Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 64-bit will not play Internet videos or install Google Chrome


  • This topic is locked This topic is locked
33 replies to this topic

#1 hockeymom18

hockeymom18

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 16 December 2013 - 11:24 PM

Working on a HP laptop for a friend and ran Malware Bytes in normal mode with negative results. Ran in safe mode found rootkit.0 access. Removed and rebooted. Everything works fine, then I ask what the original issue was and they said cannot play videos at all. Run updates to IE, Java, etc. Videos in Windows Media play run. Internet videos from You Tube, MSN, etc will not run only a black box. I am stumped. Ran combofix, AdwCleaner, TDSSkiller, Rkill, JRT.

Still not video playback. Also I noticed it still shows having McAfee and AVG 2012 on here but they are not in add/remove programs. If it was my computer I would just wipe and start fresh, but he has tons of pictures and music on here so need to avoid that if all possible.


DDS log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Mark at 22:11:33 on 2013-12-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7659.5811 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AccelerometerSysTrayApplet] "C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{550A6BD4-F855-4B29-8A75-F25B8282FB3B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C193AFF3-E9DE-45E7-898F-E8A1DA9D6D2F}\460786367657563747 : DHCPNameServer = 8.8.8.8 8.8.4.4
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck -
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
x64-SSODL: WebCheck -
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-4 78976]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-4 38528]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-23 55024]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-4-22 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-2 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-2 365568]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-9-26 2375168]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-12 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-25 701512]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-3-17 87168]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-9-26 46136]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-3-17 188544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-25 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-9-26 1492992]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-9-26 337512]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-26 428136]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-9-26 47232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-13 196440]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-19 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-17 04:02:31 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B11E30CF-A73B-45AA-9F10-1F061DB700E6}\offreg.dll
2013-12-17 03:45:20 -------- d-----w- C:\Windows\ERUNT
2013-12-17 03:30:47 -------- d-----w- C:\$RECYCLE.BIN
2013-12-17 01:22:49 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B11E30CF-A73B-45AA-9F10-1F061DB700E6}\mpengine.dll
2013-12-17 01:02:16 256000 ----a-w- C:\Windows\PEV.exe
2013-12-17 01:02:16 208896 ----a-w- C:\Windows\MBR.exe
2013-12-17 01:02:15 98816 ----a-w- C:\Windows\sed.exe
2013-12-17 00:40:24 -------- d-----w- C:\AdwCleaner
2013-12-14 17:51:11 -------- d-----w- C:\ProgramData\Oracle
2013-12-14 03:45:13 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-12-14 03:44:46 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-12-14 03:44:46 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-12-14 03:44:46 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-12-14 03:44:46 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-12-14 03:44:46 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-12-14 03:44:46 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-12-14 03:44:31 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-12-14 03:41:14 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-12-14 03:41:14 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-12-14 03:18:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-14 03:18:09 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-13 12:02:34 -------- d-----w- C:\Program Files\iPod
2013-12-13 12:02:33 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-13 12:02:33 -------- d-----w- C:\Program Files\iTunes
2013-12-13 12:02:33 -------- d-----w- C:\Program Files (x86)\iTunes
2013-12-13 11:57:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-12-13 11:57:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-12-13 11:57:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-12-13 11:57:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-12-13 11:57:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-12-13 02:01:54 -------- d-----w- C:\Program Files\CCleaner
.
==================== Find3M ====================
.
2013-12-14 03:45:13 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-12-14 03:42:56 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-19 09:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 22:12:29.00 ===============

Edited by hockeymom18, 16 December 2013 - 11:28 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 21 December 2013 - 11:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517717 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 hockeymom18

hockeymom18
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 26 December 2013 - 05:24 PM

Working on a HP laptop for a friend and ran Malware Bytes in normal mode with negative results. Ran in safe mode found rootkit.0 access. Removed and rebooted. Everything works fine, then I ask what the original issue was and they said cannot play videos at all. Run updates to IE, Java, etc. Videos in Windows Media play run. Internet videos from You Tube, MSN, etc will not run only a black box. I am stumped. Ran combofix, AdwCleaner, TDSSkiller, Rkill, JRT.

Still not video playback. Also I noticed it still shows having McAfee and AVG 2012 on here but they are not in add/remove programs. If it was my computer I would just wipe and start fresh, but he has tons of pictures and music on here so need to avoid that if all possible.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Mark at 20:18:43 on 2013-12-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7659.5601 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\HP\HP Software Update\HPWUCli.exe
C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\mpas-d_bd_1.165.32.0.exe
c:\32ad3e666da9eb1870b0d3\MpMiniSigStub.exe
C:\Windows\system32\MpSigStub.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AccelerometerSysTrayApplet] "C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{550A6BD4-F855-4B29-8A75-F25B8282FB3B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C193AFF3-E9DE-45E7-898F-E8A1DA9D6D2F}\460786367657563747 : DHCPNameServer = 8.8.8.8 8.8.4.4
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-4 78976]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-4 38528]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-23 55024]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-4-22 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-2 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-2 365568]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-9-26 2375168]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-12 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-25 701512]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-3-17 87168]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-9-26 46136]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-3-17 188544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-25 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-9-26 1492992]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-9-26 337512]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-26 428136]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-9-26 47232]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-13 196440]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-17 111616]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-19 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-27 02:20:12 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{36CB6B79-981F-4D9F-ACFD-860C7E94CE28}\mpengine.dll
2013-12-27 02:18:44 -------- d-----w- C:\32ad3e666da9eb1870b0d3
2013-12-27 02:13:22 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CEBC3A68-DB41-4B69-BA71-BDCACE711D8F}\offreg.dll
2013-12-17 22:17:12 10315576 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CEBC3A68-DB41-4B69-BA71-BDCACE711D8F}\mpengine.dll
2013-12-17 22:17:01 67072 ----a-w- C:\Windows\splwow64.exe
2013-12-17 22:17:01 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-12-17 10:10:22 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-17 10:10:22 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-17 10:10:21 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-17 10:10:20 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-17 09:46:05 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-12-17 09:20:35 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-12-17 09:20:35 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-12-17 09:20:35 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-12-17 09:20:35 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-12-17 09:20:35 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-12-17 09:20:35 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-12-17 09:20:35 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-12-17 09:07:52 -------- d-----w- C:\Windows\System32\MRT
2013-12-17 03:45:20 -------- d-----w- C:\Windows\ERUNT
2013-12-17 03:30:47 -------- d-----w- C:\$RECYCLE.BIN
2013-12-17 01:39:10 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-17 01:39:10 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-17 01:39:09 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-12-17 01:39:09 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2013-12-17 01:39:00 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-12-17 01:39:00 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-12-17 01:39:00 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2013-12-17 01:39:00 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-12-17 01:37:57 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-12-17 01:36:46 715776 ----a-w- C:\Windows\System32\kerberos.dll
2013-12-17 01:36:46 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2013-12-17 01:36:13 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-12-17 01:36:13 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-12-17 01:36:05 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-12-17 01:36:05 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-12-17 01:36:05 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-12-17 01:36:05 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-12-17 01:02:16 256000 ----a-w- C:\Windows\PEV.exe
2013-12-17 01:02:16 208896 ----a-w- C:\Windows\MBR.exe
2013-12-17 01:02:15 98816 ----a-w- C:\Windows\sed.exe
2013-12-17 00:40:24 -------- d-----w- C:\AdwCleaner
2013-12-14 17:51:11 -------- d-----w- C:\ProgramData\Oracle
2013-12-14 03:45:13 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-12-14 03:44:46 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-12-14 03:44:46 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-12-14 03:44:46 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-12-14 03:44:46 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-12-14 03:44:46 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-12-14 03:44:31 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-12-14 03:41:14 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-12-14 03:41:14 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-12-14 03:18:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-14 03:18:09 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-13 12:02:34 -------- d-----w- C:\Program Files\iPod
2013-12-13 12:02:33 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-13 12:02:33 -------- d-----w- C:\Program Files\iTunes
2013-12-13 12:02:33 -------- d-----w- C:\Program Files (x86)\iTunes
2013-12-13 11:57:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-12-13 11:57:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-12-13 11:57:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-12-13 11:57:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-12-13 11:57:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-12-13 02:01:54 -------- d-----w- C:\Program Files\CCleaner
.
==================== Find3M ====================
.
2013-12-14 03:45:13 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-12-14 03:42:56 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 09:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
.
============= FINISH: 20:22:56.26 ===============

Edited by hockeymom18, 26 December 2013 - 09:28 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:52 PM

Posted 27 December 2013 - 05:36 PM

Greetings hockeymom18 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me while I review the information you have already posted.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 hockeymom18

hockeymom18
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 27 December 2013 - 06:02 PM

Hi Gary, I am Michele. Just a head's up I will be out of town and away from this computer from tomorrow morning through next Thursday night.


Here are the logs you requested

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2013 01
Ran by Mark (administrator) on MARK-HP on 27-12-2013 16:56:09
Running from C:\Users\Mark\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\ehome\mcupdate.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-04-22] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [AccelerometerSysTrayApplet] - C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe [77112 2011-05-27] (Hewlett-Packard Company)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&amp;ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9003274DA902CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM - {F0C07441-FD14-4F34-9C4C-A673AFE4ADE0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&amp;tag=hp-us2-vsb-20&amp;link%5Fcode=qs&amp;index=aps&amp;field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-05-08] (EasyBits Software Corp.)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Simple Pass 2011) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll (HP)
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Website Logon) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0
CHR Extension: (SiteAdvisor) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0
CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-02] (Advanced Micro Devices, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 CpqDfw; system32\drivers\CpqDfw.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-27 16:56 - 2013-12-27 16:57 - 00015666 _____ C:\Users\Mark\Desktop\FRST.txt
2013-12-27 16:55 - 2013-12-27 16:55 - 01930746 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2013-12-27 16:55 - 2013-12-27 16:55 - 00000000 ____D C:\FRST
2013-12-26 20:23 - 2013-12-26 20:22 - 00025091 _____ C:\Users\Mark\Desktop\dds.txt
2013-12-26 20:19 - 2013-12-26 20:19 - 00000000 ____D C:\Users\Mark\AppData\Local\{F936BA97-CB61-449C-AA57-518A0A860B42}
2013-12-17 16:17 - 2012-02-11 00:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-12-17 16:17 - 2012-02-11 00:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-12-17 04:10 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-17 04:10 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-17 04:10 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-17 04:10 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-17 03:52 - 2013-11-26 05:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-17 03:52 - 2013-11-26 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-17 03:52 - 2013-11-26 04:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-17 03:52 - 2013-11-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-17 03:52 - 2013-11-26 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-17 03:52 - 2013-11-26 03:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-17 03:52 - 2013-11-26 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-17 03:52 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-17 03:52 - 2013-11-26 03:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-17 03:52 - 2013-11-26 03:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-17 03:52 - 2013-11-26 03:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-17 03:52 - 2013-11-26 03:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-17 03:52 - 2013-11-26 02:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-17 03:52 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-17 03:52 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-17 03:52 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-17 03:52 - 2013-11-26 00:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-17 03:52 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-17 03:51 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-17 03:51 - 2013-11-26 03:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-17 03:51 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-17 03:51 - 2013-11-26 02:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-17 03:51 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-17 03:51 - 2013-11-26 02:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-17 03:51 - 2013-11-26 01:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-17 03:51 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-17 03:51 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-17 03:51 - 2013-11-26 01:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-17 03:51 - 2013-11-26 00:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-17 03:51 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-17 03:51 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-17 03:20 - 2012-07-25 21:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-12-17 03:20 - 2012-07-25 21:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-12-17 03:20 - 2012-07-25 21:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-12-17 03:20 - 2012-07-25 21:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-12-17 03:20 - 2012-07-25 21:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-12-17 03:20 - 2012-07-25 20:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-12-17 03:20 - 2012-07-25 20:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-12-17 03:20 - 2012-06-02 08:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-12-17 03:07 - 2013-12-17 05:50 - 00000000 ____D C:\Windows\system32\MRT
2013-12-16 22:12 - 2013-12-26 20:23 - 00009338 _____ C:\Users\Mark\Desktop\attach.txt
2013-12-16 22:10 - 2013-12-16 22:10 - 00688992 ____R (Swearware) C:\Users\Mark\Desktop\dds.com
2013-12-16 21:55 - 2013-12-16 21:55 - 00054122 _____ C:\Users\Mark\Desktop\JRT.txt
2013-12-16 21:45 - 2013-12-16 21:45 - 00000000 ____D C:\Windows\ERUNT
2013-12-16 21:43 - 2013-12-16 21:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-16 21:43 - 2013-12-16 21:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-16 21:40 - 2013-12-16 21:40 - 01034531 _____ (Thisisu) C:\Users\Mark\Desktop\JRT.exe
2013-12-16 21:34 - 2013-12-16 21:34 - 00020850 _____ C:\ComboFix.txt
2013-12-16 19:39 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-16 19:39 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-16 19:39 - 2013-07-04 06:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-12-16 19:39 - 2013-07-04 05:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-12-16 19:39 - 2012-10-09 12:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-12-16 19:39 - 2012-10-09 12:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-12-16 19:39 - 2012-10-09 11:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-12-16 19:39 - 2012-10-09 11:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-12-16 19:38 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-16 19:38 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-16 19:38 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-16 19:38 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-16 19:38 - 2013-10-29 19:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-16 19:38 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-16 19:38 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-16 19:38 - 2013-10-05 14:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-16 19:38 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-12-16 19:38 - 2013-10-03 20:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-12-16 19:38 - 2013-10-03 20:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-12-16 19:38 - 2013-10-03 20:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-12-16 19:38 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-16 19:38 - 2013-10-03 19:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-12-16 19:38 - 2013-10-03 19:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-12-16 19:38 - 2013-10-03 19:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-12-16 19:38 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-16 19:38 - 2013-09-27 19:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-16 19:38 - 2013-09-24 20:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-12-16 19:38 - 2013-09-24 20:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-12-16 19:38 - 2013-09-24 20:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-12-16 19:38 - 2013-09-24 20:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-12-16 19:38 - 2013-09-24 20:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-12-16 19:38 - 2013-09-24 20:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-12-16 19:38 - 2013-09-24 20:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-12-16 19:38 - 2013-09-24 20:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-12-16 19:38 - 2013-09-24 19:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-12-16 19:38 - 2013-09-24 19:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-12-16 19:38 - 2013-09-24 19:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-12-16 19:38 - 2013-09-24 19:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-12-16 19:38 - 2013-09-24 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-12-16 19:38 - 2013-08-04 20:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-12-16 19:38 - 2013-07-08 23:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-12-16 19:38 - 2013-07-08 23:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-12-16 19:38 - 2013-07-08 23:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-12-16 19:38 - 2013-07-08 22:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-12-16 19:38 - 2013-07-08 22:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-12-16 19:38 - 2013-07-08 22:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-12-16 19:38 - 2013-07-04 06:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-12-16 19:38 - 2013-06-05 23:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-12-16 19:38 - 2013-06-05 23:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-12-16 19:38 - 2013-06-05 23:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-12-16 19:38 - 2013-06-05 23:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-12-16 19:38 - 2013-06-05 22:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-12-16 19:38 - 2013-06-05 22:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-12-16 19:38 - 2013-06-05 22:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-12-16 19:38 - 2013-06-05 21:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-12-16 19:38 - 2013-06-05 21:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-12-16 19:38 - 2013-06-05 21:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-12-16 19:38 - 2013-04-12 08:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-12-16 19:38 - 2013-03-18 23:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-12-16 19:38 - 2013-03-18 23:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-12-16 19:38 - 2013-02-27 00:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-12-16 19:38 - 2013-02-26 23:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-12-16 19:38 - 2013-02-15 00:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-12-16 19:38 - 2013-02-15 00:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-12-16 19:38 - 2013-02-15 00:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-12-16 19:38 - 2013-02-14 22:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-12-16 19:38 - 2013-02-14 22:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-12-16 19:38 - 2013-02-14 21:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-12-16 19:38 - 2012-08-22 12:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-12-16 19:38 - 2012-07-04 14:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-12-16 19:37 - 2013-08-01 20:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-12-16 19:37 - 2013-08-01 20:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-12-16 19:37 - 2013-08-01 20:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-12-16 19:37 - 2013-08-01 19:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 19:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-12-16 19:37 - 2013-08-01 18:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-12-16 19:37 - 2013-08-01 18:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 18:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 18:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-12-16 19:37 - 2013-08-01 18:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-12-16 19:37 - 2013-07-25 03:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-12-16 19:37 - 2013-07-25 02:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-12-16 19:37 - 2013-07-12 04:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-12-16 19:37 - 2013-07-12 04:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-12-16 19:37 - 2013-07-08 23:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-12-16 19:37 - 2013-07-08 22:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-12-16 19:37 - 2013-07-04 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-12-16 19:37 - 2013-07-04 06:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-12-16 19:37 - 2013-07-04 05:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-12-16 19:37 - 2013-07-04 05:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-12-16 19:37 - 2013-07-04 04:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-12-16 19:37 - 2013-07-02 22:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-12-16 19:37 - 2013-07-02 22:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-12-16 19:37 - 2013-06-25 16:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-12-16 19:37 - 2013-06-14 22:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-12-16 19:37 - 2013-06-04 00:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-12-16 19:37 - 2013-06-03 22:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-12-16 19:37 - 2013-02-11 22:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-12-16 19:37 - 2012-12-07 07:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-12-16 19:37 - 2012-12-07 07:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-12-16 19:37 - 2012-12-07 06:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-12-16 19:37 - 2012-12-07 06:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-12-16 19:37 - 2012-12-07 05:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-12-16 19:37 - 2012-12-07 05:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-12-16 19:37 - 2012-12-07 05:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-12-16 19:37 - 2012-12-07 05:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-12-16 19:37 - 2012-12-07 05:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-12-16 19:37 - 2012-12-07 05:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-12-16 19:37 - 2012-12-07 05:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-12-16 19:37 - 2012-12-07 05:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-12-16 19:37 - 2012-12-07 05:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-12-16 19:37 - 2012-12-07 05:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-12-16 19:37 - 2012-12-07 05:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-12-16 19:37 - 2012-12-07 05:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-12-16 19:37 - 2012-12-07 05:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-12-16 19:37 - 2012-12-07 05:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-12-16 19:37 - 2012-12-07 04:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-12-16 19:37 - 2012-12-07 04:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-12-16 19:37 - 2012-12-07 04:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-12-16 19:37 - 2012-12-07 04:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-12-16 19:37 - 2012-12-07 04:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-12-16 19:37 - 2012-12-07 04:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-12-16 19:37 - 2012-12-07 04:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-12-16 19:37 - 2012-12-07 04:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-12-16 19:37 - 2012-12-07 04:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-12-16 19:37 - 2012-12-07 04:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-12-16 19:37 - 2012-12-07 04:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-12-16 19:37 - 2012-12-07 04:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-12-16 19:37 - 2012-12-07 04:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-12-16 19:37 - 2012-12-07 04:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-12-16 19:37 - 2012-11-28 16:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-12-16 19:37 - 2012-11-28 16:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-12-16 19:37 - 2012-11-28 16:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-12-16 19:37 - 2012-11-21 23:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-12-16 19:37 - 2012-11-21 22:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-12-16 19:37 - 2012-11-01 23:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-12-16 19:37 - 2012-11-01 23:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-12-16 19:37 - 2012-10-31 23:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-12-16 19:37 - 2012-10-31 23:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-12-16 19:37 - 2012-10-31 22:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-12-16 19:37 - 2012-10-31 22:47 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-12-16 19:37 - 2012-10-03 11:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-12-16 19:37 - 2012-10-03 11:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-12-16 19:37 - 2012-10-03 11:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-12-16 19:37 - 2012-10-03 11:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-12-16 19:37 - 2012-10-03 11:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-12-16 19:37 - 2012-10-03 11:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-12-16 19:37 - 2012-10-03 10:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-12-16 19:37 - 2012-10-03 10:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-12-16 19:37 - 2012-10-03 10:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-12-16 19:37 - 2012-10-03 10:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-12-16 19:37 - 2012-08-21 15:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-12-16 19:37 - 2012-01-13 01:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-12-16 19:36 - 2013-10-02 20:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-16 19:36 - 2013-10-02 20:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-12-16 19:36 - 2013-07-25 20:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-12-16 19:36 - 2013-07-25 20:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-12-16 19:36 - 2013-07-25 19:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-12-16 19:36 - 2013-07-25 19:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-12-16 19:36 - 2013-04-25 23:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-12-16 19:36 - 2013-04-25 22:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-12-16 19:36 - 2012-11-29 17:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-12-16 19:36 - 2012-11-29 17:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-12-16 19:36 - 2012-09-25 16:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-12-16 19:36 - 2012-09-25 16:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-12-16 19:36 - 2012-08-10 18:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-12-16 19:36 - 2012-08-10 17:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-12-16 19:35 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-16 19:35 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-16 19:35 - 2013-10-11 20:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-12-16 19:35 - 2013-10-11 20:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-16 19:35 - 2013-10-11 20:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-16 19:35 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-16 19:35 - 2013-10-11 20:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-12-16 19:35 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-16 19:35 - 2013-10-11 20:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-12-16 19:35 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-16 19:35 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-16 19:35 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-16 19:35 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-16 19:35 - 2013-08-27 19:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-12-16 19:35 - 2013-08-01 06:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-16 19:35 - 2013-07-20 04:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-16 19:35 - 2013-07-20 04:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-12-16 19:35 - 2013-05-12 23:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-12-16 19:35 - 2013-05-12 21:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-12-16 19:35 - 2013-05-12 21:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-12-16 19:35 - 2013-05-12 21:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-12-16 19:35 - 2013-05-09 23:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-12-16 19:35 - 2013-05-09 21:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-12-16 19:35 - 2013-04-17 01:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-12-16 19:35 - 2013-04-17 00:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-12-16 19:35 - 2013-04-10 00:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-12-16 19:35 - 2013-04-09 17:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-12-16 19:35 - 2013-04-02 16:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-12-16 19:35 - 2013-01-24 00:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-12-16 19:35 - 2012-07-04 16:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-12-16 19:35 - 2012-07-04 16:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-12-16 19:35 - 2012-07-04 16:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-12-16 19:35 - 2012-07-04 15:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-12-16 19:35 - 2012-07-04 15:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-12-16 19:35 - 2012-05-13 23:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-12-16 19:35 - 2012-05-05 02:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-12-16 19:35 - 2012-05-05 01:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-12-16 19:35 - 2011-02-03 05:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-12-16 19:15 - 2013-12-27 16:57 - 01660223 _____ C:\Windows\WindowsUpdate.log
2013-12-16 19:02 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-16 19:02 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-16 19:02 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-16 19:02 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-16 19:02 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-16 19:02 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-16 19:02 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-16 19:02 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-16 19:01 - 2013-12-16 21:34 - 00000000 ____D C:\Qoobox
2013-12-16 19:00 - 2013-12-16 21:32 - 00000000 ____D C:\Windows\erdnt
2013-12-16 18:47 - 2013-12-16 18:47 - 00000000 ____D C:\Users\Mark\Desktop\rkill
2013-12-16 18:46 - 2013-12-16 18:49 - 00004482 _____ C:\Users\Mark\Desktop\Rkill.txt
2013-12-16 18:40 - 2013-12-16 18:42 - 00000000 ____D C:\AdwCleaner
2013-12-16 18:39 - 2013-12-16 18:35 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Mark\Desktop\rkill.exe
2013-12-16 18:39 - 2013-12-16 18:34 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Mark\Desktop\tdsskiller.exe
2013-12-16 18:39 - 2013-12-16 18:34 - 01226750 _____ C:\Users\Mark\Desktop\AdwCleaner.exe
2013-12-16 18:39 - 2013-12-16 18:33 - 05154128 ____R (Swearware) C:\Users\Mark\Desktop\ComboFix.exe
2013-12-14 22:14 - 2013-12-16 19:12 - 00000976 _____ C:\Windows\PFRO.log
2013-12-14 11:51 - 2013-12-14 11:51 - 00000000 ____D C:\ProgramData\Oracle
2013-12-14 11:48 - 2013-12-14 11:48 - 00000000 ____D C:\ProgramData\McAfee
2013-12-14 11:23 - 2013-12-14 11:23 - 00003584 _____ C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-14 11:14 - 2013-12-27 16:52 - 00000560 _____ C:\Windows\setupact.log
2013-12-14 11:14 - 2013-12-14 11:14 - 00000000 _____ C:\Windows\setuperr.log
2013-12-14 10:35 - 2013-12-14 10:35 - 00048062 _____ C:\Users\Mark\Documents\cc_20131214_103522.reg
2013-12-13 21:51 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-13 21:46 - 2013-12-13 21:46 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-13 21:46 - 2013-12-13 21:46 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-13 21:46 - 2013-12-13 21:46 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-13 21:46 - 2013-12-13 21:46 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-13 21:46 - 2013-12-13 21:46 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-13 21:46 - 2013-12-13 21:46 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-13 21:46 - 2013-12-13 21:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-13 21:45 - 2013-12-13 21:45 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-13 21:45 - 2013-12-13 21:45 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-12-13 21:45 - 2013-12-13 21:45 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-12-13 21:45 - 2013-12-13 21:45 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-12-13 21:45 - 2013-12-13 21:45 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-12-13 21:45 - 2013-12-13 21:45 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-12-13 21:44 - 2013-12-13 21:44 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-13 21:44 - 2013-12-13 21:44 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-12-13 21:44 - 2013-12-13 21:44 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-12-13 21:44 - 2013-12-13 21:44 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-12-13 21:44 - 2013-12-13 21:44 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-12-13 21:44 - 2013-12-13 21:44 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-12-13 21:42 - 2013-12-13 21:42 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-13 21:41 - 2013-12-13 21:41 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-12-13 21:41 - 2013-12-13 21:41 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-12-13 21:18 - 2013-12-26 20:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-13 21:18 - 2013-12-13 21:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-13 21:18 - 2013-12-13 21:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-13 21:18 - 2013-12-13 21:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-13 06:03 - 2013-12-13 06:03 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-13 06:02 - 2013-12-13 06:03 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-13 06:02 - 2013-12-13 06:03 - 00000000 ____D C:\Program Files\iTunes
2013-12-13 06:02 - 2013-12-13 06:03 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-13 06:02 - 2013-12-13 06:02 - 00000000 ____D C:\Program Files\iPod
2013-12-13 05:57 - 2013-12-13 05:57 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-12-13 05:56 - 2013-12-13 05:57 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-12-12 23:05 - 2013-12-16 23:05 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMark
2013-12-12 23:05 - 2013-12-16 23:05 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForMark.job
2013-12-12 22:05 - 2013-12-12 22:07 - 00012672 _____ C:\Users\Mark\Documents\cc_20131212_220514.reg
2013-12-12 21:31 - 2013-12-12 21:31 - 00116734 _____ C:\Users\Mark\Documents\cc_20131212_213057.reg
2013-12-12 20:01 - 2013-12-12 20:01 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-12 20:01 - 2013-12-12 20:01 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-12 20:01 - 2013-12-12 20:01 - 00000000 ____D C:\Program Files\CCleaner
2013-12-12 20:00 - 2013-12-12 20:00 - 00000214 _____ C:\Windows\wininit.ini

==================== One Month Modified Files and Folders =======

2013-12-27 16:57 - 2013-12-27 16:56 - 00015666 _____ C:\Users\Mark\Desktop\FRST.txt
2013-12-27 16:57 - 2013-12-16 19:15 - 01660223 _____ C:\Windows\WindowsUpdate.log
2013-12-27 16:55 - 2013-12-27 16:55 - 01930746 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2013-12-27 16:55 - 2013-12-27 16:55 - 00000000 ____D C:\FRST
2013-12-27 16:53 - 2011-10-18 17:47 - 00000000 ____D C:\Users\Mark\AppData\Local\CrashDumps
2013-12-27 16:52 - 2013-12-14 11:14 - 00000560 _____ C:\Windows\setupact.log
2013-12-27 16:52 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-26 20:45 - 2013-12-13 21:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-26 20:25 - 2011-11-09 23:54 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-26 20:25 - 2011-10-19 14:15 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-26 20:23 - 2013-12-16 22:12 - 00009338 _____ C:\Users\Mark\Desktop\attach.txt
2013-12-26 20:22 - 2013-12-26 20:23 - 00025091 _____ C:\Users\Mark\Desktop\dds.txt
2013-12-26 20:20 - 2009-07-13 22:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-26 20:20 - 2009-07-13 22:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-26 20:19 - 2013-12-26 20:19 - 00000000 ____D C:\Users\Mark\AppData\Local\{F936BA97-CB61-449C-AA57-518A0A860B42}
2013-12-26 20:18 - 2009-07-13 23:13 - 00779550 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-26 20:16 - 2011-10-17 01:03 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AFCE3283-D760-47D8-94D1-2DD6957FB82F}
2013-12-17 05:50 - 2013-12-17 03:07 - 00000000 ____D C:\Windows\system32\MRT
2013-12-17 05:49 - 2011-10-17 01:03 - 00000000 ___RD C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-17 05:49 - 2011-10-17 01:03 - 00000000 ___RD C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-17 05:49 - 2011-10-17 01:02 - 00059480 _____ C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-17 05:49 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-17 04:29 - 2009-07-13 22:45 - 00273872 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-17 04:27 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-12-17 04:27 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-12-17 04:09 - 2011-10-21 22:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-12-17 04:09 - 2011-09-26 07:33 - 00796246 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-16 23:05 - 2013-12-12 23:05 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMark
2013-12-16 23:05 - 2013-12-12 23:05 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForMark.job
2013-12-16 22:10 - 2013-12-16 22:10 - 00688992 ____R (Swearware) C:\Users\Mark\Desktop\dds.com
2013-12-16 21:55 - 2013-12-16 21:55 - 00054122 _____ C:\Users\Mark\Desktop\JRT.txt
2013-12-16 21:45 - 2013-12-16 21:45 - 00000000 ____D C:\Windows\ERUNT
2013-12-16 21:44 - 2011-05-08 13:36 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-16 21:43 - 2013-12-16 21:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-16 21:43 - 2013-12-16 21:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-16 21:40 - 2013-12-16 21:40 - 01034531 _____ (Thisisu) C:\Users\Mark\Desktop\JRT.exe
2013-12-16 21:34 - 2013-12-16 21:34 - 00020850 _____ C:\ComboFix.txt
2013-12-16 21:34 - 2013-12-16 19:01 - 00000000 ____D C:\Qoobox
2013-12-16 21:34 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Default
2013-12-16 21:32 - 2013-12-16 19:00 - 00000000 ____D C:\Windows\erdnt
2013-12-16 21:30 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2013-12-16 19:12 - 2013-12-14 22:14 - 00000976 _____ C:\Windows\PFRO.log
2013-12-16 18:49 - 2013-12-16 18:46 - 00004482 _____ C:\Users\Mark\Desktop\Rkill.txt
2013-12-16 18:47 - 2013-12-16 18:47 - 00000000 ____D C:\Users\Mark\Desktop\rkill
2013-12-16 18:44 - 2012-04-22 20:28 - 00000000 ____D C:\Users\Mark\Tracing
2013-12-16 18:42 - 2013-12-16 18:40 - 00000000 ____D C:\AdwCleaner
2013-12-16 18:35 - 2013-12-16 18:39 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Mark\Desktop\rkill.exe
2013-12-16 18:34 - 2013-12-16 18:39 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Mark\Desktop\tdsskiller.exe
2013-12-16 18:34 - 2013-12-16 18:39 - 01226750 _____ C:\Users\Mark\Desktop\AdwCleaner.exe
2013-12-16 18:33 - 2013-12-16 18:39 - 05154128 ____R (Swearware) C:\Users\Mark\Desktop\ComboFix.exe
2013-12-14 11:51 - 2013-12-14 11:51 - 00000000 ____D C:\ProgramData\Oracle
2013-12-14 11:48 - 2013-12-14 11:48 - 00000000 ____D C:\ProgramData\McAfee
2013-12-14 11:23 - 2013-12-14 11:23 - 00003584 _____ C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-14 11:14 - 2013-12-14 11:14 - 00000000 _____ C:\Windows\setuperr.log
2013-12-14 10:35 - 2013-12-14 10:35 - 00048062 _____ C:\Users\Mark\Documents\cc_20131214_103522.reg
2013-12-14 10:34 - 2007-01-01 19:25 - 00000000 ____D C:\Windows\Panther
2013-12-13 21:58 - 2011-10-17 01:03 - 00001413 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-13 21:54 - 2009-07-13 23:08 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-13 21:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-12-13 21:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-12-13 21:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-12-13 21:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-12-13 21:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-13 21:46 - 2013-12-13 21:46 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-13 21:46 - 2013-12-13 21:46 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-13 21:46 - 2013-12-13 21:46 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-13 21:46 - 2013-12-13 21:46 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-13 21:46 - 2013-12-13 21:46 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-13 21:46 - 2013-12-13 21:46 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-13 21:46 - 2013-12-13 21:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-13 21:46 - 2013-12-13 21:46 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-13 21:46 - 2013-12-13 21:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-13 21:45 - 2013-12-13 21:45 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-13 21:45 - 2013-12-13 21:45 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-12-13 21:45 - 2013-12-13 21:45 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-12-13 21:45 - 2013-12-13 21:45 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-12-13 21:45 - 2013-12-13 21:45 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-12-13 21:45 - 2013-12-13 21:45 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-12-13 21:45 - 2013-12-13 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-12-13 21:44 - 2013-12-13 21:44 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-13 21:44 - 2013-12-13 21:44 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-12-13 21:44 - 2013-12-13 21:44 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-12-13 21:44 - 2013-12-13 21:44 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-12-13 21:44 - 2013-12-13 21:44 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-12-13 21:44 - 2013-12-13 21:44 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-12-13 21:42 - 2013-12-13 21:42 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-13 21:42 - 2013-12-13 21:42 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-13 21:41 - 2013-12-13 21:41 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-12-13 21:41 - 2013-12-13 21:41 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-12-13 21:18 - 2013-12-13 21:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-13 21:18 - 2013-12-13 21:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-13 21:18 - 2013-12-13 21:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-13 06:03 - 2013-12-13 06:03 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-13 06:03 - 2013-12-13 06:02 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-13 06:03 - 2013-12-13 06:02 - 00000000 ____D C:\Program Files\iTunes
2013-12-13 06:03 - 2013-12-13 06:02 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-13 06:02 - 2013-12-13 06:02 - 00000000 ____D C:\Program Files\iPod
2013-12-13 05:57 - 2013-12-13 05:57 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-12-13 05:57 - 2013-12-13 05:56 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-12-12 22:27 - 2012-01-18 17:24 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-12-12 22:07 - 2013-12-12 22:05 - 00012672 _____ C:\Users\Mark\Documents\cc_20131212_220514.reg
2013-12-12 22:01 - 2012-09-16 16:03 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-12 21:31 - 2013-12-12 21:31 - 00116734 _____ C:\Users\Mark\Documents\cc_20131212_213057.reg
2013-12-12 21:29 - 2012-12-15 09:42 - 00000000 ____D C:\Windows\Minidump
2013-12-12 21:29 - 2011-10-17 02:22 - 00000000 ___DC C:\Users\Mark\AppData\Local\MigWiz
2013-12-12 20:01 - 2013-12-12 20:01 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-12 20:01 - 2013-12-12 20:01 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-12 20:01 - 2013-12-12 20:01 - 00000000 ____D C:\Program Files\CCleaner
2013-12-12 20:00 - 2013-12-12 20:00 - 00000214 _____ C:\Windows\wininit.ini
2013-12-12 20:00 - 2012-09-16 16:03 - 00000000 ____D C:\Users\Mark\AppData\Local\Google
2013-12-12 20:00 - 2011-11-01 22:12 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-12-12 19:59 - 2012-09-16 16:03 - 00000000 ____D C:\ProgramData\Google
2013-12-11 22:10 - 2012-07-25 20:44 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-11 22:10 - 2012-07-25 20:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 14:42 - 2011-10-21 22:18 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

ZeroAccess:
C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f}
C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f}\@
C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f}\L\201d3dde
C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f}\L\4cce1f70
C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f}\L\76603ac3

Some content of TEMP:
====================
C:\Users\Mark\AppData\Local\Temp\Extract.exe
C:\Users\Mark\AppData\Local\Temp\SP55152.exe


==================== Bamital &amp; volsnap Check =================

C:\Windows\System32\winlogon.exe =&gt; MD5 is legit
C:\Windows\System32\wininit.exe =&gt; MD5 is legit
C:\Windows\SysWOW64\wininit.exe =&gt; MD5 is legit
C:\Windows\explorer.exe =&gt; MD5 is legit
C:\Windows\SysWOW64\explorer.exe =&gt; MD5 is legit
C:\Windows\System32\svchost.exe =&gt; MD5 is legit
C:\Windows\SysWOW64\svchost.exe =&gt; MD5 is legit
C:\Windows\System32\services.exe =&gt; MD5 is legit
C:\Windows\System32\User32.dll =&gt; MD5 is legit
C:\Windows\SysWOW64\User32.dll =&gt; MD5 is legit
C:\Windows\System32\userinit.exe =&gt; MD5 is legit
C:\Windows\SysWOW64\userinit.exe =&gt; MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys =&gt; MD5 is legit


LastRegBack: 2013-01-24 21:32

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2013 01
Ran by Mark at 2013-12-27 16:58:26
Running from C:\Users\Mark\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe AIR (x32 Version: 1.5.2.8870)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.02)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
AMD APP SDK Runtime (Version: 2.4.595.9)
AMD Fuel (Version: 2011.0401.2259.39449)
AMD System Monitor (x32 Version: 1.0.5)
AMD VISION Engine Control Center (x32 Version: 2011.0401.2259.39449)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.820.0)
AuthenTec TrueAPI (Version: 1.2.1.33)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bejeweled 3 (x32 Version: 2.2.0.95)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Blio (x32 Version: 2.2.6699)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (x32 Version: 2.2.0.95)
BufferChm (x32 Version: 140.0.212.000)
Build-a-lot 2 (x32 Version: 2.2.0.95)
C309g-m (x32 Version: 140.0.690.000)
Cake Mania (x32 Version: 2.2.0.95)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0401.2259.39449)
Catalyst Control Center InstallProxy (x32 Version: 2011.0401.2259.39449)
Catalyst Control Center Localization All (x32 Version: 2011.0401.2259.39449)
CCC Help Chinese Standard (x32 Version: 2011.0401.2258.39449)
CCC Help Chinese Traditional (x32 Version: 2011.0401.2258.39449)
CCC Help Czech (x32 Version: 2011.0401.2258.39449)
CCC Help Danish (x32 Version: 2011.0401.2258.39449)
CCC Help Dutch (x32 Version: 2011.0401.2258.39449)
CCC Help English (x32 Version: 2011.0401.2258.39449)
CCC Help Finnish (x32 Version: 2011.0401.2258.39449)
CCC Help French (x32 Version: 2011.0401.2258.39449)
CCC Help German (x32 Version: 2011.0401.2258.39449)
CCC Help Greek (x32 Version: 2011.0401.2258.39449)
CCC Help Hungarian (x32 Version: 2011.0401.2258.39449)
CCC Help Italian (x32 Version: 2011.0401.2258.39449)
CCC Help Japanese (x32 Version: 2011.0401.2258.39449)
CCC Help Korean (x32 Version: 2011.0401.2258.39449)
CCC Help Norwegian (x32 Version: 2011.0401.2258.39449)
CCC Help Polish (x32 Version: 2011.0401.2258.39449)
CCC Help Portuguese (x32 Version: 2011.0401.2258.39449)
CCC Help Russian (x32 Version: 2011.0401.2258.39449)
CCC Help Spanish (x32 Version: 2011.0401.2258.39449)
CCC Help Swedish (x32 Version: 2011.0401.2258.39449)
CCC Help Thai (x32 Version: 2011.0401.2258.39449)
CCC Help Turkish (x32 Version: 2011.0401.2258.39449)
ccc-utility64 (Version: 2011.0401.2259.39449)
CCleaner (Version: 4.08)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Command &amp; Conquer 3 (x32 Version: 1.00.0000)
Command &amp; Conquer 3 Tiberium Wars™ MOD SDK (x32 Version: 1.00.0000)
Coupon Printer for Windows (x32 Version: 5.0.0.0)
CyberLink YouCam (x32 Version: 3.5.1.3922)
D3DX10 (x32 Version: 15.4.2368.0902)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 140.0.212.000)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
Dora's World Adventure (x32 Version: 2.2.0.95)
Energy Star Digital Logo (x32 Version: 1.0.1)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
Evernote v. 4.2.2 (x32 Version: 4.2.2.3979)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE - The Traitor Soul (x32 Version: 2.2.0.95)
GPBaseService2 (x32 Version: 140.0.211.000)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.1.9.1)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Connection Manager (x32 Version: 4.1.22.1)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Documentation (x32 Version: 1.2.0.0)
HP DVB-T TV Tuner 8.0.64.43 (x32 Version: 8.0.64.43)
HP Games (x32 Version: 1.0.2.4)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP MovieStore (x32 Version: 1.0.047)
HP MovieStore (x32 Version: 2.0)
HP On Screen Display (x32 Version: 1.1.2)
HP Photo Creations (x32 Version: 1.0.0.2024)
HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6 (Version: 14.0)
HP Power Manager (x32 Version: 1.4.4)
HP Product Detection (x32 Version: 11.14.0001)
HP Quick Launch (x32 Version: 2.5.2)
HP Setup (x32 Version: 8.6.4530.3651)
HP Setup Manager (x32 Version: 1.1.13253.3682)
HP SimplePass 2011 (x32 Version: 5.1.0.495)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Software Framework (x32 Version: 4.1.13.1)
HP Solution Center 14.0 (Version: 14.0)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Update (x32 Version: 5.003.001.001)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPPhotoGadget (x32 Version: 140.0.524.000)
HPProductAssistant (x32 Version: 140.0.212.000)
HPSSupply (x32 Version: 140.0.211.000)
iCloud (Version: 3.1.0.40)
IDT Audio (x32 Version: 1.0.6345.0)
iTunes (Version: 11.1.3.8)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Magic Desktop (x32 Version: 3.0)
Mah Jong Medley (x32 Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 140.0.212.000)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5131.5000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95)
Network64 (Version: 140.0.215.000)
Network64 (Version: 140.0.221.000)
Penguins! (x32 Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
PS_AIO_06_C309g-m_SW_Min (x32 Version: 140.0.690.000)
QuickTime (x32 Version: 7.74.80.86)
QuickTransfer (x32 Version: 140.0.98.000)
Ralink RT5390 802.11b/g/n WiFi Adapter (x32 Version: 3.02.02.0)
Realtek Ethernet Controller Driver (x32 Version: 7.41.216.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.80)
Recovery Manager (x32 Version: 2.0.0)
RoxioNow Player (x32 Version: 1.9.5.103)
Safari (x32 Version: 5.34.57.2)
Scan (x32 Version: 140.0.80.000)
Shared C Run-time for x64 (Version: 10.0.0)
Shop for HP Supplies (Version: 14.0)
Slingo Supreme (x32 Version: 2.2.0.95)
SmartWebPrinting (x32 Version: 140.0.186.000)
SolutionCenter (x32 Version: 140.0.213.000)
Status (x32 Version: 140.0.212.000)
Synaptics Pointing Device Driver (Version: 15.2.4.4)
Toolbox (x32 Version: 140.0.428.000)
TrayApp (x32 Version: 140.0.212.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update Installer for WildTangent Games App (x32)
Validity WBF DDK (Version: 4.3.205.0)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
WebReg (x32 Version: 140.0.212.017)
Wheel of Fortune 2 (x32 Version: 2.2.0.95)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WMV9/VC-1 Video Playback (Version: 1.00.0000)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points =========================

14-12-2013 17:48:35 Installed Java 7 Update 45
17-12-2013 01:02:25 ComboFix created restore point
17-12-2013 01:22:09 Windows Update
17-12-2013 03:43:48 Removed Java 7 Update 45
17-12-2013 09:00:21 Windows Update
18-12-2013 03:10:33 Windows Update
27-12-2013 02:18:13 Windows Update
27-12-2013 02:40:30 HPSF Applying updates
27-12-2013 02:40:31 HPSF Applying updates

==================== Hosts content: ==========================

2009-07-13 20:34 - 2013-12-16 21:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0168A920-C913-4B12-8864-BEB629D556F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis =&gt; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {12E07195-6B84-4927-A6A6-A955E0A60FEF} - System32\Tasks\CCleanerSkipUAC =&gt; C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {3B82BBE9-C174-466D-8D3F-846FFDA4F6DB} - System32\Tasks\HPCeeScheduleForMark =&gt; C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {4EB905DD-4BD9-4D29-A14F-701262E170EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check =&gt; C:\ProgramData\Hewlett-Packard\HP Support Framework\RESOURCES\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {5EA74BB9-DB96-4E02-8F73-785768B73D54} - System32\Tasks\Adobe Flash Player Updater =&gt; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-13] (Adobe Systems Incorporated)
Task: {A6797901-F6E2-46AE-9DC7-EFF0CD6AC819} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan =&gt; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {B587A66A-73A5-47DA-AEFD-8747C2ABF6A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup =&gt; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E11BD166-6617-427E-B10B-D3434929443C} - System32\Tasks\MirageAgent =&gt; C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {F463D9C5-6519-4980-9E9A-B49799E92A11} - System32\Tasks\Apple\AppleSoftwareUpdate =&gt; C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FC597356-C9D1-4755-A5D5-926678F856E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start =&gt; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job =&gt; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMark.job =&gt; C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-04-02 00:06 - 2011-04-02 00:06 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-03-04 13:25 - 2011-03-04 13:25 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-01 23:57 - 2011-04-01 23:57 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-04-08 08:57 - 2011-04-08 08:57 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-08 08:57 - 2011-04-08 08:57 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS =&gt; ""=""

==================== Faulty Device Manager Devices =============

Name: Photosmart Premium C309g-m
Description: Photosmart Premium C309g-m
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Premium C309g-m
Description: Photosmart Premium C309g-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2013 04:53:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: sidebar.exe, version: 6.1.7601.17514, time stamp: 0x4ce7a1c7
Faulting module name: OLEAUT32.dll, version: 6.1.7601.17676, time stamp: 0x4e587ee8
Exception code: 0xc0000005
Fault offset: 0x0000000000046371
Faulting process id: 0x11d0
Faulting application start time: 0xsidebar.exe0
Faulting application path: sidebar.exe1
Faulting module path: sidebar.exe2
Report Id: sidebar.exe3

Error: (12/27/2013 04:52:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &gt; 990x80041003

Error: (12/26/2013 08:13:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: sidebar.exe, version: 6.1.7601.17514, time stamp: 0x4ce7a1c7
Faulting module name: OLEAUT32.dll, version: 6.1.7601.17676, time stamp: 0x4e587ee8
Exception code: 0xc0000005
Fault offset: 0x0000000000046371
Faulting process id: 0x444
Faulting application start time: 0xsidebar.exe0
Faulting application path: sidebar.exe1
Faulting module path: sidebar.exe2
Report Id: sidebar.exe3

Error: (12/26/2013 08:13:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &gt; 990x80041003

Error: (12/17/2013 05:49:25 AM) (Source: Application Error) (User: )
Description: Faulting application name: sidebar.exe, version: 6.1.7601.17514, time stamp: 0x4ce7a1c7
Faulting module name: OLEAUT32.dll, version: 6.1.7601.17676, time stamp: 0x4e587ee8
Exception code: 0xc0000005
Fault offset: 0x0000000000046371
Faulting process id: 0x12c4
Faulting application start time: 0xsidebar.exe0
Faulting application path: sidebar.exe1
Faulting module path: sidebar.exe2
Report Id: sidebar.exe3

Error: (12/17/2013 04:30:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &gt; 990x80041003

Error: (12/16/2013 10:03:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: sidebar.exe, version: 6.1.7601.17514, time stamp: 0x4ce7a1c7
Faulting module name: OLEAUT32.dll, version: 6.1.7601.17676, time stamp: 0x4e587ee8
Exception code: 0xc0000005
Fault offset: 0x0000000000046371
Faulting process id: 0xb68
Faulting application start time: 0xsidebar.exe0
Faulting application path: sidebar.exe1
Faulting module path: sidebar.exe2
Report Id: sidebar.exe3

Error: (12/16/2013 10:02:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &gt; 990x80041003


System errors:
=============
Error: (12/27/2013 04:53:26 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/26/2013 08:13:07 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/17/2013 04:30:45 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/16/2013 10:02:13 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (12/27/2013 04:53:12 PM) (Source: Application Error)(User: )
Description: sidebar.exe6.1.7601.175144ce7a1c7OLEAUT32.dll6.1.7601.176764e587ee8c0000005000000000004637111d001cf035660e2a6e9C:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\system32\OLEAUT32.dlla94c8723-6f49-11e3-8269-101f741a0b5a

Error: (12/27/2013 04:52:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &gt; 990x80041003

Error: (12/26/2013 08:13:54 PM) (Source: Application Error)(User: )
Description: sidebar.exe6.1.7601.175144ce7a1c7OLEAUT32.dll6.1.7601.176764e587ee8c0000005000000000004637144401cf02a93d23f264C:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\system32\OLEAUT32.dll88b011f2-6e9c-11e3-8d3a-101f741a0b5a

Error: (12/26/2013 08:13:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &gt; 990x80041003

Error: (12/17/2013 05:49:25 AM) (Source: Application Error)(User: )
Description: sidebar.exe6.1.7601.175144ce7a1c7OLEAUT32.dll6.1.7601.176764e587ee8c0000005000000000004637112c401cefb1e0130e8b9C:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\system32\OLEAUT32.dll46608cf1-6711-11e3-aee0-101f741a0b5a

Error: (12/17/2013 04:30:08 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &gt; 990x80041003

Error: (12/16/2013 10:03:07 PM) (Source: Application Error)(User: )
Description: sidebar.exe6.1.7601.175144ce7a1c7OLEAUT32.dll6.1.7601.176764e587ee8c00000050000000000046371b6801cefadcdcb8564aC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\system32\OLEAUT32.dll22390887-66d0-11e3-bbd3-101f741a0b5a

Error: (12/16/2013 10:02:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &gt; 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-12-14 16:37:55.183
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-14 16:37:55.183
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-14 16:37:55.167
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-12 09:20:48.965
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-12 09:20:48.961
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-12 09:20:48.958
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-11 22:17:29.110
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-11 22:17:29.106
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-11 22:17:29.103
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 7658.9 MB
Available physical RAM: 5426.14 MB
Total Pagefile: 15315.98 MB
Available Pagefile: 12885.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:581.4 GB) (Free:413.05 GB) NTFS ==&gt;[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.47 GB) (Free:1.57 GB) NTFS ==&gt;[System with boot components (obtained from reading drive)]
Drive e: (20120825_0002C) (CDROM) (Total:0.33 GB) (Free:0 GB) UDF
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR &amp; Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 8D715ADE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=581 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

Edited by hockeymom18, 27 December 2013 - 06:53 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:52 PM

Posted 28 December 2013 - 08:30 PM

Hi Michele,

Nice to meet you and thanks for letting me know of the delay.

Please consider and do these things for me upon your return.

===================================================

Uninstall McAfee Remnants

--------------------
  • Please download McAfee Consumer Product Removal Tool and save it to your desktop
  • Double click the icon to launch the program
  • Select Run
  • Click Next
  • Select Agree then Next
  • Complete Security Validation and click Next (letters are case sensitive)
  • When prompted click Restart
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f}
C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f}\@
C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f}\L\201d3dde
C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f}\L\4cce1f70
C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f}\L\76603ac3
C:\Users\Mark\AppData\Local\Temp\Extract.exe
C:\Users\Mark\AppData\Local\Temp\SP55152.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • McAfee Removal Tool run properly?
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 hockeymom18

hockeymom18
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 02 January 2014 - 11:44 PM

Hi Gary,

After a grueling day of trying to get back home finally made it---mother nature and me traveling are not a good combination.

McAfee removal ran fine

Computer is running good, still unable to view videos on You Tube. Screen comes up click play on video and it just goes black screen where the video should be.

Did the fixlist you requested, log is below.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2014
Ran by Mark at 2014-01-02 22:41:33 Run:1
Running from C:\Users\Mark\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f}
C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f}\@
C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f}\L\201d3dde
C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f}\L\4cce1f70
C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f}\L\76603ac3
C:\Users\Mark\AppData\Local\Temp\Extract.exe
C:\Users\Mark\AppData\Local\Temp\SP55152.exe
*****************

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} =&gt; Key deleted successfully.
HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} =&gt; Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} =&gt; Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} =&gt; Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} =&gt; Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} =&gt; Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} =&gt; Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} =&gt; Key not found.
HKCR\PROTOCOLS\Handler\dssrequest =&gt; Key deleted successfully.
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} =&gt; Key not found.
HKCR\PROTOCOLS\Handler\sacore =&gt; Key deleted successfully.
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} =&gt; Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\dssrequest =&gt; Key not found.
HKCR\Wow6432Node\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} =&gt; Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\sacore =&gt; Key not found.
HKCR\Wow6432Node\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} =&gt; Key not found.
HKCR\PROTOCOLS\Filter\application/x-mfe-ipt =&gt; Key deleted successfully.
HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} =&gt; Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-mfe-ipt =&gt; Key not found.
HKCR\Wow6432Node\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} =&gt; Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll not found.
C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.
C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll not found.
C:\Windows\SysWOW64\npdeployJava1.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f} =&gt; Moved successfully.
"C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f}\@" =&gt; File/Directory not found.
"C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f}\L\201d3dde" =&gt; File/Directory not found.
"C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f}\L\4cce1f70" =&gt; File/Directory not found.
"C:\Windows\Installer\{c809613c-92c4-becc-30f3-74600cc6f50f}\L\76603ac3" =&gt; File/Directory not found.
C:\Users\Mark\AppData\Local\Temp\Extract.exe =&gt; Moved successfully.
C:\Users\Mark\AppData\Local\Temp\SP55152.exe =&gt; Moved successfully.

==== End of Fixlog ====

Edited by hockeymom18, 02 January 2014 - 11:45 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:52 PM

Posted 03 January 2014 - 08:56 AM

Hi Michele,

Welcome back and I am glad you made it home safely.

Can you tell me if the video issue is present with both Internet Explorer and Chrome?

Based on the information you provided and the evidence seen in the logs I must advise you of the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evidences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 hockeymom18

hockeymom18
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 03 January 2014 - 09:41 AM

Previously the videos did work in Chrome, but I removed Chrome as part of my troubleshooting and it would not allow me to reinstall it. When I go there and to install and click on the download button nothing happens. Due to the amount of pictures and music on the computer I definitely need to try to clean-up.

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:52 PM

Posted 03 January 2014 - 10:13 AM

No problem, we can certainly work on bringing things back to normal. Regarding Chrome, if you right click on the download link and select Save As..., are you able to save it?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 hockeymom18

hockeymom18
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 03 January 2014 - 10:23 AM

It doesn't give me that option to right click.

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:52 PM

Posted 03 January 2014 - 11:45 AM

Thanks Michele,

Let's start with this step.

===================================================

Launching Internet Explorer Without Add-ons

----------
  • Click Start
  • Select All Programs
  • Select Accessories
  • Select System Tools
  • Click on Internet Explorer (No Add-ons)
  • Attempt to play an online video
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Any difference?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 hockeymom18

hockeymom18
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 03 January 2014 - 11:51 AM

Gary,

 

Loaded up IE without the add-ons and still same issue when trying to play videos.  I also tried videos from MSN and they just load to a completely black screen. 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:52 PM

Posted 03 January 2014 - 12:20 PM

Greetings,

Are you having any other problems downloading programs besides Chrome?

Please do these things.

===================================================

ATF Cleaner by Atribune

--------------------
  • Download ATF Cleaner and save it to your desktop
  • Double-click ATF-Cleaner.exe
  • Under Main choose Select All
  • Uncheck cookies
  • Click the Empty Selected button
If you use Firefox web browser
  • Click Firefox at the top and choose: Select All
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Uncheck cookies
  • Click the Empty Selected button
If you use Opera web browser
  • Click Opera at the top and choose: Select All
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Uncheck cookies
  • Click the Empty Selected button
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did ATF run properly?
  • Combofix log
  • Any difference?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 hockeymom18

hockeymom18
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 03 January 2014 - 12:46 PM

ATF ran fine with no issues.

Combofix log is below. Still not change with playing videos

ComboFix 14-01-01.01 - Mark 01/03/2014 11:32:23.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7659.5913 [GMT -6:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-12-03 to 2014-01-03 )))))))))))))))))))))))))))))))
.
.
2014-01-03 17:40 . 2014-01-03 17:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-03 17:36 . 2014-01-03 17:36 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF6A4204-87B0-4090-AE25-87D7B5897694}\offreg.dll
2014-01-03 16:02 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF6A4204-87B0-4090-AE25-87D7B5897694}\mpengine.dll
2014-01-03 04:20 . 2014-01-03 04:20 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-12-27 22:55 . 2014-01-03 04:41 -------- d-----w- C:\FRST
2013-12-17 22:17 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-12-17 22:17 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-12-17 10:10 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-17 10:10 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-17 10:10 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-17 10:10 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-17 10:10 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-17 09:51 . 2013-11-26 09:41 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-12-17 09:46 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-12-17 09:20 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-12-17 09:20 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-12-17 09:20 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-12-17 09:20 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-12-17 09:20 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-12-17 09:20 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-12-17 09:20 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-12-17 09:07 . 2013-12-17 11:50 -------- d-----w- c:\windows\system32\MRT
2013-12-17 03:45 . 2013-12-17 03:45 -------- d-----w- c:\windows\ERUNT
2013-12-17 03:43 . 2013-12-17 03:43 -------- d-----w- c:\program files\Microsoft Silverlight
2013-12-17 03:43 . 2013-12-17 03:43 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-12-17 01:39 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-17 01:39 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-17 01:39 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-12-17 01:39 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2013-12-17 01:39 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-12-17 01:39 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-12-17 01:39 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2013-12-17 01:39 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2013-12-17 01:37 . 2013-08-02 02:14 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-12-17 01:36 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2013-12-17 01:36 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2013-12-17 01:36 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-12-17 01:36 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2013-12-17 01:36 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-12-17 01:36 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-12-17 01:36 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-12-17 01:36 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-12-17 01:36 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-12-17 01:36 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-12-17 00:40 . 2013-12-17 00:42 -------- d-----w- C:\AdwCleaner
2013-12-14 17:51 . 2013-12-14 17:51 -------- d-----w- c:\programdata\Oracle
2013-12-14 03:51 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-12-14 03:45 . 2013-12-14 03:45 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-12-14 03:44 . 2013-12-14 03:44 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2013-12-14 03:44 . 2013-12-14 03:44 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-12-14 03:44 . 2013-12-14 03:44 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-12-14 03:44 . 2013-12-14 03:44 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-12-14 03:44 . 2013-12-14 03:44 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-12-14 03:44 . 2013-12-14 03:44 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-12-14 03:41 . 2013-12-14 03:41 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-12-14 03:41 . 2013-12-14 03:41 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-12-14 03:18 . 2013-12-14 03:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-14 03:18 . 2013-12-14 03:18 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-13 12:02 . 2013-12-13 12:02 -------- d-----w- c:\program files\iPod
2013-12-13 12:02 . 2013-12-13 12:03 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-13 12:02 . 2013-12-13 12:03 -------- d-----w- c:\program files\iTunes
2013-12-13 12:02 . 2013-12-13 12:03 -------- d-----w- c:\program files (x86)\iTunes
2013-12-13 11:57 . 2013-12-13 11:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-12-13 11:57 . 2013-12-13 11:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-12-13 11:57 . 2013-12-13 11:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-12-13 11:57 . 2013-12-13 11:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-12-13 11:57 . 2013-12-13 11:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-12-13 11:56 . 2013-12-13 11:57 -------- d-----w- c:\program files (x86)\QuickTime
2013-12-13 02:01 . 2013-12-13 02:01 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-17 09:02 . 2012-03-20 22:14 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-12-17 09:00 . 2012-03-20 22:14 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-12-17 09:00 . 2012-03-20 22:13 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-12-14 03:45 . 2013-12-14 03:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-12-01 20:42 . 2011-10-22 04:18 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-19 09:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries &amp; legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"AccelerometerSysTrayApplet"="c:\program files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe" [2011-05-27 77112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-09-03 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-14 03:18]
.
2014-01-03 c:\windows\Tasks\HPCeeScheduleForMark.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-04-22 1128448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2013-12-13 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run- - (no file)
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3106521238-861850364-1049430054-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,26,50,f5,5b,6e,ac,ca,45,a0,14,2f,16,06,43,ce,a0,2b,32,71,83,6e,8f,
63,a2,44,48,53,a1,eb,cb,ee,d2,03,c8,b4,28,0d,c4,fb,37,53,f4,7d,cc,f7,62,f5,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-03 11:43:40
ComboFix-quarantined-files.txt 2014-01-03 17:43
ComboFix2.txt 2013-12-17 03:34
.
Pre-Run: 443,516,350,464 bytes free
Post-Run: 443,123,064,832 bytes free
.
- - End Of File - - 25A7D0BB6F37E15B253F129FC9372B0C
A36C5E4F47E84449FF07ED3517B43A31

Edited by hockeymom18, 03 January 2014 - 12:46 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users