Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Regarding my "body4u.diy.myrice.com" Post - Post-Reformat logs


  • This topic is locked This topic is locked
48 replies to this topic

#1 stuffandthings

stuffandthings

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:23 AM

Posted 17 June 2014 - 02:26 PM

Here are my logs.  Please refer to my post found here: http://www.bleepingcomputer.com/forums/t/537931/need-help-re-body4udiymyricecom-post/  for my explanation of my problem. 

 

Please note that I ran this log without turning off peerblock.  I am nervous that the instant I do, it will make things much worse and I will not be able to see any of your answers until I do a second reformat, and then probably will need to do a third at that point.  If I need to redo this with peerblock turned off, please let me know, and I will make the attempt to do so. 

 

-------------------

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Celia at 15:23:58 on 2014-06-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.1803 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Windows\System32\SndVol.exe
C:\Windows\system32\notepad.exe
C:\Users\Celia\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [Google Update] "C:\Users\Celia\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{6DC14E13-BC1F-4F19-ADEF-19EC9C6AFA43} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\kpv8tzlj.default\
FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Celia\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Celia\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Celia\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-1-28 77952]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-1-28 38016]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-2-28 203776]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-2-28 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-3-30 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2014-6-17 1751656]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2014-6-17 46136]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2014-6-17 22600]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2014-6-17 333928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-6-17 412264]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2014-6-17 1143400]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-6-17 44672]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-17 18:35:32    1924480    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2014-06-17 18:35:23    90624    ----a-w-    C:\Windows\System32\drivers\bowser.sys
2014-06-17 18:35:23    287744    ----a-w-    C:\Windows\System32\drivers\mrxsmb10.sys
2014-06-17 18:35:23    158208    ----a-w-    C:\Windows\System32\drivers\mrxsmb.sys
2014-06-17 18:35:23    128000    ----a-w-    C:\Windows\System32\drivers\mrxsmb20.sys
2014-06-17 18:35:12    476160    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2014-06-17 18:35:12    288256    ----a-w-    C:\Windows\SysWow64\XpsGdiConverter.dll
2014-06-17 18:33:50    642944    ----a-w-    C:\Windows\System32\winload.efi
2014-06-17 18:33:50    605552    ----a-w-    C:\Windows\System32\winload.exe
2014-06-17 18:33:50    566208    ----a-w-    C:\Windows\System32\winresume.efi
2014-06-17 18:33:50    518672    ----a-w-    C:\Windows\System32\winresume.exe
2014-06-17 18:33:50    20352    ----a-w-    C:\Windows\System32\kdusb.dll
2014-06-17 18:33:50    19328    ----a-w-    C:\Windows\System32\kd1394.dll
2014-06-17 18:33:50    17792    ----a-w-    C:\Windows\System32\kdcom.dll
2014-06-17 18:33:38    976896    ----a-w-    C:\Windows\System32\inetcomm.dll
2014-06-17 18:33:38    741376    ----a-w-    C:\Windows\SysWow64\inetcomm.dll
2014-06-17 18:32:45    267776    ----a-w-    C:\Windows\System32\FXSCOVER.exe
2014-06-17 18:32:34    951680    ----a-w-    C:\Windows\System32\drivers\ndis.sys
2014-06-17 18:31:09    --------    d-----w-    C:\Windows\ehome
2014-06-17 17:51:49    --------    d-----w-    C:\Program Files (x86)\Microsoft
2014-06-17 17:51:26    --------    d-----w-    C:\Program Files (x86)\Common Files\Telespree
2014-06-17 17:50:38    --------    d-----w-    C:\ProgramData\Norton
2014-06-17 17:50:21    --------    d-----w-    C:\ProgramData\NortonInstaller
2014-06-17 17:46:44    0    ----a-w-    C:\Windows\ativpsrm.bin
2014-06-17 17:44:57    --------    d-----w-    C:\Windows\Hewlett-Packard
2014-06-17 17:44:34    --------    d-----w-    C:\Program Files (x86)\Cisco
2014-06-17 17:44:16    451072    ----a-w-    C:\Windows\SysWow64\ISSRemoveSP.exe
2014-06-17 17:44:16    1143400    ----a-w-    C:\Windows\System32\drivers\rtl8192ce.sys
2014-06-17 17:43:10    74272    ----a-w-    C:\Windows\System32\RtNicProp64.dll
2014-06-17 17:43:10    412264    ----a-w-    C:\Windows\System32\drivers\Rt64win7.sys
2014-06-17 17:43:10    107552    ----a-w-    C:\Windows\System32\RTNUninst64.dll
2014-06-17 17:41:49    --------    d-----w-    C:\Program Files\Common Files\ATI Technologies
2014-06-17 17:41:49    --------    d-----w-    C:\Program Files (x86)\Common Files\ATI Technologies
2014-06-17 17:41:46    44672    ----a-w-    C:\Windows\System32\drivers\usbfilter.sys
2014-06-17 17:41:06    --------    d-----w-    C:\ProgramData\AMD
2014-06-17 17:41:04    46136    ----a-w-    C:\Windows\System32\drivers\amdiox64.sys
2014-06-17 17:41:03    --------    d-----w-    C:\Program Files\ATI Technologies
2014-06-17 17:40:36    --------    d-----w-    C:\Program Files\ATI
2014-06-17 17:40:33    --------    d-----w-    C:\Program Files (x86)\ATI Technologies
2014-06-17 17:17:26    --------    d-----w-    C:\Users\Celia\AppData\Local\Macromedia
2014-06-17 17:16:22    --------    d-----w-    C:\Users\Celia\AppData\Local\Google
2014-06-17 17:14:57    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-17 17:14:57    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-17 16:53:58    --------    d-----w-    C:\ProgramData\Synaptics
2014-06-17 15:45:43    14936064    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-06-17 15:45:30    --------    d-----w-    C:\Program Files (x86)\LastPass
2014-06-17 15:42:42    --------    d-----w-    C:\Program Files\PeerBlock
2014-06-17 15:42:18    --------    d-----w-    C:\Users\Celia\AppData\Local\Programs
2014-06-17 15:36:01    --------    d-----w-    C:\Users\Celia\AppData\Local\AMD
2014-06-17 15:35:50    --------    d-----w-    C:\Users\Celia\AppData\Local\ATI
2014-06-17 15:32:12    --------    d-----w-    C:\Users\Celia\AppData\Roaming\Synaptics
2014-06-17 15:32:12    --------    d-----w-    C:\Users\Celia\AppData\Roaming\hpqLog
2014-06-17 15:31:34    --------    d-----w-    C:\Users\Celia\AppData\Local\RemEngine
2014-06-17 15:31:28    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2014-06-17 15:31:28    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2014-06-17 15:31:28    210944    ----a-w-    C:\Windows\System32\drivers\rdpwd.sys
2014-06-17 15:31:28    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2014-06-17 15:28:28    --------    d-----w-    C:\Users\Celia\AppData\Local\Hewlett-Packard
2014-06-17 15:26:52    --------    d-----w-    C:\Users\Celia\AppData\Local\Hewlett-Packard_Company
.
==================== Find3M  ====================
.
2014-06-17 17:45:30    91648    ----a-w-    C:\Windows\System32\SetIEInstalledDate.exe
.
============= FINISH: 15:24:20.20 ===============
 

 

Attached Files


If you are part of the 99%, you are automatically a part of the Occupy movement.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 22 June 2014 - 02:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/538051 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:23 AM

Posted 22 June 2014 - 03:11 PM

Hello,

As posted before, my explanation for what has been happening to my computer (and other computer in my household) can be found at a previously posted thread found here: http://www.bleepingcomputer.com/forums/t/537931/need-help-re-body4udiymyricecom-post/


Please note that I ran this log without turning off peerblock.  I am nervous that the instant I do, it will make things much worse.  If I need to redo this with peerblock turned off, please let me know, and I will make the attempt to do so.

UPDATES TO MY SITUATION:

In the meantime since I have been waiting for a response, I experienced another situation with no longer being able to access the internet from my computer.  The same thing happened - the wifi ability for my computer was disabled. 

When that happened, I reformatted again.  To clarify, I had to reformat for the first time to post to your site.  A couple of days after posting, I was dead in the water again, and I reformatted from the CDs again as a result.  (These are CD's that I got when I needed a new harddrive from HP when my old one bleep the bed.  I was 1 week away from the warranty running out, and they sent me the new hard drive with disks for it.  That is the harddrive I am currently using.)

When I did the second reformat, I made sure to shut off my modem and wireless router, and not turn them back on until my computer was done with the recovery, when the box displaying "press continue to let your computer prepare the desktop" or some such thing.  I RESET the modem and the router.  I held down the reset buttons on each one for several seconds.  I clicked them multiple times just to be sure.  I didn't do that the first time and thought maybe it might help to really flush out the virus. 

When I got everything up and running again, and I loaded up peerblock with the same lists I used before (with the exception of the IANA lists), sure enough the bogon lists were spamming again, and not stopping.  Please note that, unlike previous times that I have used peerblock, the ONLY thing streaming through my roster is titled "bogon".  It is not any universities, it's not level 1 2 or 3 lists, nothing.  Just bogon. 

I don't know if I'm using peerblock wrong or what.  One thought that occurred to me was that maybe something is being blocked that I need for my computer to work properly.  I'm not sure. 

Since then I have kept everything pretty much the same.  I have not installed or uninstalled any programs, or updates, except 1 in the very beginning I think. 

If my computer experiences problems connecting to the wifi once again, I am going to do another reformat, and then will try connecting with an ethernet cord directly to the modem, so that I can once again have access to the internet for another round.  I hope I can hear back from one of you guys soon, and I really appreciate all the work you're doing to help people online. 

As requested by HelpBot, here are my new logs:


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Celia at 16:06:31 on 2014-06-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.932 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Celia\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Windows\System32\SndVol.exe
C:\Windows\splwow64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [Google Update] "C:\Users\Celia\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{79D5D458-5CD1-48F8-B1BC-A667B32D5A7B} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\i0otbb91.default\
FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Celia\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Celia\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Celia\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-1-28 77952]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-1-28 38016]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-2-28 203776]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-2-28 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-3-30 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2014-6-19 1751656]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2014-6-19 46136]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2014-6-19 22600]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2014-6-19 333928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-6-19 412264]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2014-6-19 1143400]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-6-19 44672]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-22 18:36:08    --------    d-----w-    C:\Users\Celia\AppData\Local\ElevatedDiagnostics
2014-06-22 18:35:57    92672    ----a-w-    C:\Windows\System32\CNC250I.dll
2014-06-22 18:35:57    328192    ----a-w-    C:\Windows\System32\CNC250L.dll
2014-06-22 18:35:57    303104    ----a-w-    C:\Windows\SysWow64\CNC250L.dll
2014-06-22 18:35:57    17920    ----a-w-    C:\Windows\System32\CNHMCA6.dll
2014-06-22 18:35:57    15872    ----a-w-    C:\Windows\SysWow64\CNHMCA.dll
2014-06-22 18:35:57    1321984    ----a-w-    C:\Windows\System32\CNC250C.dll
2014-06-22 18:35:57    106496    ----a-w-    C:\Windows\SysWow64\CNC250U.dll
2014-06-22 18:35:11    83968    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\CNMPP9W.DLL
2014-06-22 18:35:11    28672    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\CNMPD9W.DLL
2014-06-22 18:35:02    336896    ----a-w-    C:\Windows\System32\CNMLM9W.DLL
2014-06-22 02:31:21    --------    d-----w-    C:\Users\Celia\AppData\Local\CrashDumps
2014-06-21 05:22:13    --------    d-----w-    C:\Program Files (x86)\VideoLAN
2014-06-21 05:11:57    --------    d-----w-    C:\Users\Celia\AppData\Local\CyberLink
2014-06-21 02:29:06    --------    d-----w-    C:\Users\Celia\AppData\Local\Google
2014-06-19 23:03:13    1924480    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2014-06-19 23:03:04    90624    ----a-w-    C:\Windows\System32\drivers\bowser.sys
2014-06-19 23:03:04    287744    ----a-w-    C:\Windows\System32\drivers\mrxsmb10.sys
2014-06-19 23:03:04    158208    ----a-w-    C:\Windows\System32\drivers\mrxsmb.sys
2014-06-19 23:03:04    128000    ----a-w-    C:\Windows\System32\drivers\mrxsmb20.sys
2014-06-19 23:01:52    3135488    ----a-w-    C:\Windows\System32\win32k.sys
2014-06-19 23:00:24    267776    ----a-w-    C:\Windows\System32\FXSCOVER.exe
2014-06-19 23:00:13    951680    ----a-w-    C:\Windows\System32\drivers\ndis.sys
2014-06-19 22:58:46    --------    d-----w-    C:\Windows\ehome
2014-06-19 22:19:41    --------    d-----w-    C:\Program Files (x86)\Microsoft
2014-06-19 22:19:18    --------    d-----w-    C:\Program Files (x86)\Common Files\Telespree
2014-06-19 22:18:28    --------    d-----w-    C:\ProgramData\Norton
2014-06-19 22:18:11    --------    d-----w-    C:\ProgramData\NortonInstaller
2014-06-19 22:14:53    --------    d-----w-    C:\ProgramData\AMD
2014-06-19 22:14:30    0    ----a-w-    C:\Windows\ativpsrm.bin
2014-06-19 22:12:39    --------    d-----w-    C:\Windows\Hewlett-Packard
2014-06-19 22:12:17    --------    d-----w-    C:\Program Files (x86)\Cisco
2014-06-19 22:12:01    451072    ----a-w-    C:\Windows\SysWow64\ISSRemoveSP.exe
2014-06-19 22:12:01    1143400    ----a-w-    C:\Windows\System32\drivers\rtl8192ce.sys
2014-06-19 22:09:53    --------    d-----w-    C:\Program Files\Synaptics
2014-06-19 22:09:34    --------    d-----w-    C:\Program Files\Common Files\ATI Technologies
2014-06-19 22:09:34    --------    d-----w-    C:\Program Files (x86)\Common Files\ATI Technologies
2014-06-19 22:09:31    44672    ----a-w-    C:\Windows\System32\drivers\usbfilter.sys
2014-06-19 22:08:47    46136    ----a-w-    C:\Windows\System32\drivers\amdiox64.sys
2014-06-19 22:08:45    --------    d-----w-    C:\Program Files\ATI Technologies
2014-06-19 22:08:18    --------    d-----w-    C:\Program Files\ATI
2014-06-19 22:08:16    --------    d-----w-    C:\Program Files (x86)\ATI Technologies
2014-06-19 21:10:56    --------    d-----w-    C:\Users\Celia\AppData\Local\Macromedia
2014-06-19 21:10:16    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-19 21:10:16    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-19 20:37:48    --------    d-----w-    C:\Program Files\PeerBlock
2014-06-19 20:37:26    --------    d-----w-    C:\Users\Celia\AppData\Local\Programs
2014-06-19 20:35:30    --------    d-----w-    C:\ProgramData\Synaptics
2014-06-19 20:28:58    14936064    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-06-19 20:28:52    --------    d-----w-    C:\Program Files (x86)\LastPass
2014-06-19 20:11:56    --------    d-----w-    C:\Users\Celia\AppData\Local\AMD
2014-06-19 20:11:50    --------    d-----w-    C:\Users\Celia\AppData\Local\ATI
2014-06-19 20:10:49    --------    d-----w-    C:\Users\Celia\AppData\Roaming\hpqLog
2014-06-19 20:10:48    --------    d-----w-    C:\Users\Celia\AppData\Roaming\Synaptics
2014-06-19 20:10:28    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2014-06-19 20:10:28    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2014-06-19 20:10:27    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2014-06-19 20:10:27    210944    ----a-w-    C:\Windows\System32\drivers\rdpwd.sys
2014-06-19 20:10:03    --------    d-----w-    C:\Users\Celia\AppData\Local\RemEngine
2014-06-19 20:07:16    --------    d-----w-    C:\Users\Celia\AppData\Local\Hewlett-Packard
2014-06-19 20:07:05    --------    d-----w-    C:\Users\Celia\AppData\Local\Hewlett-Packard_Company
.
==================== Find3M  ====================
.
2014-06-19 23:02:53    476160    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2014-06-19 23:02:53    288256    ----a-w-    C:\Windows\SysWow64\XpsGdiConverter.dll
2014-06-19 23:02:32    30208    ----a-w-    C:\Windows\System32\dnscacheugc.exe
2014-06-19 23:02:32    28672    ----a-w-    C:\Windows\SysWow64\dnscacheugc.exe
2014-06-19 23:02:32    183296    ----a-w-    C:\Windows\System32\dnsrslvr.dll
2014-06-19 23:02:22    467456    ----a-w-    C:\Windows\System32\drivers\srv.sys
2014-06-19 23:02:22    411648    ----a-w-    C:\Windows\System32\drivers\srv2.sys
2014-06-19 23:02:22    167936    ----a-w-    C:\Windows\System32\drivers\srvnet.sys
2014-06-19 23:02:02    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2014-06-19 23:02:02    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2014-06-19 23:02:02    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2014-06-19 23:02:02    294912    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2014-06-19 22:13:14    91648    ----a-w-    C:\Windows\System32\SetIEInstalledDate.exe
.
============= FINISH: 16:07:23.92 ===============


 

Attached Files


If you are part of the 99%, you are automatically a part of the Occupy movement.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:23 AM

Posted 23 June 2014 - 09:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Try these fixes and lets hope you can restore your internet.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html
===

If that fails try this.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

If still no internet, continue.

Fix Winsock Manually on Windows 7

1. Open up the command line utility and enter:
(open the run box, type cmd in the search box click ok.

The DOS PROMPT WILL BE SEEN.

type the following at the prompt and hit the Enter key after each entry..

netsh winsock reset

netsh winsock reset catalog

netsh int ip reset reset.log


p.s. I think your can copy and paste each line at the DOS prompt. Hit the enter key.

When all done type EXIT hit the enter key.

Restart the computer normally.
===


Using this computer download and run this tool.


Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

p.s.
If the internet is still not available.
Download the tool to a CD or Flash driver using a good computer.
Copy the file on the Desktop of the promblem computer and run it.
Post the logs.

Wait for further instructions.

#5 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:23 AM

Posted 23 June 2014 - 09:56 AM

Okay. I will do that right now. 

 

Please note that my internet, as I have stated, is currently working at the moment.  My only indicator that there is something very wrong has been the incessant bogon spam in my peerblock roster, and I am afraid to take off those blocklists, as the last time I did, the body4u and asnbm spam was first seen, and that was when my computer started having problems.  All I know is that in the last week, my computer will eventually have a problem being unable to connect to the internet. 

 

I don't have access to a clean computer at the moment, and the only external devices I have access to (an external hard drive and an external flash drive) have been plugged into these infected computers at some point since the infection started.  My flash drive has documents from my infected notebook that I tried to salvage, and I am keeping it when I can learn whether or not these things can be salvaged, or if it's impossible to retrieve those files without infecting whatever computer it gets plugged into. 

 

I will follow your instructions now - thanks!


If you are part of the 99%, you are automatically a part of the Occupy movement.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:23 AM

Posted 23 June 2014 - 10:47 AM

If your internet is working and you can download the FRST tool I suggested do it.

Run it and post the log for my review.

#7 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:23 AM

Posted 23 June 2014 - 11:57 AM

Okay.  Sorry for the lag time there.  Here is what happened. 

 

I read what you said and I reset my router. 

 

I then realized that I hadn't checked first on how to reconfigure it to the settings that I had before, and I didn't know how to set it up, and nothing was popping up.

 

I ended up connecting directly to my modem with an ethernet cord. 

 

When I did this, it came up with the same error message as before....but this time it was on my MODEM and not the router.  I think it said "IP configuration not correct" or something like that.  I thought I was screwed again, panicked a little, and after the windows 7 troubleshooting for the network devices didn't work, I decided to shut down the computer to do another reformat. 

 

Shutting down the computer prompted 99 updates to install.  This process took about an hour. 

 

When I went to go do the reformat, I changed my mind and thought better of it.  I decided that maybe if I tried to reset the modem itself, and also with the updates being installed, maybe the internet would work through the modem after all. 

 

I did not do the reformat.  I unplugged the modem from the cable cord, and kept it on with the plug, and reset it by holding it down for 10 seconds and then waiting 10 seconds.  I plugged the cable cord back in, and then I reconnected the ethernet cord back to the notebook.

 

The internet was working.  Not sure why, but it is.  Not sure for how long. 

 

I'm sorry I installed something since posting my first logs.  I know it said not to.  I panicked. 

 

Here are my logs from the FRST tool as you requested. 

 

-----

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Celia (administrator) on CELIA-HP on 23-06-2014 12:48:38
Running from C:\Users\Celia\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Users\Celia\AppData\Local\Google\Update\GoogleUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google) C:\Users\Celia\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2010-12-17] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586808 2011-03-30] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [319544 2011-03-30] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2564640923-2217173692-610999163-1002\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-2564640923-2217173692-610999163-1002\...\Run: [Google Update] => C:\Users\Celia\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-20] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {4A86745F-DB47-4A3A-A643-9FDC6596EFEA} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {4A86745F-DB47-4A3A-A643-9FDC6596EFEA} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {4A86745F-DB47-4A3A-A643-9FDC6596EFEA} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-05-23] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\i0otbb91.default
FF DefaultSearchEngine: Startpage HTTPS
FF SelectedSearchEngine: Startpage HTTPS
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Celia\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Celia\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Celia\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Celia\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Celia\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Celia\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\i0otbb91.default\searchplugins\startpage-https.xml
FF Extension: LastPass - C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\i0otbb91.default\Extensions\support@lastpass.com [2014-06-19]
FF Extension: Ghostery - C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\i0otbb91.default\Extensions\firefox@ghostery.com.xpi [2014-06-19]
FF Extension: Adblock Plus - C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\i0otbb91.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-19]
FF Extension: Tab Mix Plus - C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\i0otbb91.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-06-19]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-02-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [681528 2010-08-05] (Hewlett-Packard)

==================== Drivers (Whitelisted) ====================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-23 12:48 - 2014-06-23 12:48 - 00013973 _____ () C:\Users\Celia\Desktop\FRST.txt
2014-06-23 12:48 - 2014-06-23 12:48 - 00000000 ____D () C:\FRST
2014-06-23 12:47 - 2014-06-23 12:47 - 02082816 _____ (Farbar) C:\Users\Celia\Desktop\FRST64.exe
2014-06-23 12:17 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-06-23 12:12 - 2014-06-23 12:12 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-23 12:12 - 2014-06-23 12:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-23 12:12 - 2014-06-23 12:12 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-23 12:12 - 2014-06-23 12:12 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-23 12:12 - 2014-06-23 12:12 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-06-23 12:12 - 2014-06-23 12:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-06-23 12:12 - 2014-06-23 12:12 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-06-23 12:12 - 2014-06-23 12:12 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-06-23 12:12 - 2014-06-23 12:12 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-06-23 12:12 - 2014-06-23 12:12 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-06-23 12:12 - 2014-06-23 12:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-23 12:10 - 2014-06-23 12:10 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-06-23 12:10 - 2014-06-23 12:10 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-06-23 12:10 - 2014-06-23 12:10 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-06-23 12:10 - 2014-06-23 12:10 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-06-23 12:10 - 2014-06-23 12:10 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-06-23 12:10 - 2014-06-23 12:10 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-06-23 12:09 - 2014-06-23 12:09 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-06-23 12:09 - 2014-06-23 12:09 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-06-23 12:01 - 2014-06-23 12:01 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-06-23 12:01 - 2014-06-23 12:01 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-06-23 12:00 - 2014-06-23 12:17 - 00013757 _____ () C:\Windows\IE11_main.log
2014-06-23 11:49 - 2014-06-23 11:50 - 00447170 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-06-23 11:40 - 2014-06-23 11:44 - 00445638 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-06-23 11:22 - 2012-03-01 02:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-06-23 11:22 - 2012-03-01 02:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-06-23 11:22 - 2012-03-01 01:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-06-22 14:35 - 2014-06-22 14:35 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2014-06-22 14:35 - 2014-06-22 14:35 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-06-22 14:35 - 2014-06-22 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series
2014-06-22 14:35 - 2010-04-24 05:00 - 00336896 _____ (CANON INC.) C:\Windows\system32\CNMLM9W.DLL
2014-06-22 14:35 - 2009-04-03 16:01 - 01321984 _____ (CANON INC.) C:\Windows\system32\CNC250C.dll
2014-06-22 14:35 - 2009-04-03 16:00 - 00092672 _____ (CANON INC.) C:\Windows\system32\CNC250I.dll
2014-06-22 14:35 - 2009-04-03 15:57 - 00106496 _____ (CANON INC.) C:\Windows\SysWOW64\CNC250U.dll
2014-06-22 14:35 - 2009-03-11 11:36 - 00328192 _____ (CANON INC.) C:\Windows\system32\CNC250L.dll
2014-06-22 14:35 - 2009-03-11 11:34 - 00303104 _____ (CANON INC.) C:\Windows\SysWOW64\CNC250L.dll
2014-06-22 14:35 - 2008-11-18 19:57 - 00012288 _____ () C:\Windows\SysWOW64\CNC173AD.TBL
2014-06-22 14:35 - 2008-11-18 19:57 - 00012288 _____ () C:\Windows\system32\CNC173AD.TBL
2014-06-22 14:35 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2014-06-22 14:35 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2014-06-22 14:30 - 2014-06-22 14:30 - 00116492 _____ () C:\Users\Celia\Downloads\label1.xps
2014-06-21 22:31 - 2014-06-23 04:30 - 00000000 ____D () C:\Users\Celia\AppData\Local\CrashDumps
2014-06-21 22:28 - 2014-06-21 22:28 - 00001277 _____ () C:\Users\Celia\Desktop\CyberLink YouCam.lnk
2014-06-21 01:22 - 2014-06-21 01:23 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\vlc
2014-06-21 01:22 - 2014-06-21 01:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-06-21 01:22 - 2014-06-21 01:22 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-06-21 01:21 - 2014-06-21 01:21 - 24677393 _____ () C:\Users\Celia\Downloads\vlc-2.1.3-win32.exe
2014-06-21 01:12 - 2014-06-21 01:12 - 00000000 ____D () C:\Users\Public\CyberLink
2014-06-21 01:12 - 2014-06-21 01:12 - 00000000 ____D () C:\ProgramData\CyberLink
2014-06-21 01:11 - 2014-06-21 23:18 - 00000000 ____D () C:\Users\Celia\Documents\Youcam
2014-06-21 01:11 - 2014-06-21 01:11 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\CyberLink
2014-06-21 01:11 - 2014-06-21 01:11 - 00000000 ____D () C:\Users\Celia\AppData\Local\CyberLink
2014-06-20 22:29 - 2014-06-23 11:34 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2564640923-2217173692-610999163-1002UA.job
2014-06-20 22:29 - 2014-06-22 22:34 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2564640923-2217173692-610999163-1002Core.job
2014-06-20 22:29 - 2014-06-20 22:29 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2564640923-2217173692-610999163-1002UA
2014-06-20 22:29 - 2014-06-20 22:29 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2564640923-2217173692-610999163-1002Core
2014-06-20 22:29 - 2014-06-20 22:29 - 00000000 ____D () C:\Users\Celia\AppData\Local\Google
2014-06-20 22:27 - 2014-06-20 22:27 - 00895120 _____ (Google Inc.) C:\Users\Celia\Downloads\GoogleVoiceAndVideoSetup.exe
2014-06-19 22:12 - 2014-06-19 22:12 - 00005288 _____ () C:\Users\Celia\Downloads\dane1.txt
2014-06-19 19:03 - 2014-06-19 19:03 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-06-19 19:02 - 2014-06-19 19:02 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-06-19 19:02 - 2014-06-19 19:02 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-06-19 19:02 - 2014-06-19 19:02 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-06-19 19:02 - 2014-06-19 19:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-06-19 19:02 - 2014-06-19 19:02 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2014-06-19 19:01 - 2014-06-19 19:01 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-06-19 19:01 - 2014-06-19 19:01 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-06-19 19:01 - 2014-06-19 19:01 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2014-06-19 19:01 - 2014-06-19 19:01 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2014-06-19 19:01 - 2014-06-19 19:01 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-06-19 19:01 - 2014-06-19 19:01 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-06-19 19:01 - 2014-06-19 19:01 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-06-19 19:01 - 2014-06-19 19:01 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-06-19 19:01 - 2014-06-19 19:01 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2014-06-19 19:01 - 2014-06-19 19:01 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2014-06-19 19:01 - 2014-06-19 19:01 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2014-06-19 19:00 - 2014-06-19 19:00 - 00951680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-06-19 19:00 - 2014-06-19 19:00 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2014-06-19 18:59 - 2009-06-10 16:30 - 00048265 _____ () C:\Windows\HomePremium.xml
2014-06-19 18:58 - 2014-06-19 18:58 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-19 18:27 - 2014-06-19 18:27 - 00000000 ____D () C:\ProgramData\ATI
2014-06-19 18:18 - 2014-06-19 16:17 - 00000000 ____D () C:\ProgramData\Norton
2014-06-19 18:17 - 2014-06-19 18:17 - 00003148 _____ () C:\Windows\System32\Tasks\MirageAgent
2014-06-19 18:17 - 2014-06-19 18:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-06-19 18:17 - 2014-06-19 18:17 - 00000000 ____D () C:\Users\Public\Documents\YouCam
2014-06-19 18:17 - 2014-06-19 18:17 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-06-19 18:16 - 2014-06-19 18:19 - 00000000 ____D () C:\ProgramData\Temp
2014-06-19 18:16 - 2014-06-19 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Energy Star
2014-06-19 18:15 - 2014-06-19 18:15 - 00000593 _____ () C:\Windows\system32\ndCPrepLog
2014-06-19 18:14 - 2014-06-19 18:14 - 00000000 ____D () C:\ProgramData\AMD
2014-06-19 18:14 - 2014-06-19 18:14 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-06-19 18:12 - 2014-06-19 18:15 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-06-19 18:12 - 2014-06-19 18:12 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-06-19 18:12 - 2011-03-29 22:55 - 01143400 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtl8192ce.sys
2014-06-19 18:12 - 2010-12-01 12:31 - 00451072 _____ () C:\Windows\SysWOW64\ISSRemoveSP.exe
2014-06-19 18:11 - 2014-06-23 12:46 - 01399297 _____ () C:\Windows\WindowsUpdate.log
2014-06-19 18:10 - 2014-06-19 18:12 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-06-19 18:10 - 2014-06-19 18:10 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-06-19 18:10 - 2014-06-19 18:10 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-06-19 18:10 - 2014-06-19 18:10 - 00000000 ____D () C:\Program Files\IDT
2014-06-19 18:10 - 2011-01-12 20:10 - 09888360 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPStorIcon.dll
2014-06-19 18:10 - 2011-01-12 20:10 - 00333928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
2014-06-19 18:10 - 2010-12-17 07:41 - 05943296 _____ (IDT, Inc.) C:\Windows\system32\IDTNGUI.exe
2014-06-19 18:10 - 2010-12-17 07:41 - 04594176 _____ (IDT, Inc.) C:\Windows\system32\stlang64.dll
2014-06-19 18:10 - 2010-12-17 07:41 - 03070976 _____ (IDT, Inc.) C:\Windows\system32\IDTNHP.dll
2014-06-19 18:10 - 2010-12-17 07:41 - 01497088 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll
2014-06-19 18:10 - 2010-12-17 07:41 - 00994304 _____ (IDT, Inc.) C:\Windows\system32\IDTNX.dll
2014-06-19 18:10 - 2010-12-17 07:41 - 00651264 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2014-06-19 18:10 - 2010-12-17 07:41 - 00564224 _____ (IDT, Inc.) C:\Windows\system32\idt64mp1.exe
2014-06-19 18:10 - 2010-12-17 07:41 - 00525312 _____ (IDT, Inc.) C:\Windows\sttray64.exe
2014-06-19 18:10 - 2010-12-17 07:41 - 00520192 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys
2014-06-19 18:10 - 2010-12-17 07:41 - 00438784 _____ (IDT, Inc.) C:\Windows\system32\IDTNC64.cpl
2014-06-19 18:10 - 2010-12-17 07:41 - 00431616 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll
2014-06-19 18:10 - 2010-12-17 07:41 - 00220160 _____ (IDT, Inc.) C:\Windows\system32\staco64.dll
2014-06-19 18:10 - 2010-12-17 07:41 - 00212480 _____ (IDT, Inc.) C:\Windows\system32\IDTNJ.exe
2014-06-19 18:10 - 2010-11-30 18:02 - 00412264 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-06-19 18:10 - 2010-11-30 18:02 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-06-19 18:10 - 2010-11-30 18:02 - 00074272 _____ () C:\Windows\system32\RtNicProp64.dll
2014-06-19 18:09 - 2014-06-19 18:10 - 00004558 _____ () C:\Windows\DPINST.LOG
2014-06-19 18:09 - 2014-06-19 18:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-06-19 18:09 - 2014-06-19 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-06-19 18:09 - 2014-06-19 18:09 - 00000000 ____D () C:\Program Files\Synaptics
2014-06-19 18:09 - 2014-06-19 18:09 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-06-19 18:09 - 2010-11-29 07:50 - 00044672 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2014-06-19 18:08 - 2014-06-19 18:09 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-06-19 18:08 - 2014-06-19 18:08 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-06-19 18:08 - 2014-06-19 18:08 - 00000000 ____D () C:\Program Files\ATI
2014-06-19 18:08 - 2010-02-18 12:18 - 00046136 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdiox64.sys
2014-06-19 18:07 - 2014-06-19 18:07 - 00000000 __RSH () C:\Windows\SysWOW64\Drivers\103C_HP_cNB_Pavilion g7 Notebook PC_Y5335KV_0U_QCNF13200VK_E645854-002_4A_I1664_SHP_V20.24_BF.6A_T130507_W73-1_L409_M3835_J500_7AMD_8F63_92.60_#140619_N_(LW416UA#ABA)_XMOBILE_CN10_Z_20593110000204610000620100.MRK
2014-06-19 18:07 - 2014-06-19 18:07 - 00000000 __RSH () C:\Windows\system32\Drivers\103C_HP_cNB_Pavilion g7 Notebook PC_Y5335KV_0U_QCNF13200VK_E645854-002_4A_I1664_SHP_V20.24_BF.6A_T130507_W73-1_L409_M3835_J500_7AMD_8F63_92.60_#140619_N_(LW416UA#ABA)_XMOBILE_CN10_Z_20593110000204610000620100.MRK
2014-06-19 18:06 - 2014-06-19 18:06 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-06-19 18:06 - 2014-06-19 18:06 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-06-19 18:05 - 2014-06-19 18:05 - 00000056 ____H () C:\Windows\SysWOW64\ezsidmv.dat
2014-06-19 17:10 - 2014-06-19 17:10 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-19 17:10 - 2014-06-19 17:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-19 17:10 - 2014-06-19 17:10 - 00000000 ____D () C:\Windows\system32\Macromed
2014-06-19 17:10 - 2014-06-19 17:10 - 00000000 ____D () C:\Users\Celia\AppData\Local\Macromedia
2014-06-19 16:37 - 2014-06-23 11:17 - 00000000 ____D () C:\Program Files\PeerBlock
2014-06-19 16:37 - 2014-06-19 16:37 - 02374320 _____ (PeerBlock, LLC ) C:\Users\Celia\Downloads\PeerBlock-Setup_v1.2_r693.exe
2014-06-19 16:37 - 2014-06-19 16:37 - 00001736 _____ () C:\Users\Celia\Desktop\PeerBlock.lnk
2014-06-19 16:37 - 2014-06-19 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2014-06-19 16:35 - 2014-06-19 16:35 - 00000000 ____D () C:\ProgramData\Synaptics
2014-06-19 16:34 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-19 16:34 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-06-19 16:34 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-06-19 16:34 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-06-19 16:34 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-06-19 16:34 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-06-19 16:34 - 2013-02-15 02:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-19 16:34 - 2013-02-15 02:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-19 16:34 - 2013-02-15 02:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-06-19 16:34 - 2013-02-15 00:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-06-19 16:34 - 2013-02-15 00:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-06-19 16:34 - 2013-02-14 23:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-06-19 16:34 - 2011-06-15 06:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2014-06-19 16:34 - 2011-06-15 06:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2014-06-19 16:34 - 2011-06-15 06:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2014-06-19 16:34 - 2011-06-15 06:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2014-06-19 16:34 - 2011-06-15 04:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2014-06-19 16:34 - 2011-06-15 04:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2014-06-19 16:34 - 2011-06-15 04:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2014-06-19 16:34 - 2011-06-15 04:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2014-06-19 16:34 - 2011-06-15 04:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2014-06-19 16:34 - 2011-04-09 02:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-06-19 16:34 - 2011-04-09 01:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-06-19 16:33 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-19 16:33 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-19 16:33 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-19 16:33 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-19 16:33 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-19 16:33 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-19 16:33 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-19 16:33 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-19 16:33 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-19 16:33 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-19 16:33 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-19 16:33 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-19 16:33 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-06-19 16:33 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-06-19 16:33 - 2013-11-26 07:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-19 16:33 - 2013-11-11 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-06-19 16:33 - 2013-11-11 22:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-06-19 16:33 - 2013-10-18 22:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-06-19 16:33 - 2013-10-18 21:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-06-19 16:33 - 2013-10-05 16:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-06-19 16:33 - 2013-10-05 15:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-06-19 16:33 - 2013-10-03 22:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-06-19 16:33 - 2013-10-03 21:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-06-19 16:33 - 2013-09-27 21:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-06-19 16:33 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-06-19 16:33 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-06-19 16:33 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-06-19 16:33 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-06-19 16:33 - 2013-04-12 10:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-06-19 16:33 - 2013-02-27 02:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-06-19 16:33 - 2013-02-27 01:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-06-19 16:33 - 2013-02-27 01:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-06-19 16:33 - 2013-02-27 00:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-06-19 16:33 - 2011-11-17 02:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-06-19 16:33 - 2011-11-17 01:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2014-06-19 16:33 - 2011-10-26 01:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-06-19 16:33 - 2011-10-26 01:25 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-06-19 16:33 - 2011-10-26 00:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-06-19 16:33 - 2011-10-26 00:32 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-06-19 16:33 - 2011-07-08 22:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-06-19 16:33 - 2011-04-26 22:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-06-19 16:33 - 2011-04-26 22:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-06-19 16:32 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-06-19 16:32 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-06-19 16:32 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-06-19 16:32 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-06-19 16:32 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-06-19 16:32 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-06-19 16:32 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-06-19 16:32 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-06-19 16:32 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-19 16:32 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-06-19 16:32 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-06-19 16:32 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-06-19 16:32 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-06-19 16:32 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-06-19 16:32 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-06-19 16:32 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-06-19 16:32 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-06-19 16:32 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-06-19 16:32 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-06-19 16:32 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-06-19 16:32 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-06-19 16:32 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-06-19 16:32 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-06-19 16:32 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-06-19 16:32 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-06-19 16:32 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-06-19 16:32 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-06-19 16:32 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-06-19 16:32 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-06-19 16:32 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-06-19 16:32 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-06-19 16:32 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-06-19 16:32 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-06-19 16:32 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-06-19 16:32 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-06-19 16:32 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-06-19 16:32 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-06-19 16:32 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-06-19 16:32 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-06-19 16:32 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-06-19 16:32 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-06-19 16:32 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-19 16:32 - 2013-11-26 21:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-06-19 16:32 - 2013-11-26 21:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-06-19 16:32 - 2013-11-26 21:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-06-19 16:32 - 2013-11-26 21:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-06-19 16:32 - 2013-11-26 21:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-06-19 16:32 - 2013-11-26 21:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-06-19 16:32 - 2013-09-24 22:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-06-19 16:32 - 2013-09-24 21:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-06-19 16:32 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-06-19 16:32 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-06-19 16:32 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-06-19 16:32 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-06-19 16:32 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-06-19 16:32 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-06-19 16:32 - 2013-07-12 06:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-06-19 16:32 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-06-19 16:32 - 2013-07-12 06:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-06-19 16:32 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-06-19 16:32 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-06-19 16:32 - 2013-07-04 08:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-06-19 16:32 - 2013-07-03 00:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-06-19 16:32 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-06-19 16:32 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-06-19 16:32 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-06-19 16:32 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-06-19 16:32 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-06-19 16:32 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-06-19 16:32 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-06-19 16:32 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-06-19 16:32 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-06-19 16:32 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-06-19 16:32 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-06-19 16:32 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-06-19 16:32 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-06-19 16:32 - 2013-02-12 00:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-06-19 16:32 - 2012-11-28 18:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-06-19 16:32 - 2012-11-28 18:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-06-19 16:32 - 2012-11-28 18:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-06-19 16:32 - 2012-11-02 01:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-06-19 16:32 - 2012-11-02 01:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-06-19 16:32 - 2012-04-26 01:41 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-06-19 16:32 - 2012-04-26 01:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-06-19 16:32 - 2012-04-26 01:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-06-19 16:31 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-06-19 16:31 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-06-19 16:31 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-06-19 16:31 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-06-19 16:31 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-06-19 16:31 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-06-19 16:31 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-06-19 16:31 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-06-19 16:31 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-06-19 16:31 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-06-19 16:31 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-06-19 16:31 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-06-19 16:31 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-06-19 16:31 - 2013-10-02 22:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-06-19 16:31 - 2013-10-02 22:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-06-19 16:31 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-06-19 16:31 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-06-19 16:31 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-06-19 16:31 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-06-19 16:31 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-06-19 16:31 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-06-19 16:31 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-06-19 16:31 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-06-19 16:31 - 2013-05-12 23:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-06-19 16:31 - 2013-05-12 23:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-06-19 16:31 - 2013-04-26 01:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-06-19 16:31 - 2013-04-26 00:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-06-19 16:31 - 2012-11-22 23:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-06-19 16:31 - 2012-09-25 18:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-06-19 16:31 - 2012-09-25 18:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-06-19 16:31 - 2012-07-04 18:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-06-19 16:31 - 2012-07-04 18:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-06-19 16:31 - 2012-07-04 18:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-06-19 16:31 - 2012-07-04 17:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2014-06-19 16:31 - 2012-07-04 17:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2014-06-19 16:31 - 2012-04-27 23:55 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-06-19 16:31 - 2012-03-17 03:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-06-19 16:31 - 2011-12-16 04:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-06-19 16:31 - 2011-12-16 03:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2014-06-19 16:31 - 2011-08-17 01:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-06-19 16:31 - 2011-08-17 01:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-06-19 16:31 - 2011-08-17 00:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-06-19 16:31 - 2011-08-17 00:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-06-19 16:31 - 2011-05-24 07:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2014-06-19 16:31 - 2011-05-24 06:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2014-06-19 16:31 - 2011-05-24 06:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2014-06-19 16:31 - 2011-05-24 06:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2014-06-19 16:31 - 2011-05-24 06:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2014-06-19 16:31 - 2011-05-03 01:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-06-19 16:31 - 2011-05-03 00:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-06-19 16:31 - 2011-04-28 23:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-06-19 16:31 - 2011-04-28 23:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-06-19 16:31 - 2011-04-28 23:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-06-19 16:30 - 2013-10-11 22:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-06-19 16:30 - 2013-10-11 22:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-06-19 16:30 - 2013-10-11 22:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-06-19 16:30 - 2013-10-11 22:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-06-19 16:30 - 2013-10-11 22:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-06-19 16:30 - 2013-10-11 22:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-06-19 16:30 - 2013-10-11 22:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-06-19 16:30 - 2013-10-11 22:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-06-19 16:30 - 2013-10-11 22:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-06-19 16:30 - 2013-10-11 21:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-06-19 16:30 - 2013-10-11 21:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-06-19 16:30 - 2013-10-11 21:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-06-19 16:30 - 2013-10-11 21:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-06-19 16:30 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-06-19 16:30 - 2013-05-13 01:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-06-19 16:30 - 2013-05-12 23:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-06-19 16:30 - 2013-04-10 02:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-06-19 16:30 - 2012-06-06 02:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-06-19 16:30 - 2012-06-06 01:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2014-06-19 16:30 - 2012-05-14 01:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-06-19 16:30 - 2011-10-15 02:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-06-19 16:30 - 2011-10-15 01:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-06-19 16:30 - 2011-08-27 01:37 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-06-19 16:30 - 2011-08-27 01:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-06-19 16:30 - 2011-08-27 00:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-06-19 16:30 - 2011-08-27 00:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-06-19 16:30 - 2011-02-03 07:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-06-19 16:29 - 2011-11-19 10:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-06-19 16:29 - 2011-11-19 10:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-06-19 16:28 - 2014-06-19 16:29 - 00000000 ____D () C:\Program Files (x86)\LastPass
2014-06-19 16:28 - 2014-06-19 16:28 - 14936064 _____ (LastPass) C:\Users\Celia\Downloads\lastpass_x64.exe
2014-06-19 16:28 - 2014-06-19 16:28 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2014-06-19 16:28 - 2014-06-19 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2014-06-19 16:20 - 2014-06-20 22:29 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Mozilla
2014-06-19 16:20 - 2014-06-19 16:20 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-19 16:20 - 2014-06-19 16:20 - 00000000 ____D () C:\Users\Celia\AppData\Local\Mozilla
2014-06-19 16:20 - 2014-06-19 16:20 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-19 16:20 - 2014-06-19 16:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 16:20 - 2014-06-19 16:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 16:19 - 2014-06-19 16:19 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Macromedia
2014-06-19 16:18 - 2014-06-19 16:18 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Adobe
2014-06-19 16:11 - 2014-06-19 16:11 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\ATI
2014-06-19 16:11 - 2014-06-19 16:11 - 00000000 ____D () C:\Users\Celia\AppData\Local\ATI
2014-06-19 16:11 - 2014-06-19 16:11 - 00000000 ____D () C:\Users\Celia\AppData\Local\AMD
2014-06-19 16:10 - 2014-06-23 12:42 - 00001413 _____ () C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-19 16:10 - 2014-06-22 18:47 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F897AD39-3712-4671-8274-702BE38EE554}
2014-06-19 16:10 - 2014-06-19 16:10 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Synaptics
2014-06-19 16:10 - 2014-06-19 16:10 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\hpqLog
2014-06-19 16:10 - 2014-06-19 16:10 - 00000000 ____D () C:\Users\Celia\AppData\Local\RemEngine
2014-06-19 16:10 - 2012-02-17 02:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-06-19 16:10 - 2012-02-17 01:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-06-19 16:10 - 2012-02-17 00:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-06-19 16:09 - 2014-06-19 16:09 - 00057560 _____ () C:\Users\Celia\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 16:07 - 2014-06-19 16:10 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Hewlett-Packard
2014-06-19 16:07 - 2014-06-19 16:10 - 00000000 ____D () C:\Users\Celia\AppData\Local\Hewlett-Packard_Company
2014-06-19 16:07 - 2014-06-19 16:10 - 00000000 ____D () C:\Users\Celia\AppData\Local\Hewlett-Packard
2014-06-19 16:07 - 2011-05-23 17:09 - 00002312 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk
2014-06-19 16:07 - 2011-05-23 17:08 - 00002278 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
2014-06-19 16:05 - 2014-06-19 16:10 - 00000000 ____D () C:\Users\Celia
2014-06-19 16:05 - 2014-06-19 16:05 - 00000020 ___SH () C:\Users\Celia\ntuser.ini
2014-06-19 16:05 - 2014-06-19 16:05 - 00000000 ____D () C:\Users\Celia\AppData\Local\VirtualStore
2014-06-19 16:05 - 2012-06-02 18:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-06-19 16:05 - 2012-06-02 18:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-06-19 16:05 - 2012-06-02 18:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-06-19 16:05 - 2012-06-02 18:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-06-19 16:05 - 2012-06-02 18:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-06-19 16:05 - 2012-06-02 18:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-06-19 16:05 - 2012-06-02 18:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-06-19 16:05 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-06-19 16:05 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-06-19 16:05 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-19 16:05 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

2014-06-23 12:48 - 2014-06-23 12:48 - 00013973 _____ () C:\Users\Celia\Desktop\FRST.txt
2014-06-23 12:48 - 2014-06-23 12:48 - 00000000 ____D () C:\FRST
2014-06-23 12:47 - 2014-06-23 12:47 - 02082816 _____ (Farbar) C:\Users\Celia\Desktop\FRST64.exe
2014-06-23 12:47 - 2009-07-14 01:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-23 12:46 - 2014-06-19 18:11 - 01399297 _____ () C:\Windows\WindowsUpdate.log
2014-06-23 12:44 - 2009-07-14 00:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 12:44 - 2009-07-14 00:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 12:42 - 2014-06-19 16:10 - 00001413 _____ () C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-23 12:41 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-23 12:41 - 2009-07-14 00:51 - 00046058 _____ () C:\Windows\setupact.log
2014-06-23 12:39 - 2009-07-14 00:45 - 00276072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-23 12:37 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-06-23 12:37 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-06-23 12:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-06-23 12:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-06-23 12:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-06-23 12:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-06-23 12:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-06-23 12:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-06-23 12:17 - 2014-06-23 12:00 - 00013757 _____ () C:\Windows\IE11_main.log
2014-06-23 12:12 - 2014-06-23 12:12 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-23 12:12 - 2014-06-23 12:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-23 12:12 - 2014-06-23 12:12 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-23 12:12 - 2014-06-23 12:12 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-23 12:12 - 2014-06-23 12:12 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-06-23 12:12 - 2014-06-23 12:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-06-23 12:12 - 2014-06-23 12:12 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-06-23 12:12 - 2014-06-23 12:12 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-06-23 12:12 - 2014-06-23 12:12 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-06-23 12:12 - 2014-06-23 12:12 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-06-23 12:12 - 2014-06-23 12:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-06-23 12:12 - 2014-06-23 12:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-06-23 12:12 - 2014-06-23 12:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-23 12:10 - 2014-06-23 12:10 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-06-23 12:10 - 2014-06-23 12:10 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-06-23 12:10 - 2014-06-23 12:10 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-06-23 12:10 - 2014-06-23 12:10 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-06-23 12:10 - 2014-06-23 12:10 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-06-23 12:10 - 2014-06-23 12:10 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-06-23 12:09 - 2014-06-23 12:09 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-06-23 12:09 - 2014-06-23 12:09 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-06-23 12:03 - 2014-06-23 12:03 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-06-23 12:01 - 2014-06-23 12:01 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-06-23 12:01 - 2014-06-23 12:01 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-06-23 11:50 - 2014-06-23 11:49 - 00447170 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-06-23 11:44 - 2014-06-23 11:40 - 00445638 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-06-23 11:34 - 2014-06-20 22:29 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2564640923-2217173692-610999163-1002UA.job
2014-06-23 11:17 - 2014-06-19 16:37 - 00000000 ____D () C:\Program Files\PeerBlock
2014-06-23 11:16 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-23 04:30 - 2014-06-21 22:31 - 00000000 ____D () C:\Users\Celia\AppData\Local\CrashDumps
2014-06-22 22:34 - 2014-06-20 22:29 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2564640923-2217173692-610999163-1002Core.job
2014-06-22 18:47 - 2014-06-19 16:10 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F897AD39-3712-4671-8274-702BE38EE554}
2014-06-22 14:36 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media
2014-06-22 14:35 - 2014-06-22 14:35 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2014-06-22 14:35 - 2014-06-22 14:35 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-06-22 14:35 - 2014-06-22 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series
2014-06-22 14:30 - 2014-06-22 14:30 - 00116492 _____ () C:\Users\Celia\Downloads\label1.xps
2014-06-22 10:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-21 23:18 - 2014-06-21 01:11 - 00000000 ____D () C:\Users\Celia\Documents\Youcam
2014-06-21 22:28 - 2014-06-21 22:28 - 00001277 _____ () C:\Users\Celia\Desktop\CyberLink YouCam.lnk
2014-06-21 01:23 - 2014-06-21 01:22 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\vlc
2014-06-21 01:22 - 2014-06-21 01:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-06-21 01:22 - 2014-06-21 01:22 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-06-21 01:21 - 2014-06-21 01:21 - 24677393 _____ () C:\Users\Celia\Downloads\vlc-2.1.3-win32.exe
2014-06-21 01:12 - 2014-06-21 01:12 - 00000000 ____D () C:\Users\Public\CyberLink
2014-06-21 01:12 - 2014-06-21 01:12 - 00000000 ____D () C:\ProgramData\CyberLink
2014-06-21 01:11 - 2014-06-21 01:11 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\CyberLink
2014-06-21 01:11 - 2014-06-21 01:11 - 00000000 ____D () C:\Users\Celia\AppData\Local\CyberLink
2014-06-20 22:29 - 2014-06-20 22:29 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2564640923-2217173692-610999163-1002UA
2014-06-20 22:29 - 2014-06-20 22:29 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2564640923-2217173692-610999163-1002Core
2014-06-20 22:29 - 2014-06-20 22:29 - 00000000 ____D () C:\Users\Celia\AppData\Local\Google
2014-06-20 22:29 - 2014-06-19 16:20 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Mozilla
2014-06-20 22:27 - 2014-06-20 22:27 - 00895120 _____ (Google Inc.) C:\Users\Celia\Downloads\GoogleVoiceAndVideoSetup.exe
2014-06-19 22:12 - 2014-06-19 22:12 - 00005288 _____ () C:\Users\Celia\Downloads\dane1.txt
2014-06-19 19:47 - 2011-05-23 16:48 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-19 19:03 - 2014-06-19 19:03 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-06-19 19:02 - 2014-06-19 19:02 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-06-19 19:02 - 2014-06-19 19:02 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-06-19 19:02 - 2014-06-19 19:02 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-06-19 19:02 - 2014-06-19 19:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-06-19 19:02 - 2014-06-19 19:02 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2014-06-19 19:02 - 2007-01-01 21:25 - 00000000 ____D () C:\Windows\Panther
2014-06-19 19:01 - 2014-06-19 19:01 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-06-19 19:01 - 2014-06-19 19:01 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-06-19 19:01 - 2014-06-19 19:01 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2014-06-19 19:01 - 2014-06-19 19:01 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2014-06-19 19:01 - 2014-06-19 19:01 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-06-19 19:01 - 2014-06-19 19:01 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-06-19 19:01 - 2014-06-19 19:01 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-06-19 19:01 - 2014-06-19 19:01 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-06-19 19:01 - 2014-06-19 19:01 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2014-06-19 19:01 - 2014-06-19 19:01 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2014-06-19 19:01 - 2014-06-19 19:01 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2014-06-19 19:00 - 2014-06-19 19:00 - 00951680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-06-19 19:00 - 2014-06-19 19:00 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2014-06-19 19:00 - 2011-05-23 16:27 - 00000012 _____ () C:\Windows\CSUP.txt
2014-06-19 18:58 - 2014-06-19 18:58 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-19 18:58 - 2009-07-14 01:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-06-19 18:58 - 2009-07-14 01:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-06-19 18:58 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-06-19 18:58 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-06-19 18:27 - 2014-06-19 18:27 - 00000000 ____D () C:\ProgramData\ATI
2014-06-19 18:27 - 2011-05-23 16:59 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-06-19 18:26 - 2009-07-14 00:46 - 00005075 _____ () C:\Windows\DtcInstall.log
2014-06-19 18:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-06-19 18:20 - 2011-02-16 14:51 - 00000000 ___HD () C:\HP
2014-06-19 18:19 - 2014-06-19 18:16 - 00000000 ____D () C:\ProgramData\Temp
2014-06-19 18:19 - 2011-05-23 16:45 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-06-19 18:17 - 2014-06-19 18:17 - 00003148 _____ () C:\Windows\System32\Tasks\MirageAgent
2014-06-19 18:17 - 2014-06-19 18:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-06-19 18:17 - 2014-06-19 18:17 - 00000000 ____D () C:\Users\Public\Documents\YouCam
2014-06-19 18:17 - 2014-06-19 18:17 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-06-19 18:17 - 2011-05-23 17:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-19 18:16 - 2014-06-19 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Energy Star
2014-06-19 18:15 - 2014-06-19 18:15 - 00000593 _____ () C:\Windows\system32\ndCPrepLog
2014-06-19 18:15 - 2014-06-19 18:12 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-06-19 18:14 - 2014-06-19 18:14 - 00000000 ____D () C:\ProgramData\AMD
2014-06-19 18:14 - 2014-06-19 18:14 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-06-19 18:12 - 2014-06-19 18:12 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-06-19 18:12 - 2014-06-19 18:10 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-06-19 18:10 - 2014-06-19 18:10 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-06-19 18:10 - 2014-06-19 18:10 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-06-19 18:10 - 2014-06-19 18:10 - 00000000 ____D () C:\Program Files\IDT
2014-06-19 18:10 - 2014-06-19 18:09 - 00004558 _____ () C:\Windows\DPINST.LOG
2014-06-19 18:09 - 2014-06-19 18:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-06-19 18:09 - 2014-06-19 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-06-19 18:09 - 2014-06-19 18:09 - 00000000 ____D () C:\Program Files\Synaptics
2014-06-19 18:09 - 2014-06-19 18:09 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-06-19 18:09 - 2014-06-19 18:08 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-06-19 18:08 - 2014-06-19 18:08 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-06-19 18:08 - 2014-06-19 18:08 - 00000000 ____D () C:\Program Files\ATI
2014-06-19 18:07 - 2014-06-19 18:07 - 00000000 __RSH () C:\Windows\SysWOW64\Drivers\103C_HP_cNB_Pavilion g7 Notebook PC_Y5335KV_0U_QCNF13200VK_E645854-002_4A_I1664_SHP_V20.24_BF.6A_T130507_W73-1_L409_M3835_J500_7AMD_8F63_92.60_#140619_N_(LW416UA#ABA)_XMOBILE_CN10_Z_20593110000204610000620100.MRK
2014-06-19 18:07 - 2014-06-19 18:07 - 00000000 __RSH () C:\Windows\system32\Drivers\103C_HP_cNB_Pavilion g7 Notebook PC_Y5335KV_0U_QCNF13200VK_E645854-002_4A_I1664_SHP_V20.24_BF.6A_T130507_W73-1_L409_M3835_J500_7AMD_8F63_92.60_#140619_N_(LW416UA#ABA)_XMOBILE_CN10_Z_20593110000204610000620100.MRK
2014-06-19 18:06 - 2014-06-19 18:06 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-06-19 18:06 - 2014-06-19 18:06 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-06-19 18:06 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-19 18:06 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-19 18:05 - 2014-06-19 18:05 - 00000056 ____H () C:\Windows\SysWOW64\ezsidmv.dat
2014-06-19 18:05 - 2007-01-01 21:29 - 00005949 _____ () C:\Windows\TSSysprep.log
2014-06-19 17:10 - 2014-06-19 17:10 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-19 17:10 - 2014-06-19 17:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-19 17:10 - 2014-06-19 17:10 - 00000000 ____D () C:\Windows\system32\Macromed
2014-06-19 17:10 - 2014-06-19 17:10 - 00000000 ____D () C:\Users\Celia\AppData\Local\Macromedia
2014-06-19 16:37 - 2014-06-19 16:37 - 02374320 _____ (PeerBlock, LLC ) C:\Users\Celia\Downloads\PeerBlock-Setup_v1.2_r693.exe
2014-06-19 16:37 - 2014-06-19 16:37 - 00001736 _____ () C:\Users\Celia\Desktop\PeerBlock.lnk
2014-06-19 16:37 - 2014-06-19 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2014-06-19 16:35 - 2014-06-19 16:35 - 00000000 ____D () C:\ProgramData\Synaptics
2014-06-19 16:29 - 2014-06-19 16:28 - 00000000 ____D () C:\Program Files (x86)\LastPass
2014-06-19 16:28 - 2014-06-19 16:28 - 14936064 _____ (LastPass) C:\Users\Celia\Downloads\lastpass_x64.exe
2014-06-19 16:28 - 2014-06-19 16:28 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2014-06-19 16:28 - 2014-06-19 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2014-06-19 16:20 - 2014-06-19 16:20 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-19 16:20 - 2014-06-19 16:20 - 00000000 ____D () C:\Users\Celia\AppData\Local\Mozilla
2014-06-19 16:20 - 2014-06-19 16:20 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-19 16:20 - 2014-06-19 16:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 16:20 - 2014-06-19 16:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 16:19 - 2014-06-19 16:19 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Macromedia
2014-06-19 16:18 - 2014-06-19 16:18 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Adobe
2014-06-19 16:17 - 2014-06-19 18:18 - 00000000 ____D () C:\ProgramData\Norton
2014-06-19 16:17 - 2010-11-20 23:47 - 00267360 _____ () C:\Windows\PFRO.log
2014-06-19 16:13 - 2011-05-23 16:57 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-06-19 16:11 - 2014-06-19 16:11 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\ATI
2014-06-19 16:11 - 2014-06-19 16:11 - 00000000 ____D () C:\Users\Celia\AppData\Local\ATI
2014-06-19 16:11 - 2014-06-19 16:11 - 00000000 ____D () C:\Users\Celia\AppData\Local\AMD
2014-06-19 16:10 - 2014-06-19 16:10 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Synaptics
2014-06-19 16:10 - 2014-06-19 16:10 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\hpqLog
2014-06-19 16:10 - 2014-06-19 16:10 - 00000000 ____D () C:\Users\Celia\AppData\Local\RemEngine
2014-06-19 16:10 - 2014-06-19 16:07 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Hewlett-Packard
2014-06-19 16:10 - 2014-06-19 16:07 - 00000000 ____D () C:\Users\Celia\AppData\Local\Hewlett-Packard_Company
2014-06-19 16:10 - 2014-06-19 16:07 - 00000000 ____D () C:\Users\Celia\AppData\Local\Hewlett-Packard
2014-06-19 16:10 - 2014-06-19 16:05 - 00000000 ____D () C:\Users\Celia
2014-06-19 16:09 - 2014-06-19 16:09 - 00057560 _____ () C:\Users\Celia\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 16:07 - 2011-05-23 17:07 - 00000000 ___RD () C:\Program Files\Online Services
2014-06-19 16:07 - 2011-05-23 16:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2014-06-19 16:07 - 2011-05-23 16:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-06-19 16:07 - 2011-05-23 16:48 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-06-19 16:07 - 2011-05-23 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music and Media
2014-06-19 16:07 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-06-19 16:07 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-06-19 16:06 - 2011-02-10 15:23 - 00000000 ___HD () C:\SYSTEM.SAV
2014-06-19 16:06 - 2011-02-10 15:23 - 00000000 ____D () C:\SWSetup
2014-06-19 16:06 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\restore
2014-06-19 16:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-06-19 16:06 - 2007-01-01 21:32 - 00000000 __SHD () C:\Recovery
2014-06-19 16:05 - 2014-06-19 16:05 - 00000020 ___SH () C:\Users\Celia\ntuser.ini
2014-06-19 16:05 - 2014-06-19 16:05 - 00000000 ____D () C:\Users\Celia\AppData\Local\VirtualStore
2014-06-19 16:04 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-19 17:32

==================== End Of Log ============================

Attached Files


If you are part of the 99%, you are automatically a part of the Occupy movement.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:23 AM

Posted 23 June 2014 - 01:41 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
FF DefaultSearchEngine: Startpage HTTPS
FF SelectedSearchEngine: Startpage HTTPS
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF SearchPlugin: C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\i0otbb91.default\searchplugins\startpage-https.xml

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait.

Restart the computer to reset the registry.
The tool will create a log (Fixlog.txt) please post it to your reply.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Uncheck the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
====

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#9 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:23 AM

Posted 23 June 2014 - 02:42 PM

Followed the steps and have provided the logs.  I did all of this without peerblock on.  When I was done I turned it back on, and bogon is still streaming in steadily as it has been.  Doesn't seem to be any change, although the computer does feel a bit faster. 

 

 

Here are the 3 logs you requested:
 

Log 1:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by Celia at 2014-06-23 15:19:00 Run:1
Running from C:\Users\Celia\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
FF DefaultSearchEngine: Startpage HTTPS
FF SelectedSearchEngine: Startpage HTTPS
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF SearchPlugin: C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\i0otbb91.default\searchplugins\startpage-https.xml

end
*****************

'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully.
'HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully.
'HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\i0otbb91.default\searchplugins\startpage-https.xml => Moved successfully.

==== End of Fixlog ====

 

 

Log 2:

 

 

# AdwCleaner v3.213 - Report created 23/06/2014 at 15:28:18
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Celia - CELIA-HP
# Running from : C:\Users\Celia\Desktop\adwcleaner_3.213.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\i0otbb91.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1659 octets] - [23/06/2014 15:24:22]
AdwCleaner[R1].txt - [1719 octets] - [23/06/2014 15:25:44]
AdwCleaner[S0].txt - [1418 octets] - [23/06/2014 15:28:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1478 octets] ##########
 

 

Log 3:

 

 Results of screen317's Security Check version 0.99.85 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 24 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player 14.0.0.125 
 Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

 

 

 

 

I think that's everything.

 

 


If you are part of the 99%, you are automatically a part of the Occupy movement.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:23 AM

Posted 24 June 2014 - 07:35 AM


Remove PeerBlock using the Add/Remove program
Restart the computer normally.

PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Vers
ion: 1.2.0.693 - PeerBlock, LLC)


How is it now?

#11 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:23 AM

Posted 24 June 2014 - 10:41 AM

Why would I remove peerblock?

 

 

Also, that's the only way I caught this thing being on my computer.  I need it to make sure that the virus is off.

 

 

First I notice that startpage has been removed from my browser, now you want me to remove peerblock. 

 

Can you please give me an explanation as to what is on my computer yet?  Why are the things that protect my identity and privacy things that I need to get rid of?  I'd like to know what you have found out is the problem rather than just getting copy/pasted instructions on things to run. 


Edited by stuffandthings, 24 June 2014 - 10:45 AM.

If you are part of the 99%, you are automatically a part of the Occupy movement.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:23 AM

Posted 24 June 2014 - 01:41 PM

I can't remove what I cannot see.

If you still have issues with this computer run this tool.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

#13 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:23 AM

Posted 24 June 2014 - 01:43 PM

   ..... edit: removed.


Edited by stuffandthings, 24 June 2014 - 05:42 PM.

If you are part of the 99%, you are automatically a part of the Occupy movement.


#14 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:23 AM

Posted 24 June 2014 - 05:42 PM

Before we go any further, I need you to tell me what we're fixing.  I need to know more than just instructions.

 

I'm very cautious about my computer.  Can you give me a brief description - nothing too technical - of what is going on / what you're trying to accomplish?


If you are part of the 99%, you are automatically a part of the Occupy movement.


#15 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:23 AM

Posted 25 June 2014 - 01:07 AM

I also want to add that tonight I have tried reconfiguring my router in order to have wireless net in my place, instead of just staying directly hooked directly to the modem itself. I did this according to the instructions for the router I have at the following link:

http://kb.linksys.com/Linksys/ukp.aspx?vw=1&docid=eaa3127db5f4402584c959a7251e754c_4008.xml&pid=96&slnid=3

 

Something odd happened when I did this.  I made sure to follow the instructions it gave, and it gave me that same error - "unidentified network - no internet access".  Then when I tried to reconnect to my modem directly, I got that "incorrect IP configuration" error.  I decided to restart my computer as I did before (this time without any updates installing themselves, i figured out the setting for that), and when it rebooted, the computer seems to be on the net fine again. 

 

I just thought this might lend more clues as to what sort of malware this is and how to make sure it's removed.  I definitely don't want to use this computer and hardware devices for things like banking and conducting all of my lifes work on the net when I have some kind of malware on my computer.  Regardless if the computer is able to go online or not, I need to make sure that the malware is gone.  I also hope to figure out why the router and modem seem to be acting so odd.  If the malware knows how to "jump" from device to device, I really want to know that also, so that I can make sure I know how to clean each computer and each device. 

 

Just a little update about this situation. 


If you are part of the 99%, you are automatically a part of the Occupy movement.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users