Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Black screen with only a mouse cursor


  • This topic is locked This topic is locked
132 replies to this topic

#1 justin.zerber

justin.zerber

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 14 December 2013 - 10:11 AM

I was reading through your website and found the forum on a black screen with only a cursor available. My laptop has the same problem right now. That froum is now closed... I  ran the program frst64 on my laptop.
 
I have attached the results below and was wondering if you could help me out. I am not sure how to fix it...
 
Thanks a million!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
Ran by SYSTEM on MININT-B97FD6R on 13-12-2013 17:51:27
Running from H:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ATT-SST_McciTrayApp] - C:\Program Files\ATT-SST\pcTrayApp.exe [2727936 2012-06-07] (Alcatel-Lucent)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc)
HKLM-x32\...\Run: [McAfee Managed Services Tray] - C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe [476480 2010-02-17] (McAfee, Inc.)
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe [11265536 2009-12-11] (Hewlett-Packard)
HKLM-x32\...\Run: [DTRun] - C:\Program Files (x86)\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Newman\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Newman\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\Newman\...\Run: [Regedit32] - C:\windows\system32\regedit.exe
HKU\Newman\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\Newman\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h4ibnjwv.lnk
ShortcutTarget: h4ibnjwv.lnk -> C:\ProgramData\vwjnbi4h.jss (Microsoft Corporation)
Startup: C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
S3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-15] (McAfee, Inc.)
S2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd)
S2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P)
S2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-15] (McAfee, Inc.)
S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
S2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [222528 2009-08-07] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199032 2010-02-04] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [149032 2010-02-08] (McAfee, Inc.)
S2 MpfService; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [893112 2009-05-08] (McAfee, Inc.)
S2 myAgtSvc; C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [282824 2010-02-17] (McAfee, Inc.)
S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [441344 2011-12-21] (Alcatel-Lucent)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
S2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.)
S2 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)

==================== Drivers (Whitelisted) ====================

S3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121760 2010-02-08] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190136 2010-02-08] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [527592 2010-02-08] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94224 2010-02-08] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [280008 2010-02-08] (McAfee, Inc.)
S1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-15] (McAfee, Inc.)
S1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-15] (McAfee, Inc.)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89216 2009-12-22] (Realtek Semiconductor Corp.)
S0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-15] (McAfee, Inc.)
S0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-15] (McAfee, Inc.)
S0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
S0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-15] (McAfee, Inc.)
S0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-15] (McAfee, Inc.)
S0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-15] (McAfee, Inc.)
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [x]
S0 SMR410; System32\drivers\SMR410.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-13 17:51 - 2013-12-13 17:51 - 00000000 ____D C:\FRST
2013-12-12 21:17 - 2013-12-12 21:17 - 00003288 ____N C:\bootsqm.dat
2013-12-08 18:09 - 2013-12-08 18:09 - 00458664 _____ C:\Windows\Minidump\120813-17440-01.dmp
2013-12-08 12:59 - 2013-12-08 12:59 - 00000000 ____D C:\ProgramData\SMR410
2013-12-08 12:47 - 2013-12-08 12:47 - 00000000 __SHD C:\found.002
2013-12-08 12:31 - 2013-12-08 13:27 - 00000000 ____D C:\Users\Newman\AppData\Local\NPE
2013-12-08 12:31 - 2013-12-08 12:32 - 00000000 ____D C:\ProgramData\Norton
2013-12-08 12:31 - 2013-12-08 12:31 - 03053496 ____N (Symantec Corporation) C:\Users\Newman\Downloads\NPE.exe
2013-12-08 12:01 - 2013-12-08 12:59 - 01070252 _____ C:\Windows\ntbtlog.txt.bak
2013-12-08 11:51 - 2013-12-08 16:43 - 95025368 ____T C:\ProgramData\h4ibnjwv.fee
2013-12-08 11:51 - 2013-12-08 15:34 - 00000000 _____ C:\ProgramData\h4ibnjwv.odd
2013-12-08 11:51 - 2013-12-08 11:51 - 00207872 _____ (Microsoft Corporation) C:\ProgramData\vwjnbi4h.jss
2013-12-08 11:51 - 2013-12-08 11:51 - 00060528 ____T (Microsoft Corporation) C:\ProgramData\h4ibnjwv.zvv
2013-11-29 00:32 - 2013-11-29 00:42 - 00000000 ____D C:\Users\Newman\Documents\WebCam Media
2013-11-29 00:32 - 2013-11-29 00:32 - 00000000 ____D C:\Users\Newman\AppData\Local\ArcSoft
2013-11-24 18:47 - 2013-04-16 23:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-11-24 18:47 - 2013-04-16 22:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-11-24 13:48 - 2013-11-24 13:51 - 00006118 _____ C:\Windows\IE11_main.log
2013-11-24 13:27 - 2013-11-24 13:27 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-24 13:27 - 2013-11-24 13:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-24 13:27 - 2013-11-24 13:27 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-24 13:27 - 2013-11-24 13:27 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-24 13:27 - 2013-11-24 13:27 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-24 13:27 - 2013-11-24 13:27 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-11-24 13:27 - 2013-11-24 13:27 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-11-24 13:27 - 2013-11-24 13:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-24 13:27 - 2013-11-24 13:27 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-11-24 13:27 - 2013-11-24 13:27 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-24 13:27 - 2013-11-24 13:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-24 13:25 - 2013-11-24 13:25 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 02776576 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 01682432 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 01238528 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 01175552 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00648192 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00522752 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00333312 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00245248 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00194560 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-24 13:22 - 2013-11-24 13:34 - 00008547 _____ C:\Windows\IE10_main.log
2013-11-24 12:57 - 2013-11-24 12:59 - 00000000 ____D C:\Windows\System32\MRT
2013-11-23 19:35 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-23 19:35 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-23 19:35 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-23 19:35 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-23 19:35 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-23 19:35 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-23 19:35 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-23 19:35 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-23 19:35 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-23 19:35 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-23 19:35 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-23 19:35 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-23 19:35 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-23 19:35 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-23 19:35 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-23 19:35 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-23 19:35 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-23 19:35 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-23 19:35 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-23 19:35 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-23 19:35 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-23 19:35 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-23 19:35 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-11-23 19:35 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-11-23 19:35 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-11-23 19:35 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-11-23 19:35 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-11-23 19:35 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-11-23 19:35 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-11-23 19:35 - 2013-08-01 18:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-11-23 19:35 - 2013-08-01 18:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-11-23 19:35 - 2013-08-01 17:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-11-23 19:35 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-11-23 19:35 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-11-23 19:35 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-11-23 19:35 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-11-23 19:35 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-11-23 19:35 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-11-23 19:35 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-11-23 19:35 - 2013-07-12 02:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-11-23 19:35 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-11-23 19:35 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-11-23 19:35 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-11-23 19:35 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-11-23 19:35 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-11-23 19:35 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-11-23 19:35 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-11-23 19:35 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-11-23 19:35 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-11-23 19:35 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-11-23 19:35 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-11-23 19:35 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-11-23 19:35 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-23 19:35 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-11-23 19:35 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-11-23 19:35 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-11-23 19:35 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-11-23 19:35 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-11-23 19:35 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-11-23 19:35 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-11-23 19:35 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-11-23 19:35 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-11-23 19:35 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-11-23 19:35 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-11-23 19:35 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-11-23 19:35 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-11-23 19:35 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-11-23 19:35 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-11-23 19:35 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-11-23 19:35 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-11-23 19:35 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-11-23 19:35 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-11-23 19:35 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-11-23 19:35 - 2013-04-25 15:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-23 19:35 - 2013-03-31 14:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-11-23 19:34 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-23 19:34 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-23 19:34 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-23 19:34 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-23 19:34 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-23 19:34 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-23 19:34 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-23 19:34 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-11-23 19:34 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2013-11-23 19:34 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-11-23 19:34 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2013-11-23 19:34 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-11-23 19:34 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-11-23 19:34 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-11-23 19:34 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-11-23 19:34 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-11-23 19:34 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-11-23 19:34 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-11-23 19:34 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-11-23 19:34 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-11-23 19:34 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-11-23 19:34 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-11-23 19:34 - 2013-07-25 18:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-11-23 19:34 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-11-23 19:34 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-11-23 19:34 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-11-23 19:34 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-11-23 19:34 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-11-23 19:34 - 2013-05-12 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-11-23 19:34 - 2013-05-12 19:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-11-23 19:34 - 2013-05-12 19:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-11-23 19:34 - 2013-05-12 19:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-11-23 19:34 - 2013-05-09 21:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-11-23 19:34 - 2013-05-09 19:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-11-23 19:34 - 2013-04-25 21:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-11-23 19:34 - 2013-04-25 20:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-11-23 19:26 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-11-23 19:24 - 2013-12-08 11:54 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForNewman.job
2013-11-23 19:24 - 2013-12-08 11:52 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNewman
2013-11-23 19:24 - 2013-09-04 04:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-11-23 19:24 - 2013-09-04 04:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-11-23 19:24 - 2013-09-04 04:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-11-23 19:24 - 2013-09-04 04:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-11-23 19:24 - 2013-09-04 04:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-11-23 19:24 - 2013-09-04 04:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-11-23 19:24 - 2013-09-04 04:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys

==================== One Month Modified Files and Folders =======

2013-12-13 17:51 - 2013-12-13 17:51 - 00000000 ____D C:\FRST
2013-12-12 21:17 - 2013-12-12 21:17 - 00003288 ____N C:\bootsqm.dat
2013-12-10 09:50 - 2010-09-08 12:40 - 00000000 ____D C:\ProgramData\HPQLOG
2013-12-08 18:09 - 2013-12-08 18:09 - 00458664 _____ C:\Windows\Minidump\120813-17440-01.dmp
2013-12-08 18:09 - 2011-08-30 15:45 - 342075925 _____ C:\Windows\MEMORY.DMP
2013-12-08 18:09 - 2011-08-30 15:45 - 00000000 ____D C:\Windows\Minidump
2013-12-08 16:45 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-08 16:45 - 2009-07-13 20:51 - 00082773 _____ C:\Windows\setupact.log
2013-12-08 16:44 - 2010-08-30 00:09 - 00000000 ____D C:\ProgramData\FLEXnet
2013-12-08 16:43 - 2013-12-08 11:51 - 95025368 ____T C:\ProgramData\h4ibnjwv.fee
2013-12-08 16:43 - 2010-09-08 13:15 - 00009005 _____ C:\Windows\System32\Config.MPF
2013-12-08 16:43 - 2010-08-30 00:02 - 01250296 _____ C:\Windows\WindowsUpdate.log
2013-12-08 16:11 - 2011-01-04 07:53 - 00000000 ____D C:\Windows\rescache
2013-12-08 15:41 - 2009-07-13 20:45 - 00020944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-08 15:41 - 2009-07-13 20:45 - 00020944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-08 15:38 - 2009-07-13 21:13 - 00727334 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-08 15:34 - 2013-12-08 11:51 - 00000000 _____ C:\ProgramData\h4ibnjwv.odd
2013-12-08 13:27 - 2013-12-08 12:31 - 00000000 ____D C:\Users\Newman\AppData\Local\NPE
2013-12-08 12:59 - 2013-12-08 12:59 - 00000000 ____D C:\ProgramData\SMR410
2013-12-08 12:59 - 2013-12-08 12:01 - 01070252 _____ C:\Windows\ntbtlog.txt.bak
2013-12-08 12:47 - 2013-12-08 12:47 - 00000000 __SHD C:\found.002
2013-12-08 12:32 - 2013-12-08 12:31 - 00000000 ____D C:\ProgramData\Norton
2013-12-08 12:31 - 2013-12-08 12:31 - 03053496 ____N (Symantec Corporation) C:\Users\Newman\Downloads\NPE.exe
2013-12-08 11:54 - 2013-11-23 19:24 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForNewman.job
2013-12-08 11:54 - 2010-09-08 13:21 - 00097740 _____ C:\Windows\PFRO.log
2013-12-08 11:52 - 2013-11-23 19:24 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNewman
2013-12-08 11:51 - 2013-12-08 11:51 - 00207872 _____ (Microsoft Corporation) C:\ProgramData\vwjnbi4h.jss
2013-12-08 11:51 - 2013-12-08 11:51 - 00060528 ____T (Microsoft Corporation) C:\ProgramData\h4ibnjwv.zvv
2013-12-08 11:45 - 2011-01-04 05:27 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BD024DDE-00E5-4519-87AD-29E005183F2A}
2013-12-08 11:43 - 2010-09-08 12:40 - 00000000 ____D C:\ProgramData\PDFC
2013-11-29 00:42 - 2013-11-29 00:32 - 00000000 ____D C:\Users\Newman\Documents\WebCam Media
2013-11-29 00:32 - 2013-11-29 00:32 - 00000000 ____D C:\Users\Newman\AppData\Local\ArcSoft
2013-11-29 00:32 - 2011-08-10 16:20 - 00000000 ____D C:\Users\Newman\AppData\Roaming\ArcSoft
2013-11-29 00:32 - 2010-08-30 00:16 - 00000000 ___HD C:\ProgramData\ArcSoft
2013-11-24 18:37 - 2011-01-04 05:10 - 00000000 ___RD C:\Users\Newman\Virtual Machines
2013-11-24 18:36 - 2009-07-13 20:45 - 00417072 _____ C:\Windows\System32\FNTCACHE.DAT
2013-11-24 18:35 - 2013-04-21 14:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-24 18:35 - 2013-04-21 14:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-24 14:35 - 2009-07-27 06:36 - 00000000 ____D C:\Program Files\Windows Journal
2013-11-24 14:35 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-11-24 14:35 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-11-24 14:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-11-24 14:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-11-24 14:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-11-24 14:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-11-24 14:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-24 13:55 - 2011-01-04 05:14 - 00746284 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-24 13:55 - 2011-01-04 05:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-11-24 13:51 - 2013-11-24 13:48 - 00006118 _____ C:\Windows\IE11_main.log
2013-11-24 13:36 - 2011-01-18 05:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-24 13:36 - 2009-07-13 18:34 - 00000478 _____ C:\Windows\win.ini
2013-11-24 13:34 - 2013-11-24 13:22 - 00008547 _____ C:\Windows\IE10_main.log
2013-11-24 13:27 - 2013-11-24 13:27 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-24 13:27 - 2013-11-24 13:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-24 13:27 - 2013-11-24 13:27 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-24 13:27 - 2013-11-24 13:27 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-24 13:27 - 2013-11-24 13:27 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-24 13:27 - 2013-11-24 13:27 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-11-24 13:27 - 2013-11-24 13:27 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-11-24 13:27 - 2013-11-24 13:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-24 13:27 - 2013-11-24 13:27 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-11-24 13:27 - 2013-11-24 13:27 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-24 13:27 - 2013-11-24 13:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-24 13:27 - 2013-11-24 13:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-11-24 13:27 - 2013-11-24 13:27 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-24 13:25 - 2013-11-24 13:25 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 02776576 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 01682432 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 01238528 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 01175552 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00648192 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00522752 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00333312 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00245248 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00194560 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-24 13:25 - 2013-11-24 13:25 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-24 13:03 - 2012-09-21 14:03 - 00000000 ____D C:\Users\Newman\Desktop\PC Stuff
2013-11-24 12:59 - 2013-11-24 12:57 - 00000000 ____D C:\Windows\System32\MRT
2013-11-24 12:53 - 2011-11-05 06:24 - 00000000 ____D C:\Users\Newman\Desktop\daniel

Some content of TEMP:
====================
C:\Users\Newman\AppData\Local\Temp\AtpTimerInfo.dll
C:\Users\Newman\AppData\Local\Temp\CWPCUNLR.dll
C:\Users\Newman\AppData\Local\Temp\Extract.exe
C:\Users\Newman\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Newman\AppData\Local\Temp\HPQSi.exe
C:\Users\Newman\AppData\Local\Temp\Resource.exe
C:\Users\Newman\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Newman\AppData\Local\Temp\SP49020.exe
C:\Users\Newman\AppData\Local\Temp\SP50301.exe
C:\Users\Newman\AppData\Local\Temp\SP50370.exe
C:\Users\Newman\AppData\Local\Temp\sp50843.exe.exe
C:\Users\Newman\AppData\Local\Temp\SP51059.exe
C:\Users\Newman\AppData\Local\Temp\SP51116.exe
C:\Users\Newman\AppData\Local\Temp\SP51626.exe
C:\Users\Newman\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Newman\AppData\Local\Temp\sp54373.exe
C:\Users\Newman\AppData\Local\Temp\SP54600.exe
C:\Users\Newman\AppData\Local\Temp\sp54620.exe
C:\Users\Newman\AppData\Local\Temp\SP54636.exe
C:\Users\Newman\AppData\Local\Temp\SP57762.exe
C:\Users\Newman\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Newman\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Newman\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Newman\AppData\Local\Temp\ymcqhpzu.dll
C:\Users\Newman\AppData\Local\Temp\~tmf3215981631604895091.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
extendedinput Yes
default {default}
resumeobject {e1ca41bc-b417-11df-9c23-dffb663cbcf9}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {e1ca41be-b417-11df-9c23-dffb663cbcf9}

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {e1ca41be-b417-11df-9c23-dffb663cbcf9}
recoveryenabled Yes
osdevice partition=C:
systemroot \windows
resumeobject {e1ca41bc-b417-11df-9c23-dffb663cbcf9}
nx OptIn
detecthal Yes
bootlog Yes

Windows Boot Loader
-------------------
identifier {e1ca41be-b417-11df-9c23-dffb663cbcf9}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{e1ca41bf-b417-11df-9c23-dffb663cbcf9}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{e1ca41bf-b417-11df-9c23-dffb663cbcf9}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {e1ca41bc-b417-11df-9c23-dffb663cbcf9}
device partition=C:
path \windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {e1ca41bf-b417-11df-9c23-dffb663cbcf9}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3887.43 MB
Available physical RAM: 3214.5 MB
Total Pagefile: 3885.63 MB
Available Pagefile: 3235.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.8 GB) (Free:175.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:2.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.48 GB) FAT32
Drive h: () (Removable) (Total:3.82 GB) (Free:0.66 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 682CF1B6)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 04030201)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)


LastRegBack: 2013-12-08 16:04

==================== End Of Log ============================

Edited by Oh My, 25 December 2013 - 09:34 AM.
Log posted


BC AdBot (Login to Remove)

 


#2 justin.zerber

justin.zerber
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 17 December 2013 - 01:10 PM

Does anyone have any advice? Please....



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 PM

Posted 19 December 2013 - 10:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517442 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:34 PM

Posted 25 December 2013 - 09:37 AM

Greetings justin.zerber and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I apologize for the extended delay. It would be best if I could review a fresh FRST log. Please run that tool again, making sure Addition.txt is checked. Also, provide an update on exactly what you are experiencing.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 justin.zerber

justin.zerber
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 28 December 2013 - 01:37 PM

Gary,

 

Sorry for not responding sooner. I was out of town and unable to work on the laptop that is have issues.

 

I have run the FRST program and have attached the information.

 

My problem is the when I turn my computer on it goes to a black screen with a cursor. It is unresponsive to any Crtl+alt+del tricks or the sticky key trick. It does the same thing no matter what mode i run it in. It will always come up to a blank black screen.

 

I was able to downlaod the windows 7 download and repari disk and format it to a usb. I ran the Make repairs through that program, but it did no affect a thing. I use that program to go into the command prompt in order to run the FRST program.

 

I hope this helps. I am trying my best to not just reformat the whole computer because I have pictures on there.

 

If we are unable to fix it is there anyway to access the hardrive and remove photos before I wipe the computer?

 

Thanks in advance,

Justin

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
Ran by SYSTEM on MININT-JII341I on 28-12-2013 13:30:17
Running from H:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ATT-SST_McciTrayApp] - C:\Program Files\ATT-SST\pcTrayApp.exe [2727936 2012-06-07] (Alcatel-Lucent)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc)
HKLM-x32\...\Run: [McAfee Managed Services Tray] - C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe [476480 2010-02-17] (McAfee, Inc.)
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe [11265536 2009-12-11] (Hewlett-Packard)
HKLM-x32\...\Run: [DTRun] - C:\Program Files (x86)\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Newman\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Newman\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\Newman\...\Run: [Regedit32] - C:\windows\system32\regedit.exe
HKU\Newman\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\Newman\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h4ibnjwv.lnk
ShortcutTarget: h4ibnjwv.lnk -> C:\ProgramData\vwjnbi4h.jss (Microsoft Corporation)
Startup: C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
S3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-15] (McAfee, Inc.)
S2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd)
S2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P)
S2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-15] (McAfee, Inc.)
S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
S2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [222528 2009-08-07] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199032 2010-02-04] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [149032 2010-02-08] (McAfee, Inc.)
S2 MpfService; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [893112 2009-05-08] (McAfee, Inc.)
S2 myAgtSvc; C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [282824 2010-02-17] (McAfee, Inc.)
S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [441344 2011-12-21] (Alcatel-Lucent)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
S2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.)
S2 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)

==================== Drivers (Whitelisted) ====================

S3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121760 2010-02-08] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190136 2010-02-08] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [527592 2010-02-08] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94224 2010-02-08] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [280008 2010-02-08] (McAfee, Inc.)
S1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-15] (McAfee, Inc.)
S1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-15] (McAfee, Inc.)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89216 2009-12-22] (Realtek Semiconductor Corp.)
S0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-15] (McAfee, Inc.)
S0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-15] (McAfee, Inc.)
S0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
S0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-15] (McAfee, Inc.)
S0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-15] (McAfee, Inc.)
S0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-15] (McAfee, Inc.)
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [x]
S0 SMR410; System32\drivers\SMR410.SYS [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-19 19:13 - 2013-12-19 19:13 - 00458664 _____ C:\Windows\Minidump\121913-30732-01.dmp
2013-12-13 17:51 - 2013-12-13 17:51 - 00000000 ____D C:\FRST
2013-12-13 15:26 - 2013-12-13 15:27 - 00458664 _____ C:\Windows\Minidump\121313-28298-01.dmp
2013-12-12 21:17 - 2013-12-12 21:17 - 00003288 ____N C:\bootsqm.dat
2013-12-08 18:09 - 2013-12-08 18:09 - 00458664 _____ C:\Windows\Minidump\120813-17440-01.dmp
2013-12-08 12:59 - 2013-12-08 12:59 - 00000000 ____D C:\ProgramData\SMR410
2013-12-08 12:47 - 2013-12-08 12:47 - 00000000 __SHD C:\found.002
2013-12-08 12:31 - 2013-12-08 13:27 - 00000000 ____D C:\Users\Newman\AppData\Local\NPE
2013-12-08 12:31 - 2013-12-08 12:32 - 00000000 ____D C:\ProgramData\Norton
2013-12-08 12:31 - 2013-12-08 12:31 - 03053496 ____N (Symantec Corporation) C:\Users\Newman\Downloads\NPE.exe
2013-12-08 12:01 - 2013-12-08 12:59 - 01070252 _____ C:\Windows\ntbtlog.txt.bak
2013-12-08 11:51 - 2013-12-08 16:43 - 95025368 ____T C:\ProgramData\h4ibnjwv.fee
2013-12-08 11:51 - 2013-12-08 15:34 - 00000000 _____ C:\ProgramData\h4ibnjwv.odd
2013-12-08 11:51 - 2013-12-08 11:51 - 00207872 _____ (Microsoft Corporation) C:\ProgramData\vwjnbi4h.jss
2013-12-08 11:51 - 2013-12-08 11:51 - 00060528 ____T (Microsoft Corporation) C:\ProgramData\h4ibnjwv.zvv
2013-11-29 00:32 - 2013-11-29 00:42 - 00000000 ____D C:\Users\Newman\Documents\WebCam Media
2013-11-29 00:32 - 2013-11-29 00:32 - 00000000 ____D C:\Users\Newman\AppData\Local\ArcSoft

==================== One Month Modified Files and Folders =======

2013-12-19 19:13 - 2013-12-19 19:13 - 00458664 _____ C:\Windows\Minidump\121913-30732-01.dmp
2013-12-19 19:13 - 2011-08-30 15:45 - 329833237 _____ C:\Windows\MEMORY.DMP
2013-12-19 19:13 - 2011-08-30 15:45 - 00000000 ____D C:\Windows\Minidump
2013-12-13 17:51 - 2013-12-13 17:51 - 00000000 ____D C:\FRST
2013-12-13 15:27 - 2013-12-13 15:26 - 00458664 _____ C:\Windows\Minidump\121313-28298-01.dmp
2013-12-12 21:17 - 2013-12-12 21:17 - 00003288 ____N C:\bootsqm.dat
2013-12-10 09:50 - 2010-09-08 12:40 - 00000000 ____D C:\ProgramData\HPQLOG
2013-12-08 18:09 - 2013-12-08 18:09 - 00458664 _____ C:\Windows\Minidump\120813-17440-01.dmp
2013-12-08 16:45 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-08 16:45 - 2009-07-13 20:51 - 00082773 _____ C:\Windows\setupact.log
2013-12-08 16:44 - 2010-08-30 00:09 - 00000000 ____D C:\ProgramData\FLEXnet
2013-12-08 16:43 - 2013-12-08 11:51 - 95025368 ____T C:\ProgramData\h4ibnjwv.fee
2013-12-08 16:43 - 2010-09-08 13:15 - 00009005 _____ C:\Windows\System32\Config.MPF
2013-12-08 16:43 - 2010-08-30 00:02 - 01250296 _____ C:\Windows\WindowsUpdate.log
2013-12-08 16:11 - 2011-01-04 07:53 - 00000000 ____D C:\Windows\rescache
2013-12-08 15:41 - 2009-07-13 20:45 - 00020944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-08 15:41 - 2009-07-13 20:45 - 00020944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-08 15:38 - 2009-07-13 21:13 - 00727334 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-08 15:34 - 2013-12-08 11:51 - 00000000 _____ C:\ProgramData\h4ibnjwv.odd
2013-12-08 13:27 - 2013-12-08 12:31 - 00000000 ____D C:\Users\Newman\AppData\Local\NPE
2013-12-08 12:59 - 2013-12-08 12:59 - 00000000 ____D C:\ProgramData\SMR410
2013-12-08 12:59 - 2013-12-08 12:01 - 01070252 _____ C:\Windows\ntbtlog.txt.bak
2013-12-08 12:47 - 2013-12-08 12:47 - 00000000 __SHD C:\found.002
2013-12-08 12:32 - 2013-12-08 12:31 - 00000000 ____D C:\ProgramData\Norton
2013-12-08 12:31 - 2013-12-08 12:31 - 03053496 ____N (Symantec Corporation) C:\Users\Newman\Downloads\NPE.exe
2013-12-08 11:54 - 2013-11-23 19:24 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForNewman.job
2013-12-08 11:54 - 2010-09-08 13:21 - 00097740 _____ C:\Windows\PFRO.log
2013-12-08 11:52 - 2013-11-23 19:24 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNewman
2013-12-08 11:51 - 2013-12-08 11:51 - 00207872 _____ (Microsoft Corporation) C:\ProgramData\vwjnbi4h.jss
2013-12-08 11:51 - 2013-12-08 11:51 - 00060528 ____T (Microsoft Corporation) C:\ProgramData\h4ibnjwv.zvv
2013-12-08 11:45 - 2011-01-04 05:27 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BD024DDE-00E5-4519-87AD-29E005183F2A}
2013-12-08 11:43 - 2010-09-08 12:40 - 00000000 ____D C:\ProgramData\PDFC
2013-11-29 00:42 - 2013-11-29 00:32 - 00000000 ____D C:\Users\Newman\Documents\WebCam Media
2013-11-29 00:32 - 2013-11-29 00:32 - 00000000 ____D C:\Users\Newman\AppData\Local\ArcSoft
2013-11-29 00:32 - 2011-08-10 16:20 - 00000000 ____D C:\Users\Newman\AppData\Roaming\ArcSoft
2013-11-29 00:32 - 2010-08-30 00:16 - 00000000 ___HD C:\ProgramData\ArcSoft

Some content of TEMP:
====================
C:\Users\Newman\AppData\Local\Temp\AtpTimerInfo.dll
C:\Users\Newman\AppData\Local\Temp\CWPCUNLR.dll
C:\Users\Newman\AppData\Local\Temp\Extract.exe
C:\Users\Newman\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Newman\AppData\Local\Temp\HPQSi.exe
C:\Users\Newman\AppData\Local\Temp\Resource.exe
C:\Users\Newman\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Newman\AppData\Local\Temp\SP49020.exe
C:\Users\Newman\AppData\Local\Temp\SP50301.exe
C:\Users\Newman\AppData\Local\Temp\SP50370.exe
C:\Users\Newman\AppData\Local\Temp\sp50843.exe.exe
C:\Users\Newman\AppData\Local\Temp\SP51059.exe
C:\Users\Newman\AppData\Local\Temp\SP51116.exe
C:\Users\Newman\AppData\Local\Temp\SP51626.exe
C:\Users\Newman\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Newman\AppData\Local\Temp\sp54373.exe
C:\Users\Newman\AppData\Local\Temp\SP54600.exe
C:\Users\Newman\AppData\Local\Temp\sp54620.exe
C:\Users\Newman\AppData\Local\Temp\SP54636.exe
C:\Users\Newman\AppData\Local\Temp\SP57762.exe
C:\Users\Newman\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Newman\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Newman\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Newman\AppData\Local\Temp\ymcqhpzu.dll
C:\Users\Newman\AppData\Local\Temp\~tmf3215981631604895091.dll

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {default}
resumeobject            {e1ca41bc-b417-11df-9c23-dffb663cbcf9}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {e1ca41be-b417-11df-9c23-dffb663cbcf9}

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {e1ca41be-b417-11df-9c23-dffb663cbcf9}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {e1ca41bc-b417-11df-9c23-dffb663cbcf9}
nx                      OptIn
detecthal               Yes
bootlog                 Yes

Windows Boot Loader
-------------------
identifier              {e1ca41be-b417-11df-9c23-dffb663cbcf9}
device                  ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{e1ca41bf-b417-11df-9c23-dffb663cbcf9}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{e1ca41bf-b417-11df-9c23-dffb663cbcf9}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {e1ca41bc-b417-11df-9c23-dffb663cbcf9}
device                  partition=C:
path                    \windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {e1ca41bf-b417-11df-9c23-dffb663cbcf9}
description             Ramdisk Options
ramdisksdidevice        partition=E:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3887.43 MB
Available physical RAM: 3218.46 MB
Total Pagefile: 3885.63 MB
Available Pagefile: 3239.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.8 GB) (Free:175.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:2.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.48 GB) FAT32
Drive h: () (Removable) (Total:3.82 GB) (Free:0.66 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 682CF1B6)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 04030201)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)

LastRegBack: 2013-12-08 16:04

==================== End Of Log ============================



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:34 PM

Posted 28 December 2013 - 04:19 PM

Hi Justin and welcome. Thanks for the explanation.
 

If we are unable to fix it is there anyway to access the hardrive and remove photos before I wipe the computer?

Yes there is. Hopefully we will not need to do that but time and a bit of labor will tell. Nice work getting us the log! :)

Do you have an Addition.txt report you can post? If not, please rerun FRST and make sure that box is checked before scanning.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 justin.zerber

justin.zerber
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 28 December 2013 - 04:56 PM

Gary,

 

Here is the results from the scan with the addtion.txt report.

 

Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
Ran by SYSTEM on MININT-9IKU83I on 28-12-2013 16:49:29
Running from H:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ATT-SST_McciTrayApp] - C:\Program Files\ATT-SST\pcTrayApp.exe [2727936 2012-06-07] (Alcatel-Lucent)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc)
HKLM-x32\...\Run: [McAfee Managed Services Tray] - C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe [476480 2010-02-17] (McAfee, Inc.)
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe [11265536 2009-12-11] (Hewlett-Packard)
HKLM-x32\...\Run: [DTRun] - C:\Program Files (x86)\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Newman\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Newman\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\Newman\...\Run: [Regedit32] - C:\windows\system32\regedit.exe
HKU\Newman\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\Newman\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h4ibnjwv.lnk
ShortcutTarget: h4ibnjwv.lnk -> C:\ProgramData\vwjnbi4h.jss (Microsoft Corporation)
Startup: C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
S3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-15] (McAfee, Inc.)
S2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd)
S2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P)
S2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-15] (McAfee, Inc.)
S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
S2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [222528 2009-08-07] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199032 2010-02-04] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [149032 2010-02-08] (McAfee, Inc.)
S2 MpfService; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [893112 2009-05-08] (McAfee, Inc.)
S2 myAgtSvc; C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [282824 2010-02-17] (McAfee, Inc.)
S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [441344 2011-12-21] (Alcatel-Lucent)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
S2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.)
S2 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)

==================== Drivers (Whitelisted) ====================

S3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121760 2010-02-08] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190136 2010-02-08] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [527592 2010-02-08] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94224 2010-02-08] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [280008 2010-02-08] (McAfee, Inc.)
S1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-15] (McAfee, Inc.)
S1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-15] (McAfee, Inc.)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89216 2009-12-22] (Realtek Semiconductor Corp.)
S0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-15] (McAfee, Inc.)
S0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-15] (McAfee, Inc.)
S0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
S0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-15] (McAfee, Inc.)
S0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-15] (McAfee, Inc.)
S0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-15] (McAfee, Inc.)
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [x]
S0 SMR410; System32\drivers\SMR410.SYS [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-19 19:13 - 2013-12-19 19:13 - 00458664 _____ C:\Windows\Minidump\121913-30732-01.dmp
2013-12-13 17:51 - 2013-12-13 17:51 - 00000000 ____D C:\FRST
2013-12-13 15:26 - 2013-12-13 15:27 - 00458664 _____ C:\Windows\Minidump\121313-28298-01.dmp
2013-12-12 21:17 - 2013-12-12 21:17 - 00003288 ____N C:\bootsqm.dat
2013-12-08 18:09 - 2013-12-08 18:09 - 00458664 _____ C:\Windows\Minidump\120813-17440-01.dmp
2013-12-08 12:59 - 2013-12-08 12:59 - 00000000 ____D C:\ProgramData\SMR410
2013-12-08 12:47 - 2013-12-08 12:47 - 00000000 __SHD C:\found.002
2013-12-08 12:31 - 2013-12-08 13:27 - 00000000 ____D C:\Users\Newman\AppData\Local\NPE
2013-12-08 12:31 - 2013-12-08 12:32 - 00000000 ____D C:\ProgramData\Norton
2013-12-08 12:31 - 2013-12-08 12:31 - 03053496 ____N (Symantec Corporation) C:\Users\Newman\Downloads\NPE.exe
2013-12-08 12:01 - 2013-12-08 12:59 - 01070252 _____ C:\Windows\ntbtlog.txt.bak
2013-12-08 11:51 - 2013-12-08 16:43 - 95025368 ____T C:\ProgramData\h4ibnjwv.fee
2013-12-08 11:51 - 2013-12-08 15:34 - 00000000 _____ C:\ProgramData\h4ibnjwv.odd
2013-12-08 11:51 - 2013-12-08 11:51 - 00207872 _____ (Microsoft Corporation) C:\ProgramData\vwjnbi4h.jss
2013-12-08 11:51 - 2013-12-08 11:51 - 00060528 ____T (Microsoft Corporation) C:\ProgramData\h4ibnjwv.zvv
2013-11-29 00:32 - 2013-11-29 00:42 - 00000000 ____D C:\Users\Newman\Documents\WebCam Media
2013-11-29 00:32 - 2013-11-29 00:32 - 00000000 ____D C:\Users\Newman\AppData\Local\ArcSoft

==================== One Month Modified Files and Folders =======

2013-12-19 19:13 - 2013-12-19 19:13 - 00458664 _____ C:\Windows\Minidump\121913-30732-01.dmp
2013-12-19 19:13 - 2011-08-30 15:45 - 329833237 _____ C:\Windows\MEMORY.DMP
2013-12-19 19:13 - 2011-08-30 15:45 - 00000000 ____D C:\Windows\Minidump
2013-12-13 17:51 - 2013-12-13 17:51 - 00000000 ____D C:\FRST
2013-12-13 15:27 - 2013-12-13 15:26 - 00458664 _____ C:\Windows\Minidump\121313-28298-01.dmp
2013-12-12 21:17 - 2013-12-12 21:17 - 00003288 ____N C:\bootsqm.dat
2013-12-10 09:50 - 2010-09-08 12:40 - 00000000 ____D C:\ProgramData\HPQLOG
2013-12-08 18:09 - 2013-12-08 18:09 - 00458664 _____ C:\Windows\Minidump\120813-17440-01.dmp
2013-12-08 16:45 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-08 16:45 - 2009-07-13 20:51 - 00082773 _____ C:\Windows\setupact.log
2013-12-08 16:44 - 2010-08-30 00:09 - 00000000 ____D C:\ProgramData\FLEXnet
2013-12-08 16:43 - 2013-12-08 11:51 - 95025368 ____T C:\ProgramData\h4ibnjwv.fee
2013-12-08 16:43 - 2010-09-08 13:15 - 00009005 _____ C:\Windows\System32\Config.MPF
2013-12-08 16:43 - 2010-08-30 00:02 - 01250296 _____ C:\Windows\WindowsUpdate.log
2013-12-08 16:11 - 2011-01-04 07:53 - 00000000 ____D C:\Windows\rescache
2013-12-08 15:41 - 2009-07-13 20:45 - 00020944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-08 15:41 - 2009-07-13 20:45 - 00020944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-08 15:38 - 2009-07-13 21:13 - 00727334 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-08 15:34 - 2013-12-08 11:51 - 00000000 _____ C:\ProgramData\h4ibnjwv.odd
2013-12-08 13:27 - 2013-12-08 12:31 - 00000000 ____D C:\Users\Newman\AppData\Local\NPE
2013-12-08 12:59 - 2013-12-08 12:59 - 00000000 ____D C:\ProgramData\SMR410
2013-12-08 12:59 - 2013-12-08 12:01 - 01070252 _____ C:\Windows\ntbtlog.txt.bak
2013-12-08 12:47 - 2013-12-08 12:47 - 00000000 __SHD C:\found.002
2013-12-08 12:32 - 2013-12-08 12:31 - 00000000 ____D C:\ProgramData\Norton
2013-12-08 12:31 - 2013-12-08 12:31 - 03053496 ____N (Symantec Corporation) C:\Users\Newman\Downloads\NPE.exe
2013-12-08 11:54 - 2013-11-23 19:24 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForNewman.job
2013-12-08 11:54 - 2010-09-08 13:21 - 00097740 _____ C:\Windows\PFRO.log
2013-12-08 11:52 - 2013-11-23 19:24 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNewman
2013-12-08 11:51 - 2013-12-08 11:51 - 00207872 _____ (Microsoft Corporation) C:\ProgramData\vwjnbi4h.jss
2013-12-08 11:51 - 2013-12-08 11:51 - 00060528 ____T (Microsoft Corporation) C:\ProgramData\h4ibnjwv.zvv
2013-12-08 11:45 - 2011-01-04 05:27 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BD024DDE-00E5-4519-87AD-29E005183F2A}
2013-12-08 11:43 - 2010-09-08 12:40 - 00000000 ____D C:\ProgramData\PDFC
2013-11-29 00:42 - 2013-11-29 00:32 - 00000000 ____D C:\Users\Newman\Documents\WebCam Media
2013-11-29 00:32 - 2013-11-29 00:32 - 00000000 ____D C:\Users\Newman\AppData\Local\ArcSoft
2013-11-29 00:32 - 2011-08-10 16:20 - 00000000 ____D C:\Users\Newman\AppData\Roaming\ArcSoft
2013-11-29 00:32 - 2010-08-30 00:16 - 00000000 ___HD C:\ProgramData\ArcSoft

Some content of TEMP:
====================
C:\Users\Newman\AppData\Local\Temp\AtpTimerInfo.dll
C:\Users\Newman\AppData\Local\Temp\CWPCUNLR.dll
C:\Users\Newman\AppData\Local\Temp\Extract.exe
C:\Users\Newman\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Newman\AppData\Local\Temp\HPQSi.exe
C:\Users\Newman\AppData\Local\Temp\Resource.exe
C:\Users\Newman\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Newman\AppData\Local\Temp\SP49020.exe
C:\Users\Newman\AppData\Local\Temp\SP50301.exe
C:\Users\Newman\AppData\Local\Temp\SP50370.exe
C:\Users\Newman\AppData\Local\Temp\sp50843.exe.exe
C:\Users\Newman\AppData\Local\Temp\SP51059.exe
C:\Users\Newman\AppData\Local\Temp\SP51116.exe
C:\Users\Newman\AppData\Local\Temp\SP51626.exe
C:\Users\Newman\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Newman\AppData\Local\Temp\sp54373.exe
C:\Users\Newman\AppData\Local\Temp\SP54600.exe
C:\Users\Newman\AppData\Local\Temp\sp54620.exe
C:\Users\Newman\AppData\Local\Temp\SP54636.exe
C:\Users\Newman\AppData\Local\Temp\SP57762.exe
C:\Users\Newman\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Newman\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Newman\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Newman\AppData\Local\Temp\ymcqhpzu.dll
C:\Users\Newman\AppData\Local\Temp\~tmf3215981631604895091.dll

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {default}
resumeobject            {e1ca41bc-b417-11df-9c23-dffb663cbcf9}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {e1ca41be-b417-11df-9c23-dffb663cbcf9}

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {e1ca41be-b417-11df-9c23-dffb663cbcf9}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {e1ca41bc-b417-11df-9c23-dffb663cbcf9}
nx                      OptIn
detecthal               Yes
bootlog                 Yes

Windows Boot Loader
-------------------
identifier              {e1ca41be-b417-11df-9c23-dffb663cbcf9}
device                  ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{e1ca41bf-b417-11df-9c23-dffb663cbcf9}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{e1ca41bf-b417-11df-9c23-dffb663cbcf9}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {e1ca41bc-b417-11df-9c23-dffb663cbcf9}
device                  partition=C:
path                    \windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {e1ca41bf-b417-11df-9c23-dffb663cbcf9}
description             Ramdisk Options
ramdisksdidevice        partition=E:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3887.43 MB
Available physical RAM: 3214.44 MB
Total Pagefile: 3885.63 MB
Available Pagefile: 3237.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.8 GB) (Free:175.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:2.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.48 GB) FAT32
Drive h: () (Removable) (Total:3.82 GB) (Free:0.66 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 682CF1B6)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 04030201)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)

LastRegBack: 2013-12-08 16:04

==================== End Of Log ============================



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:34 PM

Posted 28 December 2013 - 07:07 PM

Unfortunately this is not the Addition.txt. If it isn't being created we will do the best we can but it you can look to see if it is there somewhere I would appreciate it.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 justin.zerber

justin.zerber
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 28 December 2013 - 09:44 PM

Gary,

 

I have re-run the program with just clicking the addtion.txt box. In the previous scan I clicked both the first box on the bottom and the last box "addition.txt". I hope it worked this time.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
Ran by SYSTEM on MININT-H71U0PH on 28-12-2013 21:40:20
Running from H:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ATT-SST_McciTrayApp] - C:\Program Files\ATT-SST\pcTrayApp.exe [2727936 2012-06-07] (Alcatel-Lucent)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc)
HKLM-x32\...\Run: [McAfee Managed Services Tray] - C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe [476480 2010-02-17] (McAfee, Inc.)
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe [11265536 2009-12-11] (Hewlett-Packard)
HKLM-x32\...\Run: [DTRun] - C:\Program Files (x86)\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Newman\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Newman\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\Newman\...\Run: [Regedit32] - C:\windows\system32\regedit.exe
HKU\Newman\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\Newman\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h4ibnjwv.lnk
ShortcutTarget: h4ibnjwv.lnk -> C:\ProgramData\vwjnbi4h.jss (Microsoft Corporation)
Startup: C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
S3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-15] (McAfee, Inc.)
S2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd)
S2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P)
S2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-15] (McAfee, Inc.)
S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
S2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [222528 2009-08-07] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199032 2010-02-04] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [149032 2010-02-08] (McAfee, Inc.)
S2 MpfService; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [893112 2009-05-08] (McAfee, Inc.)
S2 myAgtSvc; C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [282824 2010-02-17] (McAfee, Inc.)
S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [441344 2011-12-21] (Alcatel-Lucent)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
S2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.)
S2 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)

==================== Drivers (Whitelisted) ====================

S3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121760 2010-02-08] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190136 2010-02-08] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [527592 2010-02-08] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94224 2010-02-08] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [280008 2010-02-08] (McAfee, Inc.)
S1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-15] (McAfee, Inc.)
S1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-15] (McAfee, Inc.)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89216 2009-12-22] (Realtek Semiconductor Corp.)
S0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-15] (McAfee, Inc.)
S0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-15] (McAfee, Inc.)
S0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
S0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-15] (McAfee, Inc.)
S0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-15] (McAfee, Inc.)
S0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-15] (McAfee, Inc.)
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [x]
S0 SMR410; System32\drivers\SMR410.SYS [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-19 19:13 - 2013-12-19 19:13 - 00458664 _____ C:\Windows\Minidump\121913-30732-01.dmp
2013-12-13 17:51 - 2013-12-13 17:51 - 00000000 ____D C:\FRST
2013-12-13 15:26 - 2013-12-13 15:27 - 00458664 _____ C:\Windows\Minidump\121313-28298-01.dmp
2013-12-12 21:17 - 2013-12-12 21:17 - 00003288 ____N C:\bootsqm.dat
2013-12-08 18:09 - 2013-12-08 18:09 - 00458664 _____ C:\Windows\Minidump\120813-17440-01.dmp
2013-12-08 12:59 - 2013-12-08 12:59 - 00000000 ____D C:\ProgramData\SMR410
2013-12-08 12:47 - 2013-12-08 12:47 - 00000000 __SHD C:\found.002
2013-12-08 12:31 - 2013-12-08 13:27 - 00000000 ____D C:\Users\Newman\AppData\Local\NPE
2013-12-08 12:31 - 2013-12-08 12:32 - 00000000 ____D C:\ProgramData\Norton
2013-12-08 12:31 - 2013-12-08 12:31 - 03053496 ____N (Symantec Corporation) C:\Users\Newman\Downloads\NPE.exe
2013-12-08 12:01 - 2013-12-08 12:59 - 01070252 _____ C:\Windows\ntbtlog.txt.bak
2013-12-08 11:51 - 2013-12-08 16:43 - 95025368 ____T C:\ProgramData\h4ibnjwv.fee
2013-12-08 11:51 - 2013-12-08 15:34 - 00000000 _____ C:\ProgramData\h4ibnjwv.odd
2013-12-08 11:51 - 2013-12-08 11:51 - 00207872 _____ (Microsoft Corporation) C:\ProgramData\vwjnbi4h.jss
2013-12-08 11:51 - 2013-12-08 11:51 - 00060528 ____T (Microsoft Corporation) C:\ProgramData\h4ibnjwv.zvv
2013-11-29 00:32 - 2013-11-29 00:42 - 00000000 ____D C:\Users\Newman\Documents\WebCam Media
2013-11-29 00:32 - 2013-11-29 00:32 - 00000000 ____D C:\Users\Newman\AppData\Local\ArcSoft

==================== One Month Modified Files and Folders =======

2013-12-19 19:13 - 2013-12-19 19:13 - 00458664 _____ C:\Windows\Minidump\121913-30732-01.dmp
2013-12-19 19:13 - 2011-08-30 15:45 - 329833237 _____ C:\Windows\MEMORY.DMP
2013-12-19 19:13 - 2011-08-30 15:45 - 00000000 ____D C:\Windows\Minidump
2013-12-13 17:51 - 2013-12-13 17:51 - 00000000 ____D C:\FRST
2013-12-13 15:27 - 2013-12-13 15:26 - 00458664 _____ C:\Windows\Minidump\121313-28298-01.dmp
2013-12-12 21:17 - 2013-12-12 21:17 - 00003288 ____N C:\bootsqm.dat
2013-12-10 09:50 - 2010-09-08 12:40 - 00000000 ____D C:\ProgramData\HPQLOG
2013-12-08 18:09 - 2013-12-08 18:09 - 00458664 _____ C:\Windows\Minidump\120813-17440-01.dmp
2013-12-08 16:45 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-08 16:45 - 2009-07-13 20:51 - 00082773 _____ C:\Windows\setupact.log
2013-12-08 16:44 - 2010-08-30 00:09 - 00000000 ____D C:\ProgramData\FLEXnet
2013-12-08 16:43 - 2013-12-08 11:51 - 95025368 ____T C:\ProgramData\h4ibnjwv.fee
2013-12-08 16:43 - 2010-09-08 13:15 - 00009005 _____ C:\Windows\System32\Config.MPF
2013-12-08 16:43 - 2010-08-30 00:02 - 01250296 _____ C:\Windows\WindowsUpdate.log
2013-12-08 16:11 - 2011-01-04 07:53 - 00000000 ____D C:\Windows\rescache
2013-12-08 15:41 - 2009-07-13 20:45 - 00020944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-08 15:41 - 2009-07-13 20:45 - 00020944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-08 15:38 - 2009-07-13 21:13 - 00727334 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-08 15:34 - 2013-12-08 11:51 - 00000000 _____ C:\ProgramData\h4ibnjwv.odd
2013-12-08 13:27 - 2013-12-08 12:31 - 00000000 ____D C:\Users\Newman\AppData\Local\NPE
2013-12-08 12:59 - 2013-12-08 12:59 - 00000000 ____D C:\ProgramData\SMR410
2013-12-08 12:59 - 2013-12-08 12:01 - 01070252 _____ C:\Windows\ntbtlog.txt.bak
2013-12-08 12:47 - 2013-12-08 12:47 - 00000000 __SHD C:\found.002
2013-12-08 12:32 - 2013-12-08 12:31 - 00000000 ____D C:\ProgramData\Norton
2013-12-08 12:31 - 2013-12-08 12:31 - 03053496 ____N (Symantec Corporation) C:\Users\Newman\Downloads\NPE.exe
2013-12-08 11:54 - 2013-11-23 19:24 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForNewman.job
2013-12-08 11:54 - 2010-09-08 13:21 - 00097740 _____ C:\Windows\PFRO.log
2013-12-08 11:52 - 2013-11-23 19:24 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNewman
2013-12-08 11:51 - 2013-12-08 11:51 - 00207872 _____ (Microsoft Corporation) C:\ProgramData\vwjnbi4h.jss
2013-12-08 11:51 - 2013-12-08 11:51 - 00060528 ____T (Microsoft Corporation) C:\ProgramData\h4ibnjwv.zvv
2013-12-08 11:45 - 2011-01-04 05:27 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BD024DDE-00E5-4519-87AD-29E005183F2A}
2013-12-08 11:43 - 2010-09-08 12:40 - 00000000 ____D C:\ProgramData\PDFC
2013-11-29 00:42 - 2013-11-29 00:32 - 00000000 ____D C:\Users\Newman\Documents\WebCam Media
2013-11-29 00:32 - 2013-11-29 00:32 - 00000000 ____D C:\Users\Newman\AppData\Local\ArcSoft
2013-11-29 00:32 - 2011-08-10 16:20 - 00000000 ____D C:\Users\Newman\AppData\Roaming\ArcSoft
2013-11-29 00:32 - 2010-08-30 00:16 - 00000000 ___HD C:\ProgramData\ArcSoft

Some content of TEMP:
====================
C:\Users\Newman\AppData\Local\Temp\AtpTimerInfo.dll
C:\Users\Newman\AppData\Local\Temp\CWPCUNLR.dll
C:\Users\Newman\AppData\Local\Temp\Extract.exe
C:\Users\Newman\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Newman\AppData\Local\Temp\HPQSi.exe
C:\Users\Newman\AppData\Local\Temp\Resource.exe
C:\Users\Newman\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Newman\AppData\Local\Temp\SP49020.exe
C:\Users\Newman\AppData\Local\Temp\SP50301.exe
C:\Users\Newman\AppData\Local\Temp\SP50370.exe
C:\Users\Newman\AppData\Local\Temp\sp50843.exe.exe
C:\Users\Newman\AppData\Local\Temp\SP51059.exe
C:\Users\Newman\AppData\Local\Temp\SP51116.exe
C:\Users\Newman\AppData\Local\Temp\SP51626.exe
C:\Users\Newman\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Newman\AppData\Local\Temp\sp54373.exe
C:\Users\Newman\AppData\Local\Temp\SP54600.exe
C:\Users\Newman\AppData\Local\Temp\sp54620.exe
C:\Users\Newman\AppData\Local\Temp\SP54636.exe
C:\Users\Newman\AppData\Local\Temp\SP57762.exe
C:\Users\Newman\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Newman\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Newman\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Newman\AppData\Local\Temp\ymcqhpzu.dll
C:\Users\Newman\AppData\Local\Temp\~tmf3215981631604895091.dll

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3887.43 MB
Available physical RAM: 3214.43 MB
Total Pagefile: 3885.63 MB
Available Pagefile: 3238.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.8 GB) (Free:175.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:2.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.48 GB) FAT32
Drive h: () (Removable) (Total:3.82 GB) (Free:0.66 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 682CF1B6)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 04030201)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)

LastRegBack: 2013-12-08 16:04

==================== End Of Log ============================



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:34 PM

Posted 28 December 2013 - 10:43 PM

Still no log so we will go forward with what we have. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKU\Newman\...\Run: [Regedit32] - C:\windows\system32\regedit.exe
C:\windows\system32\regedit.exe
Startup: C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h4ibnjwv.lnk
C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h4ibnjwv.lnk
ShortcutTarget: h4ibnjwv.lnk -> C:\ProgramData\vwjnbi4h.jss (Microsoft Corporation)
2013-12-08 11:51 - 2013-12-08 16:43 - 95025368 ____T C:\ProgramData\h4ibnjwv.fee
2013-12-08 11:51 - 2013-12-08 15:34 - 00000000 _____ C:\ProgramData\h4ibnjwv.odd
2013-12-08 11:51 - 2013-12-08 11:51 - 00207872 _____ (Microsoft Corporation) C:\ProgramData\vwjnbi4h.jss
2013-12-08 11:51 - 2013-12-08 11:51 - 00060528 ____T (Microsoft Corporation) C:\ProgramData\h4ibnjwv.zvv
C:\Users\Newman\AppData\Local\Temp\AtpTimerInfo.dll
C:\Users\Newman\AppData\Local\Temp\CWPCUNLR.dll
C:\Users\Newman\AppData\Local\Temp\Extract.exe
C:\Users\Newman\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Newman\AppData\Local\Temp\HPQSi.exe
C:\Users\Newman\AppData\Local\Temp\Resource.exe
C:\Users\Newman\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Newman\AppData\Local\Temp\SP49020.exe
C:\Users\Newman\AppData\Local\Temp\SP50301.exe
C:\Users\Newman\AppData\Local\Temp\SP50370.exe
C:\Users\Newman\AppData\Local\Temp\sp50843.exe.exe
C:\Users\Newman\AppData\Local\Temp\SP51059.exe
C:\Users\Newman\AppData\Local\Temp\SP51116.exe
C:\Users\Newman\AppData\Local\Temp\SP51626.exe
C:\Users\Newman\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Newman\AppData\Local\Temp\sp54373.exe
C:\Users\Newman\AppData\Local\Temp\SP54600.exe
C:\Users\Newman\AppData\Local\Temp\sp54620.exe
C:\Users\Newman\AppData\Local\Temp\SP54636.exe
C:\Users\Newman\AppData\Local\Temp\SP57762.exe
C:\Users\Newman\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Newman\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Newman\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Newman\AppData\Local\Temp\ymcqhpzu.dll
C:\Users\Newman\AppData\Local\Temp\~tmf3215981631604895091.dll
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up) and select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode, or if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Does your computer boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 justin.zerber

justin.zerber
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 29 December 2013 - 12:03 AM

Gary,

 

Thank you for your quick responses.

 

The computer still does not boot up in either mode. It shows the windows loading screen and then will go to the black screen with just the cursor.

 

Here is the fix log.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-12-2013 01
Ran by SYSTEM at 2013-12-28 23:59:33 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Newman\...\Run: [Regedit32] - C:\windows\system32\regedit.exe
C:\windows\system32\regedit.exe
Startup: C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h4ibnjwv.lnk
C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h4ibnjwv.lnk
ShortcutTarget: h4ibnjwv.lnk -> C:\ProgramData\vwjnbi4h.jss (Microsoft Corporation)
2013-12-08 11:51 - 2013-12-08 16:43 - 95025368 ____T C:\ProgramData\h4ibnjwv.fee
2013-12-08 11:51 - 2013-12-08 15:34 - 00000000 _____ C:\ProgramData\h4ibnjwv.odd
2013-12-08 11:51 - 2013-12-08 11:51 - 00207872 _____ (Microsoft Corporation) C:\ProgramData\vwjnbi4h.jss
2013-12-08 11:51 - 2013-12-08 11:51 - 00060528 ____T (Microsoft Corporation) C:\ProgramData\h4ibnjwv.zvv
C:\Users\Newman\AppData\Local\Temp\AtpTimerInfo.dll
C:\Users\Newman\AppData\Local\Temp\CWPCUNLR.dll
C:\Users\Newman\AppData\Local\Temp\Extract.exe
C:\Users\Newman\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Newman\AppData\Local\Temp\HPQSi.exe
C:\Users\Newman\AppData\Local\Temp\Resource.exe
C:\Users\Newman\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Newman\AppData\Local\Temp\SP49020.exe
C:\Users\Newman\AppData\Local\Temp\SP50301.exe
C:\Users\Newman\AppData\Local\Temp\SP50370.exe
C:\Users\Newman\AppData\Local\Temp\sp50843.exe.exe
C:\Users\Newman\AppData\Local\Temp\SP51059.exe
C:\Users\Newman\AppData\Local\Temp\SP51116.exe
C:\Users\Newman\AppData\Local\Temp\SP51626.exe
C:\Users\Newman\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Newman\AppData\Local\Temp\sp54373.exe
C:\Users\Newman\AppData\Local\Temp\SP54600.exe
C:\Users\Newman\AppData\Local\Temp\sp54620.exe
C:\Users\Newman\AppData\Local\Temp\SP54636.exe
C:\Users\Newman\AppData\Local\Temp\SP57762.exe
C:\Users\Newman\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Newman\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Newman\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Newman\AppData\Local\Temp\ymcqhpzu.dll
C:\Users\Newman\AppData\Local\Temp\~tmf3215981631604895091.dll
*****************

HKU\Newman\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 => Value deleted successfully.
"C:\windows\system32\regedit.exe" => File/Directory not found.
C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h4ibnjwv.lnk => Moved successfully.
"C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h4ibnjwv.lnk" => File/Directory not found.
C:\ProgramData\vwjnbi4h.jss => Moved successfully.
C:\ProgramData\h4ibnjwv.fee => Moved successfully.
C:\ProgramData\h4ibnjwv.odd => Moved successfully.
"C:\ProgramData\vwjnbi4h.jss" => File/Directory not found.
C:\ProgramData\h4ibnjwv.zvv => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\AtpTimerInfo.dll => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\CWPCUNLR.dll => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\Extract.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\FlashPlayerUpdate.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\HPQSi.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\Resource.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\SP49020.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\SP50301.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\SP50370.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\sp50843.exe.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\SP51059.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\SP51116.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\SP51626.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\sp52110.exe.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\sp54373.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\SP54600.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\sp54620.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\SP54636.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\SP57762.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\UninstallHPTCA.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\ymcqhpzu.dll => Moved successfully.
C:\Users\Newman\AppData\Local\Temp\~tmf3215981631604895091.dll => Moved successfully.

==== End of Fixlog ====



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:34 PM

Posted 29 December 2013 - 09:16 AM

Greetings,

OK, we will continue to work at it.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
LastRegBack: 2013-12-08 16:04
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up) and select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode, or if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Does your computer boot properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 justin.zerber

justin.zerber
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 29 December 2013 - 09:47 AM

Here is the fix log.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-12-2013 01
Ran by SYSTEM at 2013-12-29 09:24:11 Run:2
Running from H:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
LastRegBack: 2013-12-08 16:04
*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

 

 

 

When I tired to start the computer normally after running the fix log it was unsuccsessful.

 

When I tried to run it in safe mode a "startup repair" program came up by itself and ran.

 

At the end it said "If you have recently attached a device to this computer, such as a camera or prtable music player, remove it and restart your computer. If you continue to see this message, contact your sytem administator or computer manufacturer for assistance."

 

I clicked on the diagnosis and repair detials:

 

Last successful boot time 12/9/2013 12:45:48 (GMT)

Number of repair attempts: 3

 

Session Details

-----------------------------------

System Disk = \Device\Harddisk0

Windows Directory = D:\windows

AutoChk Run = 0

Number of root causes = 1

 

Hope this helps.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:34 PM

Posted 29 December 2013 - 09:50 AM

At the end it said "If you have recently attached a device to this computer, such as a camera or prtable music player, remove it and restart your computer.

Is this applicable?  Did you recently attach an external device?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 justin.zerber

justin.zerber
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 29 December 2013 - 09:51 AM

Sorry, no nothing new has been attached.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users