Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dllhost.exe*32 COM surrogate runs multiple times = CPU at 100%


  • This topic is locked This topic is locked
13 replies to this topic

#1 Mama27

Mama27

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 23 March 2014 - 04:36 PM

Hello,  My computer has a virus/malware that causes multiple instances of Dllhost.exe*32 to run.  This uses up all memory and causes my computer to be useless because nothing can run or load due to no memory available.  Any help in correcting this would be appreciated.

 

Attached File  attach.txt   6.28KB   0 downloadsDDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by Admin at 15:38:33 on 2014-03-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3895.1802 [GMT -5:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\syswow64\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.dell.com
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: <No Name>: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - <orphaned>
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{F92D268F-9EAB-4100-8212-306C0F51FFDA} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{FD041DBE-5B7D-4638-A6B9-44967D2AC201} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{FD041DBE-5B7D-4638-A6B9-44967D2AC201}\144545430303 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FD041DBE-5B7D-4638-A6B9-44967D2AC201}\E454457454142502331383 : DHCPNameServer = 10.0.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2013-11-16 29792]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-6-6 178272]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-11-16 214512]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-16 2320920]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-6-7 174848]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-6-16 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-6-2 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-6-2 289280]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-11-16 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-11-16 29280]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-6-16 250984]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-8 1255736]
S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2014-2-12 115296]
.
=============== Created Last 30 ================
.
2014-03-22 16:26:50 -------- d-----w- C:\Program Files (x86)\Runtime Software
2014-03-12 23:48:01 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 23:48:01 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-02-27 17:51:46 -------- d-----w- C:\Windows\Migration
.
==================== Find3M  ====================
.
2014-03-12 22:34:56 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 22:34:56 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-18 19:18:31 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2014-02-18 19:18:30 115296 ----a-w- C:\Windows\System32\drivers\klflt.sys
2014-02-12 07:55:03 178272 ----a-w- C:\Windows\System32\drivers\kneps.sys
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
.
============= FINISH: 15:38:45.08 ===============

Attached File  attach.txt   6.28KB   0 downloads
 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 24 March 2014 - 10:59 AM

Hello,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 Mama27

Mama27
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 26 March 2014 - 11:11 PM

Thank you for your response!!  Here are my scan results...

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Admin (administrator) on JACKIE-PC on 26-03-2014 23:02:06
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Rhapsody International Inc.) C:\Program Files (x86)\Rhapsody\rhapsody.exe
(Microsoft Corporation) C:\Windows\system32\LogonUI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-19] (Microsoft Corporation)
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Run: [sethfWrp] - C:\Users\Jackie\AppData\Local\Temp\bthulace.exe <===== ATTENTION
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\system: [DisableClock] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [DisableCMD] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWB] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWC] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWD] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWE] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWF] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWG] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWH] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWI] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWJ] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWK] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWL] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWM] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWN] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWO] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWP] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWQ] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWR] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWS] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWT] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWU] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWV] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWW] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWX] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWY] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWZ] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\MountPoints2: {39cbb3df-9833-11e0-8fda-a4badbde9c1b} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\wow.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\system: [DisableClock] 1
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [NoControlPanel] 1
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [NoRun] 1
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [DisableCMD] 1
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWB] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWC] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWD] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWE] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWF] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWG] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWH] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWI] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWJ] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWK] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWL] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWM] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWN] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWO] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWP] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWQ] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWR] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWS] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWT] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWU] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWV] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWW] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWX] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWY] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\Policies\Explorer: [LWZ] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1004\...\MountPoints2: {39cbb3df-9833-11e0-8fda-a4badbde9c1b} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1349327015-547616561-364532361-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1349327015-547616561-364532361-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk ->  (No File)
GroupPolicyUsers\S-1-5-21-1349327015-547616561-364532361-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: No Name - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-11-16] (Kaspersky Lab ZAO)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-17] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-16] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-02-18] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [624224 2014-02-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-11-16] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-16] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-02-12] (Kaspersky Lab ZAO)
S2 MCSTRM; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-26 23:01 - 2014-03-26 23:02 - 00000000 ____D () C:\FRST
2014-03-23 15:43 - 2014-03-23 15:43 - 00006434 _____ () C:\Users\Public\Documents\attach.txt
2014-03-23 15:42 - 2014-03-23 15:42 - 00015283 _____ () C:\Users\Public\Documents\DDS.txt
2014-03-23 15:39 - 2014-03-23 15:39 - 00015283 _____ () C:\Users\Admin\Documents\DDS.txt
2014-03-23 15:36 - 2014-03-23 15:39 - 00006434 _____ () C:\Users\Admin\Documents\attach.txt
2014-03-23 15:06 - 2014-03-23 14:46 - 00688992 ____R (Swearware) C:\Users\Public\dds.com
2014-03-23 14:48 - 2014-03-23 14:48 - 00017568 _____ () C:\Users\Admin\Desktop\DDS.htm
2014-03-23 14:45 - 2014-03-23 14:46 - 00688992 _____ (Swearware) C:\Users\Admin\Desktop\dds.com
2014-03-23 14:44 - 2014-03-23 15:38 - 00015283 _____ () C:\Users\Admin\Desktop\dds.txt
2014-03-23 14:44 - 2014-03-23 15:38 - 00006434 _____ () C:\Users\Admin\Desktop\attach.txt
2014-03-23 14:22 - 2014-03-23 14:23 - 00280672 _____ () C:\Windows\Minidump\032314-16177-01.dmp
2014-03-22 15:09 - 2014-03-22 17:20 - 452351639 _____ () C:\Users\Admin\Documents\Drive_C.153
2014-03-22 15:07 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.152
2014-03-22 15:06 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.151
2014-03-22 15:05 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.150
2014-03-22 15:03 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.149
2014-03-22 15:02 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.148
2014-03-22 15:01 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.147
2014-03-22 15:00 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.146
2014-03-22 14:59 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.145
2014-03-22 14:58 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.144
2014-03-22 14:57 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.143
2014-03-22 14:56 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.142
2014-03-22 14:54 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.141
2014-03-22 14:53 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.140
2014-03-22 14:52 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.139
2014-03-22 14:51 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.138
2014-03-22 14:50 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.137
2014-03-22 14:48 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.136
2014-03-22 14:47 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.135
2014-03-22 14:46 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.134
2014-03-22 14:45 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.133
2014-03-22 14:44 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.132
2014-03-22 14:43 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.131
2014-03-22 14:42 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.130
2014-03-22 14:41 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.129
2014-03-22 14:40 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.128
2014-03-22 14:39 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.127
2014-03-22 14:38 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.126
2014-03-22 14:37 - 2014-03-22 14:39 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.125
2014-03-22 14:36 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.124
2014-03-22 14:35 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.123
2014-03-22 14:34 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.122
2014-03-22 14:33 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.121
2014-03-22 14:32 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.120
2014-03-22 14:30 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.119
2014-03-22 14:29 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.118
2014-03-22 14:28 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.117
2014-03-22 14:27 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.116
2014-03-22 14:26 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.115
2014-03-22 14:25 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.114
2014-03-22 14:24 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.113
2014-03-22 14:23 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.112
2014-03-22 14:22 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.111
2014-03-22 14:21 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.110
2014-03-22 14:20 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.109
2014-03-22 14:19 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.108
2014-03-22 14:18 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.107
2014-03-22 14:16 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.106
2014-03-22 14:16 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.105
2014-03-22 14:15 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.104
2014-03-22 14:14 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.103
2014-03-22 14:13 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.102
2014-03-22 14:12 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.101
2014-03-22 14:12 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.100
2014-03-22 14:11 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.099
2014-03-22 14:10 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.098
2014-03-22 14:09 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.097
2014-03-22 14:08 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.096
2014-03-22 14:08 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.095
2014-03-22 14:07 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.094
2014-03-22 14:06 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.093
2014-03-22 14:05 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.092
2014-03-22 14:05 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.091
2014-03-22 14:04 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.090
2014-03-22 14:03 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.089
2014-03-22 14:02 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.088
2014-03-22 14:01 - 2014-03-22 14:02 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.087
2014-03-22 14:00 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.086
2014-03-22 14:00 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.085
2014-03-22 13:59 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.084
2014-03-22 13:58 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.083
2014-03-22 13:57 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.082
2014-03-22 13:56 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.081
2014-03-22 13:56 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.080
2014-03-22 13:55 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.079
2014-03-22 13:54 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.078
2014-03-22 13:53 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.077
2014-03-22 13:52 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.076
2014-03-22 13:51 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.075
2014-03-22 13:51 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.074
2014-03-22 13:50 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.073
2014-03-22 13:49 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.072
2014-03-22 13:48 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.071
2014-03-22 13:47 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.070
2014-03-22 13:46 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.069
2014-03-22 13:45 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.068
2014-03-22 13:44 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.067
2014-03-22 13:43 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.066
2014-03-22 13:42 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.065
2014-03-22 13:41 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.064
2014-03-22 13:40 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.063
2014-03-22 13:39 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.062
2014-03-22 13:38 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.061
2014-03-22 13:37 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.060
2014-03-22 13:36 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.059
2014-03-22 13:35 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.058
2014-03-22 13:35 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.057
2014-03-22 13:33 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.056
2014-03-22 13:33 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.055
2014-03-22 13:32 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.054
2014-03-22 13:31 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.053
2014-03-22 13:30 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.052
2014-03-22 13:29 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.051
2014-03-22 13:28 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.050
2014-03-22 13:27 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.049
2014-03-22 12:17 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.048
2014-03-22 12:16 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.047
2014-03-22 12:15 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.046
2014-03-22 12:14 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.045
2014-03-22 12:13 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.044
2014-03-22 12:12 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.043
2014-03-22 12:11 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.042
2014-03-22 12:10 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.041
2014-03-22 12:09 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.040
2014-03-22 12:08 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.039
2014-03-22 12:07 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.038
2014-03-22 12:07 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.037
2014-03-22 12:06 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.036
2014-03-22 12:05 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.035
2014-03-22 12:04 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.034
2014-03-22 12:03 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.033
2014-03-22 12:02 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.032
2014-03-22 12:00 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.031
2014-03-22 12:00 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.030
2014-03-22 11:59 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.029
2014-03-22 11:58 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.028
2014-03-22 11:57 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.027
2014-03-22 11:56 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.026
2014-03-22 11:55 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.025
2014-03-22 11:54 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.024
2014-03-22 11:53 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.023
2014-03-22 11:52 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.022
2014-03-22 11:52 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.021
2014-03-22 11:52 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.020
2014-03-22 11:51 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.019
2014-03-22 11:50 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.018
2014-03-22 11:49 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.017
2014-03-22 11:48 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.016
2014-03-22 11:47 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.015
2014-03-22 11:46 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.014
2014-03-22 11:45 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.013
2014-03-22 11:44 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.012
2014-03-22 11:43 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.011
2014-03-22 11:42 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.010
2014-03-22 11:41 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.009
2014-03-22 11:40 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.008
2014-03-22 11:39 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.007
2014-03-22 11:39 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.006
2014-03-22 11:38 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.005
2014-03-22 11:36 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.004
2014-03-22 11:34 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.003
2014-03-22 11:33 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.002
2014-03-22 11:32 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.001
2014-03-22 11:30 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.dat
2014-03-22 11:30 - 2014-03-22 17:20 - 456739629 _____ () C:\Users\Admin\Documents\Drive_C.xml
2014-03-22 11:26 - 2014-03-22 11:26 - 00001109 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk
2014-03-22 11:26 - 2014-03-22 11:26 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-03-22 11:25 - 2014-03-22 11:25 - 02026456 _____ () C:\Users\Admin\Downloads\dixmlsetup.exe
2014-03-22 11:22 - 2014-03-22 11:22 - 00000401 _____ () C:\Users\Admin\Desktop\Set up family computer for Internet  Rarst.net.website
2014-03-12 18:52 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 18:52 - 2014-03-01 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 18:52 - 2014-03-01 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 18:52 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 18:52 - 2014-02-28 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 18:52 - 2014-02-28 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 18:52 - 2014-02-28 23:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 18:52 - 2014-02-28 23:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 18:52 - 2014-02-28 23:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 18:52 - 2014-02-28 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 18:52 - 2014-02-28 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 18:52 - 2014-02-28 23:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 18:52 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 18:52 - 2014-02-28 23:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 18:52 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 18:52 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 18:52 - 2014-02-28 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 18:52 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 18:52 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 18:52 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 18:52 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 18:52 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 18:52 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 18:52 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 18:52 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 18:52 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 18:52 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 18:52 - 2014-02-28 22:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 18:52 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 18:52 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 18:52 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 18:52 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 18:52 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 18:52 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 18:52 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 18:52 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 18:52 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 18:52 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 18:52 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 18:52 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 18:52 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 18:52 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 18:52 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 18:52 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 18:52 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 18:52 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 18:48 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 18:48 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-04 15:21 - 2014-03-04 15:21 - 00000000 ____D () C:\Users\RosettaStone Spanish\AppData\Roaming\Yahoo!
2014-03-04 15:21 - 2014-03-04 15:21 - 00000000 ____D () C:\Users\RosettaStone Spanish\AppData\Local\Yahoo
2014-03-03 14:33 - 2014-03-03 14:33 - 00002332 _____ () C:\Users\RosettaStone Spanish\Desktop\Safe Money.lnk
2014-02-27 12:56 - 2014-02-28 14:25 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

==================== One Month Modified Files and Folders =======

2014-03-26 23:02 - 2014-03-26 23:01 - 00000000 ____D () C:\FRST
2014-03-26 23:01 - 2009-07-14 00:10 - 01517143 _____ () C:\Windows\WindowsUpdate.log
2014-03-26 23:00 - 2014-02-10 08:56 - 00870128 _____ () C:\Users\RosettaStone Spanish\AppData\Roaming\mcs.rma
2014-03-26 23:00 - 2014-02-10 08:56 - 00000004 _____ () C:\Users\RosettaStone Spanish\AppData\Roaming\12518E
2014-03-26 23:00 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-26 23:00 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-26 22:50 - 2012-04-09 07:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-24 03:07 - 2014-02-12 02:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-24 03:07 - 2013-12-07 22:43 - 00009352 _____ () C:\Windows\setupact.log
2014-03-24 03:07 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-23 15:43 - 2014-03-23 15:43 - 00006434 _____ () C:\Users\Public\Documents\attach.txt
2014-03-23 15:42 - 2014-03-23 15:42 - 00015283 _____ () C:\Users\Public\Documents\DDS.txt
2014-03-23 15:39 - 2014-03-23 15:39 - 00015283 _____ () C:\Users\Admin\Documents\DDS.txt
2014-03-23 15:39 - 2014-03-23 15:36 - 00006434 _____ () C:\Users\Admin\Documents\attach.txt
2014-03-23 15:38 - 2014-03-23 14:44 - 00015283 _____ () C:\Users\Admin\Desktop\dds.txt
2014-03-23 15:38 - 2014-03-23 14:44 - 00006434 _____ () C:\Users\Admin\Desktop\attach.txt
2014-03-23 15:10 - 2013-04-20 03:44 - 01551360 ___SH () C:\Users\Jackie\Desktop\Thumbs.db
2014-03-23 14:48 - 2014-03-23 14:48 - 00017568 _____ () C:\Users\Admin\Desktop\DDS.htm
2014-03-23 14:46 - 2014-03-23 15:06 - 00688992 ____R (Swearware) C:\Users\Public\dds.com
2014-03-23 14:46 - 2014-03-23 14:45 - 00688992 _____ (Swearware) C:\Users\Admin\Desktop\dds.com
2014-03-23 14:23 - 2014-03-23 14:22 - 00280672 _____ () C:\Windows\Minidump\032314-16177-01.dmp
2014-03-23 14:22 - 2014-01-29 22:09 - 227416162 _____ () C:\Windows\MEMORY.DMP
2014-03-23 14:22 - 2013-09-27 16:47 - 00000000 ____D () C:\Windows\Minidump
2014-03-22 17:20 - 2014-03-22 15:09 - 452351639 _____ () C:\Users\Admin\Documents\Drive_C.153
2014-03-22 17:20 - 2014-03-22 15:07 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.152
2014-03-22 17:20 - 2014-03-22 15:06 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.151
2014-03-22 17:20 - 2014-03-22 15:05 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.150
2014-03-22 17:20 - 2014-03-22 15:03 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.149
2014-03-22 17:20 - 2014-03-22 15:02 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.148
2014-03-22 17:20 - 2014-03-22 15:01 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.147
2014-03-22 17:20 - 2014-03-22 15:00 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.146
2014-03-22 17:20 - 2014-03-22 14:59 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.145
2014-03-22 17:20 - 2014-03-22 14:58 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.144
2014-03-22 17:20 - 2014-03-22 14:57 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.143
2014-03-22 17:20 - 2014-03-22 14:56 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.142
2014-03-22 17:20 - 2014-03-22 14:54 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.141
2014-03-22 17:20 - 2014-03-22 14:53 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.140
2014-03-22 17:20 - 2014-03-22 14:52 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.139
2014-03-22 17:20 - 2014-03-22 14:51 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.138
2014-03-22 17:20 - 2014-03-22 14:50 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.137
2014-03-22 17:20 - 2014-03-22 14:48 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.136
2014-03-22 17:20 - 2014-03-22 14:47 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.135
2014-03-22 17:20 - 2014-03-22 14:46 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.134
2014-03-22 17:20 - 2014-03-22 14:45 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.133
2014-03-22 17:20 - 2014-03-22 14:44 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.132
2014-03-22 17:20 - 2014-03-22 14:43 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.131
2014-03-22 17:20 - 2014-03-22 14:42 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.130
2014-03-22 17:20 - 2014-03-22 14:41 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.129
2014-03-22 17:20 - 2014-03-22 14:40 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.128
2014-03-22 17:20 - 2014-03-22 14:39 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.127
2014-03-22 17:20 - 2014-03-22 14:38 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.126
2014-03-22 17:20 - 2014-03-22 14:36 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.124
2014-03-22 17:20 - 2014-03-22 14:35 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.123
2014-03-22 17:20 - 2014-03-22 14:34 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.122
2014-03-22 17:20 - 2014-03-22 14:33 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.121
2014-03-22 17:20 - 2014-03-22 14:32 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.120
2014-03-22 17:20 - 2014-03-22 14:30 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.119
2014-03-22 17:20 - 2014-03-22 14:29 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.118
2014-03-22 17:20 - 2014-03-22 14:28 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.117
2014-03-22 17:20 - 2014-03-22 14:27 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.116
2014-03-22 17:20 - 2014-03-22 14:26 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.115
2014-03-22 17:20 - 2014-03-22 14:25 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.114
2014-03-22 17:20 - 2014-03-22 14:24 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.113
2014-03-22 17:20 - 2014-03-22 14:23 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.112
2014-03-22 17:20 - 2014-03-22 14:22 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.111
2014-03-22 17:20 - 2014-03-22 14:21 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.110
2014-03-22 17:20 - 2014-03-22 14:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.109
2014-03-22 17:20 - 2014-03-22 14:19 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.108
2014-03-22 17:20 - 2014-03-22 14:18 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.107
2014-03-22 17:20 - 2014-03-22 14:16 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.106
2014-03-22 17:20 - 2014-03-22 14:16 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.105
2014-03-22 17:20 - 2014-03-22 14:15 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.104
2014-03-22 17:20 - 2014-03-22 14:14 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.103
2014-03-22 17:20 - 2014-03-22 14:13 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.102
2014-03-22 17:20 - 2014-03-22 14:12 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.101
2014-03-22 17:20 - 2014-03-22 14:12 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.100
2014-03-22 17:20 - 2014-03-22 14:11 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.099
2014-03-22 17:20 - 2014-03-22 14:10 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.098
2014-03-22 17:20 - 2014-03-22 14:09 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.097
2014-03-22 17:20 - 2014-03-22 14:08 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.096
2014-03-22 17:20 - 2014-03-22 14:08 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.095
2014-03-22 17:20 - 2014-03-22 14:07 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.094
2014-03-22 17:20 - 2014-03-22 14:06 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.093
2014-03-22 17:20 - 2014-03-22 14:05 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.092
2014-03-22 17:20 - 2014-03-22 14:05 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.091
2014-03-22 17:20 - 2014-03-22 14:04 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.090
2014-03-22 17:20 - 2014-03-22 14:03 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.089
2014-03-22 17:20 - 2014-03-22 14:02 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.088
2014-03-22 17:20 - 2014-03-22 14:00 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.086
2014-03-22 17:20 - 2014-03-22 14:00 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.085
2014-03-22 17:20 - 2014-03-22 13:59 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.084
2014-03-22 17:20 - 2014-03-22 13:58 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.083
2014-03-22 17:20 - 2014-03-22 13:57 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.082
2014-03-22 17:20 - 2014-03-22 13:56 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.081
2014-03-22 17:20 - 2014-03-22 13:56 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.080
2014-03-22 17:20 - 2014-03-22 13:55 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.079
2014-03-22 17:20 - 2014-03-22 13:54 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.078
2014-03-22 17:20 - 2014-03-22 13:53 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.077
2014-03-22 17:20 - 2014-03-22 13:52 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.076
2014-03-22 17:20 - 2014-03-22 13:51 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.075
2014-03-22 17:20 - 2014-03-22 13:51 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.074
2014-03-22 17:20 - 2014-03-22 13:50 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.073
2014-03-22 17:20 - 2014-03-22 13:49 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.072
2014-03-22 17:20 - 2014-03-22 13:48 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.071
2014-03-22 17:20 - 2014-03-22 13:47 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.070
2014-03-22 17:20 - 2014-03-22 13:46 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.069
2014-03-22 17:20 - 2014-03-22 13:45 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.068
2014-03-22 17:20 - 2014-03-22 13:44 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.067
2014-03-22 17:20 - 2014-03-22 13:43 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.066
2014-03-22 17:20 - 2014-03-22 13:42 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.065
2014-03-22 17:20 - 2014-03-22 13:41 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.064
2014-03-22 17:20 - 2014-03-22 13:40 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.063
2014-03-22 17:20 - 2014-03-22 13:39 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.062
2014-03-22 17:20 - 2014-03-22 13:38 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.061
2014-03-22 17:20 - 2014-03-22 13:37 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.060
2014-03-22 17:20 - 2014-03-22 13:36 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.059
2014-03-22 17:20 - 2014-03-22 13:35 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.058
2014-03-22 17:20 - 2014-03-22 13:35 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.057
2014-03-22 17:20 - 2014-03-22 13:33 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.056
2014-03-22 17:20 - 2014-03-22 13:33 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.055
2014-03-22 17:20 - 2014-03-22 13:32 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.054
2014-03-22 17:20 - 2014-03-22 13:31 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.053
2014-03-22 17:20 - 2014-03-22 13:30 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.052
2014-03-22 17:20 - 2014-03-22 13:29 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.051
2014-03-22 17:20 - 2014-03-22 13:28 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.050
2014-03-22 17:20 - 2014-03-22 13:27 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.049
2014-03-22 17:20 - 2014-03-22 12:17 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.048
2014-03-22 17:20 - 2014-03-22 12:16 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.047
2014-03-22 17:20 - 2014-03-22 12:15 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.046
2014-03-22 17:20 - 2014-03-22 12:14 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.045
2014-03-22 17:20 - 2014-03-22 12:13 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.044
2014-03-22 17:20 - 2014-03-22 12:12 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.043
2014-03-22 17:20 - 2014-03-22 12:11 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.042
2014-03-22 17:20 - 2014-03-22 12:10 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.041
2014-03-22 17:20 - 2014-03-22 12:09 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.040
2014-03-22 17:20 - 2014-03-22 12:08 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.039
2014-03-22 17:20 - 2014-03-22 12:07 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.038
2014-03-22 17:20 - 2014-03-22 12:07 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.037
2014-03-22 17:20 - 2014-03-22 12:06 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.036
2014-03-22 17:20 - 2014-03-22 12:05 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.035
2014-03-22 17:20 - 2014-03-22 12:04 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.034
2014-03-22 17:20 - 2014-03-22 12:03 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.033
2014-03-22 17:20 - 2014-03-22 12:02 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.032
2014-03-22 17:20 - 2014-03-22 12:00 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.031
2014-03-22 17:20 - 2014-03-22 12:00 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.030
2014-03-22 17:20 - 2014-03-22 11:59 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.029
2014-03-22 17:20 - 2014-03-22 11:58 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.028
2014-03-22 17:20 - 2014-03-22 11:57 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.027
2014-03-22 17:20 - 2014-03-22 11:56 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.026
2014-03-22 17:20 - 2014-03-22 11:55 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.025
2014-03-22 17:20 - 2014-03-22 11:54 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.024
2014-03-22 17:20 - 2014-03-22 11:53 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.023
2014-03-22 17:20 - 2014-03-22 11:52 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.022
2014-03-22 17:20 - 2014-03-22 11:52 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.021
2014-03-22 17:20 - 2014-03-22 11:52 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.020
2014-03-22 17:20 - 2014-03-22 11:51 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.019
2014-03-22 17:20 - 2014-03-22 11:50 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.018
2014-03-22 17:20 - 2014-03-22 11:49 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.017
2014-03-22 17:20 - 2014-03-22 11:48 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.016
2014-03-22 17:20 - 2014-03-22 11:47 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.015
2014-03-22 17:20 - 2014-03-22 11:46 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.014
2014-03-22 17:20 - 2014-03-22 11:45 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.013
2014-03-22 17:20 - 2014-03-22 11:44 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.012
2014-03-22 17:20 - 2014-03-22 11:43 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.011
2014-03-22 17:20 - 2014-03-22 11:42 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.010
2014-03-22 17:20 - 2014-03-22 11:41 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.009
2014-03-22 17:20 - 2014-03-22 11:40 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.008
2014-03-22 17:20 - 2014-03-22 11:39 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.007
2014-03-22 17:20 - 2014-03-22 11:39 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.006
2014-03-22 17:20 - 2014-03-22 11:38 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.005
2014-03-22 17:20 - 2014-03-22 11:36 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.004
2014-03-22 17:20 - 2014-03-22 11:34 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.003
2014-03-22 17:20 - 2014-03-22 11:33 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.002
2014-03-22 17:20 - 2014-03-22 11:32 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.001
2014-03-22 17:20 - 2014-03-22 11:30 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.dat
2014-03-22 17:20 - 2014-03-22 11:30 - 456739629 _____ () C:\Users\Admin\Documents\Drive_C.xml
2014-03-22 14:39 - 2014-03-22 14:37 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.125
2014-03-22 14:02 - 2014-03-22 14:01 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.087
2014-03-22 11:26 - 2014-03-22 11:26 - 00001109 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk
2014-03-22 11:26 - 2014-03-22 11:26 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-03-22 11:25 - 2014-03-22 11:25 - 02026456 _____ () C:\Users\Admin\Downloads\dixmlsetup.exe
2014-03-22 11:22 - 2014-03-22 11:22 - 00000401 _____ () C:\Users\Admin\Desktop\Set up family computer for Internet  Rarst.net.website
2014-03-22 11:06 - 2012-10-28 21:53 - 00000632 __RSH () C:\Users\Admin\ntuser.pol
2014-03-22 11:06 - 2012-10-28 21:53 - 00000000 ____D () C:\Users\Admin
2014-03-22 01:20 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-19 07:11 - 2013-08-14 20:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 07:10 - 2011-06-17 07:28 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 12:54 - 2012-01-10 22:51 - 05345280 _____ () C:\Users\Jackie\Documents\My Money.mny
2014-03-17 12:54 - 2011-06-28 22:18 - 05346968 ____R () C:\Users\Jackie\Documents\My Money Backup.mbf
2014-03-13 08:54 - 2009-07-13 23:45 - 00428240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 08:52 - 2013-03-13 23:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 08:52 - 2013-03-13 23:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 17:34 - 2012-04-09 07:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 17:34 - 2012-04-09 07:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 17:34 - 2011-06-15 20:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-09 23:41 - 2013-03-21 21:19 - 00870128 _____ () C:\Users\Jackie\AppData\Roaming\mcs.rma
2014-03-09 23:41 - 2013-03-21 21:19 - 00000004 _____ () C:\Users\Jackie\AppData\Roaming\12518E
2014-03-05 12:26 - 2012-07-22 14:42 - 00000632 __RSH () C:\Users\Jackie\ntuser.pol
2014-03-05 12:26 - 2011-06-06 17:20 - 00000000 ____D () C:\Users\Jackie
2014-03-04 15:21 - 2014-03-04 15:21 - 00000000 ____D () C:\Users\RosettaStone Spanish\AppData\Roaming\Yahoo!
2014-03-04 15:21 - 2014-03-04 15:21 - 00000000 ____D () C:\Users\RosettaStone Spanish\AppData\Local\Yahoo
2014-03-04 15:19 - 2012-07-22 14:51 - 00076682 __RSH () C:\Users\RosettaStone Spanish\ntuser.pol
2014-03-04 15:19 - 2012-07-22 14:51 - 00000000 ____D () C:\Users\RosettaStone Spanish
2014-03-03 14:33 - 2014-03-03 14:33 - 00002332 _____ () C:\Users\RosettaStone Spanish\Desktop\Safe Money.lnk
2014-03-01 19:06 - 2013-05-03 15:14 - 00156160 ___SH () C:\Users\Jackie\Downloads\Thumbs.db
2014-03-01 01:05 - 2014-03-12 18:52 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 00:17 - 2014-03-12 18:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 00:16 - 2014-03-12 18:52 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 23:58 - 2014-03-12 18:52 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 23:52 - 2014-03-12 18:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 23:51 - 2014-03-12 18:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 23:42 - 2014-03-12 18:52 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 23:40 - 2014-03-12 18:52 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 23:37 - 2014-03-12 18:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 23:33 - 2014-03-12 18:52 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 23:33 - 2014-03-12 18:52 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 23:32 - 2014-03-12 18:52 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 23:30 - 2014-03-12 18:52 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 23:23 - 2014-03-12 18:52 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 23:17 - 2014-03-12 18:52 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 23:11 - 2014-03-12 18:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 23:02 - 2014-03-12 18:52 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 22:54 - 2014-03-12 18:52 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 22:52 - 2014-03-12 18:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 22:51 - 2014-03-12 18:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 22:47 - 2014-03-12 18:52 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 22:43 - 2014-03-12 18:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 22:43 - 2014-03-12 18:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 22:42 - 2014-03-12 18:52 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 22:40 - 2014-03-12 18:52 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 22:38 - 2014-03-12 18:52 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 22:37 - 2014-03-12 18:52 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 22:35 - 2014-03-12 18:52 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 22:18 - 2014-03-12 18:52 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 22:16 - 2014-03-12 18:52 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 22:14 - 2014-03-12 18:52 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 22:10 - 2014-03-12 18:52 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 22:03 - 2014-03-12 18:52 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 22:00 - 2014-03-12 18:52 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 21:57 - 2014-03-12 18:52 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 21:38 - 2014-03-12 18:52 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 21:32 - 2014-03-12 18:52 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 21:27 - 2014-03-12 18:52 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 21:25 - 2014-03-12 18:52 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 21:25 - 2014-03-12 18:52 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 14:25 - 2014-02-27 12:56 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 13:17 - 2014-02-12 19:11 - 00145282 _____ () C:\Windows\PFRO.log

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1349327015-547616561-364532361-1000\$10a142afd4df5087fcc81fab777a0086

Alureon:
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\wow.dll

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\IeSearchProvider8187811303789225223.exe
C:\Users\Admin\AppData\Local\Temp\updater_uninstall.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-20 03:49

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Admin at 2014-03-26 23:02:57
Running from F:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon MP3 Uploader (HKLM-x32\...\com.amazon.music.uploader) (Version: 1.0.5 - Amazon Services LLC)
Amazon MP3 Uploader (x32 Version: 1.0.5 - Amazon Services LLC) Hidden
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{8E8E1C64-85FA-4327-8D4B-11FC2BB5BDF6}) (Version: 0.8.29 - Kovid Goyal)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.0 build 3621  (Oct-10-2013) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.33 - Creative Technology Ltd)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.18 - Dell Inc.)
Fitness File (HKLM-x32\...\org.presidentschallenge.FitnessFile) (Version: 1.01 - UNKNOWN)
Fitness File (x32 Version: 1.01 - UNKNOWN) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Integrated Webcam (HKLM-x32\...\{DAEDC3F8-B156-4577-8339-80E098537741}) (Version: 1.0 - )
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Encarta Encyclopedia 2000 (HKLM-x32\...\Encarta Encyclopedia 2000 A) (Version:  - )
Microsoft Money 2003 (HKLM-x32\...\{01F9D88C-3C86-4E82-840A-101A3221F67A}) (Version: 11.0.50 - Microsoft)
Microsoft Money 2003 System Pack (HKLM-x32\...\{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}) (Version: 11.0.80 - Microsoft)
Microsoft Publisher 2000 (HKLM-x32\...\{00140409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM-x32\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0808 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rhapsody (HKLM-x32\...\Rhapsody) (Version:  - )
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WebSlingPlayer ActiveX (HKLM-x32\...\{2DC0661C-FF81-4358-9F33-76EA6CAB6BF6}) (Version: 1.5.15770 - Sling Media)
WebSlingPlayer ActiveX (HKLM-x32\...\{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}) (Version: 1.5.7158 - Sling Media)
Widevine Media Transformer Plugin 5.0.0 (HKLM-x32\...\transformer_ie) (Version: 5.0.0.4679 - Widevine Technologies)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Restore Points  =========================

13-03-2014 03:01:54 Windows Update
19-03-2014 12:09:45 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {03EF8C1E-678C-411C-9CDA-3FB5A8E7D0F0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {097DB525-1820-4F23-AB4D-5C4F83293950} - System32\Tasks\4764 => Wscript.exe C:\Users\Jackie\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {2C7AFE50-7C70-4AE4-9B8F-AD02E680C9A3} - System32\Tasks\JavaUpdateSched => %COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe
Task: {30EC1907-3B63-495F-95BC-5F07F25F028D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1349327015-547616561-364532361-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {39914D10-747E-4DF1-9072-591892B5B6CE} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {734424C8-A255-44E1-BFDC-8C2D6EFB656C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {85A9A22A-C2C5-4E94-B89F-02EAA742A450} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1349327015-547616561-364532361-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {89AB670F-0383-4989-A143-EF1FD7F8EE0A} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {E83869BD-56B5-4F7B-8619-479CD8B06DAC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2012-10-11 12:47 - 2008-03-07 16:18 - 00086016 _____ () C:\Program Files (x86)\Rhapsody\Plugins\aviwrtr.dll
2012-10-11 12:47 - 2011-09-23 17:17 - 00090112 _____ () C:\Program Files (x86)\Rhapsody\Plugins\i420render.dll
2012-10-11 12:47 - 2011-09-23 17:39 - 00143360 _____ () C:\Program Files (x86)\Rhapsody\Plugins\mp4wrtr.dll
2012-10-11 12:47 - 2011-09-23 14:49 - 00188416 _____ () C:\Program Files (x86)\Rhapsody\Update_OB\rset3210.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\RosettaStone Spanish\Desktop\Allrecipes.com.website:DESTICON_favicon729334964
AlternateDataStreams: C:\Users\RosettaStone Spanish\Desktop\Allrecipes.com.website:TASKICON_0favicon729334964
AlternateDataStreams: C:\Users\RosettaStone Spanish\Desktop\Allrecipes.com.website:TASKICON_1favicon-355691027
AlternateDataStreams: C:\Users\RosettaStone Spanish\Desktop\Allrecipes.com.website:TASKICON_2favicon-1704516397
AlternateDataStreams: C:\Users\RosettaStone Spanish\Desktop\Allrecipes.com.website:TASKICON_3favicon2052216002
AlternateDataStreams: C:\Users\RosettaStone Spanish\Desktop\Allrecipes.com.website:TASKICON_4favicon-433748701

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/26/2014 11:03:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00183244
Faulting process id: 0x1d70
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (03/26/2014 11:03:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001d3244
Faulting process id: 0x2368
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (03/26/2014 11:03:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001d3244
Faulting process id: 0xfa0
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (03/26/2014 11:03:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00333244
Faulting process id: 0x2244
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (03/26/2014 11:03:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00073244
Faulting process id: 0x21f4
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (03/26/2014 11:03:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00083244
Faulting process id: 0x588
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (03/26/2014 10:59:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00073244
Faulting process id: 0x1428
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (03/26/2014 10:58:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00073244
Faulting process id: 0x1238
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (03/26/2014 10:58:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000d3244
Faulting process id: 0x2470
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (03/26/2014 10:58:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00293244
Faulting process id: 0x1c0
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

System errors:
=============
Error: (03/26/2014 11:00:43 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/26/2014 11:00:42 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/26/2014 11:00:41 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/24/2014 03:07:35 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (03/24/2014 03:07:21 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:21:01 PM on ‎3/‎23/‎2014 was unexpected.

Error: (03/23/2014 05:03:19 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (03/23/2014 03:38:48 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (03/23/2014 02:29:24 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (03/23/2014 02:23:46 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

Error: (03/23/2014 02:23:27 PM) (Source: BugCheck) (User: )
Description: 0xc000021a (0xfffff8a0001bfc00, 0x00000000c0000189, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP032314-16177-01

Microsoft Office Sessions:
=========================
Error: (03/26/2014 11:03:51 PM) (Source: Application Error)(User: )
Description: iexplore0.0.0.04a5bc6b7unknown0.0.0.000000000c00000050029324421dc01cf49717d47432bc:\program files\internet explorer\iexploreunknowncdd3f778-b564-11e3-a813-a4badbde9c1b

Error: (03/26/2014 11:03:44 PM) (Source: Application Error)(User: )
Description: iexplore0.0.0.04a5bc6b7unknown0.0.0.000000000c0000005001832441d7001cf49717d44e1cbc:\program files\internet explorer\iexploreunknownc9bc99ff-b564-11e3-a813-a4badbde9c1b

Error: (03/26/2014 11:03:43 PM) (Source: Application Error)(User: )
Description: iexplore0.0.0.04a5bc6b7unknown0.0.0.000000000c0000005001d3244236801cf49717d38faeac:\program files\internet explorer\iexploreunknownc8e19b66-b564-11e3-a813-a4badbde9c1b

Error: (03/26/2014 11:03:41 PM) (Source: Application Error)(User: )
Description: iexplore0.0.0.04a5bc6b7unknown0.0.0.000000000c0000005001d3244fa001cf49717d3b5c4ac:\program files\internet explorer\iexploreunknownc7a50461-b564-11e3-a813-a4badbde9c1b

Error: (03/26/2014 11:03:39 PM) (Source: Application Error)(User: )
Description: iexplore0.0.0.04a5bc6b7unknown0.0.0.000000000c000000500333244224401cf49717d47432bc:\program files\internet explorer\iexploreunknownc66f917e-b564-11e3-a813-a4badbde9c1b

Error: (03/26/2014 11:03:36 PM) (Source: Application Error)(User: )
Description: iexplore0.0.0.04a5bc6b7unknown0.0.0.000000000c00000050007324421f401cf49717d3b5c4ac:\program files\internet explorer\iexploreunknownc4e20bb0-b564-11e3-a813-a4badbde9c1b

Error: (03/26/2014 11:03:36 PM) (Source: Application Error)(User: )
Description: iexplore0.0.0.04a5bc6b7unknown0.0.0.000000000c00000050008324458801cf49717d49a48bc:\program files\internet explorer\iexploreunknownc4d3c36e-b564-11e3-a813-a4badbde9c1b

Error: (03/26/2014 10:59:24 PM) (Source: Application Error)(User: )
Description: iexplore0.0.0.04a5bc6b7unknown0.0.0.000000000c000000500073244142801cf4970e385dd71c:\program files\internet explorer\iexploreunknown2e584215-b564-11e3-a813-a4badbde9c1b

Error: (03/26/2014 10:58:58 PM) (Source: Application Error)(User: )
Description: iexplore0.0.0.04a5bc6b7unknown0.0.0.000000000c000000500073244123801cf497083845e42c:\program files\internet explorer\iexploreunknown1f3501d7-b564-11e3-a813-a4badbde9c1b

Error: (03/26/2014 10:58:29 PM) (Source: Application Error)(User: )
Description: iexplore0.0.0.04a5bc6b7unknown0.0.0.000000000c0000005000d3244247001cf4970c9b370d6c:\program files\internet explorer\iexploreunknown0e191ddf-b564-11e3-a813-a4badbde9c1b

CodeIntegrity Errors:
===================================
  Date: 2014-03-24 03:39:36.326
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-24 03:39:36.311
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-24 03:39:36.311
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-24 03:39:36.295
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-24 03:39:36.295
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-24 03:39:36.295
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 13:00:32.278
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 13:00:32.278
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 13:00:32.263
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 13:00:32.263
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 57%
Total physical RAM: 3894.56 MB
Available physical RAM: 1644.95 MB
Total Pagefile: 7787.3 MB
Available Pagefile: 5158.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:286.52 GB) (Free:80.44 GB) NTFS
Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:7.47 GB) (Free:3.57 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: F0000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 3238F2A3)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 27 March 2014 - 05:46 AM

Ok, let's delete the malware then:


Step 1

Please download this attached Attached File  fixlist.txt   1006bytes   6 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 Mama27

Mama27
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 30 March 2014 - 07:31 PM

Step 1

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Admin at 2014-03-30 19:17:54 Run:1
Running from F:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(Microsoft Corporation) C:\Windows\syswow64\svchost.exe
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Run: [sethfWrp] - C:\Users\Jackie\AppData\Local\Temp\bthulace.exe <===== ATTENTION
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\wow.dll ATTENTION! ====> ZeroAccess?
2014-03-09 23:41 - 2013-03-21 21:19 - 00870128 _____ () C:\Users\Jackie\AppData\Roaming\mcs.rma
2014-03-09 23:41 - 2013-03-21 21:19 - 00000004 _____ () C:\Users\Jackie\AppData\Roaming\12518E
C:\Users\Jackie\AppData\Local\Temp\swpcxdo
C:\$Recycle.Bin\S-1-5-21-1349327015-547616561-364532361-1000\$10a142afd4df5087fcc81fab777a0086
Task: {097DB525-1820-4F23-AB4D-5C4F83293950} - System32\Tasks\4764 => Wscript.exe C:\Users\Jackie\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {39914D10-747E-4DF1-9072-591892B5B6CE} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Reboot:
*****************

C:\Windows\syswow64\svchost.exe => No running process found
HKU\S-1-5-21-1349327015-547616561-364532361-1000\Software\Microsoft\Windows\CurrentVersion\Run\\sethfWrp => Value deleted successfully.
HKU\S-1-5-21-1349327015-547616561-364532361-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
C:\Users\Jackie\AppData\Roaming\mcs.rma => Moved successfully.
C:\Users\Jackie\AppData\Roaming\12518E => Moved successfully.

"C:\Users\Jackie\AppData\Local\Temp\swpcxdo" directory move:

C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp1035.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp1050.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp107D.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp1351.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp1531.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp15E1.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp160.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp1601.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp1810.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp18C8.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp193E.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp19AC.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp1A1.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp1A5B.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp1AB8.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp1B62.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp1BBB.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp1BD9.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp1C14.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp1D40.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp1D6D.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp2298.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp235E.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp2498.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp2511.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp25DE.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp2680.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp268B.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp274C.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp275C.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp2780.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp27B4.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp28CC.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp2D2B.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp2D7A.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp2F02.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp2FE7.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp3146.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp3299.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp3364.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp3541.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp366C.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp37C9.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp3888.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp3897.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp389C.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp38B7.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp38BE.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp3ACC.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp3C1C.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp3C68.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp3E49.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp3F72.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp3FB6.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp3FFE.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp4035.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp4039.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp41E2.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp420A.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp44D7.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp4632.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp4633.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp46E2.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp49A8.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp4A01.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp4A02.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp4A5.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp4A57.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp4A7E.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp4AAB.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp4AB5.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp4B6.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp4E3A.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp4E96.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp50B6.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp5189.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp5214.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp5270.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp529A.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp52A.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp54B.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp54F2.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp55B.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp563.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp5683.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp568C.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp56C3.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp573B.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp57E9.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp5A48.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp5B2F.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp5B4B.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp5C2F.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp5C38.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp5C7B.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp5CC4.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp5DD3.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp5F4E.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp6213.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp62A9.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp62B0.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp62C1.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp62EA.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp62EC.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp63.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp64F8.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp658.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp6646.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp68D2.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp69C2.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp69F2.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp6DE2.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp6E22.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp6E88.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp6EAB.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp6EDE.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp6F47.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp729F.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp72D0.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp733D.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp739B.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp73CD.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp743.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp7461.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp7484.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp7555.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp78F6.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp7A5F.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp7A8C.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp7A9A.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp7AC7.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp7B0B.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp7D9D.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp7DE4.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp7F13.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp7F9C.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp8066.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp80CE.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp80DF.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp835A.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp8497.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp85F4.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp85FC.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp8697.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp86DA.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp86FE.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp8788.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp87E1.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp897B.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp8B36.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp8DB4.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp8E4D.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp8EBA.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp9047.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp90F3.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp918D.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp9194.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp91C7.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp91CC.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp92C4.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp973B.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp9889.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp9968.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp9ADF.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp9D06.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp9D5C.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp9D92.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp9DDA.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp9E65.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmp9EC2.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpA13E.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpA1D1.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpA2FE.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpA384.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpA593.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpA74F.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpA888.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpA94B.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpA9A0.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpAA91.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpABF0.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpABF2.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpAC0E.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpACFD.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpAD8C.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpAE8F.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpAF1E.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpAF8A.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpB121.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpB126.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpB13B.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpB15C.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpB1D0.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpB25F.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpB407.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpB41B.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpB58F.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpB5E7.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpB641.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpB73D.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpB87F.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpB96.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpBA24.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpBA2A.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpBA67.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpBAE3.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpBB57.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpBBDC.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpBCEB.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpBD94.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpBDDD.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpBE21.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpBFB5.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpBFDA.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpC064.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpC085.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpC20E.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpC3CE.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpC47D.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpC613.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpC773.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpC77E.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpC973.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpCB8A.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpCC87.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpCD8D.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpD220.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpD298.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpD2A2.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpD504.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpD53D.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpD5D5.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpD71E.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpD779.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpD802.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpDBEE.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpDC43.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpDC4D.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpDCD.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpDDE5.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpE0F2.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpE11F.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpE176.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpE2FD.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpE348.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpE39E.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpE3EA.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpE7C2.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpEA12.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpEAB2.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpEC42.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpECE6.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpED10.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpED3F.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpF26.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpF279.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpF372.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpF5E7.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpF63E.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpF668.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpF8DF.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpF944.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpFAA4.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpFC79.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpFD2.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpFDF7.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpFE87.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\tmpFF8F.tmp => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\wow.dll => Moved successfully.
C:\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\wow.ini => Moved successfully.
Could not move "C:\Users\Jackie\AppData\Local\Temp\swpcxdo" directory. => Scheduled to move on reboot.

C:\$Recycle.Bin\S-1-5-21-1349327015-547616561-364532361-1005\$10a142afd4df5087fcc81fab777a0086 => Deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{097DB525-1820-4F23-AB4D-5C4F83293950} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{097DB525-1820-4F23-AB4D-5C4F83293950} => Key deleted successfully.
C:\Windows\System32\Tasks\4764 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4764 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39914D10-747E-4DF1-9072-591892B5B6CE} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39914D10-747E-4DF1-9072-591892B5B6CE} => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-30 19:29:55)<=

C:\Users\Jackie\AppData\Local\Temp\swpcxdo => Moved successfully.

==== End of Fixlog ====



#6 Mama27

Mama27
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 31 March 2014 - 12:11 AM

Step 2:

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ebce09c01154a54ea609f51df73dcfa2
# engine=17685
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-31 05:02:12
# local_time=2014-03-31 12:02:12 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1036 16777214 0 0 39312977 39312977 0 0
# compatibility_mode=5893 16776574 100 94 4311664 147785582 0 0
# scanned=774938
# found=5
# cleaned=0
# scan_time=14753
sh=E55016DD8CE0A209727746A4935A67330403A0AA ft=1 fh=d531859197d102f8 vn="Win64/Wowlik.F trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\wow.dll.xBAD"
sh=0391014582FF158AC2965F08C144ECC2A6A568D2 ft=1 fh=79073188f8cee97f vn="Win32/Delf.RSG trojan" ac=I fn="C:\Users\Jackie\AppData\Local\wsearch\wsearch.exe"
sh=396E5C2F806297D18992B910F26E22B4475B1273 ft=0 fh=0000000000000000 vn="JS/Redirector.NBX trojan" ac=I fn="C:\Users\Jackie\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\nwhjmcgkzv@nwhjmcgkzv.org.xpi"
sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Jackie\Downloads\ccsetup408.exe"
sh=0FF4FED475B7837D40DB0A1105A71E6D5E56FBA1 ft=1 fh=1bc3c27e47bb1efe vn="Win32/Adware.MediaFinder.D application" ac=I fn="C:\Users\Jackie\Downloads\Dandelion.Wine_download.exe.vir"
 



#7 Mama27

Mama27
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 31 March 2014 - 01:34 AM

Step 3:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Admin (administrator) on JACKIE-PC on 31-03-2014 01:32:15
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-31] (AVAST Software)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-19] (Microsoft Corporation)
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\system: [DisableClock] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [DisableCMD] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWB] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWC] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWD] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWE] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWF] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWG] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWH] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWI] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWJ] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWK] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWL] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWM] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWN] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWO] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWP] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWQ] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWR] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWS] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWT] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWU] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWV] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWW] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWX] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWY] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWZ] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\MountPoints2: {39cbb3df-9833-11e0-8fda-a4badbde9c1b} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\wow.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1349327015-547616561-364532361-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1349327015-547616561-364532361-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1349327015-547616561-364532361-1005\...\MountPoints2: {39cbb3df-9833-11e0-8fda-a4badbde9c1b} - E:\LaunchU3.exe -a
Startup: C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk ->  (No File)
GroupPolicyUsers\S-1-5-21-1349327015-547616561-364532361-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: No Name - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

==================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-31] (AVAST Software)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-11-16] (Kaspersky Lab ZAO)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-17] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-31] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-31] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-31] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-31] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-16] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-02-18] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [624224 2014-02-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-11-16] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-16] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-02-12] (Kaspersky Lab ZAO)
S2 MCSTRM; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-31 01:27 - 2014-03-31 01:27 - 00291496 _____ () C:\Windows\Minidump\033114-32541-01.dmp
2014-03-31 01:25 - 2014-03-31 01:25 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-31 01:25 - 2014-03-31 01:24 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-31 01:25 - 2014-03-31 01:24 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-31 01:25 - 2014-03-31 01:24 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-31 01:24 - 2014-03-31 01:24 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-31 01:24 - 2014-03-31 01:24 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-31 01:23 - 2014-03-31 01:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-31 00:22 - 2014-03-31 01:23 - 88551496 _____ (AVAST Software) C:\Users\Admin\Desktop\avast_free_antivirus_setup.exe
2014-03-30 19:39 - 2014-03-30 19:39 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-30 19:22 - 2014-03-30 19:22 - 00000461 _____ () C:\Users\Admin\Desktop\Mama27's Content - BleepingComputer.com.website
2014-03-30 19:16 - 2014-03-30 19:16 - 00001006 _____ () C:\Users\Admin\Documents\fixlist.txt
2014-03-26 23:01 - 2014-03-31 01:32 - 00000000 ____D () C:\FRST
2014-03-23 15:43 - 2014-03-23 15:43 - 00006434 _____ () C:\Users\Public\Documents\attach.txt
2014-03-23 15:42 - 2014-03-23 15:42 - 00015283 _____ () C:\Users\Public\Documents\DDS.txt
2014-03-23 15:39 - 2014-03-23 15:39 - 00015283 _____ () C:\Users\Admin\Documents\DDS.txt
2014-03-23 15:36 - 2014-03-23 15:39 - 00006434 _____ () C:\Users\Admin\Documents\attach.txt
2014-03-23 15:06 - 2014-03-23 14:46 - 00688992 ____R (Swearware) C:\Users\Public\dds.com
2014-03-23 14:48 - 2014-03-23 14:48 - 00017568 _____ () C:\Users\Admin\Desktop\DDS.htm
2014-03-23 14:45 - 2014-03-23 14:46 - 00688992 _____ (Swearware) C:\Users\Admin\Desktop\dds.com
2014-03-23 14:44 - 2014-03-23 15:38 - 00015283 _____ () C:\Users\Admin\Desktop\dds.txt
2014-03-23 14:44 - 2014-03-23 15:38 - 00006434 _____ () C:\Users\Admin\Desktop\attach.txt
2014-03-23 14:22 - 2014-03-23 14:23 - 00280672 _____ () C:\Windows\Minidump\032314-16177-01.dmp
2014-03-22 15:09 - 2014-03-22 17:20 - 452351639 _____ () C:\Users\Admin\Documents\Drive_C.153
2014-03-22 15:07 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.152
2014-03-22 15:06 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.151
2014-03-22 15:05 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.150
2014-03-22 15:03 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.149
2014-03-22 15:02 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.148
2014-03-22 15:01 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.147
2014-03-22 15:00 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.146
2014-03-22 14:59 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.145
2014-03-22 14:58 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.144
2014-03-22 14:57 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.143
2014-03-22 14:56 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.142
2014-03-22 14:54 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.141
2014-03-22 14:53 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.140
2014-03-22 14:52 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.139
2014-03-22 14:51 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.138
2014-03-22 14:50 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.137
2014-03-22 14:48 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.136
2014-03-22 14:47 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.135
2014-03-22 14:46 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.134
2014-03-22 14:45 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.133
2014-03-22 14:44 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.132
2014-03-22 14:43 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.131
2014-03-22 14:42 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.130
2014-03-22 14:41 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.129
2014-03-22 14:40 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.128
2014-03-22 14:39 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.127
2014-03-22 14:38 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.126
2014-03-22 14:37 - 2014-03-22 14:39 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.125
2014-03-22 14:36 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.124
2014-03-22 14:35 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.123
2014-03-22 14:34 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.122
2014-03-22 14:33 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.121
2014-03-22 14:32 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.120
2014-03-22 14:30 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.119
2014-03-22 14:29 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.118
2014-03-22 14:28 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.117
2014-03-22 14:27 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.116
2014-03-22 14:26 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.115
2014-03-22 14:25 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.114
2014-03-22 14:24 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.113
2014-03-22 14:23 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.112
2014-03-22 14:22 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.111
2014-03-22 14:21 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.110
2014-03-22 14:20 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.109
2014-03-22 14:19 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.108
2014-03-22 14:18 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.107
2014-03-22 14:16 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.106
2014-03-22 14:16 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.105
2014-03-22 14:15 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.104
2014-03-22 14:14 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.103
2014-03-22 14:13 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.102
2014-03-22 14:12 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.101
2014-03-22 14:12 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.100
2014-03-22 14:11 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.099
2014-03-22 14:10 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.098
2014-03-22 14:09 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.097
2014-03-22 14:08 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.096
2014-03-22 14:08 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.095
2014-03-22 14:07 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.094
2014-03-22 14:06 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.093
2014-03-22 14:05 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.092
2014-03-22 14:05 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.091
2014-03-22 14:04 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.090
2014-03-22 14:03 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.089
2014-03-22 14:02 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.088
2014-03-22 14:01 - 2014-03-22 14:02 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.087
2014-03-22 14:00 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.086
2014-03-22 14:00 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.085
2014-03-22 13:59 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.084
2014-03-22 13:58 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.083
2014-03-22 13:57 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.082
2014-03-22 13:56 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.081
2014-03-22 13:56 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.080
2014-03-22 13:55 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.079
2014-03-22 13:54 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.078
2014-03-22 13:53 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.077
2014-03-22 13:52 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.076
2014-03-22 13:51 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.075
2014-03-22 13:51 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.074
2014-03-22 13:50 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.073
2014-03-22 13:49 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.072
2014-03-22 13:48 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.071
2014-03-22 13:47 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.070
2014-03-22 13:46 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.069
2014-03-22 13:45 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.068
2014-03-22 13:44 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.067
2014-03-22 13:43 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.066
2014-03-22 13:42 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.065
2014-03-22 13:41 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.064
2014-03-22 13:40 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.063
2014-03-22 13:39 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.062
2014-03-22 13:38 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.061
2014-03-22 13:37 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.060
2014-03-22 13:36 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.059
2014-03-22 13:35 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.058
2014-03-22 13:35 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.057
2014-03-22 13:33 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.056
2014-03-22 13:33 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.055
2014-03-22 13:32 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.054
2014-03-22 13:31 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.053
2014-03-22 13:30 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.052
2014-03-22 13:29 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.051
2014-03-22 13:28 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.050
2014-03-22 13:27 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.049
2014-03-22 12:17 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.048
2014-03-22 12:16 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.047
2014-03-22 12:15 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.046
2014-03-22 12:14 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.045
2014-03-22 12:13 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.044
2014-03-22 12:12 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.043
2014-03-22 12:11 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.042
2014-03-22 12:10 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.041
2014-03-22 12:09 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.040
2014-03-22 12:08 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.039
2014-03-22 12:07 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.038
2014-03-22 12:07 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.037
2014-03-22 12:06 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.036
2014-03-22 12:05 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.035
2014-03-22 12:04 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.034
2014-03-22 12:03 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.033
2014-03-22 12:02 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.032
2014-03-22 12:00 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.031
2014-03-22 12:00 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.030
2014-03-22 11:59 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.029
2014-03-22 11:58 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.028
2014-03-22 11:57 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.027
2014-03-22 11:56 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.026
2014-03-22 11:55 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.025
2014-03-22 11:54 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.024
2014-03-22 11:53 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.023
2014-03-22 11:52 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.022
2014-03-22 11:52 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.021
2014-03-22 11:52 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.020
2014-03-22 11:51 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.019
2014-03-22 11:50 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.018
2014-03-22 11:49 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.017
2014-03-22 11:48 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.016
2014-03-22 11:47 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.015
2014-03-22 11:46 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.014
2014-03-22 11:45 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.013
2014-03-22 11:44 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.012
2014-03-22 11:43 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.011
2014-03-22 11:42 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.010
2014-03-22 11:41 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.009
2014-03-22 11:40 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.008
2014-03-22 11:39 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.007
2014-03-22 11:39 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.006
2014-03-22 11:38 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.005
2014-03-22 11:36 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.004
2014-03-22 11:34 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.003
2014-03-22 11:33 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.002
2014-03-22 11:32 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.001
2014-03-22 11:30 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.dat
2014-03-22 11:30 - 2014-03-22 17:20 - 456739629 _____ () C:\Users\Admin\Documents\Drive_C.xml
2014-03-22 11:26 - 2014-03-22 11:26 - 00001109 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk
2014-03-22 11:26 - 2014-03-22 11:26 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-03-22 11:25 - 2014-03-22 11:25 - 02026456 _____ () C:\Users\Admin\Downloads\dixmlsetup.exe
2014-03-22 11:22 - 2014-03-22 11:22 - 00000401 _____ () C:\Users\Admin\Desktop\Set up family computer for Internet  Rarst.net.website
2014-03-12 18:52 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 18:52 - 2014-03-01 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 18:52 - 2014-03-01 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 18:52 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 18:52 - 2014-02-28 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 18:52 - 2014-02-28 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 18:52 - 2014-02-28 23:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 18:52 - 2014-02-28 23:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 18:52 - 2014-02-28 23:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 18:52 - 2014-02-28 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 18:52 - 2014-02-28 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 18:52 - 2014-02-28 23:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 18:52 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 18:52 - 2014-02-28 23:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 18:52 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 18:52 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 18:52 - 2014-02-28 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 18:52 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 18:52 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 18:52 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 18:52 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 18:52 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 18:52 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 18:52 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 18:52 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 18:52 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 18:52 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 18:52 - 2014-02-28 22:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 18:52 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 18:52 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 18:52 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 18:52 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 18:52 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 18:52 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 18:52 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 18:52 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 18:52 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 18:52 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 18:52 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 18:52 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 18:52 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 18:52 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 18:52 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 18:52 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 18:52 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 18:52 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 18:48 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 18:48 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-04 15:21 - 2014-03-04 15:21 - 00000000 ____D () C:\Users\RosettaStone Spanish\AppData\Roaming\Yahoo!
2014-03-04 15:21 - 2014-03-04 15:21 - 00000000 ____D () C:\Users\RosettaStone Spanish\AppData\Local\Yahoo
2014-03-03 14:33 - 2014-03-03 14:33 - 00002332 _____ () C:\Users\RosettaStone Spanish\Desktop\Safe Money.lnk

==================== One Month Modified Files and Folders =======

2014-03-31 01:32 - 2014-03-26 23:01 - 00000000 ____D () C:\FRST
2014-03-31 01:29 - 2014-02-12 02:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-31 01:27 - 2014-03-31 01:27 - 00291496 _____ () C:\Windows\Minidump\033114-32541-01.dmp
2014-03-31 01:27 - 2014-02-12 19:11 - 00145950 _____ () C:\Windows\PFRO.log
2014-03-31 01:27 - 2014-01-29 22:09 - 556924306 _____ () C:\Windows\MEMORY.DMP
2014-03-31 01:27 - 2013-12-07 22:43 - 00009632 _____ () C:\Windows\setupact.log
2014-03-31 01:27 - 2013-09-27 16:47 - 00000000 ____D () C:\Windows\Minidump
2014-03-31 01:27 - 2011-06-06 17:20 - 00000000 ____D () C:\Users\Jackie
2014-03-31 01:27 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-31 01:25 - 2014-03-31 01:25 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-31 01:24 - 2014-03-31 01:25 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-31 01:24 - 2014-03-31 01:25 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-31 01:24 - 2014-03-31 01:25 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-31 01:24 - 2014-03-31 01:24 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-31 01:24 - 2014-03-31 01:24 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-31 01:23 - 2014-03-31 01:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-31 01:23 - 2014-03-31 00:22 - 88551496 _____ (AVAST Software) C:\Users\Admin\Desktop\avast_free_antivirus_setup.exe
2014-03-31 00:34 - 2012-04-09 07:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-30 19:39 - 2014-03-30 19:39 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-30 19:28 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-30 19:28 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-30 19:24 - 2009-07-14 00:10 - 01581543 _____ () C:\Windows\WindowsUpdate.log
2014-03-30 19:22 - 2014-03-30 19:22 - 00000461 _____ () C:\Users\Admin\Desktop\Mama27's Content - BleepingComputer.com.website
2014-03-30 19:16 - 2014-03-30 19:16 - 00001006 _____ () C:\Users\Admin\Documents\fixlist.txt
2014-03-27 18:33 - 2014-02-10 08:56 - 00870128 _____ () C:\Users\RosettaStone Spanish\AppData\Roaming\mcs.rma
2014-03-27 18:33 - 2014-02-10 08:56 - 00000004 _____ () C:\Users\RosettaStone Spanish\AppData\Roaming\12518E
2014-03-23 15:43 - 2014-03-23 15:43 - 00006434 _____ () C:\Users\Public\Documents\attach.txt
2014-03-23 15:42 - 2014-03-23 15:42 - 00015283 _____ () C:\Users\Public\Documents\DDS.txt
2014-03-23 15:39 - 2014-03-23 15:39 - 00015283 _____ () C:\Users\Admin\Documents\DDS.txt
2014-03-23 15:39 - 2014-03-23 15:36 - 00006434 _____ () C:\Users\Admin\Documents\attach.txt
2014-03-23 15:38 - 2014-03-23 14:44 - 00015283 _____ () C:\Users\Admin\Desktop\dds.txt
2014-03-23 15:38 - 2014-03-23 14:44 - 00006434 _____ () C:\Users\Admin\Desktop\attach.txt
2014-03-23 15:10 - 2013-04-20 03:44 - 01551360 ___SH () C:\Users\Jackie\Desktop\Thumbs.db
2014-03-23 14:48 - 2014-03-23 14:48 - 00017568 _____ () C:\Users\Admin\Desktop\DDS.htm
2014-03-23 14:46 - 2014-03-23 15:06 - 00688992 ____R (Swearware) C:\Users\Public\dds.com
2014-03-23 14:46 - 2014-03-23 14:45 - 00688992 _____ (Swearware) C:\Users\Admin\Desktop\dds.com
2014-03-23 14:23 - 2014-03-23 14:22 - 00280672 _____ () C:\Windows\Minidump\032314-16177-01.dmp
2014-03-22 17:20 - 2014-03-22 15:09 - 452351639 _____ () C:\Users\Admin\Documents\Drive_C.153
2014-03-22 17:20 - 2014-03-22 15:07 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.152
2014-03-22 17:20 - 2014-03-22 15:06 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.151
2014-03-22 17:20 - 2014-03-22 15:05 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.150
2014-03-22 17:20 - 2014-03-22 15:03 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.149
2014-03-22 17:20 - 2014-03-22 15:02 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.148
2014-03-22 17:20 - 2014-03-22 15:01 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.147
2014-03-22 17:20 - 2014-03-22 15:00 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.146
2014-03-22 17:20 - 2014-03-22 14:59 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.145
2014-03-22 17:20 - 2014-03-22 14:58 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.144
2014-03-22 17:20 - 2014-03-22 14:57 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.143
2014-03-22 17:20 - 2014-03-22 14:56 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.142
2014-03-22 17:20 - 2014-03-22 14:54 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.141
2014-03-22 17:20 - 2014-03-22 14:53 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.140
2014-03-22 17:20 - 2014-03-22 14:52 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.139
2014-03-22 17:20 - 2014-03-22 14:51 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.138
2014-03-22 17:20 - 2014-03-22 14:50 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.137
2014-03-22 17:20 - 2014-03-22 14:48 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.136
2014-03-22 17:20 - 2014-03-22 14:47 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.135
2014-03-22 17:20 - 2014-03-22 14:46 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.134
2014-03-22 17:20 - 2014-03-22 14:45 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.133
2014-03-22 17:20 - 2014-03-22 14:44 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.132
2014-03-22 17:20 - 2014-03-22 14:43 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.131
2014-03-22 17:20 - 2014-03-22 14:42 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.130
2014-03-22 17:20 - 2014-03-22 14:41 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.129
2014-03-22 17:20 - 2014-03-22 14:40 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.128
2014-03-22 17:20 - 2014-03-22 14:39 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.127
2014-03-22 17:20 - 2014-03-22 14:38 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.126
2014-03-22 17:20 - 2014-03-22 14:36 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.124
2014-03-22 17:20 - 2014-03-22 14:35 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.123
2014-03-22 17:20 - 2014-03-22 14:34 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.122
2014-03-22 17:20 - 2014-03-22 14:33 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.121
2014-03-22 17:20 - 2014-03-22 14:32 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.120
2014-03-22 17:20 - 2014-03-22 14:30 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.119
2014-03-22 17:20 - 2014-03-22 14:29 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.118
2014-03-22 17:20 - 2014-03-22 14:28 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.117
2014-03-22 17:20 - 2014-03-22 14:27 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.116
2014-03-22 17:20 - 2014-03-22 14:26 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.115
2014-03-22 17:20 - 2014-03-22 14:25 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.114
2014-03-22 17:20 - 2014-03-22 14:24 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.113
2014-03-22 17:20 - 2014-03-22 14:23 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.112
2014-03-22 17:20 - 2014-03-22 14:22 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.111
2014-03-22 17:20 - 2014-03-22 14:21 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.110
2014-03-22 17:20 - 2014-03-22 14:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.109
2014-03-22 17:20 - 2014-03-22 14:19 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.108
2014-03-22 17:20 - 2014-03-22 14:18 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.107
2014-03-22 17:20 - 2014-03-22 14:16 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.106
2014-03-22 17:20 - 2014-03-22 14:16 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.105
2014-03-22 17:20 - 2014-03-22 14:15 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.104
2014-03-22 17:20 - 2014-03-22 14:14 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.103
2014-03-22 17:20 - 2014-03-22 14:13 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.102
2014-03-22 17:20 - 2014-03-22 14:12 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.101
2014-03-22 17:20 - 2014-03-22 14:12 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.100
2014-03-22 17:20 - 2014-03-22 14:11 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.099
2014-03-22 17:20 - 2014-03-22 14:10 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.098
2014-03-22 17:20 - 2014-03-22 14:09 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.097
2014-03-22 17:20 - 2014-03-22 14:08 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.096
2014-03-22 17:20 - 2014-03-22 14:08 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.095
2014-03-22 17:20 - 2014-03-22 14:07 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.094
2014-03-22 17:20 - 2014-03-22 14:06 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.093
2014-03-22 17:20 - 2014-03-22 14:05 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.092
2014-03-22 17:20 - 2014-03-22 14:05 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.091
2014-03-22 17:20 - 2014-03-22 14:04 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.090
2014-03-22 17:20 - 2014-03-22 14:03 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.089
2014-03-22 17:20 - 2014-03-22 14:02 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.088
2014-03-22 17:20 - 2014-03-22 14:00 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.086
2014-03-22 17:20 - 2014-03-22 14:00 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.085
2014-03-22 17:20 - 2014-03-22 13:59 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.084
2014-03-22 17:20 - 2014-03-22 13:58 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.083
2014-03-22 17:20 - 2014-03-22 13:57 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.082
2014-03-22 17:20 - 2014-03-22 13:56 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.081
2014-03-22 17:20 - 2014-03-22 13:56 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.080
2014-03-22 17:20 - 2014-03-22 13:55 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.079
2014-03-22 17:20 - 2014-03-22 13:54 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.078
2014-03-22 17:20 - 2014-03-22 13:53 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.077
2014-03-22 17:20 - 2014-03-22 13:52 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.076
2014-03-22 17:20 - 2014-03-22 13:51 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.075
2014-03-22 17:20 - 2014-03-22 13:51 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.074
2014-03-22 17:20 - 2014-03-22 13:50 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.073
2014-03-22 17:20 - 2014-03-22 13:49 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.072
2014-03-22 17:20 - 2014-03-22 13:48 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.071
2014-03-22 17:20 - 2014-03-22 13:47 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.070
2014-03-22 17:20 - 2014-03-22 13:46 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.069
2014-03-22 17:20 - 2014-03-22 13:45 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.068
2014-03-22 17:20 - 2014-03-22 13:44 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.067
2014-03-22 17:20 - 2014-03-22 13:43 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.066
2014-03-22 17:20 - 2014-03-22 13:42 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.065
2014-03-22 17:20 - 2014-03-22 13:41 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.064
2014-03-22 17:20 - 2014-03-22 13:40 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.063
2014-03-22 17:20 - 2014-03-22 13:39 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.062
2014-03-22 17:20 - 2014-03-22 13:38 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.061
2014-03-22 17:20 - 2014-03-22 13:37 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.060
2014-03-22 17:20 - 2014-03-22 13:36 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.059
2014-03-22 17:20 - 2014-03-22 13:35 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.058
2014-03-22 17:20 - 2014-03-22 13:35 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.057
2014-03-22 17:20 - 2014-03-22 13:33 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.056
2014-03-22 17:20 - 2014-03-22 13:33 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.055
2014-03-22 17:20 - 2014-03-22 13:32 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.054
2014-03-22 17:20 - 2014-03-22 13:31 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.053
2014-03-22 17:20 - 2014-03-22 13:30 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.052
2014-03-22 17:20 - 2014-03-22 13:29 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.051
2014-03-22 17:20 - 2014-03-22 13:28 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.050
2014-03-22 17:20 - 2014-03-22 13:27 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.049
2014-03-22 17:20 - 2014-03-22 12:17 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.048
2014-03-22 17:20 - 2014-03-22 12:16 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.047
2014-03-22 17:20 - 2014-03-22 12:15 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.046
2014-03-22 17:20 - 2014-03-22 12:14 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.045
2014-03-22 17:20 - 2014-03-22 12:13 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.044
2014-03-22 17:20 - 2014-03-22 12:12 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.043
2014-03-22 17:20 - 2014-03-22 12:11 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.042
2014-03-22 17:20 - 2014-03-22 12:10 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.041
2014-03-22 17:20 - 2014-03-22 12:09 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.040
2014-03-22 17:20 - 2014-03-22 12:08 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.039
2014-03-22 17:20 - 2014-03-22 12:07 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.038
2014-03-22 17:20 - 2014-03-22 12:07 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.037
2014-03-22 17:20 - 2014-03-22 12:06 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.036
2014-03-22 17:20 - 2014-03-22 12:05 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.035
2014-03-22 17:20 - 2014-03-22 12:04 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.034
2014-03-22 17:20 - 2014-03-22 12:03 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.033
2014-03-22 17:20 - 2014-03-22 12:02 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.032
2014-03-22 17:20 - 2014-03-22 12:00 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.031
2014-03-22 17:20 - 2014-03-22 12:00 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.030
2014-03-22 17:20 - 2014-03-22 11:59 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.029
2014-03-22 17:20 - 2014-03-22 11:58 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.028
2014-03-22 17:20 - 2014-03-22 11:57 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.027
2014-03-22 17:20 - 2014-03-22 11:56 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.026
2014-03-22 17:20 - 2014-03-22 11:55 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.025
2014-03-22 17:20 - 2014-03-22 11:54 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.024
2014-03-22 17:20 - 2014-03-22 11:53 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.023
2014-03-22 17:20 - 2014-03-22 11:52 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.022
2014-03-22 17:20 - 2014-03-22 11:52 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.021
2014-03-22 17:20 - 2014-03-22 11:52 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.020
2014-03-22 17:20 - 2014-03-22 11:51 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.019
2014-03-22 17:20 - 2014-03-22 11:50 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.018
2014-03-22 17:20 - 2014-03-22 11:49 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.017
2014-03-22 17:20 - 2014-03-22 11:48 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.016
2014-03-22 17:20 - 2014-03-22 11:47 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.015
2014-03-22 17:20 - 2014-03-22 11:46 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.014
2014-03-22 17:20 - 2014-03-22 11:45 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.013
2014-03-22 17:20 - 2014-03-22 11:44 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.012
2014-03-22 17:20 - 2014-03-22 11:43 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.011
2014-03-22 17:20 - 2014-03-22 11:42 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.010
2014-03-22 17:20 - 2014-03-22 11:41 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.009
2014-03-22 17:20 - 2014-03-22 11:40 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.008
2014-03-22 17:20 - 2014-03-22 11:39 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.007
2014-03-22 17:20 - 2014-03-22 11:39 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.006
2014-03-22 17:20 - 2014-03-22 11:38 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.005
2014-03-22 17:20 - 2014-03-22 11:36 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.004
2014-03-22 17:20 - 2014-03-22 11:34 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.003
2014-03-22 17:20 - 2014-03-22 11:33 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.002
2014-03-22 17:20 - 2014-03-22 11:32 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.001
2014-03-22 17:20 - 2014-03-22 11:30 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.dat
2014-03-22 17:20 - 2014-03-22 11:30 - 456739629 _____ () C:\Users\Admin\Documents\Drive_C.xml
2014-03-22 14:39 - 2014-03-22 14:37 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.125
2014-03-22 14:02 - 2014-03-22 14:01 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.087
2014-03-22 11:26 - 2014-03-22 11:26 - 00001109 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk
2014-03-22 11:26 - 2014-03-22 11:26 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-03-22 11:25 - 2014-03-22 11:25 - 02026456 _____ () C:\Users\Admin\Downloads\dixmlsetup.exe
2014-03-22 11:22 - 2014-03-22 11:22 - 00000401 _____ () C:\Users\Admin\Desktop\Set up family computer for Internet  Rarst.net.website
2014-03-22 11:06 - 2012-10-28 21:53 - 00000632 __RSH () C:\Users\Admin\ntuser.pol
2014-03-22 11:06 - 2012-10-28 21:53 - 00000000 ____D () C:\Users\Admin
2014-03-22 01:20 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-19 07:11 - 2013-08-14 20:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 07:10 - 2011-06-17 07:28 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 12:54 - 2012-01-10 22:51 - 05345280 _____ () C:\Users\Jackie\Documents\My Money.mny
2014-03-17 12:54 - 2011-06-28 22:18 - 05346968 ____R () C:\Users\Jackie\Documents\My Money Backup.mbf
2014-03-13 08:54 - 2009-07-13 23:45 - 00428240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 08:52 - 2013-03-13 23:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 08:52 - 2013-03-13 23:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 17:34 - 2012-04-09 07:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 17:34 - 2012-04-09 07:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 17:34 - 2011-06-15 20:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-05 12:26 - 2012-07-22 14:42 - 00000632 __RSH () C:\Users\Jackie\ntuser.pol
2014-03-04 15:21 - 2014-03-04 15:21 - 00000000 ____D () C:\Users\RosettaStone Spanish\AppData\Roaming\Yahoo!
2014-03-04 15:21 - 2014-03-04 15:21 - 00000000 ____D () C:\Users\RosettaStone Spanish\AppData\Local\Yahoo
2014-03-04 15:19 - 2012-07-22 14:51 - 00076682 __RSH () C:\Users\RosettaStone Spanish\ntuser.pol
2014-03-04 15:19 - 2012-07-22 14:51 - 00000000 ____D () C:\Users\RosettaStone Spanish
2014-03-03 14:33 - 2014-03-03 14:33 - 00002332 _____ () C:\Users\RosettaStone Spanish\Desktop\Safe Money.lnk
2014-03-01 19:06 - 2013-05-03 15:14 - 00156160 ___SH () C:\Users\Jackie\Downloads\Thumbs.db
2014-03-01 01:05 - 2014-03-12 18:52 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 00:17 - 2014-03-12 18:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 00:16 - 2014-03-12 18:52 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1349327015-547616561-364532361-1000\$10a142afd4df5087fcc81fab777a0086

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\IeSearchProvider8187811303789225223.exe
C:\Users\Admin\AppData\Local\Temp\updater_uninstall.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-30 07:55

==================== End Of Log ============================



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 31 March 2014 - 10:36 AM

Ok, last round:


Step 1

Please download this attached Attached File  fixlist.txt   423bytes   4 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#9 Mama27

Mama27
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 09 April 2014 - 09:58 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Admin at 2014-04-09 21:51:02 Run:3
Running from F:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Jackie\AppData\Local\wsearch
C:\Users\Jackie\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\nwhjmcgkzv@nwhjmcgkzv.org.xpi
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\Jackie\AppData\Local\Temp\swpcxdo\svxfygk\wow.dll ATTENTION! ====> ZeroAccess?
C:\Users\Jackie\AppData\Local\Temp\swpcxdo
Reboot:
*****************

"C:\Users\Jackie\AppData\Local\wsearch" => File/Directory not found.
"C:\Users\Jackie\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\nwhjmcgkzv@nwhjmcgkzv.org.xpi" => File/Directory not found.
HKU\S-1-5-21-1349327015-547616561-364532361-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key not found.
"C:\Users\Jackie\AppData\Local\Temp\swpcxdo" => File/Directory not found.

The system needed a reboot.

==== End of Fixlog ====



#10 Mama27

Mama27
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 09 April 2014 - 10:12 PM

STEP2:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 27 days old and could be outdated)
Ran by Admin (administrator) on JACKIE-PC on 09-04-2014 21:59:23
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-31] (AVAST Software)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-19] (Microsoft Corporation)
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\system: [DisableClock] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [DisableCMD] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWB] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWC] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWD] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWE] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWF] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWG] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWH] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWI] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWJ] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWK] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWL] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWM] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWN] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWO] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWP] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWQ] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWR] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWS] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWT] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWU] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWV] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWW] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWX] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWY] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWZ] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1349327015-547616561-364532361-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1349327015-547616561-364532361-1005\...\MountPoints2: {39cbb3df-9833-11e0-8fda-a4badbde9c1b} - E:\LaunchU3.exe -a
Startup: C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk ->  (No File)
GroupPolicyUsers\S-1-5-21-1349327015-547616561-364532361-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: No Name - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

==================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-31] (AVAST Software)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-11-16] (Kaspersky Lab ZAO)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-17] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-31] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-31] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-16] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-02-18] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [624224 2014-02-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-11-16] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-16] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-02-12] (Kaspersky Lab ZAO)
S2 MCSTRM; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-09 21:49 - 2014-04-09 21:49 - 00000423 _____ () C:\Users\Admin\Desktop\fixlist.txt
2014-04-06 18:04 - 2014-04-06 18:04 - 00870128 _____ () C:\Users\Jackie\AppData\Roaming\mcs.rma
2014-04-06 18:04 - 2014-04-06 18:04 - 00000004 _____ () C:\Users\Jackie\AppData\Roaming\12518E
2014-03-31 01:27 - 2014-03-31 01:27 - 00291496 _____ () C:\Windows\Minidump\033114-32541-01.dmp
2014-03-31 01:25 - 2014-03-31 01:25 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-31 01:25 - 2014-03-31 01:24 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-31 01:25 - 2014-03-31 01:24 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-31 01:25 - 2014-03-31 01:24 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-31 01:24 - 2014-03-31 01:24 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-31 01:24 - 2014-03-31 01:24 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-31 01:23 - 2014-03-31 01:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-31 00:22 - 2014-03-31 01:23 - 88551496 _____ (AVAST Software) C:\Users\Admin\Desktop\avast_free_antivirus_setup.exe
2014-03-30 19:39 - 2014-03-30 19:39 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-30 19:22 - 2014-03-30 19:22 - 00000461 _____ () C:\Users\Admin\Desktop\Mama27's Content - BleepingComputer.com.website
2014-03-30 19:16 - 2014-03-30 19:16 - 00001006 _____ () C:\Users\Admin\Documents\fixlist.txt
2014-03-26 23:02 - 2014-03-31 01:34 - 00061249 _____ () C:\Users\Jackie\Desktop\FRST.txt
2014-03-26 23:01 - 2014-04-09 21:59 - 00000000 ____D () C:\FRST
2014-03-23 15:43 - 2014-03-23 15:43 - 00006434 _____ () C:\Users\Public\Documents\attach.txt
2014-03-23 15:42 - 2014-03-23 15:42 - 00015283 _____ () C:\Users\Public\Documents\DDS.txt
2014-03-23 15:39 - 2014-03-23 15:39 - 00015283 _____ () C:\Users\Admin\Documents\DDS.txt
2014-03-23 15:36 - 2014-03-23 15:39 - 00006434 _____ () C:\Users\Admin\Documents\attach.txt
2014-03-23 15:06 - 2014-03-23 14:46 - 00688992 ____R (Swearware) C:\Users\Public\dds.com
2014-03-23 14:48 - 2014-03-23 14:48 - 00017568 _____ () C:\Users\Admin\Desktop\DDS.htm
2014-03-23 14:45 - 2014-03-23 14:46 - 00688992 _____ (Swearware) C:\Users\Admin\Desktop\dds.com
2014-03-23 14:44 - 2014-03-23 15:38 - 00015283 _____ () C:\Users\Admin\Desktop\dds.txt
2014-03-23 14:44 - 2014-03-23 15:38 - 00006434 _____ () C:\Users\Admin\Desktop\attach.txt
2014-03-23 14:22 - 2014-03-23 14:23 - 00280672 _____ () C:\Windows\Minidump\032314-16177-01.dmp
2014-03-22 15:09 - 2014-03-22 17:20 - 452351639 _____ () C:\Users\Admin\Documents\Drive_C.153
2014-03-22 15:07 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.152
2014-03-22 15:06 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.151
2014-03-22 15:05 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.150
2014-03-22 15:03 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.149
2014-03-22 15:02 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.148
2014-03-22 15:01 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.147
2014-03-22 15:00 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.146
2014-03-22 14:59 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.145
2014-03-22 14:58 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.144
2014-03-22 14:57 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.143
2014-03-22 14:56 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.142
2014-03-22 14:54 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.141
2014-03-22 14:53 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.140
2014-03-22 14:52 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.139
2014-03-22 14:51 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.138
2014-03-22 14:50 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.137
2014-03-22 14:48 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.136
2014-03-22 14:47 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.135
2014-03-22 14:46 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.134
2014-03-22 14:45 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.133
2014-03-22 14:44 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.132
2014-03-22 14:43 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.131
2014-03-22 14:42 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.130
2014-03-22 14:41 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.129
2014-03-22 14:40 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.128
2014-03-22 14:39 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.127
2014-03-22 14:38 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.126
2014-03-22 14:37 - 2014-03-22 14:39 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.125
2014-03-22 14:36 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.124
2014-03-22 14:35 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.123
2014-03-22 14:34 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.122
2014-03-22 14:33 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.121
2014-03-22 14:32 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.120
2014-03-22 14:30 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.119
2014-03-22 14:29 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.118
2014-03-22 14:28 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.117
2014-03-22 14:27 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.116
2014-03-22 14:26 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.115
2014-03-22 14:25 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.114
2014-03-22 14:24 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.113
2014-03-22 14:23 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.112
2014-03-22 14:22 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.111
2014-03-22 14:21 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.110
2014-03-22 14:20 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.109
2014-03-22 14:19 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.108
2014-03-22 14:18 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.107
2014-03-22 14:16 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.106
2014-03-22 14:16 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.105
2014-03-22 14:15 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.104
2014-03-22 14:14 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.103
2014-03-22 14:13 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.102
2014-03-22 14:12 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.101
2014-03-22 14:12 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.100
2014-03-22 14:11 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.099
2014-03-22 14:10 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.098
2014-03-22 14:09 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.097
2014-03-22 14:08 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.096
2014-03-22 14:08 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.095
2014-03-22 14:07 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.094
2014-03-22 14:06 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.093
2014-03-22 14:05 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.092
2014-03-22 14:05 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.091
2014-03-22 14:04 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.090
2014-03-22 14:03 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.089
2014-03-22 14:02 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.088
2014-03-22 14:01 - 2014-03-22 14:02 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.087
2014-03-22 14:00 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.086
2014-03-22 14:00 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.085
2014-03-22 13:59 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.084
2014-03-22 13:58 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.083
2014-03-22 13:57 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.082
2014-03-22 13:56 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.081
2014-03-22 13:56 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.080
2014-03-22 13:55 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.079
2014-03-22 13:54 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.078
2014-03-22 13:53 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.077
2014-03-22 13:52 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.076
2014-03-22 13:51 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.075
2014-03-22 13:51 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.074
2014-03-22 13:50 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.073
2014-03-22 13:49 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.072
2014-03-22 13:48 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.071
2014-03-22 13:47 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.070
2014-03-22 13:46 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.069
2014-03-22 13:45 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.068
2014-03-22 13:44 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.067
2014-03-22 13:43 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.066
2014-03-22 13:42 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.065
2014-03-22 13:41 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.064
2014-03-22 13:40 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.063
2014-03-22 13:39 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.062
2014-03-22 13:38 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.061
2014-03-22 13:37 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.060
2014-03-22 13:36 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.059
2014-03-22 13:35 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.058
2014-03-22 13:35 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.057
2014-03-22 13:33 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.056
2014-03-22 13:33 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.055
2014-03-22 13:32 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.054
2014-03-22 13:31 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.053
2014-03-22 13:30 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.052
2014-03-22 13:29 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.051
2014-03-22 13:28 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.050
2014-03-22 13:27 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.049
2014-03-22 12:17 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.048
2014-03-22 12:16 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.047
2014-03-22 12:15 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.046
2014-03-22 12:14 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.045
2014-03-22 12:13 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.044
2014-03-22 12:12 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.043
2014-03-22 12:11 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.042
2014-03-22 12:10 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.041
2014-03-22 12:09 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.040
2014-03-22 12:08 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.039
2014-03-22 12:07 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.038
2014-03-22 12:07 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.037
2014-03-22 12:06 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.036
2014-03-22 12:05 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.035
2014-03-22 12:04 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.034
2014-03-22 12:03 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.033
2014-03-22 12:02 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.032
2014-03-22 12:00 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.031
2014-03-22 12:00 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.030
2014-03-22 11:59 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.029
2014-03-22 11:58 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.028
2014-03-22 11:57 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.027
2014-03-22 11:56 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.026
2014-03-22 11:55 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.025
2014-03-22 11:54 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.024
2014-03-22 11:53 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.023
2014-03-22 11:52 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.022
2014-03-22 11:52 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.021
2014-03-22 11:52 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.020
2014-03-22 11:51 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.019
2014-03-22 11:50 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.018
2014-03-22 11:49 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.017
2014-03-22 11:48 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.016
2014-03-22 11:47 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.015
2014-03-22 11:46 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.014
2014-03-22 11:45 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.013
2014-03-22 11:44 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.012
2014-03-22 11:43 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.011
2014-03-22 11:42 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.010
2014-03-22 11:41 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.009
2014-03-22 11:40 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.008
2014-03-22 11:39 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.007
2014-03-22 11:39 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.006
2014-03-22 11:38 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.005
2014-03-22 11:36 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.004
2014-03-22 11:34 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.003
2014-03-22 11:33 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.002
2014-03-22 11:32 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.001
2014-03-22 11:30 - 2014-03-22 17:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.dat
2014-03-22 11:30 - 2014-03-22 17:20 - 456739629 _____ () C:\Users\Admin\Documents\Drive_C.xml
2014-03-22 11:26 - 2014-03-22 11:26 - 00001109 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk
2014-03-22 11:26 - 2014-03-22 11:26 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-03-22 11:25 - 2014-03-22 11:25 - 02026456 _____ () C:\Users\Admin\Downloads\dixmlsetup.exe
2014-03-22 11:22 - 2014-03-22 11:22 - 00000401 _____ () C:\Users\Admin\Desktop\Set up family computer for Internet  Rarst.net.website
2014-03-12 18:52 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 18:52 - 2014-03-01 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 18:52 - 2014-03-01 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 18:52 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 18:52 - 2014-02-28 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 18:52 - 2014-02-28 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 18:52 - 2014-02-28 23:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 18:52 - 2014-02-28 23:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 18:52 - 2014-02-28 23:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 18:52 - 2014-02-28 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 18:52 - 2014-02-28 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 18:52 - 2014-02-28 23:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 18:52 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 18:52 - 2014-02-28 23:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 18:52 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 18:52 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 18:52 - 2014-02-28 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 18:52 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 18:52 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 18:52 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 18:52 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 18:52 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 18:52 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 18:52 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 18:52 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 18:52 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 18:52 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 18:52 - 2014-02-28 22:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 18:52 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 18:52 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 18:52 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 18:52 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 18:52 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 18:52 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 18:52 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 18:52 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 18:52 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 18:52 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 18:52 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 18:52 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 18:52 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 18:52 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 18:52 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 18:52 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 18:52 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 18:52 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 18:48 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 18:48 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-09 21:59 - 2014-03-26 23:01 - 00000000 ____D () C:\FRST
2014-04-09 21:53 - 2014-02-12 02:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-09 21:53 - 2013-12-07 22:43 - 00010192 _____ () C:\Windows\setupact.log
2014-04-09 21:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-09 21:51 - 2009-07-14 00:10 - 01813481 _____ () C:\Windows\WindowsUpdate.log
2014-04-09 21:49 - 2014-04-09 21:49 - 00000423 _____ () C:\Users\Admin\Desktop\fixlist.txt
2014-04-09 21:34 - 2012-04-09 07:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-09 09:24 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-09 09:24 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 18:04 - 2014-04-06 18:04 - 00870128 _____ () C:\Users\Jackie\AppData\Roaming\mcs.rma
2014-04-06 18:04 - 2014-04-06 18:04 - 00000004 _____ () C:\Users\Jackie\AppData\Roaming\12518E
2014-04-06 17:51 - 2012-01-10 22:51 - 05115904 _____ () C:\Users\Jackie\Documents\My Money.mny
2014-04-06 17:51 - 2011-06-28 22:18 - 05117536 ____R () C:\Users\Jackie\Documents\My Money Backup.mbf
2014-03-31 01:34 - 2014-03-26 23:02 - 00061249 _____ () C:\Users\Jackie\Desktop\FRST.txt
2014-03-31 01:27 - 2014-03-31 01:27 - 00291496 _____ () C:\Windows\Minidump\033114-32541-01.dmp
2014-03-31 01:27 - 2014-02-12 19:11 - 00145950 _____ () C:\Windows\PFRO.log
2014-03-31 01:27 - 2014-01-29 22:09 - 556924306 _____ () C:\Windows\MEMORY.DMP
2014-03-31 01:27 - 2013-09-27 16:47 - 00000000 ____D () C:\Windows\Minidump
2014-03-31 01:27 - 2011-06-06 17:20 - 00000000 ____D () C:\Users\Jackie
2014-03-31 01:25 - 2014-03-31 01:25 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-31 01:24 - 2014-03-31 01:25 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-31 01:24 - 2014-03-31 01:25 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-31 01:24 - 2014-03-31 01:25 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-31 01:24 - 2014-03-31 01:24 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-31 01:24 - 2014-03-31 01:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-31 01:24 - 2014-03-31 01:24 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-31 01:23 - 2014-03-31 01:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-31 01:23 - 2014-03-31 00:22 - 88551496 _____ (AVAST Software) C:\Users\Admin\Desktop\avast_free_antivirus_setup.exe
2014-03-30 19:39 - 2014-03-30 19:39 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-30 19:22 - 2014-03-30 19:22 - 00000461 _____ () C:\Users\Admin\Desktop\Mama27's Content - BleepingComputer.com.website
2014-03-30 19:16 - 2014-03-30 19:16 - 00001006 _____ () C:\Users\Admin\Documents\fixlist.txt
2014-03-27 18:33 - 2014-02-10 08:56 - 00870128 _____ () C:\Users\RosettaStone Spanish\AppData\Roaming\mcs.rma
2014-03-27 18:33 - 2014-02-10 08:56 - 00000004 _____ () C:\Users\RosettaStone Spanish\AppData\Roaming\12518E
2014-03-23 15:43 - 2014-03-23 15:43 - 00006434 _____ () C:\Users\Public\Documents\attach.txt
2014-03-23 15:42 - 2014-03-23 15:42 - 00015283 _____ () C:\Users\Public\Documents\DDS.txt
2014-03-23 15:39 - 2014-03-23 15:39 - 00015283 _____ () C:\Users\Admin\Documents\DDS.txt
2014-03-23 15:39 - 2014-03-23 15:36 - 00006434 _____ () C:\Users\Admin\Documents\attach.txt
2014-03-23 15:38 - 2014-03-23 14:44 - 00015283 _____ () C:\Users\Admin\Desktop\dds.txt
2014-03-23 15:38 - 2014-03-23 14:44 - 00006434 _____ () C:\Users\Admin\Desktop\attach.txt
2014-03-23 15:10 - 2013-04-20 03:44 - 01551360 ___SH () C:\Users\Jackie\Desktop\Thumbs.db
2014-03-23 14:48 - 2014-03-23 14:48 - 00017568 _____ () C:\Users\Admin\Desktop\DDS.htm
2014-03-23 14:46 - 2014-03-23 15:06 - 00688992 ____R (Swearware) C:\Users\Public\dds.com
2014-03-23 14:46 - 2014-03-23 14:45 - 00688992 _____ (Swearware) C:\Users\Admin\Desktop\dds.com
2014-03-23 14:23 - 2014-03-23 14:22 - 00280672 _____ () C:\Windows\Minidump\032314-16177-01.dmp
2014-03-22 17:20 - 2014-03-22 15:09 - 452351639 _____ () C:\Users\Admin\Documents\Drive_C.153
2014-03-22 17:20 - 2014-03-22 15:07 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.152
2014-03-22 17:20 - 2014-03-22 15:06 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.151
2014-03-22 17:20 - 2014-03-22 15:05 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.150
2014-03-22 17:20 - 2014-03-22 15:03 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.149
2014-03-22 17:20 - 2014-03-22 15:02 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.148
2014-03-22 17:20 - 2014-03-22 15:01 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.147
2014-03-22 17:20 - 2014-03-22 15:00 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.146
2014-03-22 17:20 - 2014-03-22 14:59 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.145
2014-03-22 17:20 - 2014-03-22 14:58 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.144
2014-03-22 17:20 - 2014-03-22 14:57 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.143
2014-03-22 17:20 - 2014-03-22 14:56 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.142
2014-03-22 17:20 - 2014-03-22 14:54 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.141
2014-03-22 17:20 - 2014-03-22 14:53 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.140
2014-03-22 17:20 - 2014-03-22 14:52 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.139
2014-03-22 17:20 - 2014-03-22 14:51 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.138
2014-03-22 17:20 - 2014-03-22 14:50 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.137
2014-03-22 17:20 - 2014-03-22 14:48 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.136
2014-03-22 17:20 - 2014-03-22 14:47 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.135
2014-03-22 17:20 - 2014-03-22 14:46 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.134
2014-03-22 17:20 - 2014-03-22 14:45 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.133
2014-03-22 17:20 - 2014-03-22 14:44 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.132
2014-03-22 17:20 - 2014-03-22 14:43 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.131
2014-03-22 17:20 - 2014-03-22 14:42 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.130
2014-03-22 17:20 - 2014-03-22 14:41 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.129
2014-03-22 17:20 - 2014-03-22 14:40 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.128
2014-03-22 17:20 - 2014-03-22 14:39 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.127
2014-03-22 17:20 - 2014-03-22 14:38 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.126
2014-03-22 17:20 - 2014-03-22 14:36 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.124
2014-03-22 17:20 - 2014-03-22 14:35 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.123
2014-03-22 17:20 - 2014-03-22 14:34 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.122
2014-03-22 17:20 - 2014-03-22 14:33 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.121
2014-03-22 17:20 - 2014-03-22 14:32 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.120
2014-03-22 17:20 - 2014-03-22 14:30 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.119
2014-03-22 17:20 - 2014-03-22 14:29 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.118
2014-03-22 17:20 - 2014-03-22 14:28 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.117
2014-03-22 17:20 - 2014-03-22 14:27 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.116
2014-03-22 17:20 - 2014-03-22 14:26 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.115
2014-03-22 17:20 - 2014-03-22 14:25 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.114
2014-03-22 17:20 - 2014-03-22 14:24 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.113
2014-03-22 17:20 - 2014-03-22 14:23 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.112
2014-03-22 17:20 - 2014-03-22 14:22 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.111
2014-03-22 17:20 - 2014-03-22 14:21 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.110
2014-03-22 17:20 - 2014-03-22 14:20 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.109
2014-03-22 17:20 - 2014-03-22 14:19 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.108
2014-03-22 17:20 - 2014-03-22 14:18 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.107
2014-03-22 17:20 - 2014-03-22 14:16 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.106
2014-03-22 17:20 - 2014-03-22 14:16 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.105
2014-03-22 17:20 - 2014-03-22 14:15 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.104
2014-03-22 17:20 - 2014-03-22 14:14 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.103
2014-03-22 17:20 - 2014-03-22 14:13 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.102
2014-03-22 17:20 - 2014-03-22 14:12 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.101
2014-03-22 17:20 - 2014-03-22 14:12 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.100
2014-03-22 17:20 - 2014-03-22 14:11 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.099
2014-03-22 17:20 - 2014-03-22 14:10 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.098
2014-03-22 17:20 - 2014-03-22 14:09 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.097
2014-03-22 17:20 - 2014-03-22 14:08 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.096
2014-03-22 17:20 - 2014-03-22 14:08 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.095
2014-03-22 17:20 - 2014-03-22 14:07 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.094
2014-03-22 17:20 - 2014-03-22 14:06 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.093
2014-03-22 17:20 - 2014-03-22 14:05 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.092
2014-03-22 17:20 - 2014-03-22 14:05 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.091
2014-03-22 17:20 - 2014-03-22 14:04 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.090
2014-03-22 17:20 - 2014-03-22 14:03 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.089
2014-03-22 17:20 - 2014-03-22 14:02 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.088
2014-03-22 17:20 - 2014-03-22 14:00 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.086
2014-03-22 17:20 - 2014-03-22 14:00 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.085
2014-03-22 17:20 - 2014-03-22 13:59 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.084
2014-03-22 17:20 - 2014-03-22 13:58 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.083
2014-03-22 17:20 - 2014-03-22 13:57 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.082
2014-03-22 17:20 - 2014-03-22 13:56 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.081
2014-03-22 17:20 - 2014-03-22 13:56 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.080
2014-03-22 17:20 - 2014-03-22 13:55 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.079
2014-03-22 17:20 - 2014-03-22 13:54 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.078
2014-03-22 17:20 - 2014-03-22 13:53 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.077
2014-03-22 17:20 - 2014-03-22 13:52 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.076
2014-03-22 17:20 - 2014-03-22 13:51 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.075
2014-03-22 17:20 - 2014-03-22 13:51 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.074
2014-03-22 17:20 - 2014-03-22 13:50 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.073
2014-03-22 17:20 - 2014-03-22 13:49 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.072
2014-03-22 17:20 - 2014-03-22 13:48 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.071
2014-03-22 17:20 - 2014-03-22 13:47 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.070
2014-03-22 17:20 - 2014-03-22 13:46 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.069
2014-03-22 17:20 - 2014-03-22 13:45 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.068
2014-03-22 17:20 - 2014-03-22 13:44 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.067
2014-03-22 17:20 - 2014-03-22 13:43 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.066
2014-03-22 17:20 - 2014-03-22 13:42 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.065
2014-03-22 17:20 - 2014-03-22 13:41 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.064
2014-03-22 17:20 - 2014-03-22 13:40 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.063
2014-03-22 17:20 - 2014-03-22 13:39 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.062
2014-03-22 17:20 - 2014-03-22 13:38 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.061
2014-03-22 17:20 - 2014-03-22 13:37 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.060
2014-03-22 17:20 - 2014-03-22 13:36 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.059
2014-03-22 17:20 - 2014-03-22 13:35 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.058
2014-03-22 17:20 - 2014-03-22 13:35 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.057
2014-03-22 17:20 - 2014-03-22 13:33 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.056
2014-03-22 17:20 - 2014-03-22 13:33 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.055
2014-03-22 17:20 - 2014-03-22 13:32 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.054
2014-03-22 17:20 - 2014-03-22 13:31 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.053
2014-03-22 17:20 - 2014-03-22 13:30 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.052
2014-03-22 17:20 - 2014-03-22 13:29 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.051
2014-03-22 17:20 - 2014-03-22 13:28 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.050
2014-03-22 17:20 - 2014-03-22 13:27 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.049
2014-03-22 17:20 - 2014-03-22 12:17 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.048
2014-03-22 17:20 - 2014-03-22 12:16 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.047
2014-03-22 17:20 - 2014-03-22 12:15 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.046
2014-03-22 17:20 - 2014-03-22 12:14 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.045
2014-03-22 17:20 - 2014-03-22 12:13 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.044
2014-03-22 17:20 - 2014-03-22 12:12 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.043
2014-03-22 17:20 - 2014-03-22 12:11 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.042
2014-03-22 17:20 - 2014-03-22 12:10 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.041
2014-03-22 17:20 - 2014-03-22 12:09 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.040
2014-03-22 17:20 - 2014-03-22 12:08 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.039
2014-03-22 17:20 - 2014-03-22 12:07 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.038
2014-03-22 17:20 - 2014-03-22 12:07 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.037
2014-03-22 17:20 - 2014-03-22 12:06 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.036
2014-03-22 17:20 - 2014-03-22 12:05 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.035
2014-03-22 17:20 - 2014-03-22 12:04 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.034
2014-03-22 17:20 - 2014-03-22 12:03 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.033
2014-03-22 17:20 - 2014-03-22 12:02 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.032
2014-03-22 17:20 - 2014-03-22 12:00 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.031
2014-03-22 17:20 - 2014-03-22 12:00 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.030
2014-03-22 17:20 - 2014-03-22 11:59 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.029
2014-03-22 17:20 - 2014-03-22 11:58 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.028
2014-03-22 17:20 - 2014-03-22 11:57 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.027
2014-03-22 17:20 - 2014-03-22 11:56 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.026
2014-03-22 17:20 - 2014-03-22 11:55 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.025
2014-03-22 17:20 - 2014-03-22 11:54 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.024
2014-03-22 17:20 - 2014-03-22 11:53 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.023
2014-03-22 17:20 - 2014-03-22 11:52 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.022
2014-03-22 17:20 - 2014-03-22 11:52 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.021
2014-03-22 17:20 - 2014-03-22 11:52 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.020
2014-03-22 17:20 - 2014-03-22 11:51 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.019
2014-03-22 17:20 - 2014-03-22 11:50 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.018
2014-03-22 17:20 - 2014-03-22 11:49 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.017
2014-03-22 17:20 - 2014-03-22 11:48 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.016
2014-03-22 17:20 - 2014-03-22 11:47 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.015
2014-03-22 17:20 - 2014-03-22 11:46 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.014
2014-03-22 17:20 - 2014-03-22 11:45 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.013
2014-03-22 17:20 - 2014-03-22 11:44 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.012
2014-03-22 17:20 - 2014-03-22 11:43 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.011
2014-03-22 17:20 - 2014-03-22 11:42 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.010
2014-03-22 17:20 - 2014-03-22 11:41 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.009
2014-03-22 17:20 - 2014-03-22 11:40 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.008
2014-03-22 17:20 - 2014-03-22 11:39 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.007
2014-03-22 17:20 - 2014-03-22 11:39 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.006
2014-03-22 17:20 - 2014-03-22 11:38 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.005
2014-03-22 17:20 - 2014-03-22 11:36 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.004
2014-03-22 17:20 - 2014-03-22 11:34 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.003
2014-03-22 17:20 - 2014-03-22 11:33 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.002
2014-03-22 17:20 - 2014-03-22 11:32 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.001
2014-03-22 17:20 - 2014-03-22 11:30 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.dat
2014-03-22 17:20 - 2014-03-22 11:30 - 456739629 _____ () C:\Users\Admin\Documents\Drive_C.xml
2014-03-22 14:39 - 2014-03-22 14:37 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.125
2014-03-22 14:02 - 2014-03-22 14:01 - 688128000 _____ () C:\Users\Admin\Documents\Drive_C.087
2014-03-22 11:26 - 2014-03-22 11:26 - 00001109 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk
2014-03-22 11:26 - 2014-03-22 11:26 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-03-22 11:25 - 2014-03-22 11:25 - 02026456 _____ () C:\Users\Admin\Downloads\dixmlsetup.exe
2014-03-22 11:22 - 2014-03-22 11:22 - 00000401 _____ () C:\Users\Admin\Desktop\Set up family computer for Internet  Rarst.net.website
2014-03-22 11:06 - 2012-10-28 21:53 - 00000632 __RSH () C:\Users\Admin\ntuser.pol
2014-03-22 11:06 - 2012-10-28 21:53 - 00000000 ____D () C:\Users\Admin
2014-03-22 01:20 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-19 07:11 - 2013-08-14 20:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 07:10 - 2011-06-17 07:28 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-13 08:54 - 2009-07-13 23:45 - 00428240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 08:52 - 2013-03-13 23:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 08:52 - 2013-03-13 23:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 17:34 - 2012-04-09 07:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 17:34 - 2012-04-09 07:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 17:34 - 2011-06-15 20:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1349327015-547616561-364532361-1000\$10a142afd4df5087fcc81fab777a0086

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\IeSearchProvider8187811303789225223.exe
C:\Users\Admin\AppData\Local\Temp\updater_uninstall.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-09 09:55

==================== End Of Log ============================



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 10 April 2014 - 08:19 AM

Great. It's looking good now.


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Java 6 Update 22
Java 6 Update 24 (64-bit)
Java 6 Update 24




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#12 Mama27

Mama27
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 11 April 2014 - 06:43 PM

Awesome!  Thank you so much!!



#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 11 April 2014 - 08:19 PM

You're welcome.
Take care.

#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 11 April 2014 - 08:19 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users