM-x32\...\Run: [VitaKeyPdtWzd] - C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3560448 2009-03-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM-x32\...\Run: [ConnectionCenter] - "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKU\Alex\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [0 2008-01-20] ()
HKU\Alex\...\Run: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe [9728 2006-11-02] (Microsoft Corporation)
HKU\Alex\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [233472 2009-03-15] (TODO: <Company name>)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [233472 2009-03-15] (TODO: <Company name>)
HKU\Mcx1\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Mcx1\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [0 2008-01-20] ()
HKU\Mcx1\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [233472 2009-03-15] (TODO: <Company name>)
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
BootExecute: autocheck autochk * lsdelete

==================== Services (Whitelisted) =================

S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2009-01-20] (Agere Systems)
S2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [794656 2009-04-15] (Acer Incorporated)
S2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3444224 2009-03-25] (Egis Technology Inc.)
S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [290832 2011-12-12] (Verizon)
S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [1737728 2012-09-22] (Lavasoft Limited                                                  )
S2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [237568 2009-02-05] (Acer Incorporated)
S4 SharedAccess; C:\Windows\System32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S2 LanmanServer; %SystemRoot%\system32\srvsvc.dll [x]
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
S3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [x]
S2 Spooler; %SystemRoot%\System32\spoolsv.exe [x]

==================== Drivers (Whitelisted) ====================

S0 AlfaFF; C:\Windows\System32\drivers\AlfaFF.sys [53744 2008-07-10] (Alfa Corporation)
S0 AlfaFF; C:\Windows\SysWow64\drivers\AlfaFF.sys [42608 2008-07-10] (Alfa Corporation)
S2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()
S2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()
S3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [65536 2009-11-13] (Atheros Communications, Inc.)
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-04-29] (Lavasoft AB)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
S3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [46592 2007-03-28] (Winbond Electronics Corporation)
S1 ctxusbm; system32\DRIVERS\ctxusbm.sys [x]
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [x]
S3 HTTP; system32\drivers\HTTP.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 srv; System32\DRIVERS\srv.sys [x]
S3 srv2; System32\DRIVERS\srv2.sys [x]
S3 srvnet; System32\DRIVERS\srvnet.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-02 12:52 - 2004-08-04 00:56 - 00656384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-02 12:52 - 2004-08-04 00:56 - 00656384 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-02 12:51 - 2004-08-04 00:56 - 00406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-10-02 12:51 - 2004-08-04 00:56 - 00406528 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-10-02 12:50 - 2004-08-04 00:56 - 00473600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2013-10-02 12:50 - 2004-08-04 00:56 - 00473600 _____ (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-10-02 12:44 - 2013-10-02 12:42 - 08461312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-02 12:44 - 2013-10-02 12:42 - 08461312 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-10-02 12:20 - 2013-10-02 12:20 - 00000000 ____D C:\FRST
2013-10-02 10:18 - 2004-08-03 23:20 - 02180992 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-02 08:28 - 2013-10-02 08:28 - 01426944 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-02 08:19 - 2013-10-02 08:19 - 00000000 __SHD C:\found.001

==================== One Month Modified Files and Folders =======

2013-10-02 12:42 - 2013-10-02 12:44 - 08461312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-02 12:42 - 2013-10-02 12:44 - 08461312 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-10-02 12:20 - 2013-10-02 12:20 - 00000000 ____D C:\FRST
2013-10-02 08:28 - 2013-10-02 08:28 - 01426944 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-02 08:19 - 2013-10-02 08:19 - 00000000 __SHD C:\found.001
2013-10-01 17:11 - 2010-01-29 13:07 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2013-10-01 15:28 - 2006-11-02 07:22 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-01 15:28 - 2006-11-02 07:22 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-01 13:35 - 2009-08-17 21:10 - 02004557 _____ C:\Windows\WindowsUpdate.log
2013-10-01 13:31 - 2009-10-09 12:28 - 00233768 _____ C:\ProgramData\nvModes.001
2013-10-01 13:31 - 2009-10-09 12:21 - 00233768 _____ C:\ProgramData\nvModes.dat
2013-09-30 21:29 - 2009-10-09 11:44 - 00000000 ____D C:\users\Alex
2013-09-30 21:19 - 2009-10-12 06:46 - 00000000 ____D C:\SIERRA
2013-09-25 14:00 - 2011-06-04 19:55 - 00000064 _____ C:\Windows\SysWOW64\rp_stats.dat
2013-09-25 14:00 - 2011-06-04 19:55 - 00000044 _____ C:\Windows\SysWOW64\rp_rules.dat
2013-09-25 14:00 - 2011-05-14 06:24 - 00003626 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2013-09-22 17:26 - 2010-01-29 13:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-22 17:25 - 2010-01-29 13:01 - 00000000 ____D C:\ProgramData\Skype

==================== Known DLLs (Whitelisted) ================

C:\Windows\System32\IERTUTIL.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IERTUTIL.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\URLMON.dll IS MISSING <==== ATTENTION!

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Antimalware => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 4059.99 MB
Available physical RAM: 3620.96 MB
Total Pagefile: 3933.62 MB
Available Pagefile: 3593.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:216.4 GB) (Free:163.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Removable) (Total:3.73 GB) (Free:3.16 GB) FAT32
Drive e: (XP HOME RECOVERY CD) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
Drive x: (PQSERVICE) (Fixed) (Total:13 GB) (Free:1.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 7DFF48FA)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=216 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=12)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 73696D20)
No partition Table on disk 1.


LastRegBack: 2013-04-13 06:21

==================== End Of Log ============================

 

Thanks again!



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:43 AM

Posted 03 October 2013 - 09:05 PM


Hello alhan1337



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
LastRegBack: 2013-04-13 06:21
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 alhan1337

alhan1337
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 03 October 2013 - 09:41 PM

Ok, so again not a whole lot of luck.  After both safe and normal modes failed to boot again, I ran another FRST scan.  Here's the fixlog and the new FRST.txt:

 

fixlog:

ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-03 22:27:21 Run:6
Running from D:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
LastRegBack: 2013-04-13 06:21
*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

 

new FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MINWINPC on 03-10-2013 22:29:30
Running from D:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] ()
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - "C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe"
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1686824 2009-03-05] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [437280 2009-04-15] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1460096 2007-02-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] ()
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM-x32\...\Run: [Acer Assist Launcher] - C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [805384 2009-03-04] (Dritek System Inc.)
HKLM-x32\...\Run: [VitaKeyPdtWzd] - C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3560448 2009-03-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM-x32\...\Run: [ConnectionCenter] - "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKU\Alex\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [0 2008-01-20] ()
HKU\Alex\...\Run: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe [9728 2006-11-02] (Microsoft Corporation)
HKU\Alex\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [233472 2009-03-15] (TODO: <Company name>)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [233472 2009-03-15] (TODO: <Company name>)
HKU\Mcx1\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Mcx1\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [0 2008-01-20] ()
HKU\Mcx1\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [233472 2009-03-15] (TODO: <Company name>)
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
BootExecute: autocheck autochk * lsdelete

==================== Services (Whitelisted) =================

S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2009-01-20] (Agere Systems)
S2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [794656 2009-04-15] (Acer Incorporated)
S2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3444224 2009-03-25] (Egis Technology Inc.)
S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [290832 2011-12-12] (Verizon)
S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [1737728 2012-09-22] (Lavasoft Limited                                                  )
S2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [237568 2009-02-05] (Acer Incorporated)
S2 LanmanServer; %SystemRoot%\system32\srvsvc.dll [x]
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
S3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [x]
S2 Spooler; %SystemRoot%\System32\spoolsv.exe [x]

==================== Drivers (Whitelisted) ====================

S0 AlfaFF; C:\Windows\System32\drivers\AlfaFF.sys [53744 2008-07-10] (Alfa Corporation)
S0 AlfaFF; C:\Windows\SysWow64\drivers\AlfaFF.sys [42608 2008-07-10] (Alfa Corporation)
S2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()
S2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()
S3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [65536 2009-11-13] (Atheros Communications, Inc.)
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-04-29] (Lavasoft AB)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
S3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [46592 2007-03-28] (Winbond Electronics Corporation)
S1 ctxusbm; system32\DRIVERS\ctxusbm.sys [x]
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [x]
S3 HTTP; system32\drivers\HTTP.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 srv; System32\DRIVERS\srv.sys [x]
S3 srv2; System32\DRIVERS\srv2.sys [x]
S3 srvnet; System32\DRIVERS\srvnet.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-03 22:27 - 2013-10-03 22:27 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-10-02 12:52 - 2004-08-04 00:56 - 00656384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-02 12:52 - 2004-08-04 00:56 - 00656384 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-02 12:51 - 2004-08-04 00:56 - 00406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-10-02 12:51 - 2004-08-04 00:56 - 00406528 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-10-02 12:50 - 2004-08-04 00:56 - 00473600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2013-10-02 12:50 - 2004-08-04 00:56 - 00473600 _____ (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-10-02 12:44 - 2013-10-02 12:42 - 08461312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-02 12:44 - 2013-10-02 12:42 - 08461312 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-10-02 12:20 - 2013-10-02 12:20 - 00000000 ____D C:\FRST
2013-10-02 10:18 - 2004-08-03 23:20 - 02180992 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-02 08:28 - 2013-10-02 08:28 - 01426944 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-02 08:19 - 2013-10-02 08:19 - 00000000 __SHD C:\found.001

==================== One Month Modified Files and Folders =======

2013-10-03 22:27 - 2013-10-03 22:27 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-10-02 12:42 - 2013-10-02 12:44 - 08461312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-02 12:42 - 2013-10-02 12:44 - 08461312 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-10-02 12:20 - 2013-10-02 12:20 - 00000000 ____D C:\FRST
2013-10-02 08:28 - 2013-10-02 08:28 - 01426944 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-02 08:19 - 2013-10-02 08:19 - 00000000 __SHD C:\found.001
2013-10-01 17:11 - 2010-01-29 13:07 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2013-10-01 15:28 - 2006-11-02 07:22 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-01 15:28 - 2006-11-02 07:22 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-01 13:35 - 2009-08-17 21:10 - 02004557 _____ C:\Windows\WindowsUpdate.log
2013-10-01 13:31 - 2009-10-09 12:28 - 00233768 _____ C:\ProgramData\nvModes.001
2013-10-01 13:31 - 2009-10-09 12:21 - 00233768 _____ C:\ProgramData\nvModes.dat
2013-09-30 21:29 - 2009-10-09 11:44 - 00000000 ____D C:\users\Alex
2013-09-30 21:19 - 2009-10-12 06:46 - 00000000 ____D C:\SIERRA
2013-09-25 14:00 - 2011-06-04 19:55 - 00000064 _____ C:\Windows\SysWOW64\rp_stats.dat
2013-09-25 14:00 - 2011-06-04 19:55 - 00000044 _____ C:\Windows\SysWOW64\rp_rules.dat
2013-09-25 14:00 - 2011-05-14 06:24 - 00003626 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2013-09-22 17:26 - 2010-01-29 13:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-22 17:25 - 2010-01-29 13:01 - 00000000 ____D C:\ProgramData\Skype

==================== Known DLLs (Whitelisted) ================

C:\Windows\System32\IERTUTIL.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IERTUTIL.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\URLMON.dll IS MISSING <==== ATTENTION!

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Antimalware => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 4059.99 MB
Available physical RAM: 3612.61 MB
Total Pagefile: 3933.62 MB
Available Pagefile: 3585.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:216.4 GB) (Free:162.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Removable) (Total:3.73 GB) (Free:3.16 GB) FAT32
Drive e: (XP HOME RECOVERY CD) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
Drive x: (PQSERVICE) (Fixed) (Total:13 GB) (Free:1.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 7DFF48FA)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=216 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=12)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 73696D20)
No partition Table on disk 1.


LastRegBack: 2013-04-13 06:21

==================== End Of Log ============================

 

Do you think it could be something beyond a virus at this point?  Corrupt OS or something?

 

Thanks for all your help!



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:43 AM

Posted 03 October 2013 - 10:04 PM



Hello alhan1337



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
CMD: bootrec /fixmbr
CMD: bootrec /fixboot
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 alhan1337

alhan1337
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 04 October 2013 - 10:27 AM

Gringo,

Still no luck.  Here are the latest two reports:

 

Fixlot:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-04 07:42:16 Run:7
Running from D:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
CMD: bootrec /fixmbr
CMD: bootrec /fixboot
*****************


=========  bootrec /fixmbr =========

??T h e   o p e r a t i o n   c o m p l e t e d   s u c c e s s f u l l y .
 
========= End of CMD: =========


=========  bootrec /fixboot =========

??T h e   o p e r a t i o n   c o m p l e t e d   s u c c e s s f u l l y .
 
========= End of CMD: =========


==== End of Fixlog ====

 

new FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MINWINPC on 04-10-2013 07:46:24
Running from D:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] ()
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - "C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe"
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1686824 2009-03-05] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [437280 2009-04-15] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1460096 2007-02-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] ()
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM-x32\...\Run: [Acer Assist Launcher] - C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [805384 2009-03-04] (Dritek System Inc.)
HKLM-x32\...\Run: [VitaKeyPdtWzd] - C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3560448 2009-03-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM-x32\...\Run: [ConnectionCenter] - "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKU\Alex\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [0 2008-01-20] ()
HKU\Alex\...\Run: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe [9728 2006-11-02] (Microsoft Corporation)
HKU\Alex\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [233472 2009-03-15] (TODO: <Company name>)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [233472 2009-03-15] (TODO: <Company name>)
HKU\Mcx1\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Mcx1\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [0 2008-01-20] ()
HKU\Mcx1\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [233472 2009-03-15] (TODO: <Company name>)
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
BootExecute: autocheck autochk * lsdelete

==================== Services (Whitelisted) =================

S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2009-01-20] (Agere Systems)
S2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [794656 2009-04-15] (Acer Incorporated)
S2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3444224 2009-03-25] (Egis Technology Inc.)
S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [290832 2011-12-12] (Verizon)
S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [1737728 2012-09-22] (Lavasoft Limited                                                  )
S2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [237568 2009-02-05] (Acer Incorporated)
S2 LanmanServer; %SystemRoot%\system32\srvsvc.dll [x]
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
S3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [x]
S2 Spooler; %SystemRoot%\System32\spoolsv.exe [x]

==================== Drivers (Whitelisted) ====================

S0 AlfaFF; C:\Windows\System32\drivers\AlfaFF.sys [53744 2008-07-10] (Alfa Corporation)
S0 AlfaFF; C:\Windows\SysWow64\drivers\AlfaFF.sys [42608 2008-07-10] (Alfa Corporation)
S2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()
S2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()
S3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [65536 2009-11-13] (Atheros Communications, Inc.)
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-04-29] (Lavasoft AB)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
S3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [46592 2007-03-28] (Winbond Electronics Corporation)
S1 ctxusbm; system32\DRIVERS\ctxusbm.sys [x]
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [x]
S3 HTTP; system32\drivers\HTTP.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 srv; System32\DRIVERS\srv.sys [x]
S3 srv2; System32\DRIVERS\srv2.sys [x]
S3 srvnet; System32\DRIVERS\srvnet.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-03 22:27 - 2013-10-03 22:27 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-10-02 12:52 - 2004-08-04 00:56 - 00656384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-02 12:52 - 2004-08-04 00:56 - 00656384 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-02 12:51 - 2004-08-04 00:56 - 00406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-10-02 12:51 - 2004-08-04 00:56 - 00406528 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-10-02 12:50 - 2004-08-04 00:56 - 00473600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2013-10-02 12:50 - 2004-08-04 00:56 - 00473600 _____ (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-10-02 12:44 - 2013-10-02 12:42 - 08461312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-02 12:44 - 2013-10-02 12:42 - 08461312 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-10-02 12:20 - 2013-10-02 12:20 - 00000000 ____D C:\FRST
2013-10-02 10:18 - 2004-08-03 23:20 - 02180992 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-02 08:28 - 2013-10-02 08:28 - 01426944 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-02 08:19 - 2013-10-02 08:19 - 00000000 __SHD C:\found.001

==================== One Month Modified Files and Folders =======

2013-10-03 22:27 - 2013-10-03 22:27 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-10-02 12:42 - 2013-10-02 12:44 - 08461312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-02 12:42 - 2013-10-02 12:44 - 08461312 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-10-02 12:20 - 2013-10-02 12:20 - 00000000 ____D C:\FRST
2013-10-02 08:28 - 2013-10-02 08:28 - 01426944 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-02 08:19 - 2013-10-02 08:19 - 00000000 __SHD C:\found.001
2013-10-01 17:11 - 2010-01-29 13:07 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2013-10-01 15:28 - 2006-11-02 07:22 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-01 15:28 - 2006-11-02 07:22 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-01 13:35 - 2009-08-17 21:10 - 02004557 _____ C:\Windows\WindowsUpdate.log
2013-10-01 13:31 - 2009-10-09 12:28 - 00233768 _____ C:\ProgramData\nvModes.001
2013-10-01 13:31 - 2009-10-09 12:21 - 00233768 _____ C:\ProgramData\nvModes.dat
2013-09-30 21:29 - 2009-10-09 11:44 - 00000000 ____D C:\users\Alex
2013-09-30 21:19 - 2009-10-12 06:46 - 00000000 ____D C:\SIERRA
2013-09-25 14:00 - 2011-06-04 19:55 - 00000064 _____ C:\Windows\SysWOW64\rp_stats.dat
2013-09-25 14:00 - 2011-06-04 19:55 - 00000044 _____ C:\Windows\SysWOW64\rp_rules.dat
2013-09-25 14:00 - 2011-05-14 06:24 - 00003626 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2013-09-22 17:26 - 2010-01-29 13:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-22 17:25 - 2010-01-29 13:01 - 00000000 ____D C:\ProgramData\Skype

==================== Known DLLs (Whitelisted) ================

C:\Windows\System32\IERTUTIL.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IERTUTIL.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\URLMON.dll IS MISSING <==== ATTENTION!

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Antimalware => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 4059.99 MB
Available physical RAM: 3618.71 MB
Total Pagefile: 3933.62 MB
Available Pagefile: 3593.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:216.4 GB) (Free:162.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Removable) (Total:3.73 GB) (Free:3.16 GB) FAT32
Drive e: (XP HOME RECOVERY CD) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
Drive x: (PQSERVICE) (Fixed) (Total:13 GB) (Free:1.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 7DFF48FA)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=216 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=12)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 73696D20)
No partition Table on disk 1.


LastRegBack: 2013-04-13 06:21

==================== End Of Log ============================



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:43 AM

Posted 04 October 2013 - 01:02 PM


Hello alhan1337

The only left to try is to see if we can find the missing files - they are part of internet explorer so it is going to be a long shot

Boot back into the recovery Environment and run FRST like you did before

Type the following in the edit box after "Search:".

IERTUTIL.dll

It then should look like:

Search: IERTUTIL.dll


I need it done for these files also

IERTUTIL.dll
URLMON.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 alhan1337

alhan1337
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 04 October 2013 - 02:16 PM

Here were the two logs created for the search:

 

For IERTUTIL.DLL:

Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-04 14:50:01
Running from D:\
Boot Mode: Recovery

================== Search: "IERTUTIL.DLL" ===================

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22585_none_47dbd0cea5de22e4\iertutil.dll
[2010-01-21 14:32] - [2009-12-18 04:22] - 0271360 ____A (Microsoft Corporation) E324CBFC0164DE65C47574C55634CD79

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22550_none_47f73f20a5ca505e\iertutil.dll
[2009-12-08 19:37] - [2009-10-27 05:05] - 0271360 ____A (Microsoft Corporation) 0AB79ED0C8C1AF6C74DEAC69945BDF7E

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22508_none_4835510ca59a8f61\iertutil.dll
[2009-11-10 18:51] - [2009-08-27 05:14] - 0271360 ____A (Microsoft Corporation) 4F133A1D27842A3B818D4D8D4D58F536

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22355_none_47fc3cc6a5c5d4c3\iertutil.dll
[2009-06-18 20:22] - [2009-01-15 20:55] - 0270848 ____A (Microsoft Corporation) B6C2512658F3F2B17CEE6D48D297C5C7

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22288_none_47decbfaa5db7774\iertutil.dll
[2009-06-18 20:04] - [2008-10-15 20:38] - 0270848 ____A (Microsoft Corporation) 78C48022C3BAA211631AF69E10F56050

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22278_none_47e99be6a5d35b83\iertutil.dll
[2009-06-18 19:23] - [2008-10-01 19:34] - 0270848 ____A (Microsoft Corporation) 8AB3E527716A145CD5876DAAC21A9605

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18385_none_4752321d8cc085f3\iertutil.dll
[2010-01-21 14:32] - [2009-12-18 05:01] - 0270848 ____A (Microsoft Corporation) 5EFC380A4566E4AE0860201111974555

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18349_none_478172f58c9c7b8b\iertutil.dll
[2009-12-08 19:37] - [2009-10-27 05:16] - 0270848 ____A (Microsoft Corporation) 42E9A5A6E4B1FCA7EBFB0AFDF182F47E

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18319_none_47a1e2b98c8427b8\iertutil.dll
[2009-11-10 18:51] - [2009-08-27 05:29] - 0270848 ____A (Microsoft Corporation) 40159E4B1CE2CD703CE442497D0F699A

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696\iertutil.dll
[2009-06-18 20:22] - [2009-01-14 22:07] - 0270336 ____A (Microsoft Corporation) 57562B02CAC4AC793D4E756D667D363C

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18157_none_47749ea98ca66a80\iertutil.dll
[2009-06-18 20:04] - [2008-10-15 20:47] - 0270336 ____A (Microsoft Corporation) C0249E391EC53C0BA9C9825E9285652C

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18148_none_47806edf8c9d67e6\iertutil.dll
[2009-06-18 19:23] - [2008-10-01 19:49] - 0270336 ____A (Microsoft Corporation) B5E0C46311410C660608215462D9CE18

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18000_none_47a3aa598c843043\iertutil.dll
[2008-01-20 18:49] - [2008-01-20 18:49] - 0270336 ____A (Microsoft Corporation) 958D9C3BAB349760489538AC90337BE3

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21184_none_45f4681aa8b8aeb7\iertutil.dll
[2010-01-21 14:32] - [2009-12-18 04:22] - 0268288 ____A (Microsoft Corporation) 42CC30024B5FD9F67ED92C3BB7922759

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21148_none_4623a8f2a894a44f\iertutil.dll
[2009-12-08 19:37] - [2009-10-27 05:14] - 0268288 ____A (Microsoft Corporation) 8BB2E2961C11330EB02047A5E54FDA12

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21116_none_46421822a87e1dce\iertutil.dll
[2009-11-10 18:51] - [2009-08-27 05:36] - 0268288 ____A (Microsoft Corporation) 3737F615C47F4293F97CFB8EAB506C7C

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20996_none_45ebbebaa8becced\iertutil.dll
[2009-06-18 20:22] - [2009-01-14 20:15] - 0267776 ____A (Microsoft Corporation) F8CCEC49114A177361FB7ACE0BB9E906

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20937_none_462d9e8ca88d3e9e\iertutil.dll
[2009-06-18 20:04] - [2008-10-15 20:20] - 0267776 ____A (Microsoft Corporation) BBB4149A50B191C9C363FDC12D92DF71

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20927_none_46386e78a88522ad\iertutil.dll
[2009-06-18 19:23] - [2008-10-01 19:26] - 0267776 ____A (Microsoft Corporation) 4ECE1169CD60ADBF6E25295ED8D2A62B

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16982_none_4568f2998f9ca8fd\iertutil.dll
[2010-01-21 14:32] - [2009-12-18 04:48] - 0268288 ____A (Microsoft Corporation) 42CFAF7900E04E7041D54152D7B707BC

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16945_none_459733278f79853e\iertutil.dll
[2009-12-08 19:37] - [2009-10-27 07:01] - 0268288 ____A (Microsoft Corporation) 553811F2263EAB42965CD296262AB179

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16916_none_45b8a3358f604ac2\iertutil.dll
[2009-11-10 18:51] - [2009-08-27 05:57] - 0268288 ____A (Microsoft Corporation) 50AE34FB6FC2114C1F851C252AFCF115

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16809_none_45c672198f557daf\iertutil.dll
[2009-06-18 20:22] - [2009-01-14 20:16] - 0267776 ____A (Microsoft Corporation) DC6F0984AC6C937B2276EB4FCA30E3D6

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16764_none_45808f398f8aa97b\iertutil.dll
[2009-06-18 20:04] - [2008-10-15 20:40] - 0267776 ____A (Microsoft Corporation) 3B9A2688A0E29FFB09249F9E1EEB7313

C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16757_none_458e60038f7fd98f\iertutil.dll
[2009-06-18 19:23] - [2008-10-01 19:49] - 0267776 ____A (Microsoft Corporation) 7B0341E74BF5CBF84CE57AD93A54C13D

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22585_none_a3fa6c525e3b941a\iertutil.dll
[2010-01-21 14:32] - [2009-12-18 04:55] - 0375808 ____A (Microsoft Corporation) 59343074EB4F0F078F507077B7BB4A09

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22550_none_a415daa45e27c194\iertutil.dll
[2009-12-08 19:37] - [2009-10-27 05:31] - 0375808 ____A (Microsoft Corporation) 251865C483B160F5E266165082480E99

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22508_none_a453ec905df80097\iertutil.dll
[2009-11-10 18:51] - [2009-08-27 05:28] - 0375808 ____A (Microsoft Corporation) F6BE8B0C9753B699E1658907384F8C8B

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22355_none_a41ad84a5e2345f9\iertutil.dll
[2009-06-18 20:22] - [2009-01-16 04:27] - 0375296 ____A (Microsoft Corporation) 0CD14B729A9B193D523F27294C6E3714

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22288_none_a3fd677e5e38e8aa\iertutil.dll
[2009-06-18 20:04] - [2008-10-15 21:02] - 0375296 ____A (Microsoft Corporation) FBB62BBA5BB1C183AB55C55B15541119

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22278_none_a408376a5e30ccb9\iertutil.dll
[2009-06-18 19:23] - [2008-10-01 20:04] - 0375296 ____A (Microsoft Corporation) 093E1A6235F1DD38C75317E79F0F4368

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18385_none_a370cda1451df729\iertutil.dll
[2010-01-21 14:32] - [2009-12-18 05:08] - 0375296 ____A (Microsoft Corporation) 4A321BE84A87A82C5FFC6FAE4E4EB59F

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18349_none_a3a00e7944f9ecc1\iertutil.dll
[2009-12-08 19:37] - [2009-10-27 05:41] - 0375296 ____A (Microsoft Corporation) FF65979AA1ABE5E4100EB9950AF94C05

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18319_none_a3c07e3d44e198ee\iertutil.dll
[2009-11-10 18:51] - [2009-08-27 05:43] - 0375296 ____A (Microsoft Corporation) B19086C317439B3604E1EEE2D3F5C596

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_a3c54a8744dee7cc\iertutil.dll
[2009-06-18 20:22] - [2009-01-14 22:05] - 0374784 ____A (Microsoft Corporation) BFE5FF8C2B3F9CF2EC14B7CDB0BB8A74

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18157_none_a3933a2d4503dbb6\iertutil.dll
[2009-06-18 20:04] - [2008-10-15 21:48] - 0374784 ____A (Microsoft Corporation) 783990D91E78EE8E81C553CC228A9076

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18148_none_a39f0a6344fad91c\iertutil.dll
[2009-06-18 19:23] - [2008-10-01 20:35] - 0374784 ____A (Microsoft Corporation) B6C828CD4C6A1871CAE19B59C530B11E

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18000_none_a3c245dd44e1a179\iertutil.dll
[2008-01-20 18:48] - [2008-01-20 18:48] - 0374784 ____A (Microsoft Corporation) 931574C58B30E55F57FDD329D8E7988D

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21184_none_a213039e61161fed\iertutil.dll
[2010-01-21 14:32] - [2009-12-18 05:12] - 0371712 ____A (Microsoft Corporation) 1A792922D126FCC1B6290F065082158B

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21148_none_a242447660f21585\iertutil.dll
[2009-12-08 19:37] - [2009-10-27 06:03] - 0371712 ____A (Microsoft Corporation) 672B32F6711587B211BE4974364DD06D

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21116_none_a260b3a660db8f04\iertutil.dll
[2009-11-10 18:51] - [2009-08-27 06:21] - 0371712 ____A (Microsoft Corporation) E3E9F969ED07112BF8B48E7A457F6614

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20996_none_a20a5a3e611c3e23\iertutil.dll
[2009-06-18 20:22] - [2009-01-14 20:55] - 0371200 ____A (Microsoft Corporation) BCA2C3ED8F8EC5AB1DC3E58B4D0C20AF

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20937_none_a24c3a1060eaafd4\iertutil.dll
[2009-06-18 20:04] - [2008-10-15 20:26] - 0371200 ____A (Microsoft Corporation) AA90E9964D2FF516DF50E5B8BA3FF309

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20927_none_a25709fc60e293e3\iertutil.dll
[2009-06-18 19:23] - [2008-10-01 19:45] - 0371200 ____A (Microsoft Corporation) 0788D3E29FFE282D1C5F2A1AE71182B1

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16982_none_a1878e1d47fa1a33\iertutil.dll
[2010-01-21 14:32] - [2009-12-18 05:09] - 0371712 ____A (Microsoft Corporation) C99BF2845B936DF58370E8E5969D6E8A

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16945_none_a1b5ceab47d6f674\iertutil.dll
[2009-12-08 19:37] - [2009-10-27 07:00] - 0371712 ____A (Microsoft Corporation) 28CCE74BDCBE615F090C4466D42EBD3E

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16916_none_a1d73eb947bdbbf8\iertutil.dll
[2009-11-10 18:51] - [2009-08-27 06:11] - 0371712 ____A (Microsoft Corporation) 908055C7A98D116AA41C25E12AA8A46F

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16809_none_a1e50d9d47b2eee5\iertutil.dll
[2009-06-18 20:22] - [2009-01-14 20:51] - 0371200 ____A (Microsoft Corporation) 8436DC29657A07CC769DF5B29B5ECB13

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16764_none_a19f2abd47e81ab1\iertutil.dll
[2009-06-18 20:04] - [2008-10-15 20:43] - 0371200 ____A (Microsoft Corporation) 77F9A44FA4CC1081E7CF12526B5C749B

C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16757_none_a1acfb8747dd4ac5\iertutil.dll
[2009-06-18 19:23] - [2008-10-01 23:58] - 0371200 ____A (Microsoft Corporation) 9F54CCA482D3FC3800B2C413D6AE892C

====== End Of Search ======

 

For URLMON.DLL:

Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-04 14:53:42
Running from D:\
Boot Mode: Recovery

================== Search: "URLMON.DLL" ===================

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22290_none_b6f1dedaed56d056\urlmon.dll
[2010-01-21 14:32] - [2009-12-17 04:04] - 1176064 ____A (Microsoft Corporation) C8241D7839B71D09D5D2C3D7AB4F9F07

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22252_none_b71f1f1eed349340\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 04:53] - 1176064 ____A (Microsoft Corporation) DDB47F6C465DC0D3955C371E1DAE11E3

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22212_none_b74a5eceed14237c\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 04:56] - 1176064 ____A (Microsoft Corporation) D3AC2B7CE02746A875C6D927B076CD2D

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18167_none_b68fb3d9d41a8e1a\urlmon.dll
[2010-01-21 14:32] - [2009-12-16 03:44] - 1176064 ____A (Microsoft Corporation) D12B8B3B094DF8A74FC3BCB1DBA578BF

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18130_none_b6a92197d40888e6\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 06:11] - 1176064 ____A (Microsoft Corporation) BF603DAF42E11F79BECA5760A40DC352

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18100_none_b6c9915bd3f03513\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 04:40] - 1176064 ____A (Microsoft Corporation) 957ADB59EB02B93B8F3414CA4145747B

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22585_none_b51b3e50f023ddf4\urlmon.dll
[2010-01-21 14:32] - [2009-12-18 04:24] - 1175040 ____A (Microsoft Corporation) C0CBE22A90ECC439F3872C3E7412C9E4

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22550_none_b536aca2f0100b6e\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 05:07] - 1175040 ____A (Microsoft Corporation) B0CDEFD51DEA9E2C89C8FEEC139E353C

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22508_none_b574be8eefe04a71\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 05:17] - 1175040 ____A (Microsoft Corporation) 2791541CE760110695F05ED8AFF0F18B

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22355_none_b53baa48f00b8fd3\urlmon.dll
[2009-06-18 20:22] - [2009-01-15 20:59] - 1166848 ____A (Microsoft Corporation) 353880D255B122E28469B56EE0EA857C

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22288_none_b51e397cf0213284\urlmon.dll
[2009-06-18 20:04] - [2008-10-15 20:38] - 1166848 ____A (Microsoft Corporation) 9707A414766A70C1CD125B91D6BFC035

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22278_none_b5290968f0191693\urlmon.dll
[2009-06-18 19:23] - [2008-10-01 19:34] - 1166848 ____A (Microsoft Corporation) 50AF4A0AEDD9204074A3823B94FAAAD1

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22212_none_b563e734efedd6e3\urlmon.dll
[2009-06-18 19:11] - [2008-06-26 19:50] - 1166848 ____A (Microsoft Corporation) 3ED27AB59FB2DA1C495CCDAA71F825F5

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22167_none_b532d724f011e424\urlmon.dll
[2009-06-18 18:29] - [2008-04-24 20:21] - 1166336 ____A (Microsoft Corporation) 9EF388245B2E198704A41C44DF4EEC14

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22120_none_b55714ceeff7c2ff\urlmon.dll
[2009-06-18 18:16] - [2008-02-21 20:52] - 1166336 ____A (Microsoft Corporation) 29CB87A945B10AA959584C3E59D6201D

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18385_none_b4919f9fd7064103\urlmon.dll
[2010-01-21 14:32] - [2009-12-18 05:05] - 1174528 ____A (Microsoft Corporation) 4DE2CD3902C0010FA19116F05BD4FF20

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18349_none_b4c0e077d6e2369b\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 05:20] - 1174528 ____A (Microsoft Corporation) 7DCBA36C66BEEBF63E67E34DEBB72F6A

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18319_none_b4e1503bd6c9e2c8\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 05:32] - 1174528 ____A (Microsoft Corporation) 822B8B0184D54D5D0E2752B63DEEFCA9

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18203_none_b4e61c85d6c731a6\urlmon.dll
[2009-06-18 20:22] - [2009-01-14 22:11] - 1166336 ____A (Microsoft Corporation) F93F047F42BB89401EE58FBCFD3204CE

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18157_none_b4b40c2bd6ec2590\urlmon.dll
[2009-06-18 20:04] - [2008-10-15 20:47] - 1166336 ____A (Microsoft Corporation) 41C039DEF8D0D5D0E7A9B32F09600402

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18148_none_b4bfdc61d6e322f6\urlmon.dll
[2009-06-18 19:23] - [2008-10-01 19:49] - 1166336 ____A (Microsoft Corporation) 1F3DD8C368D5534B9D5128AFD0BEFF3A

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18099_none_b48acb29d70acadb\urlmon.dll
[2009-06-18 19:11] - [2008-06-26 20:15] - 1166336 ____A (Microsoft Corporation) FDBF6B298D068F08146C9B2B18D78A5F

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18063_none_b4a53931d6f7defe\urlmon.dll
[2009-06-18 18:29] - [2008-04-24 20:35] - 1166336 ____A (Microsoft Corporation) 5E4F2E3846DB2699D96F1B28E83B94C3

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18023_none_b4d078e1d6d76f3a\urlmon.dll
[2009-06-18 18:16] - [2008-02-21 21:01] - 1166336 ____A (Microsoft Corporation) 1CC909F70CAE7F858CCF6DD4145D6AA0

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18000_none_b4e317dbd6c9eb53\urlmon.dll
[2008-01-20 18:50] - [2008-01-20 18:50] - 1165824 ____A (Microsoft Corporation) 6FD4D51AA2DA0314DC77A150EB6D3980

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21184_none_b333d59cf2fe69c7\urlmon.dll
[2010-01-21 14:32] - [2009-12-18 04:25] - 1170944 ____A (Microsoft Corporation) 984C8CF12DF3C2F723EA76ACCA0CE5CF

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21148_none_b3631674f2da5f5f\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 05:18] - 1170944 ____A (Microsoft Corporation) 95FFAD523925F8FB5607071D7297F036

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21116_none_b38185a4f2c3d8de\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 05:40] - 1170944 ____A (Microsoft Corporation) 4ED8811745EC4D3304CBB42DF372D7C1

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20996_none_b32b2c3cf30487fd\urlmon.dll
[2009-06-18 20:22] - [2009-01-14 20:19] - 1163264 ____A (Microsoft Corporation) 0E6EF7AC9F4799B1DCCD78F3BE99D8D0

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20937_none_b36d0c0ef2d2f9ae\urlmon.dll
[2009-06-18 20:04] - [2008-10-15 20:23] - 1163264 ____A (Microsoft Corporation) D2899FFCC2943F9D6969304D1D9FB47A

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20927_none_b377dbfaf2caddbd\urlmon.dll
[2009-06-18 19:23] - [2008-10-01 19:30] - 1162752 ____A (Microsoft Corporation) BFA01B3F0926C58ECBE31BA365138075

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20868_none_b34d9aaef2ea69b1\urlmon.dll
[2009-06-18 19:11] - [2008-06-26 19:49] - 1162752 ____A (Microsoft Corporation) 68F5CC104978908671F96EE7FC79D06E

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20823_none_b373d8ecf2ce7b3a\urlmon.dll
[2009-06-18 18:29] - [2008-04-24 20:09] - 1162752 ____A (Microsoft Corporation) BE5269680658C57CD9AED2AF337D195E

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20777_none_b341c892f2f36f24\urlmon.dll
[2009-06-18 18:16] - [2008-02-21 20:52] - 1162752 ____A (Microsoft Corporation) D7C4249EB1CFE999F90A54597DC6CF6F

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16982_none_b2a8601bd9e2640d\urlmon.dll
[2010-01-21 14:32] - [2009-12-18 04:52] - 1168384 ____A (Microsoft Corporation) C504C720A5EE8CF112758FEE04D4625B

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16945_none_b2d6a0a9d9bf404e\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 07:05] - 1168384 ____A (Microsoft Corporation) 3AE909879284F30B3466FDCD2B1CE85C

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16916_none_b2f810b7d9a605d2\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 06:02] - 1168384 ____A (Microsoft Corporation) 3E826F7F47BFA2F92E073E61CAC0504B

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16809_none_b305df9bd99b38bf\urlmon.dll
[2009-06-18 20:22] - [2009-01-14 20:16] - 1160192 ____A (Microsoft Corporation) AD0675AF94230B374FA2D7C97FA72D71

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16764_none_b2bffcbbd9d0648b\urlmon.dll
[2009-06-18 20:04] - [2008-10-15 20:40] - 1160192 ____A (Microsoft Corporation) CC7E957A6F118030374DCDF21FEA3C96

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16757_none_b2cdcd85d9c5949f\urlmon.dll
[2009-06-18 19:23] - [2008-10-01 19:49] - 1159680 ____A (Microsoft Corporation) D4C1FB1CFBED2FAF71408DCA61588435

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16711_none_b2f30b79d9aa8cd1\urlmon.dll
[2009-06-18 19:11] - [2008-06-26 19:54] - 1159680 ____A (Microsoft Corporation) D5A518871C5393B5C1883E74BE75FAF8

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16681_none_b2a75a1fd9e35341\urlmon.dll
[2009-06-18 18:29] - [2008-04-24 20:23] - 1159680 ____A (Microsoft Corporation) FCA38D14AA8877C7AA3C7030D9E40CCC

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16643_none_b2d49a63d9c1162b\urlmon.dll
[2009-06-18 18:16] - [2008-02-20 20:43] - 1159680 ____A (Microsoft Corporation) F8E8922A488183128EE605B0612C4C14

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22290_none_13107a5ea5b4418c\urlmon.dll
[2010-01-21 14:32] - [2009-12-17 03:57] - 1426944 ____A (Microsoft Corporation) 2CD2B2E37A36D2D92A7F424DD0E0DBBB

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22252_none_133dbaa2a5920476\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 05:06] - 1426944 ____A (Microsoft Corporation) C509E314CF77E5D457B370949859D361

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22212_none_1368fa52a57194b2\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 04:52] - 1426944 ____A (Microsoft Corporation) D0899D4ABDB46471362FBFA2BE1B6642

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18167_none_12ae4f5d8c77ff50\urlmon.dll
[2010-01-21 14:32] - [2009-12-16 04:15] - 1426944 ____A (Microsoft Corporation) 0576ACA7FA090796FE75E451ACA693AF

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18130_none_12c7bd1b8c65fa1c\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 06:24] - 1426944 ____A (Microsoft Corporation) 3C1DC8333674FD01C067F376CFFD8A43

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18100_none_12e82cdf8c4da649\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 04:54] - 1426944 ____A (Microsoft Corporation) 0A4BE1FAC981FE997B368A8F00243284

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22585_none_1139d9d4a8814f2a\urlmon.dll
[2010-01-21 14:32] - [2009-12-18 04:59] - 1426944 ____A (Microsoft Corporation) 8C21A024FC038F19CF48AB22C6DC53F7

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22550_none_11554826a86d7ca4\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 05:34] - 1426944 ____A (Microsoft Corporation) CD434716764A8BC05C8709E5772ED6C7

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22508_none_11935a12a83dbba7\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 05:31] - 1426944 ____A (Microsoft Corporation) B2084F8E75479DFE23C094E2B5B4F2CF

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22355_none_115a45cca8690109\urlmon.dll
[2009-06-18 20:22] - [2009-01-16 04:27] - 1419264 ____A (Microsoft Corporation) 7D881E47DE9B592F66B005E4575FEED4

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22288_none_113cd500a87ea3ba\urlmon.dll
[2009-06-18 20:04] - [2008-10-15 21:02] - 1419776 ____A (Microsoft Corporation) 3EAD3D2C3882253F2DD59C6B413A6A4D

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22278_none_1147a4eca87687c9\urlmon.dll
[2009-06-18 19:23] - [2008-10-01 20:04] - 1419776 ____A (Microsoft Corporation) 2E4BC532E2314AB7DB79F2DAAF2B9432

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22212_none_118282b8a84b4819\urlmon.dll
[2009-06-18 19:11] - [2008-06-26 20:22] - 1418752 ____A (Microsoft Corporation) 9998A2D173292AEB2EF681CCCDFD39FB

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22167_none_115172a8a86f555a\urlmon.dll
[2009-06-18 18:29] - [2008-04-24 20:45] - 1418240 ____A (Microsoft Corporation) 9C78D69FDFDF7A2F3840632239E75C34

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22120_none_1175b052a8553435\urlmon.dll
[2009-06-18 18:16] - [2008-02-21 21:21] - 1418240 ____A (Microsoft Corporation) C113A4FF9C9CA58440EC8772901F01BB

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18565_none_10c5dec78f5374a5\urlmon.dll
[2013-10-02 08:28] - [2013-10-02 08:28] - 1426944 ____A (Microsoft Corporation) A52AE7B0B05C047BE263CA92010C7315

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18385_none_10b03b238f63b239\urlmon.dll
[2010-01-21 14:32] - [2009-12-18 05:12] - 1426432 ____A (Microsoft Corporation) 1268A026A3BD66206A9811058AB63973

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18349_none_10df7bfb8f3fa7d1\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 05:44] - 1426432 ____A (Microsoft Corporation) 3E8325062718282A2B0E619B0B48E2B1

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18319_none_10ffebbf8f2753fe\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 05:47] - 1426432 ____A (Microsoft Corporation) 7631D8389579DD4335F89D837ED78974

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18203_none_1104b8098f24a2dc\urlmon.dll
[2009-06-18 20:22] - [2009-01-14 22:11] - 1418752 ____A (Microsoft Corporation) 0598687B1DD786DE49DE32B752194993

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18157_none_10d2a7af8f4996c6\urlmon.dll
[2009-06-18 20:04] - [2008-10-15 21:49] - 1418240 ____A (Microsoft Corporation) 4A841611F85CA1DC8BF0BD817D88B884

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18148_none_10de77e58f40942c\urlmon.dll
[2009-06-18 19:23] - [2008-10-01 20:35] - 1418240 ____A (Microsoft Corporation) EEC4157A33639E95833772A0E81773BD

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18099_none_10a966ad8f683c11\urlmon.dll
[2009-06-18 19:11] - [2008-06-26 20:31] - 1418240 ____A (Microsoft Corporation) DCD1DD034C7F36B26F4CCEB3F17CD822

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18063_none_10c3d4b58f555034\urlmon.dll
[2009-06-18 18:29] - [2008-04-25 06:22] - 1418240 ____A (Microsoft Corporation) 237D1BC04997238603C5D1B58FD14E2D

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18023_none_10ef14658f34e070\urlmon.dll
[2009-06-18 18:16] - [2008-02-21 21:21] - 1418240 ____A (Microsoft Corporation) 7A3120DE8292FC828BDDF9F6CCFC9E0D

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18000_none_1101b35f8f275c89\urlmon.dll
[2008-01-20 18:49] - [2008-01-20 18:49] - 1417728 ____A (Microsoft Corporation) D541D85839E9B04070AC529A3AAC21E6

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21184_none_0f527120ab5bdafd\urlmon.dll
[2010-01-21 14:32] - [2009-12-18 05:17] - 1440768 ____A (Microsoft Corporation) 4DA4FCADBE6330D2393AE59AE1E2C019

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21148_none_0f81b1f8ab37d095\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 06:08] - 1440768 ____A (Microsoft Corporation) 5AB0F7099E6375949F28B0EA2EDB29DB

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21116_none_0fa02128ab214a14\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 06:26] - 1440768 ____A (Microsoft Corporation) 1B24D4A00DD41A8AB8E0C215F9E3432E

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20996_none_0f49c7c0ab61f933\urlmon.dll
[2009-06-18 20:22] - [2009-01-14 20:59] - 1432064 ____A (Microsoft Corporation) 49F4287AB53AE872C1C7B1994D7E0F41

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20937_none_0f8ba792ab306ae4\urlmon.dll
[2009-06-18 20:04] - [2008-10-15 20:30] - 1431552 ____A (Microsoft Corporation) ADD6F43AA2542D8A6B16D1C49BA4924D

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20927_none_0f96777eab284ef3\urlmon.dll
[2009-06-18 19:23] - [2008-10-01 19:49] - 1431040 ____A (Microsoft Corporation) D1FEB119F051621DE4D12AD32DBAC631

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20868_none_0f6c3632ab47dae7\urlmon.dll
[2009-06-18 19:11] - [2008-06-26 19:59] - 1431040 ____A (Microsoft Corporation) 3F6E1F8EADEBC4F93A2CC0643F9C57C6

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20823_none_0f927470ab2bec70\urlmon.dll
[2009-06-18 18:29] - [2008-04-24 20:17] - 1431040 ____A (Microsoft Corporation) 25FD710192A1D57E530682BAD2E26CEB

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20777_none_0f606416ab50e05a\urlmon.dll
[2009-06-18 18:16] - [2008-02-21 20:54] - 1431040 ____A (Microsoft Corporation) DBEF8F681D77A3EE8703D023D99003BE

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16982_none_0ec6fb9f923fd543\urlmon.dll
[2010-01-21 14:32] - [2009-12-18 05:14] - 1435648 ____A (Microsoft Corporation) 9C8FA63AD109715F8F0E5A6B519B2CF1

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16945_none_0ef53c2d921cb184\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 07:06] - 1435648 ____A (Microsoft Corporation) AE50869A5A1406CF909842647E473832

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16916_none_0f16ac3b92037708\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 06:18] - 1435648 ____A (Microsoft Corporation) 9DC0494DA1024312C599525876AB821A

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16809_none_0f247b1f91f8a9f5\urlmon.dll
[2009-06-18 20:22] - [2009-01-14 20:51] - 1428992 ____A (Microsoft Corporation) 06CBE8D2C3DC7326F926C950078F43A4

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16764_none_0ede983f922dd5c1\urlmon.dll
[2009-06-18 20:04] - [2008-10-15 20:43] - 1428480 ____A (Microsoft Corporation) 6A17F44FFC35696F06DF18D23B726735

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16757_none_0eec6909922305d5\urlmon.dll
[2009-06-18 19:23] - [2008-10-01 23:58] - 1428480 ____A (Microsoft Corporation) 9961CFAB278A02DC826FBC3F1037F2A8

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16711_none_0f11a6fd9207fe07\urlmon.dll
[2009-06-18 19:11] - [2008-06-26 20:05] - 1427968 ____A (Microsoft Corporation) BD7642D0C569B54AE63DA586F23CE096

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16681_none_0ec5f5a39240c477\urlmon.dll
[2009-06-18 18:29] - [2008-04-24 20:29] - 1427968 ____A (Microsoft Corporation) 4E9DBD2DF80280D73F753D890477E18A

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16643_none_0ef335e7921e8761\urlmon.dll
[2009-06-18 18:16] - [2008-02-20 20:45] - 1427968 ____A (Microsoft Corporation) 1626011979549364A7C1F953CBB42D6E

C:\Windows\System32\urlmon.dll
[2013-10-02 08:28] - [2013-10-02 08:28] - 1426944 ____A (Microsoft Corporation) A52AE7B0B05C047BE263CA92010C7315

====== End Of Search ======



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:43 AM

Posted 04 October 2013 - 10:16 PM


Hello alhan1337



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
Replace: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22585_none_47dbd0cea5de22e4\iertutil.dll C:\Windows\SysWOW64\IERTUTIL.dll 
Replace: C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22585_none_a3fa6c525e3b941a\iertutil.dll C:\Windows\System32\IERTUTIL.dll
Replace: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22290_none_b6f1dedaed56d056\urlmon.dll C:\Windows\SysWOW64\URLMON.dll

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 alhan1337

alhan1337
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 05 October 2013 - 06:39 AM

Ok, so while it did not work here are a few observations:

 

When I try to boot via Safe Mode, the file the procedure hangs on is c:\windows\system32\config\system

Before my first post on here, I'd received errors for several other .DLL files (shell32, shlwapi, etc.).  The FRST report shows my attempts to restore those.  Should we try to recover the originals as just done previously?

 

fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-05 07:28:32 Run:8
Running from E:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Replace: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22585_none_47dbd0cea5de22e4\iertutil.dll C:\Windows\SysWOW64\IERTUTIL.dll
Replace: C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22585_none_a3fa6c525e3b941a\iertutil.dll C:\Windows\System32\IERTUTIL.dll
Replace: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22290_none_b6f1dedaed56d056\urlmon.dll C:\Windows\SysWOW64\URLMON.dll
*****************

C:\Windows\SysWOW64\IERTUTIL.dll  => Moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22585_none_47dbd0cea5de22e4\iertutil.dll copied successfully to C:\Windows\SysWOW64\IERTUTIL.dll
C:\Windows\System32\IERTUTIL.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22585_none_a3fa6c525e3b941a\iertutil.dll copied successfully to C:\Windows\System32\IERTUTIL.dll
C:\Windows\SysWOW64\URLMON.dll => Moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22290_none_b6f1dedaed56d056\urlmon.dll copied successfully to C:\Windows\SysWOW64\URLMON.dll

==== End of Fixlog ====

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MINWINPC on 05-10-2013 07:32:20
Running from E:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] ()
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - "C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe"
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1686824 2009-03-05] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [437280 2009-04-15] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1460096 2007-02-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] ()
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM-x32\...\Run: [Acer Assist Launcher] - C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [805384 2009-03-04] (Dritek System Inc.)
HKLM-x32\...\Run: [VitaKeyPdtWzd] - C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3560448 2009-03-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM-x32\...\Run: [ConnectionCenter] - "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKU\Alex\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [0 2008-01-20] ()
HKU\Alex\...\Run: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe [9728 2006-11-02] (Microsoft Corporation)
HKU\Alex\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [233472 2009-03-15] (TODO: <Company name>)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [233472 2009-03-15] (TODO: <Company name>)
HKU\Mcx1\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Mcx1\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [0 2008-01-20] ()
HKU\Mcx1\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [233472 2009-03-15] (TODO: <Company name>)
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
BootExecute: autocheck autochk * lsdelete

==================== Services (Whitelisted) =================

S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2009-01-20] (Agere Systems)
S2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [794656 2009-04-15] (Acer Incorporated)
S2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3444224 2009-03-25] (Egis Technology Inc.)
S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [290832 2011-12-12] (Verizon)
S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [1737728 2012-09-22] (Lavasoft Limited                                                  )
S2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [237568 2009-02-05] (Acer Incorporated)
S2 LanmanServer; %SystemRoot%\system32\srvsvc.dll [x]
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
S3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [x]
S2 Spooler; %SystemRoot%\System32\spoolsv.exe [x]

==================== Drivers (Whitelisted) ====================

S0 AlfaFF; C:\Windows\System32\drivers\AlfaFF.sys [53744 2008-07-10] (Alfa Corporation)
S0 AlfaFF; C:\Windows\SysWow64\drivers\AlfaFF.sys [42608 2008-07-10] (Alfa Corporation)
S2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()
S2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()
S3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [65536 2009-11-13] (Atheros Communications, Inc.)
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-04-29] (Lavasoft AB)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
S3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [46592 2007-03-28] (Winbond Electronics Corporation)
S1 ctxusbm; system32\DRIVERS\ctxusbm.sys [x]
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [x]
S3 HTTP; system32\drivers\HTTP.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 srv; System32\DRIVERS\srv.sys [x]
S3 srv2; System32\DRIVERS\srv2.sys [x]
S3 srvnet; System32\DRIVERS\srvnet.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-03 22:27 - 2013-10-03 22:27 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-10-02 12:52 - 2004-08-04 00:56 - 00656384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-02 12:52 - 2004-08-04 00:56 - 00656384 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-02 12:51 - 2004-08-04 00:56 - 00406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-10-02 12:51 - 2004-08-04 00:56 - 00406528 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-10-02 12:50 - 2004-08-04 00:56 - 00473600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2013-10-02 12:50 - 2004-08-04 00:56 - 00473600 _____ (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-10-02 12:44 - 2013-10-02 12:42 - 08461312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-02 12:44 - 2013-10-02 12:42 - 08461312 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-10-02 12:20 - 2013-10-02 12:20 - 00000000 ____D C:\FRST
2013-10-02 10:18 - 2004-08-03 23:20 - 02180992 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-02 08:28 - 2013-10-02 08:28 - 01426944 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-02 08:19 - 2013-10-02 08:19 - 00000000 __SHD C:\found.001

==================== One Month Modified Files and Folders =======

2013-10-03 22:27 - 2013-10-03 22:27 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-10-02 12:42 - 2013-10-02 12:44 - 08461312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-02 12:42 - 2013-10-02 12:44 - 08461312 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-10-02 12:20 - 2013-10-02 12:20 - 00000000 ____D C:\FRST
2013-10-02 08:28 - 2013-10-02 08:28 - 01426944 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-02 08:19 - 2013-10-02 08:19 - 00000000 __SHD C:\found.001
2013-10-01 17:11 - 2010-01-29 13:07 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2013-10-01 15:28 - 2006-11-02 07:22 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-01 15:28 - 2006-11-02 07:22 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-01 13:35 - 2009-08-17 21:10 - 02004557 _____ C:\Windows\WindowsUpdate.log
2013-10-01 13:31 - 2009-10-09 12:28 - 00233768 _____ C:\ProgramData\nvModes.001
2013-10-01 13:31 - 2009-10-09 12:21 - 00233768 _____ C:\ProgramData\nvModes.dat
2013-09-30 21:29 - 2009-10-09 11:44 - 00000000 ____D C:\users\Alex
2013-09-30 21:19 - 2009-10-12 06:46 - 00000000 ____D C:\SIERRA
2013-09-25 14:00 - 2011-06-04 19:55 - 00000064 _____ C:\Windows\SysWOW64\rp_stats.dat
2013-09-25 14:00 - 2011-06-04 19:55 - 00000044 _____ C:\Windows\SysWOW64\rp_rules.dat
2013-09-25 14:00 - 2011-05-14 06:24 - 00003626 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2013-09-22 17:26 - 2010-01-29 13:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-22 17:25 - 2010-01-29 13:01 - 00000000 ____D C:\ProgramData\Skype

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Antimalware => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 4059.99 MB
Available physical RAM: 3614.7 MB
Total Pagefile: 3933.62 MB
Available Pagefile: 3584.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:216.4 GB) (Free:162.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:3.73 GB) (Free:2.55 GB) FAT32
Drive x: (PQSERVICE) (Fixed) (Total:13 GB) (Free:1.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 7DFF48FA)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=216 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=12)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 73696D20)
No partition Table on disk 1.


LastRegBack: 2013-04-13 06:21

==================== End Of Log ============================



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:43 AM

Posted 05 October 2013 - 09:21 PM

Hello


64 bit computer will have two file versions of the same file - one for the 64 bit system and one for legacy support for 32 bit programs - it looks like you have placed the same version of those files into both the 64 bit folder and the 32 bit folder

I want you to run a search like you did before with FRST for these files

wininet.dll
usp10.dll
shlwapi.dll
ntoskrnl.exe
urlmon.dll
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 alhan1337

alhan1337
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 06 October 2013 - 12:47 PM

Here are all the search results:

 

SHLWAPI.DLL:

Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-06 13:28:05
Running from E:\
Boot Mode: Recovery

================== Search: "shlwapi.dll" ===================

C:\Windows\winsxs\x86_microsoft-windows-shlwapi_31bf3856ad364e35_6.0.6001.18000_none_f9d9b204a4aeeb4a\shlwapi.dll
[2008-01-20 18:50] - [2008-01-20 18:50] - 0351744 ____A (Microsoft Corporation) 56B3D5D96DD672B5A3E03F62D4F41411

C:\Windows\winsxs\amd64_microsoft-windows-shlwapi_31bf3856ad364e35_6.0.6001.18000_none_55f84d885d0c5c80\shlwapi.dll
[2008-01-20 18:49] - [2008-01-20 18:49] - 0454144 ____A (Microsoft Corporation) 2C7D4D9C1D24B3A0228E89B31C89D35F

C:\Windows\SysWOW64\shlwapi.dll
[2013-10-02 12:50] - [2004-08-04 00:56] - 0473600 ____A (Microsoft Corporation) 5C201E9741BB40AF60A7C66D2B3AFCC4

C:\Windows\System32\shlwapi.dll
[2013-10-02 12:50] - [2004-08-04 00:56] - 0473600 ____A (Microsoft Corporation) 5C201E9741BB40AF60A7C66D2B3AFCC4

====== End Of Search ======

 

WININET.DLL:

Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-06 13:29:16
Running from E:\
Boot Mode: Recovery

================== Search: "wininet.dll" ===================

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22290_none_03f7ba7cb85ff6e9\wininet.dll
[2010-01-21 14:32] - [2009-12-17 04:04] - 0834048 ____A (Microsoft Corporation) C86BBCF0DA44F2B36C9AA59032916EF0

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22252_none_0424fac0b83db9d3\wininet.dll
[2009-12-08 19:37] - [2009-10-27 04:53] - 0834048 ____A (Microsoft Corporation) C50C20FB2B5B5F228F7B1BA8925107B0

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22212_none_04503a70b81d4a0f\wininet.dll
[2009-11-10 18:51] - [2009-08-27 04:56] - 0834048 ____A (Microsoft Corporation) 5E382486BCCCF4C50A810E2DF18C8CDB

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18167_none_03958f7b9f23b4ad\wininet.dll
[2010-01-21 14:32] - [2009-12-16 03:44] - 0834048 ____A (Microsoft Corporation) 565B8A25FB59E8E1F5ED59C95F72B7D7

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18130_none_03aefd399f11af79\wininet.dll
[2009-12-08 19:37] - [2009-10-27 06:11] - 0834048 ____A (Microsoft Corporation) 3F564B34F047885934DA5D3479ED0716

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18100_none_03cf6cfd9ef95ba6\wininet.dll
[2009-11-10 18:51] - [2009-08-27 04:40] - 0834048 ____A (Microsoft Corporation) D88D19604AACE2101B13260322FB4A3A

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22585_none_022119f2bb2d0487\wininet.dll
[2010-01-21 14:32] - [2009-12-18 04:24] - 0834048 ____A (Microsoft Corporation) 4D36519B1212659127A4CFCC19E33049

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22550_none_023c8844bb193201\wininet.dll
[2009-12-08 19:37] - [2009-10-27 05:07] - 0834048 ____A (Microsoft Corporation) F1D8D50E054ADDF05D708A8676868763

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22508_none_027a9a30bae97104\wininet.dll
[2009-11-10 18:51] - [2009-08-27 05:17] - 0834048 ____A (Microsoft Corporation) C628812EA5016B1C3E13E082940D5AF6

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\wininet.dll
[2009-06-18 20:22] - [2009-01-15 21:00] - 0827904 ____A (Microsoft Corporation) 6A986C2CD30633447DAB21A4852E40D6

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_0224151ebb2a5917\wininet.dll
[2009-06-18 20:04] - [2008-10-15 20:38] - 0827904 ____A (Microsoft Corporation) 4944C9FFE8903A276590D4215F74B937

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26\wininet.dll
[2009-06-18 19:23] - [2008-10-01 19:34] - 0827904 ____A (Microsoft Corporation) 6B2591CDCEFEB8451594288426677CBB

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76\wininet.dll
[2009-06-18 19:11] - [2008-06-26 19:50] - 0827904 ____A (Microsoft Corporation) EDF59D63DDBC8BE0BB4836EFFFC04BDC

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\wininet.dll
[2009-06-18 18:29] - [2008-04-24 20:22] - 0826880 ____A (Microsoft Corporation) A86218059C228E7691A13E4CB63C4CDF

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll
[2009-06-18 18:16] - [2008-02-21 20:52] - 0826880 ____A (Microsoft Corporation) 4E962B645608E6EDB7D31B75921D07FA

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18385_none_01977b41a20f6796\wininet.dll
[2010-01-21 14:32] - [2009-12-18 05:05] - 0833024 ____A (Microsoft Corporation) 27DFDEA0533477C8923FC874F6439CF0

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18349_none_01c6bc19a1eb5d2e\wininet.dll
[2009-12-08 19:37] - [2009-10-27 05:20] - 0833024 ____A (Microsoft Corporation) 8C8A7E47DBB25EB94C29152BD08CF436

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18319_none_01e72bdda1d3095b\wininet.dll
[2009-11-10 18:51] - [2009-08-27 05:32] - 0833024 ____A (Microsoft Corporation) 604E16194F1E60084B948ACAE8334E0F

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\wininet.dll
[2009-06-18 20:22] - [2009-01-14 22:11] - 0827392 ____A (Microsoft Corporation) FB79A2AA5E92653B9A394FE26D799BF8

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\wininet.dll
[2009-06-18 20:04] - [2008-10-15 20:47] - 0827392 ____A (Microsoft Corporation) 8F89FFECF6989DD7D9ECCEC6D95D7419

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\wininet.dll
[2009-06-18 19:23] - [2008-10-01 19:49] - 0827392 ____A (Microsoft Corporation) C373C19F10601C1AFE7E40907AE48694

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\wininet.dll
[2009-06-18 19:11] - [2008-06-26 20:15] - 0827392 ____A (Microsoft Corporation) 618A51B5FB9DD5810960F6044C0E9289

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\wininet.dll
[2009-06-18 18:29] - [2008-04-24 20:35] - 0826880 ____A (Microsoft Corporation) 44FD3968AD885026D94450832A78DE8A

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll
[2009-06-18 18:16] - [2008-02-21 21:01] - 0826880 ____A (Microsoft Corporation) 482BCCBF1FCBB3378100FF97081438C1

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18000_none_01e8f37da1d311e6\wininet.dll
[2008-01-20 18:50] - [2008-01-20 18:50] - 0825856 ____A (Microsoft Corporation) 455D715A840579BDC1CF8E5C1DA76849

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21184_none_0039b13ebe07905a\wininet.dll
[2010-01-21 14:32] - [2009-12-18 04:25] - 0841216 ____A (Microsoft Corporation) 6F837BD5085F73A8FF0425AA6705A8D1

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21148_none_0068f216bde385f2\wininet.dll
[2009-12-08 19:37] - [2009-10-27 05:18] - 0841216 ____A (Microsoft Corporation) 0F34E919E086E834052850B6E57050F3

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21116_none_00876146bdccff71\wininet.dll
[2009-11-10 18:51] - [2009-08-27 05:40] - 0840704 ____A (Microsoft Corporation) D5709010F06FEC697CCB2831D0821E0B

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\wininet.dll
[2009-06-18 20:22] - [2009-01-14 20:19] - 0827904 ____A (Microsoft Corporation) 65647F41CEC0C8EEC9DF5BC1168EC76C

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_0072e7b0bddc2041\wininet.dll
[2009-06-18 20:04] - [2008-10-15 20:24] - 0827904 ____A (Microsoft Corporation) 622FE627D15DD920238A993021F0A4D1

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450\wininet.dll
[2009-06-18 19:23] - [2008-10-01 19:30] - 0827904 ____A (Microsoft Corporation) C85EF7DE97ABBF00B16AD11EDFEAC637

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044\wininet.dll
[2009-06-18 19:11] - [2008-06-26 19:49] - 0827904 ____A (Microsoft Corporation) AE7150C0696C656D02FDD48259F4EFF5

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\wininet.dll
[2009-06-18 18:29] - [2008-04-24 20:09] - 0827392 ____A (Microsoft Corporation) F40594128A6BFDA6C3F0900796895078

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll
[2009-06-18 18:16] - [2008-02-21 20:52] - 0827392 ____A (Microsoft Corporation) F7FF1E0D443788D6AE4CBCA593530099

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16982_none_ffae3bbda4eb8aa0\wininet.dll
[2010-01-21 14:32] - [2009-12-18 04:52] - 0832512 ____A (Microsoft Corporation) C7A318E74FEF945EBFF855C1513CD96C

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16945_none_ffdc7c4ba4c866e1\wininet.dll
[2009-12-08 19:37] - [2009-10-27 07:05] - 0832512 ____A (Microsoft Corporation) BA95D134FE1A3577A174D9A85D6ED1F1

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16916_none_fffdec59a4af2c65\wininet.dll
[2009-11-10 18:51] - [2009-08-27 06:02] - 0832512 ____A (Microsoft Corporation) 2BD22AA29893876347BA1BE62487748A

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\wininet.dll
[2009-06-18 20:22] - [2009-01-14 20:16] - 0826368 ____A (Microsoft Corporation) FF35D495AC08549154D1D96990513CD9

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\wininet.dll
[2009-06-18 20:04] - [2008-10-15 20:40] - 0826368 ____A (Microsoft Corporation) F18C1B151A0B18C35BF0919A9BA0FA0F

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32\wininet.dll
[2009-06-18 19:23] - [2008-10-01 19:49] - 0826368 ____A (Microsoft Corporation) 8BF7D225505A4ADA25D9444E91811CEA

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364\wininet.dll
[2009-06-18 19:11] - [2008-06-26 19:54] - 0826368 ____A (Microsoft Corporation) E74D932CA7B3DA8CDB7A5F11F5A03ABC

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\wininet.dll
[2009-06-18 18:29] - [2008-04-24 20:23] - 0826368 ____A (Microsoft Corporation) 9191790BF02A8D759EC2B4E4FA868407

C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll
[2009-06-18 18:16] - [2008-02-20 20:43] - 0826368 ____A (Microsoft Corporation) DAEED2799D4D19F955C3E90B22A1E91E

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22290_none_6016560070bd681f\wininet.dll
[2010-01-21 14:32] - [2009-12-17 03:57] - 1032704 ____A (Microsoft Corporation) 22EE3CD29178895CE68B4B78F7F6E9F7

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22252_none_60439644709b2b09\wininet.dll
[2009-12-08 19:37] - [2009-10-27 05:06] - 1032704 ____A (Microsoft Corporation) 45CF01BFD12AC18E4210297925BA0348

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22212_none_606ed5f4707abb45\wininet.dll
[2009-11-10 18:51] - [2009-08-27 04:52] - 1032704 ____A (Microsoft Corporation) 4709D3DBA8F3D3658E3CC0D5D7CE4C15

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18167_none_5fb42aff578125e3\wininet.dll
[2010-01-21 14:32] - [2009-12-16 04:16] - 1032192 ____A (Microsoft Corporation) AF2AA8DB263C11A78CAD7345275EB031

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18130_none_5fcd98bd576f20af\wininet.dll
[2009-12-08 19:37] - [2009-10-27 06:25] - 1032192 ____A (Microsoft Corporation) 09F830A3D7B8890B4ACE958E5DFFF895

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18100_none_5fee08815756ccdc\wininet.dll
[2009-11-10 18:51] - [2009-08-27 04:54] - 1032192 ____A (Microsoft Corporation) 026F1913640BD1AB1E4E551A14E413D2

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22585_none_5e3fb576738a75bd\wininet.dll
[2010-01-21 14:32] - [2009-12-18 04:59] - 1033216 ____A (Microsoft Corporation) 50684C729F440E97540B90F8B58E8D64

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22550_none_5e5b23c87376a337\wininet.dll
[2009-12-08 19:37] - [2009-10-27 05:34] - 1033216 ____A (Microsoft Corporation) AE119EA979EB9F94AEBD5A3A1D3BE2E2

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22508_none_5e9935b47346e23a\wininet.dll
[2009-11-10 18:51] - [2009-08-27 05:31] - 1033216 ____A (Microsoft Corporation) D4351FED89D7D99B7FF936C55A4ED18B

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_5e60216e7372279c\wininet.dll
[2009-06-18 20:22] - [2009-01-16 04:27] - 1014272 ____A (Microsoft Corporation) DE2EFEAC81EE3AEF9A0A297D06DEA73C

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_5e42b0a27387ca4d\wininet.dll
[2009-06-18 20:04] - [2008-10-15 21:02] - 1014272 ____A (Microsoft Corporation) 80C4706935A12EF0DC73F0D0F5A1E577

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_5e4d808e737fae5c\wininet.dll
[2009-06-18 19:23] - [2008-10-01 20:04] - 1014272 ____A (Microsoft Corporation) 0C3985837353FD84BC2E0B2FFFD75FA2

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_5e885e5a73546eac\wininet.dll
[2009-06-18 19:11] - [2008-06-26 20:22] - 1014272 ____A (Microsoft Corporation) CAE8E1894C7FDEC9A18F4B9B95036105

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_5e574e4a73787bed\wininet.dll
[2009-06-18 18:29] - [2008-04-24 20:46] - 1013248 ____A (Microsoft Corporation) B2BB90B07E1B87F41A0477ED2432AFB9

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_5e7b8bf4735e5ac8\wininet.dll
[2009-06-18 18:16] - [2008-02-21 21:21] - 1013760 ____A (Microsoft Corporation) E06F53F091B3567EA83308E5DDFF4094

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18385_none_5db616c55a6cd8cc\wininet.dll
[2010-01-21 14:32] - [2009-12-18 05:12] - 1032704 ____A (Microsoft Corporation) EDEC489C023CAEA8DA5992F079659E6C

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18349_none_5de5579d5a48ce64\wininet.dll
[2009-12-08 19:37] - [2009-10-27 05:45] - 1032704 ____A (Microsoft Corporation) 1637535871A538B09EBC1F9720E04732

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18319_none_5e05c7615a307a91\wininet.dll
[2009-11-10 18:51] - [2009-08-27 05:47] - 1032704 ____A (Microsoft Corporation) 2827B72363F5E4BD0BAF98D0518D2692

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_5e0a93ab5a2dc96f\wininet.dll
[2009-06-18 20:22] - [2009-01-14 22:11] - 1013248 ____A (Microsoft Corporation) 4C45D9EEB15838F96D77178CD6CD4244

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_5dd883515a52bd59\wininet.dll
[2009-06-18 20:04] - [2008-10-15 21:49] - 1013248 ____A (Microsoft Corporation) 8CDADEC7D01F5AE41FD9C49A7053E89B

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_5de453875a49babf\wininet.dll
[2009-06-18 19:23] - [2008-10-01 20:35] - 1013248 ____A (Microsoft Corporation) FE420A633F07F015B4D6C5A90346FF5D

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_5daf424f5a7162a4\wininet.dll
[2009-06-18 19:11] - [2008-06-26 20:31] - 1013248 ____A (Microsoft Corporation) B006FBF83BA6CAE854996F0A1319B5AB

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_5dc9b0575a5e76c7\wininet.dll
[2009-06-18 18:29] - [2008-04-25 06:22] - 1013248 ____A (Microsoft Corporation) A549050BABB436A7F3867911D302D19F

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_5df4f0075a3e0703\wininet.dll
[2009-06-18 18:16] - [2008-02-21 21:21] - 1013760 ____A (Microsoft Corporation) 3CC83953BA4B51B32BD67982A1AF2AF5

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18000_none_5e078f015a30831c\wininet.dll
[2008-01-20 18:49] - [2008-01-20 18:49] - 1011712 ____A (Microsoft Corporation) 364B631BCD934D95CCD2E373F8DD8D7C

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21184_none_5c584cc276650190\wininet.dll
[2010-01-21 14:32] - [2009-12-18 05:17] - 1052160 ____A (Microsoft Corporation) CC605B644577CF319A6F5D7B15852133

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21148_none_5c878d9a7640f728\wininet.dll
[2009-12-08 19:37] - [2009-10-27 06:09] - 1052160 ____A (Microsoft Corporation) DAC42CB4799D177824C6E4865793EC3D

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21116_none_5ca5fcca762a70a7\wininet.dll
[2009-11-10 18:51] - [2009-08-27 06:27] - 1052160 ____A (Microsoft Corporation) 924C27EDCFD50A5E7D79962A567106FB

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_5c4fa362766b1fc6\wininet.dll
[2009-06-18 20:22] - [2009-01-14 21:00] - 1024512 ____A (Microsoft Corporation) BC8E5ED3269BF174B939B07FC167044E

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_5c91833476399177\wininet.dll
[2009-06-18 20:04] - [2008-10-15 20:31] - 1024512 ____A (Microsoft Corporation) 428A8BB8016D66089CF1EFFA9970A76C

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_5c9c532076317586\wininet.dll
[2009-06-18 19:23] - [2008-10-01 19:49] - 1024512 ____A (Microsoft Corporation) 0F2E5251DB62D7D47A553DB329DB4B4B

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_5c7211d47651017a\wininet.dll
[2009-06-18 19:11] - [2008-06-26 19:59] - 1024512 ____A (Microsoft Corporation) 3488EDAF6B3459A6D29B8EFAC70DC35B

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_5c98501276351303\wininet.dll
[2009-06-18 18:29] - [2008-04-24 20:17] - 1024000 ____A (Microsoft Corporation) CB2F683EB47B75F6E83DB0AC87DBFD9A

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_5c663fb8765a06ed\wininet.dll
[2009-06-18 18:16] - [2008-02-21 20:55] - 1022976 ____A (Microsoft Corporation) 3166E2EE2060D11A783A1B812B6F4945

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16982_none_5bccd7415d48fbd6\wininet.dll
[2010-01-21 14:32] - [2009-12-18 05:14] - 1042432 ____A (Microsoft Corporation) B6A33C74182F5B2969E48DC32F7242C5

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16945_none_5bfb17cf5d25d817\wininet.dll
[2009-12-08 19:37] - [2009-10-27 07:07] - 1042432 ____A (Microsoft Corporation) 3F3E73F330CDF2E25B5E1A631F380319

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16916_none_5c1c87dd5d0c9d9b\wininet.dll
[2009-11-10 18:51] - [2009-08-27 06:18] - 1042432 ____A (Microsoft Corporation) 069A33DDF9A71531BD6CF5D3DA56EA4E

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_5c2a56c15d01d088\wininet.dll
[2009-06-18 20:22] - [2009-01-14 20:51] - 1022464 ____A (Microsoft Corporation) A0662CC26EEDC71C8598CBD7C986B09D

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_5be473e15d36fc54\wininet.dll
[2009-06-18 20:04] - [2008-10-15 20:43] - 1022464 ____A (Microsoft Corporation) D9E8399459565B4E8A7FF2B01CB55F8D

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_5bf244ab5d2c2c68\wininet.dll
[2009-06-18 19:23] - [2008-10-01 23:59] - 1022464 ____A (Microsoft Corporation) 50020130D79D6829116B0F5084653271

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_5c17829f5d11249a\wininet.dll
[2009-06-18 19:11] - [2008-06-26 20:05] - 1022464 ____A (Microsoft Corporation) 9D5E76B1D6941D2BB836655C1B6AE83B

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_5bcbd1455d49eb0a\wininet.dll
[2009-06-18 18:29] - [2008-04-24 20:29] - 1022464 ____A (Microsoft Corporation) EEFC1D846B86CFD92865FFD255B87CFC

C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_5bf911895d27adf4\wininet.dll
[2009-06-18 18:16] - [2008-02-20 20:45] - 1022464 ____A (Microsoft Corporation) 4C48ACC0299116CD22A9522D5C7CFFC4

C:\Windows\SysWOW64\wininet.dll
[2013-10-02 12:52] - [2004-08-04 00:56] - 0656384 ____A (Microsoft Corporation) C0823FC5469663BA63E7DB88F9919D70

C:\Windows\System32\wininet.dll
[2013-10-02 12:52] - [2004-08-04 00:56] - 0656384 ____A (Microsoft Corporation) C0823FC5469663BA63E7DB88F9919D70

====== End Of Search ======

 

USP10.DLL:

Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-06 13:28:50
Running from E:\
Boot Mode: Recovery

================== Search: "usp10.dll" ===================

C:\Windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18000_none_acfa790e587c602e\usp10.dll
[2008-01-20 18:49] - [2008-01-20 18:49] - 0501760 ____A (Microsoft Corporation) 3122DAF86B33ED8AC4662D07593025D7

C:\Windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18000_none_0919149210d9d164\usp10.dll
[2008-01-20 18:48] - [2008-01-20 18:48] - 0622080 ____A (Microsoft Corporation) 8745227FAB62C0886B4B122CAD1D799E

C:\Windows\SysWOW64\usp10.dll
[2013-10-02 12:51] - [2004-08-04 00:56] - 0406528 ____A (Microsoft Corporation) 2EB58F9DCD6AB320B46744A4EA48B2D2

C:\Windows\System32\usp10.dll
[2013-10-02 12:51] - [2004-08-04 00:56] - 0406528 ____A (Microsoft Corporation) 2EB58F9DCD6AB320B46744A4EA48B2D2

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\USP10.DLL
[2010-09-21 16:39] - [2010-09-21 16:39] - 0640256 ____A (Microsoft Corporation) 6DF2076A4AC5E3655529142917B579A4

====== End Of Search ======

 

URLMON.DLL:

Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-06 13:29:52
Running from E:\
Boot Mode: Recovery

================== Search: "urlmon.dll" ===================

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22290_none_b6f1dedaed56d056\urlmon.dll
[2010-01-21 14:32] - [2009-12-17 04:04] - 1176064 ____A (Microsoft Corporation) C8241D7839B71D09D5D2C3D7AB4F9F07

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22252_none_b71f1f1eed349340\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 04:53] - 1176064 ____A (Microsoft Corporation) DDB47F6C465DC0D3955C371E1DAE11E3

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22212_none_b74a5eceed14237c\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 04:56] - 1176064 ____A (Microsoft Corporation) D3AC2B7CE02746A875C6D927B076CD2D

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18167_none_b68fb3d9d41a8e1a\urlmon.dll
[2010-01-21 14:32] - [2009-12-16 03:44] - 1176064 ____A (Microsoft Corporation) D12B8B3B094DF8A74FC3BCB1DBA578BF

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18130_none_b6a92197d40888e6\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 06:11] - 1176064 ____A (Microsoft Corporation) BF603DAF42E11F79BECA5760A40DC352

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18100_none_b6c9915bd3f03513\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 04:40] - 1176064 ____A (Microsoft Corporation) 957ADB59EB02B93B8F3414CA4145747B

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22585_none_b51b3e50f023ddf4\urlmon.dll
[2010-01-21 14:32] - [2009-12-18 04:24] - 1175040 ____A (Microsoft Corporation) C0CBE22A90ECC439F3872C3E7412C9E4

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22550_none_b536aca2f0100b6e\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 05:07] - 1175040 ____A (Microsoft Corporation) B0CDEFD51DEA9E2C89C8FEEC139E353C

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22508_none_b574be8eefe04a71\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 05:17] - 1175040 ____A (Microsoft Corporation) 2791541CE760110695F05ED8AFF0F18B

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22355_none_b53baa48f00b8fd3\urlmon.dll
[2009-06-18 20:22] - [2009-01-15 20:59] - 1166848 ____A (Microsoft Corporation) 353880D255B122E28469B56EE0EA857C

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22288_none_b51e397cf0213284\urlmon.dll
[2009-06-18 20:04] - [2008-10-15 20:38] - 1166848 ____A (Microsoft Corporation) 9707A414766A70C1CD125B91D6BFC035

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22278_none_b5290968f0191693\urlmon.dll
[2009-06-18 19:23] - [2008-10-01 19:34] - 1166848 ____A (Microsoft Corporation) 50AF4A0AEDD9204074A3823B94FAAAD1

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22212_none_b563e734efedd6e3\urlmon.dll
[2009-06-18 19:11] - [2008-06-26 19:50] - 1166848 ____A (Microsoft Corporation) 3ED27AB59FB2DA1C495CCDAA71F825F5

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22167_none_b532d724f011e424\urlmon.dll
[2009-06-18 18:29] - [2008-04-24 20:21] - 1166336 ____A (Microsoft Corporation) 9EF388245B2E198704A41C44DF4EEC14

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22120_none_b55714ceeff7c2ff\urlmon.dll
[2009-06-18 18:16] - [2008-02-21 20:52] - 1166336 ____A (Microsoft Corporation) 29CB87A945B10AA959584C3E59D6201D

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18385_none_b4919f9fd7064103\urlmon.dll
[2010-01-21 14:32] - [2009-12-18 05:05] - 1174528 ____A (Microsoft Corporation) 4DE2CD3902C0010FA19116F05BD4FF20

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18349_none_b4c0e077d6e2369b\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 05:20] - 1174528 ____A (Microsoft Corporation) 7DCBA36C66BEEBF63E67E34DEBB72F6A

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18319_none_b4e1503bd6c9e2c8\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 05:32] - 1174528 ____A (Microsoft Corporation) 822B8B0184D54D5D0E2752B63DEEFCA9

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18203_none_b4e61c85d6c731a6\urlmon.dll
[2009-06-18 20:22] - [2009-01-14 22:11] - 1166336 ____A (Microsoft Corporation) F93F047F42BB89401EE58FBCFD3204CE

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18157_none_b4b40c2bd6ec2590\urlmon.dll
[2009-06-18 20:04] - [2008-10-15 20:47] - 1166336 ____A (Microsoft Corporation) 41C039DEF8D0D5D0E7A9B32F09600402

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18148_none_b4bfdc61d6e322f6\urlmon.dll
[2009-06-18 19:23] - [2008-10-01 19:49] - 1166336 ____A (Microsoft Corporation) 1F3DD8C368D5534B9D5128AFD0BEFF3A

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18099_none_b48acb29d70acadb\urlmon.dll
[2009-06-18 19:11] - [2008-06-26 20:15] - 1166336 ____A (Microsoft Corporation) FDBF6B298D068F08146C9B2B18D78A5F

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18063_none_b4a53931d6f7defe\urlmon.dll
[2009-06-18 18:29] - [2008-04-24 20:35] - 1166336 ____A (Microsoft Corporation) 5E4F2E3846DB2699D96F1B28E83B94C3

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18023_none_b4d078e1d6d76f3a\urlmon.dll
[2009-06-18 18:16] - [2008-02-21 21:01] - 1166336 ____A (Microsoft Corporation) 1CC909F70CAE7F858CCF6DD4145D6AA0

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18000_none_b4e317dbd6c9eb53\urlmon.dll
[2008-01-20 18:50] - [2008-01-20 18:50] - 1165824 ____A (Microsoft Corporation) 6FD4D51AA2DA0314DC77A150EB6D3980

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21184_none_b333d59cf2fe69c7\urlmon.dll
[2010-01-21 14:32] - [2009-12-18 04:25] - 1170944 ____A (Microsoft Corporation) 984C8CF12DF3C2F723EA76ACCA0CE5CF

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21148_none_b3631674f2da5f5f\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 05:18] - 1170944 ____A (Microsoft Corporation) 95FFAD523925F8FB5607071D7297F036

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21116_none_b38185a4f2c3d8de\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 05:40] - 1170944 ____A (Microsoft Corporation) 4ED8811745EC4D3304CBB42DF372D7C1

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20996_none_b32b2c3cf30487fd\urlmon.dll
[2009-06-18 20:22] - [2009-01-14 20:19] - 1163264 ____A (Microsoft Corporation) 0E6EF7AC9F4799B1DCCD78F3BE99D8D0

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20937_none_b36d0c0ef2d2f9ae\urlmon.dll
[2009-06-18 20:04] - [2008-10-15 20:23] - 1163264 ____A (Microsoft Corporation) D2899FFCC2943F9D6969304D1D9FB47A

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20927_none_b377dbfaf2caddbd\urlmon.dll
[2009-06-18 19:23] - [2008-10-01 19:30] - 1162752 ____A (Microsoft Corporation) BFA01B3F0926C58ECBE31BA365138075

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20868_none_b34d9aaef2ea69b1\urlmon.dll
[2009-06-18 19:11] - [2008-06-26 19:49] - 1162752 ____A (Microsoft Corporation) 68F5CC104978908671F96EE7FC79D06E

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20823_none_b373d8ecf2ce7b3a\urlmon.dll
[2009-06-18 18:29] - [2008-04-24 20:09] - 1162752 ____A (Microsoft Corporation) BE5269680658C57CD9AED2AF337D195E

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20777_none_b341c892f2f36f24\urlmon.dll
[2009-06-18 18:16] - [2008-02-21 20:52] - 1162752 ____A (Microsoft Corporation) D7C4249EB1CFE999F90A54597DC6CF6F

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16982_none_b2a8601bd9e2640d\urlmon.dll
[2010-01-21 14:32] - [2009-12-18 04:52] - 1168384 ____A (Microsoft Corporation) C504C720A5EE8CF112758FEE04D4625B

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16945_none_b2d6a0a9d9bf404e\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 07:05] - 1168384 ____A (Microsoft Corporation) 3AE909879284F30B3466FDCD2B1CE85C

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16916_none_b2f810b7d9a605d2\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 06:02] - 1168384 ____A (Microsoft Corporation) 3E826F7F47BFA2F92E073E61CAC0504B

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16809_none_b305df9bd99b38bf\urlmon.dll
[2009-06-18 20:22] - [2009-01-14 20:16] - 1160192 ____A (Microsoft Corporation) AD0675AF94230B374FA2D7C97FA72D71

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16764_none_b2bffcbbd9d0648b\urlmon.dll
[2009-06-18 20:04] - [2008-10-15 20:40] - 1160192 ____A (Microsoft Corporation) CC7E957A6F118030374DCDF21FEA3C96

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16757_none_b2cdcd85d9c5949f\urlmon.dll
[2009-06-18 19:23] - [2008-10-01 19:49] - 1159680 ____A (Microsoft Corporation) D4C1FB1CFBED2FAF71408DCA61588435

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16711_none_b2f30b79d9aa8cd1\urlmon.dll
[2009-06-18 19:11] - [2008-06-26 19:54] - 1159680 ____A (Microsoft Corporation) D5A518871C5393B5C1883E74BE75FAF8

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16681_none_b2a75a1fd9e35341\urlmon.dll
[2009-06-18 18:29] - [2008-04-24 20:23] - 1159680 ____A (Microsoft Corporation) FCA38D14AA8877C7AA3C7030D9E40CCC

C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16643_none_b2d49a63d9c1162b\urlmon.dll
[2009-06-18 18:16] - [2008-02-20 20:43] - 1159680 ____A (Microsoft Corporation) F8E8922A488183128EE605B0612C4C14

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22290_none_13107a5ea5b4418c\urlmon.dll
[2010-01-21 14:32] - [2009-12-17 03:57] - 1426944 ____A (Microsoft Corporation) 2CD2B2E37A36D2D92A7F424DD0E0DBBB

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22252_none_133dbaa2a5920476\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 05:06] - 1426944 ____A (Microsoft Corporation) C509E314CF77E5D457B370949859D361

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22212_none_1368fa52a57194b2\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 04:52] - 1426944 ____A (Microsoft Corporation) D0899D4ABDB46471362FBFA2BE1B6642

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18167_none_12ae4f5d8c77ff50\urlmon.dll
[2010-01-21 14:32] - [2009-12-16 04:15] - 1426944 ____A (Microsoft Corporation) 0576ACA7FA090796FE75E451ACA693AF

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18130_none_12c7bd1b8c65fa1c\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 06:24] - 1426944 ____A (Microsoft Corporation) 3C1DC8333674FD01C067F376CFFD8A43

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18100_none_12e82cdf8c4da649\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 04:54] - 1426944 ____A (Microsoft Corporation) 0A4BE1FAC981FE997B368A8F00243284

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22585_none_1139d9d4a8814f2a\urlmon.dll
[2010-01-21 14:32] - [2009-12-18 04:59] - 1426944 ____A (Microsoft Corporation) 8C21A024FC038F19CF48AB22C6DC53F7

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22550_none_11554826a86d7ca4\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 05:34] - 1426944 ____A (Microsoft Corporation) CD434716764A8BC05C8709E5772ED6C7

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22508_none_11935a12a83dbba7\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 05:31] - 1426944 ____A (Microsoft Corporation) B2084F8E75479DFE23C094E2B5B4F2CF

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22355_none_115a45cca8690109\urlmon.dll
[2009-06-18 20:22] - [2009-01-16 04:27] - 1419264 ____A (Microsoft Corporation) 7D881E47DE9B592F66B005E4575FEED4

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22288_none_113cd500a87ea3ba\urlmon.dll
[2009-06-18 20:04] - [2008-10-15 21:02] - 1419776 ____A (Microsoft Corporation) 3EAD3D2C3882253F2DD59C6B413A6A4D

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22278_none_1147a4eca87687c9\urlmon.dll
[2009-06-18 19:23] - [2008-10-01 20:04] - 1419776 ____A (Microsoft Corporation) 2E4BC532E2314AB7DB79F2DAAF2B9432

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22212_none_118282b8a84b4819\urlmon.dll
[2009-06-18 19:11] - [2008-06-26 20:22] - 1418752 ____A (Microsoft Corporation) 9998A2D173292AEB2EF681CCCDFD39FB

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22167_none_115172a8a86f555a\urlmon.dll
[2009-06-18 18:29] - [2008-04-24 20:45] - 1418240 ____A (Microsoft Corporation) 9C78D69FDFDF7A2F3840632239E75C34

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22120_none_1175b052a8553435\urlmon.dll
[2009-06-18 18:16] - [2008-02-21 21:21] - 1418240 ____A (Microsoft Corporation) C113A4FF9C9CA58440EC8772901F01BB

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18565_none_10c5dec78f5374a5\urlmon.dll
[2013-10-02 08:28] - [2013-10-02 08:28] - 1426944 ____A (Microsoft Corporation) A52AE7B0B05C047BE263CA92010C7315

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18385_none_10b03b238f63b239\urlmon.dll
[2010-01-21 14:32] - [2009-12-18 05:12] - 1426432 ____A (Microsoft Corporation) 1268A026A3BD66206A9811058AB63973

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18349_none_10df7bfb8f3fa7d1\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 05:44] - 1426432 ____A (Microsoft Corporation) 3E8325062718282A2B0E619B0B48E2B1

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18319_none_10ffebbf8f2753fe\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 05:47] - 1426432 ____A (Microsoft Corporation) 7631D8389579DD4335F89D837ED78974

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18203_none_1104b8098f24a2dc\urlmon.dll
[2009-06-18 20:22] - [2009-01-14 22:11] - 1418752 ____A (Microsoft Corporation) 0598687B1DD786DE49DE32B752194993

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18157_none_10d2a7af8f4996c6\urlmon.dll
[2009-06-18 20:04] - [2008-10-15 21:49] - 1418240 ____A (Microsoft Corporation) 4A841611F85CA1DC8BF0BD817D88B884

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18148_none_10de77e58f40942c\urlmon.dll
[2009-06-18 19:23] - [2008-10-01 20:35] - 1418240 ____A (Microsoft Corporation) EEC4157A33639E95833772A0E81773BD

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18099_none_10a966ad8f683c11\urlmon.dll
[2009-06-18 19:11] - [2008-06-26 20:31] - 1418240 ____A (Microsoft Corporation) DCD1DD034C7F36B26F4CCEB3F17CD822

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18063_none_10c3d4b58f555034\urlmon.dll
[2009-06-18 18:29] - [2008-04-25 06:22] - 1418240 ____A (Microsoft Corporation) 237D1BC04997238603C5D1B58FD14E2D

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18023_none_10ef14658f34e070\urlmon.dll
[2009-06-18 18:16] - [2008-02-21 21:21] - 1418240 ____A (Microsoft Corporation) 7A3120DE8292FC828BDDF9F6CCFC9E0D

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18000_none_1101b35f8f275c89\urlmon.dll
[2008-01-20 18:49] - [2008-01-20 18:49] - 1417728 ____A (Microsoft Corporation) D541D85839E9B04070AC529A3AAC21E6

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21184_none_0f527120ab5bdafd\urlmon.dll
[2010-01-21 14:32] - [2009-12-18 05:17] - 1440768 ____A (Microsoft Corporation) 4DA4FCADBE6330D2393AE59AE1E2C019

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21148_none_0f81b1f8ab37d095\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 06:08] - 1440768 ____A (Microsoft Corporation) 5AB0F7099E6375949F28B0EA2EDB29DB

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21116_none_0fa02128ab214a14\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 06:26] - 1440768 ____A (Microsoft Corporation) 1B24D4A00DD41A8AB8E0C215F9E3432E

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20996_none_0f49c7c0ab61f933\urlmon.dll
[2009-06-18 20:22] - [2009-01-14 20:59] - 1432064 ____A (Microsoft Corporation) 49F4287AB53AE872C1C7B1994D7E0F41

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20937_none_0f8ba792ab306ae4\urlmon.dll
[2009-06-18 20:04] - [2008-10-15 20:30] - 1431552 ____A (Microsoft Corporation) ADD6F43AA2542D8A6B16D1C49BA4924D

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20927_none_0f96777eab284ef3\urlmon.dll
[2009-06-18 19:23] - [2008-10-01 19:49] - 1431040 ____A (Microsoft Corporation) D1FEB119F051621DE4D12AD32DBAC631

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20868_none_0f6c3632ab47dae7\urlmon.dll
[2009-06-18 19:11] - [2008-06-26 19:59] - 1431040 ____A (Microsoft Corporation) 3F6E1F8EADEBC4F93A2CC0643F9C57C6

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20823_none_0f927470ab2bec70\urlmon.dll
[2009-06-18 18:29] - [2008-04-24 20:17] - 1431040 ____A (Microsoft Corporation) 25FD710192A1D57E530682BAD2E26CEB

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20777_none_0f606416ab50e05a\urlmon.dll
[2009-06-18 18:16] - [2008-02-21 20:54] - 1431040 ____A (Microsoft Corporation) DBEF8F681D77A3EE8703D023D99003BE

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16982_none_0ec6fb9f923fd543\urlmon.dll
[2010-01-21 14:32] - [2009-12-18 05:14] - 1435648 ____A (Microsoft Corporation) 9C8FA63AD109715F8F0E5A6B519B2CF1

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16945_none_0ef53c2d921cb184\urlmon.dll
[2009-12-08 19:37] - [2009-10-27 07:06] - 1435648 ____A (Microsoft Corporation) AE50869A5A1406CF909842647E473832

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16916_none_0f16ac3b92037708\urlmon.dll
[2009-11-10 18:51] - [2009-08-27 06:18] - 1435648 ____A (Microsoft Corporation) 9DC0494DA1024312C599525876AB821A

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16809_none_0f247b1f91f8a9f5\urlmon.dll
[2009-06-18 20:22] - [2009-01-14 20:51] - 1428992 ____A (Microsoft Corporation) 06CBE8D2C3DC7326F926C950078F43A4

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16764_none_0ede983f922dd5c1\urlmon.dll
[2009-06-18 20:04] - [2008-10-15 20:43] - 1428480 ____A (Microsoft Corporation) 6A17F44FFC35696F06DF18D23B726735

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16757_none_0eec6909922305d5\urlmon.dll
[2009-06-18 19:23] - [2008-10-01 23:58] - 1428480 ____A (Microsoft Corporation) 9961CFAB278A02DC826FBC3F1037F2A8

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16711_none_0f11a6fd9207fe07\urlmon.dll
[2009-06-18 19:11] - [2008-06-26 20:05] - 1427968 ____A (Microsoft Corporation) BD7642D0C569B54AE63DA586F23CE096

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16681_none_0ec5f5a39240c477\urlmon.dll
[2009-06-18 18:29] - [2008-04-24 20:29] - 1427968 ____A (Microsoft Corporation) 4E9DBD2DF80280D73F753D890477E18A

C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16643_none_0ef335e7921e8761\urlmon.dll
[2009-06-18 18:16] - [2008-02-20 20:45] - 1427968 ____A (Microsoft Corporation) 1626011979549364A7C1F953CBB42D6E

C:\Windows\SysWOW64\URLMON.dll
[2013-10-04 14:55] - [2009-12-17 04:04] - 1176064 ____A (Microsoft Corporation) C8241D7839B71D09D5D2C3D7AB4F9F07

C:\Windows\System32\urlmon.dll
[2013-10-02 08:28] - [2013-10-02 08:28] - 1426944 ____A (Microsoft Corporation) A52AE7B0B05C047BE263CA92010C7315

C:\FRST\Quarantine\urlmon.dll
[2013-10-04 14:55] - [2013-10-02 08:28] - 1426944 ____A (Microsoft Corporation) A52AE7B0B05C047BE263CA92010C7315

====== End Of Search ======

 

NTOSKRNL.EXE:

Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-06 13:24:07
Running from E:\
Boot Mode: Recovery

================== Search: "ntoskrnl.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22191_none_ca5ec287830c84d1\ntoskrnl.exe
[2009-11-10 18:53] - [2009-08-05 06:09] - 4693576 ____A (Microsoft Corporation) 0DD0FCFB9609403352FF75656826E82F

C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18082_none_c9e0f5f269e5e26d\ntoskrnl.exe
[2009-11-10 18:53] - [2009-08-04 04:47] - 4698168 ____A (Microsoft Corporation) 8E43DA6C8040C68446AA4B5D84C8127A

C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22489_none_c88b22db85d6de74\ntoskrnl.exe
[2009-11-10 18:53] - [2009-08-05 06:12] - 4682824 ____A (Microsoft Corporation) 0170600F2A613CE3E8CC2B66A6DC7885

C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_c88b20f585d6e14d\ntoskrnl.exe
[2009-11-10 18:52] - [2009-03-02 21:04] - 4691424 ____A (Microsoft Corporation) 65252FED486E5BF1E384CA65C16148C7

C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22296_none_c87d4e4585e1b412\ntoskrnl.exe
[2009-06-18 20:14] - [2008-10-27 21:24] - 4692744 ____A (Microsoft Corporation) 8FF99B6F181175B4274ED55C66D6B094

C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_c8a0bee785c6ac44\ntoskrnl.exe
[2009-06-18 19:30] - [2008-09-17 21:56] - 4694584 ____A (Microsoft Corporation) 5E31190EF331709EAB9FB66C3683540B

C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22244_none_c8b15d4d85baf5af\ntoskrnl.exe
[2009-06-18 20:13] - [2008-08-14 20:41] - 4694072 ____A (Microsoft Corporation) 05C4D0EF50C4267AABF4BAB242D0F260

C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_c89ebc6d85c87c6f\ntoskrnl.exe
[2009-06-18 18:42] - [2008-04-26 00:43] - 4694584 ____A (Microsoft Corporation) A1DC0EFF401FE35688F1046F10BEE5BF

C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18304_none_c85303fe6c7ce06f\ntoskrnl.exe
[2009-11-10 18:53] - [2009-08-05 06:56] - 4691016 ____A (Microsoft Corporation) 043EB4B7C74C189E06584411B2C9EB8F

C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_c83f62d46c8b4dd8\ntoskrnl.exe
[2009-11-10 18:52] - [2009-03-02 21:02] - 4692448 ____A (Microsoft Corporation) ED97E8551F0B1844250ED1B07393B10D

C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_c828c0cc6c9c6f3c\ntoskrnl.exe
[2009-06-18 19:29] - [2008-09-17 20:56] - 4694584 ____A (Microsoft Corporation) 247A2AAF7E5189716192EE19EC6EC6FB

C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_c8111e7a6cae7749\ntoskrnl.exe
[2009-06-18 18:42] - [2008-04-26 00:53] - 4694584 ____A (Microsoft Corporation) 6DEA6827709FC6F047580111651DFF02

C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18000_none_c84efd246c80839e\ntoskrnl.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 4694072 ____A (Microsoft Corporation) 6760643D6400CA78640E9DD3824115B1

C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21101_none_c6f339678876d685\ntoskrnl.exe
[2009-11-10 18:53] - [2009-08-05 07:14] - 4412488 ____A (Microsoft Corporation) 5E99FFD02816FF54247294C7C9C003B9

C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_c6df983d888543ee\ntoskrnl.exe
[2009-11-10 18:52] - [2009-03-02 20:38] - 4413936 ____A (Microsoft Corporation) CC172711FF2FCE0673321A951B02C379

C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_c6ddbf878886ddfe\ntoskrnl.exe
[2009-06-18 19:29] - [2008-09-17 20:41] - 4416056 ____A (Microsoft Corporation) EFAAC7A874B65DF3F26B5092291D4859

C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16901_none_c669c47a6f590379\ntoskrnl.exe
[2009-11-10 18:53] - [2009-08-05 07:07] - 4425288 ____A (Microsoft Corporation) C53B06CB817845873A3D32C1BAD33727

C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_c64852866f7240ce\ntoskrnl.exe
[2009-11-10 18:52] - [2009-03-02 20:44] - 4427232 ____A (Microsoft Corporation) 8B3095B00E832ABFC7047A04E681CCDE

C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_c636b1f06f7ee0e5\ntoskrnl.exe
[2009-06-18 19:29] - [2008-09-17 20:56] - 4429368 ____A (Microsoft Corporation) 2A87B3D380E3800BF247D82E58F0FCBA

C:\Windows\System32\ntoskrnl.exe
[2013-10-02 10:18] - [2004-08-03 23:20] - 2180992 ____A (Microsoft Corporation) CE218BC7088681FAA06633E218596CA7

====== End Of Search ======

 

And while you didn't ask for it, I'd also moved Shell32.dll, so here that is:

Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-06 13:30:22
Running from E:\
Boot Mode: Recovery

================== Search: "shell32.dll" ===================

C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22303_none_d329122917d5070d\shell32.dll
[2009-06-18 19:58] - [2008-11-06 04:59] - 11582976 ____A (Microsoft Corporation) 4A21B11997C1F14D8707C8C501CA59A7

C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22166_none_d2eb2fb31803006a\shell32.dll
[2009-06-18 18:40] - [2008-04-23 20:45] - 11581440 ____A (Microsoft Corporation) 82A0A2AB2C637C11F28C1E37F76A284E

C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18167_none_d2629517fee4771e\shell32.dll
[2009-06-18 19:58] - [2008-11-06 05:14] - 11580928 ____A (Microsoft Corporation) 5D62692EEB77E32F67A966F1BDEB551B

C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_d25d91bffee8fb44\shell32.dll
[2009-06-18 18:40] - [2008-04-23 20:58] - 11580416 ____A (Microsoft Corporation) 61509AF47F663A6EA941492ED181D60C

C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18000_none_d29c70b3feba20f0\shell32.dll
[2008-01-20 18:51] - [2008-01-20 18:51] - 11580416 ____A (Microsoft Corporation) 33E9CE9110597F1A47BA18B96EAFA6FA

C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20951_none_d10ac3531ad8cf23\shell32.dll
[2009-06-18 19:58] - [2008-11-06 04:59] - 11320832 ____A (Microsoft Corporation) 4F72C8F593AAB1B83FB5D62CBFBB51F9

C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20822_none_d12c317b1abf9780\shell32.dll
[2009-06-18 18:40] - [2008-04-23 20:40] - 11319808 ____A (Microsoft Corporation) 3D58E32AA9A5C7F408D97675C81C9AED

C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16774_none_d06e85a801c8b619\shell32.dll
[2009-06-18 19:58] - [2008-11-06 04:57] - 11315712 ____A (Microsoft Corporation) CF1D75E7B4A7CC6D2A21FE64C9E50A12

C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16680_none_d05fb2ae01d46f87\shell32.dll
[2009-06-18 18:40] - [2008-04-23 20:51] - 11315712 ____A (Microsoft Corporation) FF37AF2D5DCAFC00BC46AF07B53699B0

C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22303_none_c8d467d6e3744512\shell32.dll
[2009-06-18 19:58] - [2008-11-06 06:17] - 12900864 ____A (Microsoft Corporation) 4F385F044E580B086D5D2AC7AAF575A3

C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22166_none_c8968560e3a23e6f\shell32.dll
[2009-06-18 18:40] - [2008-04-23 21:10] - 12898816 ____A (Microsoft Corporation) 8961813821111D50F64F03077DAD761F

C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18167_none_c80deac5ca83b523\shell32.dll
[2009-06-18 19:58] - [2008-11-06 05:32] - 12897792 ____A (Microsoft Corporation) D7DC3DCB97A022ABDF6C986C79F7C84F

C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_c808e76dca883949\shell32.dll
[2009-06-18 18:40] - [2008-04-23 21:18] - 12897280 ____A (Microsoft Corporation) C97B3A10B1C9E9AE8E6A3505D202FE95

C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18000_none_c847c661ca595ef5\shell32.dll
[2008-01-20 18:50] - [2008-01-20 18:50] - 12895744 ____A (Microsoft Corporation) 8202A5D97E889DE02E7920A4DB9C8F55

C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20951_none_c6b61900e6780d28\shell32.dll
[2009-06-18 19:58] - [2008-11-06 05:15] - 12790272 ____A (Microsoft Corporation) A375E856A153FDF530455A2F57FDDA59

C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20822_none_c6d78728e65ed585\shell32.dll
[2009-06-18 18:40] - [2008-04-23 21:04] - 12789248 ____A (Microsoft Corporation) 5BA5613DDA5A6E86FA3B9036F5C7F4DA

C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16774_none_c619db55cd67f41e\shell32.dll
[2009-06-18 19:58] - [2008-11-06 05:22] - 12783616 ____A (Microsoft Corporation) 35ED725E28164143F2705679E2DCD74E

C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16680_none_c60b085bcd73ad8c\shell32.dll
[2009-06-18 18:40] - [2008-04-23 21:10] - 12784128 ____A (Microsoft Corporation) C0964CBC399038D444199C2B04BE052F

C:\Windows\SysWOW64\shell32.dll
[2013-10-02 12:44] - [2013-10-02 12:42] - 8461312 ____A (Microsoft Corporation) 0CF50B1F45DAB08430C1DBB79FE2CA5B

C:\Windows\System32\shell32.dll
[2013-10-02 12:44] - [2013-10-02 12:42] - 8461312 ____A (Microsoft Corporation) 0CF50B1F45DAB08430C1DBB79FE2CA5B

====== End Of Search ======

 

Thanks for all your help and patience Gringo!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users