Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WAS infected with JavaCore, I'm not sure if I fixed it, but I have other problem


  • This topic is locked This topic is locked
38 replies to this topic

#1 Momadice

Momadice

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:16 AM

Posted 24 June 2014 - 12:54 AM

This is not super pressing, so if you have to help others with bigger troubles than I have, then tuck me away somewhere and hopefully you won't forget about me!

 

I think I got rid of JavaCore.  My troubles are:  I am typing in legitimate web adresses that I have used for years, and I am being redirected to a bogus site(s).  The two sites in particular are www.theringlord.com and www.bluebuddahboutique.com and sorry, sometimes canadianliving.com.  I have installed spyblaster in an effort to be able to surf the web, but it is so frustrating because sites where I want to see everything, I can't see everything even if I add them as a safe site in my brower options.  If I disable spyblaster settings temporarily I get rerouted again!

 

What I would like to know is how I can secure my browser(s) without out loosing the content I want to see.  I am not on any social sites, I merely browse the web for inspiration, check in with my sites where I buy supplies from and download assignments or upload to my college, and download personal reading information to transfer to my android tablet to read later.  I have been trying to find a guide to help me with my brower settings that don't take all the joy out of what I do regularily.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17126
Run by Cindy at 1:18:49 on 2014-06-24
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.1527.311 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://jw.org/
uWindow Title = Microsoft Internet Explorer - Cindy
mStart Page = hxxp://www.jw.org
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: cogeco.ca
Trusted Zone: jw.org
Trusted Zone: niagaracollege.csa
TCP: NameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
TCP: Interfaces\{13B46819-EAD4-4B5D-A812-0161F638FF67} : DHCPNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
Filter: AutorunsDisabled - <Clsid value has no data>
Handler: AutorunsDisabled - <Clsid value has no data>
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cindy\appdata\roaming\mozilla\firefox\profiles\5yl39p28.default\
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2014-3-11 104264]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-6-11 108032]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-5-9 75480]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-5-9 113880]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-5-29 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-5-26 1343400]
.
=============== Created Last 60 ================
.
2014-06-23 19:35:02 8140904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{11edf6c2-ec9a-483c-bd8b-400ca95f258d}\mpengine.dll
2014-06-23 11:02:55 8140904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-06-20 01:14:28 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-20 01:14:28 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-13 13:42:14 -------- d-----w- c:\programdata\Licenses
2014-06-13 13:42:05 -------- d-----w- c:\program files\SpywareBlaster
2014-06-13 13:19:55 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3ef5b6f6-6ab4-42f1-9ac4-72b9412e0620}\gapaengine.dll
2014-06-12 17:26:02 -------- d-----w- C:\AdwCleaner
2014-06-12 15:28:39 -------- d-----w- c:\users\cindy\appdata\roaming\SUPERAntiSpyware.com
2014-06-11 15:00:06 -------- d-----w- c:\users\cindy\appdata\local\Diagnostics
2014-06-11 13:10:22 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-06-11 12:19:57 1389056 ----a-w- c:\windows\system32\msxml6.dll
2014-06-11 12:19:56 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-06-11 12:19:56 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-06-11 12:19:56 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-06-11 12:19:55 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-06-11 12:19:55 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-11 12:19:54 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-11 12:19:50 626688 ----a-w- c:\windows\system32\usp10.dll
2014-06-07 00:38:07 -------- d-----w- c:\users\cindy\appdata\local\Macromedia
2014-06-05 12:37:42 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2014-06-02 09:44:22 -------- d-sh--w- c:\users\cindy\appdata\local\EmieUserList
2014-06-02 09:44:22 -------- d-sh--w- c:\users\cindy\appdata\local\EmieSiteList
2014-06-01 17:11:37 -------- d-----w- c:\program files\iPod
2014-06-01 17:11:33 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-06-01 17:11:33 -------- d-----w- c:\program files\iTunes
2014-05-31 13:26:57 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-05-31 13:26:57 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-05-31 07:20:34 640512 ----a-w- c:\windows\system32\advapi32.dll
2014-05-31 07:20:34 619520 ----a-w- c:\windows\system32\tdh.dll
2014-05-31 07:20:34 1289096 ----a-w- c:\windows\system32\ntdll.dll
2014-05-31 07:20:01 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-31 07:20:01 231424 ----a-w- c:\windows\system32\mswsock.dll
2014-05-31 07:19:38 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-05-31 07:14:24 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-05-30 12:28:50 530432 ----a-w- c:\windows\system32\comctl32.dll
2014-05-30 12:28:49 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2014-05-30 12:28:49 36352 ----a-w- c:\windows\system32\drivers\usbscan.sys
2014-05-30 12:28:49 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-05-30 12:28:48 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2014-05-30 12:28:45 175104 ----a-w- c:\windows\system32\wintrust.dll
2014-05-30 12:28:26 509440 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 12:26:53 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-05-30 12:26:53 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-05-30 12:26:45 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-05-30 12:26:45 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-05-30 12:26:45 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-05-30 12:26:45 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-05-30 12:26:11 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-05-30 12:26:02 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-05-30 12:26:02 656896 ----a-w- c:\windows\system32\nshwfp.dll
2014-05-30 12:26:02 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-05-30 12:22:00 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-05-30 12:21:23 47104 ----a-w- c:\windows\system32\appinfo.dll
2014-05-30 12:21:23 1796096 ----a-w- c:\windows\system32\authui.dll
2014-05-30 12:21:23 101720 ----a-w- c:\windows\system32\consent.exe
2014-05-30 07:15:07 -------- d-----w- c:\windows\system32\SPReview
2014-05-30 07:14:36 -------- d-----w- c:\windows\system32\EventProviders
2014-05-29 21:48:33 -------- d-----w- c:\users\cindy\appdata\local\ElevatedDiagnostics
2014-05-29 11:35:59 811520 ----a-w- c:\windows\system32\user32.dll
2014-05-29 11:34:59 755200 ----a-w- c:\windows\system32\sud.dll
2014-05-29 11:33:59 7168 ----a-w- c:\windows\system32\KBDSG.DLL
2014-05-29 11:32:57 189952 ----a-w- c:\windows\system32\sqmapi.dll
2014-05-26 08:07:17 -------- d-----w- c:\windows\system32\Wat
2014-05-26 07:25:51 -------- d-----w- c:\windows\system32\x64
2014-05-26 07:25:50 1002008 ----a-w- c:\windows\system32\igxpun.exe
2014-05-26 07:17:01 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-05-26 07:17:00 5120 ----a-w- c:\windows\system32\wmi.dll
2014-05-25 15:02:54 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-05-25 15:02:52 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2014-05-25 15:02:52 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-05-25 15:02:52 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-05-25 15:02:48 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2014-05-25 15:02:06 376832 ----a-w- c:\windows\system32\dpnet.dll
2014-05-25 15:02:05 2560 ----a-w- c:\windows\system32\dpnaddr.dll
2014-05-25 15:00:43 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2014-05-25 15:00:43 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2014-05-25 15:00:43 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2014-05-25 15:00:41 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-05-25 15:00:41 233472 ----a-w- c:\windows\system32\oleacc.dll
2014-05-25 15:00:34 1785344 ----a-w- c:\program files\windows journal\Journal.exe
2014-05-25 15:00:27 3217408 ----a-w- c:\windows\system32\mstscax.dll
2014-05-25 15:00:26 131584 ----a-w- c:\windows\system32\aaclient.dll
2014-05-25 15:00:25 36864 ----a-w- c:\windows\system32\tsgqec.dll
2014-05-25 15:00:07 741376 ----a-w- c:\windows\system32\inetcomm.dll
2014-05-25 14:58:49 850944 ----a-w- c:\windows\system32\sbe.dll
2014-05-25 14:58:49 642048 ----a-w- c:\windows\system32\CPFilters.dll
2014-05-25 14:58:48 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2014-05-25 14:58:43 1328128 ----a-w- c:\windows\system32\quartz.dll
2014-05-25 14:58:42 514560 ----a-w- c:\windows\system32\qdvd.dll
2014-05-25 14:58:05 314880 ----a-w- c:\windows\system32\webio.dll
2014-05-25 14:58:02 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2014-05-25 14:58:01 86016 ----a-w- c:\windows\system32\odbccu32.dll
2014-05-25 14:58:01 81920 ----a-w- c:\windows\system32\odbccr32.dll
2014-05-25 14:58:01 122880 ----a-w- c:\windows\system32\odbccp32.dll
2014-05-25 14:58:00 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2014-05-25 14:58:00 163840 ----a-w- c:\windows\system32\odbctrac.dll
2014-05-25 14:57:58 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2014-05-25 14:57:58 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2014-05-25 14:57:58 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2014-05-25 14:57:56 690688 ----a-w- c:\windows\system32\msvcrt.dll
2014-05-25 14:57:54 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2014-05-25 14:57:52 78336 ----a-w- c:\windows\system32\synceng.dll
2014-05-25 14:57:48 769024 ----a-w- c:\windows\system32\localspl.dll
2014-05-25 14:57:48 30208 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\winprint.dll
2014-05-25 14:57:38 1137664 ----a-w- c:\windows\system32\mfc42.dll
2014-05-25 14:57:37 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2014-05-25 14:57:34 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2014-05-25 14:57:24 123904 ----a-w- c:\windows\system32\poqexec.exe
2014-05-25 14:40:26 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-05-25 14:40:25 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-05-25 14:40:25 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2014-05-25 14:32:19 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-05-25 14:32:09 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-05-25 14:32:00 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-05-25 14:32:00 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-05-25 14:29:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-05-25 14:29:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-05-25 14:29:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-05-25 14:29:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-05-25 14:29:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2014-05-25 14:26:27 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-05-25 14:21:03 -------- d-----w- c:\program files\Microsoft Security Client
2014-05-25 00:45:12 -------- d-----w- c:\users\cindy\appdata\local\Apple Computer
2014-05-25 00:44:58 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-05-25 00:43:46 -------- d-----w- c:\users\cindy\appdata\local\Apple
2014-05-25 00:43:17 -------- d-----w- c:\program files\Bonjour
2014-05-16 12:56:24 1619632 ----a-w- c:\program files\common files\microsoft shared\office12\OGL.DLL
2014-05-12 10:21:23 -------- d-----w- c:\users\cindy\appdata\roaming\Watchtower
2014-05-11 14:39:54 -------- d-----w- c:\program files\PopCap Games
2014-05-10 16:29:17 -------- d-----w- c:\program files\Watchtower
2014-05-10 14:53:56 103936 ----a-w- c:\windows\system32\CNC_BNU.dll
2014-05-10 14:53:51 -------- d--h--w- c:\programdata\CanonIJFAX
2014-05-10 14:53:23 86528 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPBN.DLL
2014-05-10 14:53:23 29184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDBN.DLL
2014-05-10 14:53:16 96768 ----a-w- c:\windows\system32\CNC_BNI.dll
2014-05-10 14:53:16 321024 ----a-w- c:\windows\system32\CNC_BNL.dll
2014-05-10 14:53:16 263168 ----a-w- c:\windows\system32\CNC_BNC.dll
2014-05-10 14:53:16 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2014-05-10 14:53:01 315904 ----a-w- c:\windows\system32\CNMLMBN.DLL
2014-05-10 14:52:56 258560 ----a-w- c:\windows\system32\CNCALBN.DLL
2014-05-10 14:52:45 366592 ----a-w- c:\windows\system32\CNMNPPM.DLL
2014-05-10 14:52:45 35840 ----a-w- c:\windows\system32\CNMNPUI.DLL
2014-05-10 14:52:45 -------- d-----w- c:\windows\system32\STRING
2014-05-10 14:52:32 -------- d--h--w- c:\programdata\CanonIJETV
2014-05-10 14:52:17 -------- d-----w- c:\program files\Canon
2014-05-10 14:49:57 -------- d-----w- c:\users\cindy\appdata\local\Mozilla
2014-05-10 14:38:42 71168 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNBPP4.DLL
2014-05-10 12:02:20 -------- d-----w- c:\program files\CCleaner
2014-05-10 01:15:18 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-10 01:15:02 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-10 01:15:02 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-10 01:15:02 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-10 01:15:02 -------- d-----w- c:\programdata\Malwarebytes
2014-05-10 01:15:02 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-05-10 01:14:49 -------- d-----w- c:\users\cindy\appdata\local\Programs
2014-05-09 19:10:20 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2014-05-09 19:10:20 31640 ----a-w- c:\windows\system32\msonpmon.dll
2014-05-09 19:08:21 -------- d-----w- c:\windows\PCHEALTH
2014-05-09 19:07:19 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2014-05-09 19:06:50 -------- d-----w- c:\users\cindy\appdata\local\Microsoft Help
2014-05-09 19:06:45 -------- d-sh--w- c:\windows\Installer
2014-05-09 16:53:56 -------- d-----w- c:\windows\Panther
2014-05-09 16:53:43 -------- d-sh--w- C:\Boot
2014-05-09 14:32:08 -------- d-----w- c:\windows\system32\wbem\Performance
2014-05-09 14:27:58 -------- d-sh--w- C:\Recovery
.
==================== Find6M  ====================
.
2014-05-31 07:18:16 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-05-30 09:02:39 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-30 09:02:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-05-30 08:44:28 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-05-30 08:28:30 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-05-30 08:27:56 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-05-30 08:21:36 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 08:10:46 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 07:56:50 4244992 ----a-w- c:\windows\system32\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-30 07:45:28 152576 ----a-w- c:\windows\system32\msclmd.dll
2014-05-30 07:21:10 1790976 ----a-w- c:\windows\system32\wininet.dll
2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11:58 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe
2014-04-09 13:13:00 489064 ----a-w- C:\SecurityScanner.dll
2014-04-01 02:46:48 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-04-01 02:46:48 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-11 13:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 09:20:11 3969984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-01-29 02:06:47 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-25 05:19:42 231960 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-01-17 20:24:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 20:24:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH:  1:20:20.58 ===============
 



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:16 PM

Posted 24 June 2014 - 02:31 AM

Hello Momadice and welcome to the Bleeping Computer forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run OTL

  • download OTL to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • click Scan all users.
  • under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT

     

  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • you may need two posts to fit them both in.

Logs to include with next post:

AdwCleaner log
JRT.txt
OTL.txt
Extras.txt

 

 

Can you also include the Attach.txt file that was produced with the DDS log.

Thanks

Satchfan


Edited by satchfan, 24 June 2014 - 02:33 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:16 AM

Posted 26 June 2014 - 07:06 PM

# AdwCleaner v3.213 - Report created 26/06/2014 at 19:57:01
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Cindy - CINDY-PC
# Running from : C:\Users\Cindy\Desktop\adwcleaner_3.213.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5yl39p28.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [763 octets] - [12/06/2014 13:26:09]
AdwCleaner[R10].txt - [1493 octets] - [20/06/2014 06:05:07]
AdwCleaner[R11].txt - [1555 octets] - [26/06/2014 19:54:53]
AdwCleaner[R1].txt - [754 octets] - [12/06/2014 13:30:52]
AdwCleaner[R2].txt - [872 octets] - [12/06/2014 19:23:48]
AdwCleaner[R7].txt - [1411 octets] - [14/06/2014 21:59:49]
AdwCleaner[R8].txt - [1111 octets] - [15/06/2014 11:57:08]
AdwCleaner[R9].txt - [1366 octets] - [19/06/2014 16:06:55]
AdwCleaner[S0].txt - [829 octets] - [12/06/2014 13:27:23]
AdwCleaner[S1].txt - [814 octets] - [12/06/2014 13:32:03]
AdwCleaner[S2].txt - [932 octets] - [13/06/2014 07:34:29]
AdwCleaner[S6].txt - [1473 octets] - [14/06/2014 22:01:02]
AdwCleaner[S7].txt - [1173 octets] - [15/06/2014 11:58:17]
AdwCleaner[S8].txt - [1428 octets] - [19/06/2014 16:08:21]
AdwCleaner[S9].txt - [1476 octets] - [26/06/2014 19:57:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt - [1536 octets] ##########



#4 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:16 AM

Posted 26 June 2014 - 07:19 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by Cindy on 26/06/2014 at 20:13:04.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/06/2014 at 20:16:00.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#5 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:16 AM

Posted 26 June 2014 - 07:55 PM

OTL logfile created on: 26/06/2014 8:25:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cindy\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
1.49 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 49.69% Memory free
2.98 Gb Paging File | 2.18 Gb Available in Paging File | 73.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 203.43 Gb Total Space | 172.98 Gb Free Space | 85.03% Space Free | Partition Type: NTFS
Drive D: | 94.07 Gb Total Space | 45.16 Gb Free Space | 48.01% Space Free | Partition Type: NTFS
 
Computer Name: CINDY-PC | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/26 20:21:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe
PRC - [2014/05/31 03:19:38 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2014/05/30 04:28:30 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/05/26 03:04:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2014/06/19 16:05:04 | 000,113,880 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/06/19 15:57:40 | 000,075,480 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.jw.org
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1823877810-39724284-3048783385-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jw.org/
IE - HKU\S-1-5-21-1823877810-39724284-3048783385-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1823877810-39724284-3048783385-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-1823877810-39724284-3048783385-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A A0 65 34 B0 77 CF 01  [binary data]
IE - HKU\S-1-5-21-1823877810-39724284-3048783385-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1823877810-39724284-3048783385-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-1823877810-39724284-3048783385-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2014/06/17 20:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Extensions
[2014/06/17 20:33:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\5yl39p28.default\extensions
[2014/06/17 20:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/17 20:24:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/06/19 23:00:55 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1823877810-39724284-3048783385-1000\..Trusted Domains: blackboard.com ([niagara] https in Trusted sites)
O15 - HKU\S-1-5-21-1823877810-39724284-3048783385-1000\..Trusted Domains: cogeco.ca ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1823877810-39724284-3048783385-1000\..Trusted Domains: jw.org ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1823877810-39724284-3048783385-1000\..Trusted Domains: jw.org ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1823877810-39724284-3048783385-1000\..Trusted Domains: niagaracollege.ca ([enterprisesystems] https in Trusted sites)
O15 - HKU\S-1-5-21-1823877810-39724284-3048783385-1000\..Trusted Domains: niagaracollege.csa ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13B46819-EAD4-4B5D-A812-0161F638FF67}: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/26 20:21:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe
[2014/06/26 20:12:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/26 20:08:15 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Cindy\Desktop\JRT.exe
[2014/06/24 01:16:20 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Cindy\Desktop\dds.com
[2014/06/19 21:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2014/06/19 21:14:28 | 000,699,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/06/19 21:14:28 | 000,071,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/06/17 20:24:41 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\Mozilla
[2014/06/17 20:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/06/14 23:50:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/06/13 09:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/06/13 09:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/06/13 09:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2014/06/13 09:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2014/06/12 15:05:49 | 000,000,000 | ---D | C] -- C:\Users\Cindy\Desktop\Meetings
[2014/06/12 13:26:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/12 11:28:39 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\SUPERAntiSpyware.com
[2014/06/12 08:23:25 | 000,000,000 | ---D | C] -- C:\Users\Cindy\Desktop\Business Comunications
[2014/06/11 11:00:06 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\Diagnostics
[2014/06/11 09:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/06/11 09:09:33 | 000,000,000 | ---D | C] -- C:\Users\Cindy\Desktop\mbar
[2014/06/11 08:20:42 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/06/11 08:20:42 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/06/11 08:20:42 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/06/11 08:20:41 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/06/11 08:20:40 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/06/11 08:20:40 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/06/11 08:20:39 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/06/11 08:20:39 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/06/11 08:20:39 | 000,368,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/06/11 08:20:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/06/11 08:20:38 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/06/11 08:20:37 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/06/11 08:20:37 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/06/11 08:20:37 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/06/11 08:20:36 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/06/11 08:20:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/06/11 08:20:34 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/06/11 08:20:33 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/06/11 08:20:31 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/06/11 08:20:29 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/06/11 08:20:26 | 004,244,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/06/11 08:19:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2014/06/11 08:19:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014/06/11 08:19:55 | 000,240,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014/06/11 08:19:54 | 000,187,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2014/06/06 20:38:07 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\Macromedia
[2014/06/06 20:38:07 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\Macromedia
[2014/06/06 07:37:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2014/06/02 05:44:22 | 000,000,000 | -HSD | C] -- C:\Users\Cindy\AppData\Local\EmieUserList
[2014/06/02 05:44:22 | 000,000,000 | -HSD | C] -- C:\Users\Cindy\AppData\Local\EmieSiteList
[2014/06/01 13:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/06/01 13:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/06/01 13:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/06/01 13:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/05/31 09:26:57 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2014/05/31 09:26:57 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014/05/31 09:12:34 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\Adobe
[2014/05/31 03:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/05/31 03:21:46 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2014/05/31 03:21:46 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2014/05/31 03:21:46 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2014/05/31 03:21:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2014/05/31 03:21:45 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2014/05/31 03:21:45 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2014/05/31 03:21:45 | 000,238,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/05/31 03:21:45 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/05/31 03:21:44 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2014/05/31 03:21:44 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2014/05/31 03:21:44 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2014/05/31 03:21:44 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2014/05/31 03:21:43 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2014/05/31 03:21:43 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2014/05/31 03:21:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/05/31 03:21:43 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2014/05/31 03:21:43 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/05/31 03:21:43 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2014/05/31 03:21:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/05/31 03:21:42 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2014/05/31 03:21:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2014/05/31 03:21:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2014/05/31 03:20:34 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2014/05/31 03:19:38 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2014/05/31 03:18:16 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/05/31 03:18:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/05/31 03:18:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/05/31 03:18:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2014/05/31 03:18:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/05/31 03:18:15 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2014/05/31 03:18:15 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2014/05/31 03:18:15 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2014/05/31 03:18:15 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2014/05/31 03:18:15 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2014/05/31 03:18:15 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2014/05/31 03:18:15 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2014/05/31 03:18:15 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2014/05/31 03:18:15 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2014/05/31 03:18:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2014/05/31 03:18:15 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/05/31 03:18:15 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2014/05/31 03:18:15 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2014/05/31 03:18:15 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/05/31 03:18:15 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/05/31 03:18:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/05/31 03:18:15 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/05/31 03:14:24 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2014/05/30 08:28:49 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2014/05/30 08:28:49 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2014/05/30 08:28:26 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/05/30 08:27:45 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2014/05/30 08:27:45 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2014/05/30 08:27:43 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll
[2014/05/30 08:27:43 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2014/05/30 08:27:42 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cngprovider.dll
[2014/05/30 08:27:42 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adprovider.dll
[2014/05/30 08:27:42 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capiprovider.dll
[2014/05/30 08:27:42 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapiprovider.dll
[2014/05/30 08:27:42 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2014/05/30 08:27:42 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wincredprovider.dll
[2014/05/30 08:27:42 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2014/05/30 08:27:32 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2014/05/30 08:27:27 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2014/05/30 08:27:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/05/30 08:27:17 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2014/05/30 08:27:15 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2014/05/30 08:27:15 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2014/05/30 08:27:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2014/05/30 08:27:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2014/05/30 08:27:11 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2014/05/30 08:27:11 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2014/05/30 08:27:03 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/05/30 08:27:00 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2014/05/30 08:26:53 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2014/05/30 08:26:53 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2014/05/30 08:26:02 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2014/05/30 08:26:02 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2014/05/30 08:25:44 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2014/05/30 08:25:44 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2014/05/30 08:25:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2014/05/30 08:25:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2014/05/30 08:25:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2014/05/30 08:25:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2014/05/30 08:25:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2014/05/30 08:25:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2014/05/30 08:25:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2014/05/30 08:25:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2014/05/30 08:25:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2014/05/30 08:25:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/05/30 08:25:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2014/05/30 08:25:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2014/05/30 08:25:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2014/05/30 08:25:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2014/05/30 08:25:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2014/05/30 08:25:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2014/05/30 08:25:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2014/05/30 08:25:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2014/05/30 08:25:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2014/05/30 08:25:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2014/05/30 08:25:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2014/05/30 08:25:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2014/05/30 08:25:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2014/05/30 08:25:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2014/05/30 08:25:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2014/05/30 08:25:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2014/05/30 08:25:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2014/05/30 08:25:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2014/05/30 08:25:35 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014/05/30 08:25:32 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2014/05/30 08:25:32 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2014/05/30 08:25:31 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2014/05/30 08:25:31 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2014/05/30 08:21:23 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/05/30 08:21:23 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2014/05/30 03:15:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2014/05/30 03:14:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2014/05/29 17:48:33 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\ElevatedDiagnostics
[2014/05/29 07:36:41 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2014/05/29 07:36:41 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2014/05/29 07:36:36 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2014/05/29 07:36:36 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2014/05/29 07:36:32 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/05/29 07:36:31 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/05/29 07:36:30 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/05/29 07:36:29 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/05/29 07:36:27 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2014/05/29 07:36:23 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2014/05/29 07:36:23 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2014/05/29 07:36:23 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2014/05/29 07:36:22 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2014/05/29 07:36:20 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2014/05/29 07:36:19 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2014/05/29 07:36:18 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2014/05/29 07:36:17 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2014/05/29 07:36:16 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2014/05/29 07:36:14 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2014/05/29 07:36:11 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2014/05/29 07:36:11 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2014/05/29 07:36:11 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2014/05/29 07:36:09 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2014/05/29 07:36:09 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2014/05/29 07:36:07 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2014/05/29 07:36:06 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2014/05/29 07:36:05 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2014/05/29 07:36:05 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2014/05/29 07:36:04 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2014/05/29 07:36:03 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2014/05/29 07:36:01 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2014/05/29 07:35:57 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2014/05/29 07:35:57 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll
[2014/05/29 07:35:57 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2014/05/29 07:35:56 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2014/05/29 07:35:56 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/05/29 07:35:55 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll
[2014/05/29 07:35:55 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2014/05/29 07:35:55 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2014/05/29 07:35:54 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2014/05/29 07:35:53 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2014/05/29 07:35:53 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2014/05/29 07:35:53 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2014/05/29 07:35:52 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll
[2014/05/29 07:35:52 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2014/05/29 07:35:51 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2014/05/29 07:35:51 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2014/05/29 07:35:49 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2014/05/29 07:35:49 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2014/05/29 07:35:49 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2014/05/29 07:35:49 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2014/05/29 07:35:48 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
[2014/05/29 07:35:47 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2014/05/29 07:35:46 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2014/05/29 07:35:46 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2014/05/29 07:35:45 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2014/05/29 07:35:45 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2014/05/29 07:35:45 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2014/05/29 07:35:44 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2014/05/29 07:35:44 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2014/05/29 07:35:43 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2014/05/29 07:35:43 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnike.dll
[2014/05/29 07:35:42 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2014/05/29 07:35:42 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2014/05/29 07:35:42 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2014/05/29 07:35:41 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll
[2014/05/29 07:35:40 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll
[2014/05/29 07:35:38 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2014/05/29 07:35:38 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2014/05/29 07:35:38 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2014/05/29 07:35:38 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2014/05/29 07:35:37 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2014/05/29 07:35:37 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/05/29 07:35:37 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe
[2014/05/29 07:35:36 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2014/05/29 07:35:35 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2014/05/29 07:35:35 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2014/05/29 07:35:35 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2014/05/29 07:35:35 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2014/05/29 07:35:34 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2014/05/29 07:35:33 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2014/05/29 07:35:33 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2014/05/29 07:35:33 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2014/05/29 07:35:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2014/05/29 07:35:32 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2014/05/29 07:35:32 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2014/05/29 07:35:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2014/05/29 07:35:31 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2014/05/29 07:35:31 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2014/05/29 07:35:30 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2014/05/29 07:35:29 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2014/05/29 07:35:27 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2014/05/29 07:35:27 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll
[2014/05/29 07:35:27 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2014/05/29 07:35:27 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/05/29 07:35:27 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2014/05/29 07:35:27 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2014/05/29 07:35:25 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2014/05/29 07:35:25 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2014/05/29 07:35:25 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2014/05/29 07:35:24 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2014/05/29 07:35:24 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vaultsvc.dll
[2014/05/29 07:35:24 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2014/05/29 07:35:23 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll
[2014/05/29 07:35:23 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2014/05/29 07:35:23 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2014/05/29 07:35:23 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2014/05/29 07:35:23 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2014/05/29 07:35:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2014/05/29 07:35:22 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2014/05/29 07:35:22 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2014/05/29 07:35:22 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2014/05/29 07:35:22 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2014/05/29 07:35:22 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2014/05/29 07:35:21 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2014/05/29 07:35:21 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2014/05/29 07:35:21 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2014/05/29 07:35:21 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2014/05/29 07:35:21 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2014/05/29 07:35:21 | 000,035,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winusb.sys
[2014/05/29 07:35:20 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2014/05/29 07:35:20 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2014/05/29 07:35:19 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2014/05/29 07:35:19 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2014/05/29 07:35:18 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2014/05/29 07:35:18 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2014/05/29 07:35:18 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
[2014/05/29 07:35:18 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2014/05/29 07:35:18 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2014/05/29 07:35:17 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2014/05/29 07:35:16 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vault.dll
[2014/05/29 07:35:16 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2014/05/29 07:35:16 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2014/05/29 07:35:16 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2014/05/29 07:35:15 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2014/05/29 07:35:15 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2014/05/29 07:35:15 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2014/05/29 07:35:14 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2014/05/29 07:35:13 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll
[2014/05/29 07:35:13 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2014/05/29 07:35:13 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2014/05/29 07:35:12 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2014/05/29 07:35:12 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll
[2014/05/29 07:35:12 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2014/05/29 07:35:12 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2014/05/29 07:35:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2014/05/29 07:35:11 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll
[2014/05/29 07:35:11 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2014/05/29 07:35:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2014/05/29 07:35:11 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2014/05/29 07:35:10 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll
[2014/05/29 07:35:09 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2014/05/29 07:35:09 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll
[2014/05/29 07:35:09 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll
[2014/05/29 07:35:09 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2014/05/29 07:35:09 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2014/05/29 07:35:09 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll
[2014/05/29 07:35:09 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2014/05/29 07:35:08 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll
[2014/05/29 07:35:07 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2014/05/29 07:35:07 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2014/05/29 07:35:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscmmc.dll
[2014/05/29 07:35:06 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2014/05/29 07:35:06 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
[2014/05/29 07:35:05 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2014/05/29 07:35:05 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2014/05/29 07:35:05 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2014/05/29 07:35:04 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2014/05/29 07:35:04 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2014/05/29 07:35:04 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
[2014/05/29 07:35:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2014/05/29 07:35:04 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2014/05/29 07:35:03 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2014/05/29 07:35:03 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2014/05/29 07:35:03 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2014/05/29 07:35:03 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2014/05/29 07:35:03 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2014/05/29 07:35:03 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2014/05/29 07:35:03 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2014/05/29 07:35:03 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2014/05/29 07:35:02 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2014/05/29 07:35:02 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2014/05/29 07:35:02 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2014/05/29 07:35:02 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2014/05/29 07:35:02 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2014/05/29 07:35:01 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\main.cpl
[2014/05/29 07:35:01 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2014/05/29 07:35:01 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2014/05/29 07:35:01 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2014/05/29 07:35:00 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2014/05/29 07:35:00 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll
[2014/05/29 07:35:00 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2014/05/29 07:35:00 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2014/05/29 07:35:00 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netjoin.dll
[2014/05/29 07:34:59 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2014/05/29 07:34:59 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
[2014/05/29 07:34:59 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
[2014/05/29 07:34:59 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2014/05/29 07:34:59 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2014/05/29 07:34:59 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OnLineIDCpl.dll
[2014/05/29 07:34:58 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2014/05/29 07:34:58 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slui.exe
[2014/05/29 07:34:58 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2014/05/29 07:34:58 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskbarcpl.dll
[2014/05/29 07:34:58 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2014/05/29 07:34:57 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2014/05/29 07:34:57 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\defaultlocationcpl.dll
[2014/05/29 07:34:57 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll
[2014/05/29 07:34:57 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2014/05/29 07:34:56 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2014/05/29 07:34:56 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2014/05/29 07:34:55 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2014/05/29 07:34:55 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenterCPL.dll
[2014/05/29 07:34:55 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2014/05/29 07:34:55 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2014/05/29 07:34:55 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efscore.dll
[2014/05/29 07:34:55 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2014/05/29 07:34:55 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recovery.dll
[2014/05/29 07:34:55 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sisbkup.dll
[2014/05/29 07:34:54 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdcpl.dll
[2014/05/29 07:34:54 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2014/05/29 07:34:54 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2014/05/29 07:34:53 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2014/05/29 07:34:53 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceCenter.dll
[2014/05/29 07:34:53 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2014/05/29 07:34:53 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2014/05/29 07:34:52 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr.dll
[2014/05/29 07:34:52 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2014/05/29 07:34:52 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2014/05/29 07:34:51 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2014/05/29 07:34:51 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2014/05/29 07:34:51 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2014/05/29 07:34:51 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2014/05/29 07:34:51 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2014/05/29 07:34:51 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2014/05/29 07:34:51 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe
[2014/05/29 07:34:50 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2014/05/29 07:34:50 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2014/05/29 07:34:50 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2014/05/29 07:34:50 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2014/05/29 07:34:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2014/05/29 07:34:50 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2014/05/29 07:34:49 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2014/05/29 07:34:49 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2014/05/29 07:34:48 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2014/05/29 07:34:48 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2014/05/29 07:34:48 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2014/05/29 07:34:48 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2014/05/29 07:34:48 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe
[2014/05/29 07:34:48 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2014/05/29 07:34:47 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2014/05/29 07:34:47 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2014/05/29 07:34:47 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2014/05/29 07:34:47 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgent.dll
[2014/05/29 07:34:47 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2014/05/29 07:34:47 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2014/05/29 07:34:47 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzutil.exe
[2014/05/29 07:34:46 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2014/05/29 07:34:46 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimgapi.dll
[2014/05/29 07:34:45 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2014/05/29 07:34:45 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2014/05/29 07:34:45 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2014/05/29 07:34:45 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2014/05/29 07:34:44 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2014/05/29 07:34:44 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2014/05/29 07:34:44 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxlib.dll
[2014/05/29 07:34:43 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2014/05/29 07:34:43 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2014/05/29 07:34:43 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll
[2014/05/29 07:34:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2014/05/29 07:34:42 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2014/05/29 07:34:42 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingFolder.dll
[2014/05/29 07:34:42 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2014/05/29 07:34:42 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2014/05/29 07:34:41 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2014/05/29 07:34:41 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimserv.exe
[2014/05/29 07:34:41 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2014/05/29 07:34:41 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2014/05/29 07:34:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll
[2014/05/29 07:34:40 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2014/05/29 07:34:40 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2014/05/29 07:34:40 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2014/05/29 07:34:40 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2014/05/29 07:34:39 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2014/05/29 07:34:39 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeResults.exe
[2014/05/29 07:34:39 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetapi.dll
[2014/05/29 07:34:39 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserAccountControlSettings.dll
[2014/05/29 07:34:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnikeapi.dll
[2014/05/29 07:34:38 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onexui.dll
[2014/05/29 07:34:38 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll
[2014/05/29 07:34:38 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2014/05/29 07:34:38 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2014/05/29 07:34:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2014/05/29 07:34:38 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2014/05/29 07:34:37 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2014/05/29 07:34:37 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2014/05/29 07:34:36 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2014/05/29 07:34:36 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll
[2014/05/29 07:34:35 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2014/05/29 07:34:35 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2014/05/29 07:34:35 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2014/05/29 07:34:35 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2014/05/29 07:34:34 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2014/05/29 07:34:34 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2014/05/29 07:34:34 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2014/05/29 07:34:34 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdmat.dll
[2014/05/29 07:34:34 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpd3d.dll
[2014/05/29 07:34:34 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2014/05/29 07:34:34 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2014/05/29 07:34:33 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2014/05/29 07:34:33 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceSyncProvider.dll
[2014/05/29 07:34:33 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2014/05/29 07:34:33 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2014/05/29 07:34:32 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll
[2014/05/29 07:34:32 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2014/05/29 07:34:32 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2014/05/29 07:34:32 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2014/05/29 07:34:32 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2014/05/29 07:34:32 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2014/05/29 07:34:32 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2014/05/29 07:34:32 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2014/05/29 07:34:32 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe
[2014/05/29 07:34:32 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2014/05/29 07:34:31 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2014/05/29 07:34:31 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2014/05/29 07:34:31 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2014/05/29 07:34:31 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2014/05/29 07:34:31 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2014/05/29 07:34:31 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll
[2014/05/29 07:34:31 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
[2014/05/29 07:34:31 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2014/05/29 07:34:31 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2014/05/29 07:34:30 | 000,257,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2014/05/29 07:34:30 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2014/05/29 07:34:30 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2014/05/29 07:34:30 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiavideo.dll
[2014/05/29 07:34:30 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2014/05/29 07:34:30 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2014/05/29 07:34:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2014/05/29 07:34:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2014/05/29 07:34:29 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2014/05/29 07:34:29 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2014/05/29 07:34:29 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2014/05/29 07:34:29 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2014/05/29 07:34:29 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2014/05/29 07:34:28 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2014/05/29 07:34:28 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2014/05/29 07:34:28 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppinst.dll
[2014/05/29 07:34:28 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2014/05/29 07:34:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2014/05/29 07:34:28 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cca.dll
[2014/05/29 07:34:27 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2014/05/29 07:34:27 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2014/05/29 07:34:27 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2014/05/29 07:34:27 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2014/05/29 07:34:27 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2014/05/29 07:34:26 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2014/05/29 07:34:26 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2014/05/29 07:34:26 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2014/05/29 07:34:26 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2014/05/29 07:34:26 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2014/05/29 07:34:26 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2014/05/29 07:34:25 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2014/05/29 07:34:25 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2014/05/29 07:34:25 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2014/05/29 07:34:25 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationProxy.dll
[2014/05/29 07:34:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2014/05/29 07:34:24 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2014/05/29 07:34:24 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2014/05/29 07:34:24 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2014/05/29 07:34:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2014/05/29 07:34:24 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
[2014/05/29 07:34:24 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2014/05/29 07:34:23 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itircl.dll
[2014/05/29 07:34:23 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/05/29 07:34:23 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/05/29 07:34:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertPolEng.dll
[2014/05/29 07:34:23 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MultiDigiMon.exe
[2014/05/29 07:34:23 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2014/05/29 07:34:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2014/05/29 07:34:23 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2014/05/29 07:34:23 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2014/05/29 07:34:23 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nrpsrv.dll
[2014/05/29 07:34:22 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2014/05/29 07:34:22 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSTIFF.dll
[2014/05/29 07:34:22 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll
[2014/05/29 07:34:21 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/05/29 07:34:21 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2014/05/29 07:34:21 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2014/05/29 07:34:21 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgentc.exe
[2014/05/29 07:34:20 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/05/29 07:34:20 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tlscsp.dll
[2014/05/29 07:34:20 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2014/05/29 07:34:19 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz32.dll
[2014/05/29 07:34:19 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2014/05/29 07:34:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\muifontsetup.dll
[2014/05/29 07:34:18 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppc.dll
[2014/05/29 07:34:18 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2014/05/29 07:34:18 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2014/05/29 07:34:17 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2014/05/29 07:34:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdiasqmmodule.dll
[2014/05/29 07:34:17 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys
[2014/05/29 07:34:17 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2014/05/29 07:34:17 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2014/05/29 07:34:17 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2014/05/29 07:34:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\manage-bde.exe
[2014/05/29 07:34:16 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\repair-bde.exe
[2014/05/29 07:34:16 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2014/05/29 07:34:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2014/05/29 07:34:16 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2014/05/29 07:34:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2014/05/29 07:34:15 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2014/05/29 07:34:15 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2014/05/29 07:34:15 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdprefdrvapi.dll
[2014/05/29 07:34:14 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2014/05/29 07:34:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2014/05/29 07:34:14 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2014/05/29 07:34:13 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2014/05/29 07:34:13 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2014/05/29 07:34:12 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSMON.dll
[2014/05/29 07:34:12 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elsTrans.dll
[2014/05/29 07:34:11 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2014/05/29 07:34:11 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TRAPI.dll
[2014/05/29 07:34:11 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsperf.dll
[2014/05/29 07:34:11 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedcli.dll
[2014/05/29 07:34:10 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2014/05/29 07:34:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2014/05/29 07:34:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sscore.dll
[2014/05/29 07:34:08 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2014/05/29 07:34:08 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2014/05/29 07:34:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2014/05/29 07:34:07 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2014/05/29 07:34:05 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshirda.dll
[2014/05/29 07:34:04 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2014/05/29 07:34:03 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2014/05/29 07:34:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2014/05/29 07:34:02 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPREFDD.dll
[2014/05/29 07:34:02 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\C_ISCII.DLL
[2014/05/29 07:34:01 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shunimpl.dll
[2014/05/29 07:34:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2014/05/29 07:34:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2014/05/29 07:34:00 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2014/05/29 07:34:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUS.DLL
[2014/05/29 07:34:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUGHR1.DLL
[2014/05/29 07:34:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTURME.DLL
[2014/05/29 07:34:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTEL.DLL
[2014/05/29 07:34:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINKAN.DLL
[2014/05/29 07:33:59 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSG.DLL
[2014/05/29 07:33:59 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbdlk41a.dll
[2014/05/29 07:33:59 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDCZ1.DLL
[2014/05/29 07:33:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUQ.DLL
[2014/05/29 07:33:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUF.DLL
[2014/05/29 07:33:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSF.DLL
[2014/05/29 07:33:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDPO.DLL
[2014/05/29 07:33:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDNEPR.DLL
[2014/05/29 07:33:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINBEN.DLL
[2014/05/29 07:33:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGR1.DLL
[2014/05/29 07:33:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGKL.DLL
[2014/05/29 07:33:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAJIK.DLL
[2014/05/29 07:33:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMON.DLL
[2014/05/29 07:33:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMAORI.DLL
[2014/05/29 07:33:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDLT1.DLL
[2014/05/29 07:33:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTAM.DLL
[2014/05/29 07:33:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINORI.DLL
[2014/05/29 07:33:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINMAR.DLL
[2014/05/29 07:33:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINHIN.DLL
[2014/05/29 07:33:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBULG.DLL
[2014/05/29 07:33:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBLR.DLL
[2014/05/29 07:33:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2014/05/29 07:33:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGEO.DLL
[2014/05/29 07:33:58 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2014/05/29 07:33:58 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BlbEvents.dll
[2014/05/29 07:33:58 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pifmgr.dll
[2014/05/29 07:33:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2014/05/29 07:33:46 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2014/05/29 07:33:18 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2014/05/29 07:32:57 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/26 20:21:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe
[2014/06/26 20:08:19 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Cindy\Desktop\JRT.exe
[2014/06/26 20:04:02 | 000,619,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/06/26 20:04:02 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/06/26 19:59:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/26 19:59:32 | 1201,168,384 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/26 19:58:56 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/26 19:58:55 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/26 19:51:56 | 001,342,659 | ---- | M] () -- C:\Users\Cindy\Desktop\adwcleaner_3.213.exe
[2014/06/24 01:16:21 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Cindy\Desktop\dds.com
[2014/06/23 20:24:51 | 002,404,644 | ---- | M] () -- C:\Users\Cindy\Desktop\TRL_ByzantineInstructions.pdf
[2014/06/20 07:27:55 | 000,762,468 | ---- | M] () -- C:\Users\Cindy\Desktop\iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf
[2014/06/19 23:00:55 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2014/06/19 21:14:36 | 000,000,030 | ---- | M] () -- C:\AVScanner.ini
[2014/06/19 21:14:28 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/06/19 21:14:28 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/06/19 16:41:12 | 000,000,868 | ---- | M] () -- C:\Users\Cindy\Desktop\Malware Programs.lnk
[2014/06/19 16:37:10 | 000,004,560 | ---- | M] () -- C:\Users\Cindy\Desktop\investigating all xe files.exe.search-ms
[2014/06/19 16:05:04 | 000,113,880 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/06/19 15:57:40 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/06/14 22:45:18 | 000,291,606 | ---- | M] () -- C:\Users\Cindy\Desktop\TCPView.zip
[2014/06/14 22:44:24 | 000,096,442 | ---- | M] () -- C:\Users\Cindy\Desktop\DIInstall.htm
[2014/06/13 12:30:22 | 000,215,937 | ---- | M] () -- C:\Users\Cindy\Desktop\tuition.xps
[2014/06/13 09:42:10 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014/06/12 11:03:46 | 000,000,626 | ---- | M] () -- C:\Users\Cindy\Documents\cc_20140612_110341.reg
[2014/06/12 07:40:29 | 000,001,376 | ---- | M] () -- C:\Users\Cindy\Documents\cc_20140612_074024.reg
[2014/06/11 21:12:25 | 000,000,398 | ---- | M] () -- C:\Users\Cindy\Documents\cc_20140611_211221.reg
[2014/06/08 18:58:16 | 000,004,908 | ---- | M] () -- C:\Users\Cindy\Desktop\hjggbluij.jpg
[2014/06/08 18:56:57 | 000,012,370 | ---- | M] () -- C:\Users\Cindy\Desktop\p117552_1.jpg
[2014/06/08 18:52:35 | 000,043,123 | ---- | M] () -- C:\Users\Cindy\Desktop\p102990_2_400.jpg
[2014/06/08 18:50:27 | 000,121,208 | ---- | M] () -- C:\Users\Cindy\Desktop\FishNet-Stocking-BrCOLLAGE.jpg
[2014/06/08 12:36:00 | 000,001,826 | ---- | M] () -- C:\Users\Cindy\Documents\cc_20140608_123555.reg
[2014/06/07 07:15:37 | 000,006,982 | ---- | M] () -- C:\Users\Cindy\Desktop\uwyeorie.jpg
[2014/06/01 21:30:11 | 000,066,893 | ---- | M] () -- C:\Users\Cindy\Desktop\finished_peachyed.jpg
[2014/06/01 19:21:21 | 000,060,750 | ---- | M] () -- C:\Users\Cindy\Desktop\gallery_74_6_14522.jpg
[2014/06/01 19:19:48 | 000,231,708 | ---- | M] () -- C:\Users\Cindy\Desktop\gallery_20_169445.jpg
[2014/06/01 19:09:39 | 000,042,311 | ---- | M] () -- C:\Users\Cindy\Desktop\gallery_7_23591.jpg
[2014/06/01 19:00:25 | 000,930,524 | ---- | M] () -- C:\Users\Cindy\Desktop\gallery_21645_7_491980.jpg
[2014/06/01 11:22:17 | 000,037,076 | ---- | M] () -- C:\Users\Cindy\Desktop\il_340x270.287058117.jpg
[2014/06/01 11:16:33 | 000,180,357 | ---- | M] () -- C:\Users\Cindy\Desktop\DSCN2128.jpg
[2014/05/31 04:38:04 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/05/31 03:21:46 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2014/05/31 03:21:46 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2014/05/31 03:21:46 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2014/05/31 03:21:46 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2014/05/31 03:21:45 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2014/05/31 03:21:45 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2014/05/31 03:21:45 | 000,238,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/05/31 03:21:45 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/05/31 03:21:45 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2014/05/31 03:21:44 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2014/05/31 03:21:44 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2014/05/31 03:21:44 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2014/05/31 03:21:44 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2014/05/31 03:21:43 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2014/05/31 03:21:43 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2014/05/31 03:21:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/05/31 03:21:43 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2014/05/31 03:21:43 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/05/31 03:21:43 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2014/05/31 03:21:43 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/05/31 03:21:42 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2014/05/31 03:21:42 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2014/05/31 03:21:42 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2014/05/31 03:20:34 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2014/05/31 03:19:38 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2014/05/31 03:18:16 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/05/31 03:18:16 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/05/31 03:18:16 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/05/31 03:18:16 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/05/31 03:18:16 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2014/05/31 03:18:16 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/05/31 03:18:15 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2014/05/31 03:18:15 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2014/05/31 03:18:15 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2014/05/31 03:18:15 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2014/05/31 03:18:15 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2014/05/31 03:18:15 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2014/05/31 03:18:15 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2014/05/31 03:18:15 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2014/05/31 03:18:15 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2014/05/31 03:18:15 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2014/05/31 03:18:15 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/05/31 03:18:15 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2014/05/31 03:18:15 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2014/05/31 03:18:15 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/05/31 03:18:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/05/31 03:18:15 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/05/31 03:14:24 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2014/05/30 13:04:15 | 000,001,407 | ---- | M] () -- C:\Users\Cindy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/05/30 05:02:39 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/30 05:02:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/05/30 04:43:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/05/30 04:42:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/05/30 04:34:17 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/05/30 04:33:48 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/05/30 04:30:43 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/05/30 04:28:33 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/05/30 04:28:30 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/05/30 04:27:56 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/05/30 04:21:36 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/05/30 04:16:26 | 000,368,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/05/30 04:10:46 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/05/30 04:06:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/05/30 04:02:32 | 000,242,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/05/30 03:57:16 | 000,595,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/05/30 03:56:50 | 004,244,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/05/30 03:54:14 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/05/30 03:50:09 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/05/30 03:49:38 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/05/30 03:45:28 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2014/05/30 03:13:47 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/05/29 20:59:53 | 000,372,031 | ---- | M] () -- C:\Users\Cindy\Desktop\KIT-CHNKY-CFF-ALUM-big.jpg
[2014/05/29 18:28:11 | 000,515,226 | ---- | M] () -- C:\Users\Cindy\Desktop\KIT-MESHR-ALUM-big.jpg
[2014/05/29 18:26:48 | 000,221,744 | ---- | M] () -- C:\Users\Cindy\Desktop\KIT-MOBR-ALUM-big.jpg
[2014/05/29 18:09:56 | 000,006,662 | ---- | M] () -- C:\Users\Cindy\Desktop\argaertge.jpg
[2014/05/29 18:09:34 | 000,005,852 | ---- | M] () -- C:\Users\Cindy\Desktop\index.jpg
[2014/05/29 16:13:49 | 000,005,119 | ---- | M] () -- C:\Users\Cindy\Desktop\images.jpg
[2014/05/29 15:49:28 | 000,002,753 | ---- | M] () -- C:\Users\Cindy\Desktop\gkjhgjhg.jpg
[2014/05/29 15:49:11 | 000,003,601 | ---- | M] () -- C:\Users\Cindy\Desktop\iuholiu.jpg
 
========== Files Created - No Company Name ==========
 
[2014/06/26 19:51:55 | 001,342,659 | ---- | C] () -- C:\Users\Cindy\Desktop\adwcleaner_3.213.exe
[2014/06/23 20:24:51 | 002,404,644 | ---- | C] () -- C:\Users\Cindy\Desktop\TRL_ByzantineInstructions.pdf
[2014/06/20 07:27:55 | 000,762,468 | ---- | C] () -- C:\Users\Cindy\Desktop\iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf
[2014/06/19 21:16:37 | 000,000,030 | ---- | C] () -- C:\AVScanner.ini
[2014/06/19 16:40:08 | 000,000,868 | ---- | C] () -- C:\Users\Cindy\Desktop\Malware Programs.lnk
[2014/06/19 16:37:10 | 000,004,560 | ---- | C] () -- C:\Users\Cindy\Desktop\investigating all xe files.exe.search-ms
[2014/06/17 20:24:35 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/06/14 22:45:09 | 000,291,606 | ---- | C] () -- C:\Users\Cindy\Desktop\TCPView.zip
[2014/06/14 21:32:01 | 000,096,442 | ---- | C] () -- C:\Users\Cindy\Desktop\DIInstall.htm
[2014/06/13 12:30:20 | 000,215,937 | ---- | C] () -- C:\Users\Cindy\Desktop\tuition.xps
[2014/06/13 09:42:10 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014/06/12 11:03:45 | 000,000,626 | ---- | C] () -- C:\Users\Cindy\Documents\cc_20140612_110341.reg
[2014/06/12 07:40:27 | 000,001,376 | ---- | C] () -- C:\Users\Cindy\Documents\cc_20140612_074024.reg
[2014/06/11 21:12:23 | 000,000,398 | ---- | C] () -- C:\Users\Cindy\Documents\cc_20140611_211221.reg
[2014/06/08 18:58:15 | 000,004,908 | ---- | C] () -- C:\Users\Cindy\Desktop\hjggbluij.jpg
[2014/06/08 18:56:57 | 000,012,370 | ---- | C] () -- C:\Users\Cindy\Desktop\p117552_1.jpg
[2014/06/08 18:52:34 | 000,043,123 | ---- | C] () -- C:\Users\Cindy\Desktop\p102990_2_400.jpg
[2014/06/08 18:50:26 | 000,121,208 | ---- | C] () -- C:\Users\Cindy\Desktop\FishNet-Stocking-BrCOLLAGE.jpg
[2014/06/08 12:35:58 | 000,001,826 | ---- | C] () -- C:\Users\Cindy\Documents\cc_20140608_123555.reg
[2014/06/07 07:15:37 | 000,006,982 | ---- | C] () -- C:\Users\Cindy\Desktop\uwyeorie.jpg
[2014/06/01 21:30:10 | 000,066,893 | ---- | C] () -- C:\Users\Cindy\Desktop\finished_peachyed.jpg
[2014/06/01 19:21:20 | 000,060,750 | ---- | C] () -- C:\Users\Cindy\Desktop\gallery_74_6_14522.jpg
[2014/06/01 19:19:47 | 000,231,708 | ---- | C] () -- C:\Users\Cindy\Desktop\gallery_20_169445.jpg
[2014/06/01 19:09:38 | 000,042,311 | ---- | C] () -- C:\Users\Cindy\Desktop\gallery_7_23591.jpg
[2014/06/01 19:00:24 | 000,930,524 | ---- | C] () -- C:\Users\Cindy\Desktop\gallery_21645_7_491980.jpg
[2014/06/01 11:22:16 | 000,037,076 | ---- | C] () -- C:\Users\Cindy\Desktop\il_340x270.287058117.jpg
[2014/06/01 11:16:30 | 000,180,357 | ---- | C] () -- C:\Users\Cindy\Desktop\DSCN2128.jpg
[2014/05/31 03:21:45 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2014/05/30 08:25:32 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014/05/29 20:59:52 | 000,372,031 | ---- | C] () -- C:\Users\Cindy\Desktop\KIT-CHNKY-CFF-ALUM-big.jpg
[2014/05/29 18:28:11 | 000,515,226 | ---- | C] () -- C:\Users\Cindy\Desktop\KIT-MESHR-ALUM-big.jpg
[2014/05/29 18:26:48 | 000,221,744 | ---- | C] () -- C:\Users\Cindy\Desktop\KIT-MOBR-ALUM-big.jpg
[2014/05/29 18:09:56 | 000,006,662 | ---- | C] () -- C:\Users\Cindy\Desktop\argaertge.jpg
[2014/05/29 18:09:33 | 000,005,852 | ---- | C] () -- C:\Users\Cindy\Desktop\index.jpg
[2014/05/29 16:13:48 | 000,005,119 | ---- | C] () -- C:\Users\Cindy\Desktop\images.jpg
[2014/05/29 15:49:28 | 000,002,753 | ---- | C] () -- C:\Users\Cindy\Desktop\gkjhgjhg.jpg
[2014/05/29 15:49:10 | 000,003,601 | ---- | C] () -- C:\Users\Cindy\Desktop\iuholiu.jpg
[2014/05/29 07:36:15 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2014/05/29 07:34:12 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2014/05/29 07:33:57 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2014/05/11 10:39:54 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat
[2014/05/10 08:15:33 | 000,004,096 | ---- | C] () -- C:\Users\Cindy\AppData\Local\keyfile3.drm
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014/05/12 07:33:38 | 000,750,392 | ---- | M] (MalwareBytes) MD5=5973E6877DE96F3841C582E24584C307 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2014/05/12 07:33:38 | 000,750,392 | ---- | M] (MalwareBytes) MD5=5973E6877DE96F3841C582E24584C307 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2014/03/04 05:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\System32\winlogon.exe
[2014/03/04 05:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014/03/04 06:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe
 
< %systemroot%\*. /rp /s >
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3320820AS ATA Device
Partitions: 2
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic- SM/xD-Picture USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic- SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic- MS/MS-Pro USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 203.00GB
Starting Offset: 32256
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 94.00GB
Starting Offset: 218427817984
Hidden sectors: 0
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >



#6 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:16 AM

Posted 26 June 2014 - 07:57 PM

  1. OTL Extras logfile created on: 26/06/2014 8:25:13 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cindy\Desktop
     Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17126)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
     
    1.49 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 49.69% Memory free
    2.98 Gb Paging File | 2.18 Gb Available in Paging File | 73.20% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 203.43 Gb Total Space | 172.98 Gb Free Space | 85.03% Space Free | Partition Type: NTFS
    Drive D: | 94.07 Gb Total Space | 45.16 Gb Free Space | 48.01% Space Free | Partition Type: NTFS
     
    Computer Name: CINDY-PC | User Name: Cindy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
     
    ========== Shell Spawning ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{180ECD52-8795-4B8E-83E9-16B228E4FBF6}" = rport=138 | protocol=17 | dir=out | app=system |
    "{226EA9E5-488A-4D78-A27E-02A1EE404077}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{30E2DF3F-0428-4281-82DE-96420007920D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{35967487-5E18-4B54-B9A5-04CF7E04C13A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{3DD91E12-8DEA-4A01-B551-89AA0D43515E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4176A5A8-426F-4F5D-B9EE-872FC7D0F68B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{41E7E5F5-6142-494C-A88B-02EFDEC5BE79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{564BB946-F032-4F34-B74F-1AB3745A72D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{5EC19847-0D18-4353-90A3-5A95E9CD1A55}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{65511825-D28F-429A-B7AB-92A3BE8E1B14}" = rport=139 | protocol=6 | dir=out | app=system |
    "{68B43297-288F-4467-9BF4-C451A1E8B69A}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{6DF5C91D-9FE7-456B-B2AA-E758D7E84392}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{764ECB91-3DF4-4C65-9180-F2E69FC66380}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{80578208-CB7D-466F-8E96-A264F6E238A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{920FEC46-9BDD-48D0-AD04-97CEB7B6F6EC}" = rport=445 | protocol=6 | dir=out | app=system |
    "{9691DF53-DFB6-461C-849D-D016529E8E54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A6D7DBDC-8ED3-4041-9D5D-C3DA9D2AD5C7}" = lport=139 | protocol=6 | dir=in | app=system |
    "{B44AADDE-BC6C-401B-96D6-76C64ADF78F3}" = lport=445 | protocol=6 | dir=in | app=system |
    "{BA1FBE5E-1BFA-4F63-8C28-A0F50833A783}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BA5EA38A-DB45-45F8-B7EC-0CA88390001B}" = rport=137 | protocol=17 | dir=out | app=system |
    "{E43B93CE-99B2-497B-8D23-2732E1763C44}" = lport=138 | protocol=17 | dir=in | app=system |
    "{E8422394-10C0-438B-8907-5956F8508F12}" = lport=137 | protocol=17 | dir=in | app=system |
    "{F8277E18-E6AF-4BD0-A59E-00E82A8A2840}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{FCBFE5E0-4E80-4DEA-87B9-AC42D165794B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{125B984D-B7BC-413B-AA4F-F875C14CE58F}" = protocol=6 | dir=out | app=system |
    "{22C96D87-759C-4F04-B8FB-FE4AAB6772C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{2A103022-8367-43DA-AC4E-CA6964C9CE67}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3D334037-F7ED-42B2-A564-08987C5F4CF4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{50A99AB4-361D-4A66-A348-1A30EED4E4B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{55B8F749-5B69-4661-A8E5-D8BDE49B5B02}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{59D9061A-A658-484C-9D54-583BC6A3D009}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5A80F214-BFCD-4BC9-8298-A554BD602C93}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{676CC81B-9E9F-4CA3-981A-17F0E7FA48D6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{6D6F59D9-B804-4083-BE08-156373C9E5F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{70C014D6-AB88-4578-B7C3-F41FF0F1B970}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{79653294-BF33-47B1-AB89-3559E9E04812}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{7AA51716-4333-4DD3-A2D9-25367573DD6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{98B99E0B-A85B-4BA8-A979-1531A1BD0573}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{AE6F53CA-2447-4298-AE68-10E02865814F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{B821DF95-9310-45C9-A0CB-1B3F559BDE49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B8E42E8E-0523-4131-9DE4-3E269750B335}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{BC4A085F-1B23-44FC-93CC-4C87217520FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BE2D39E6-9806-4E03-850C-56EA7A1FC96A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{C2E46717-D018-4441-898D-08FF3E506EF4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{C66F03CA-5FC0-46E7-9BEA-3FD74898646B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
    "{CD2B748A-F1D1-45A0-85C8-C5148E9CA0F4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{EC170378-4DC5-4A31-83F2-53F72472803B}" = protocol=58 | dir=in | app=system |
    "{F711CF41-11D4-492D-B3B3-6435E562B90A}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{FA2A3F58-50F1-4A07-80BE-15A9B665A368}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{004E8ED2-315C-4473-A934-032D5D7B3A02}" = Watchtower Library 2013 - English
    "{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}" = iTunes
    "{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series" = Canon MX450 series MP Drivers
    "{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
    "{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
    "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
    "Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
    "Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
    "CCleaner" = CCleaner
    "HDMI" = Intel® Graphics Media Accelerator Driver
    "Insaniquarium Deluxe 1.0" = Insaniquarium Deluxe 1.0
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)
    "SpywareBlaster_is1" = SpywareBlaster 5.0
    "ULTIMATER" = Microsoft Office Ultimate 2007
     
    < End of report >
     


#7 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:16 AM

Posted 26 June 2014 - 08:09 PM

log files attached



#8 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:16 PM

Posted 27 June 2014 - 03:52 PM

The links you are being redirected to are for buying jewellery – have you ever done that at any site?


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:16 AM

Posted 28 June 2014 - 09:36 AM

Yes.  It's not jewelry per say, but supplies for making cheap costume jewelry.  That’s how I knew I had a problem that needed fixing, as I browse for design ideas regularly I am extremely familiar with the sites.  If I want to buy something, I rarely purchase anything online from anyone, anymore, I call them directly.  In the past however I was a big fan of online purchases.  Since all the headlines regarding security breaches with major worldwide companies I have stopped.  If I do make an online transaction I cancel my card right away and get a new one.


Edited by Momadice, 28 June 2014 - 09:50 AM.


#10 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:16 PM

Posted 28 June 2014 - 02:43 PM

Can you tell me which browser you use – (Internet Explore, Chrome, Firefox etc)


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:16 AM

Posted 28 June 2014 - 10:36 PM

bogus websites were popping up all the time with Chrome.  In an effort to fix my browser I deleted the program, ran ccleaner, searched for chrome and deleted all those files too.  Then I would reinstall Chrome.  I've done this at least 10 times and abandoned Chrome all together.

 

I switched to Mozilla but then it was also bringing me to bogus sites.  I practice the same routine I did with Chrome.  I have just screen captured three bogus sites on Mozzilla from 10 minutes ago.  Including bleepingcomputer.com

 

Internet exploer doesn't seem to be giving me any grief at the moment, however there have been times when I am on my computer that IE would launch all on it's own.  I was also seeing several times telling me error 404, or tell me the site I am looking for does not exist.

 

I am trying to attach a couple files to this and I am receiving Error This upload failed while using IE I get flickering screens before it opens up the site I want.  It takes an unreasonable amount of time to open a tab, and often it hangs and I am unable to use my keyboard or mouse until it stops hanging.


Edited by Momadice, 28 June 2014 - 10:42 PM.


#12 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:16 AM

Posted 29 June 2014 - 05:39 PM

I did not follow all your instructions regarding installing or uninstalling programs.  As I was reading the instrucitons from beginning to end I noticed in bold red font not to do this.  As I appreciate your assistance what would you like me to do about this? (start from the begining again)? I'm sorry.



#13 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:16 PM

Posted 30 June 2014 - 07:01 AM

We advise you about that because it can interfere with our detection & elimination process. Plus, uninstalling some programs could mess up your computer if it is already unstable.

Re Ccleaner – While CCleaner is safe and useful for removing temporary and junk files, I do not recommend using the built-in registry cleaner unless you have a good understanding of the registry. In fact, I do not recommend the routine use of registry cleaners/optimizers ever, unless you are an expert.

One of the malware experts, miekiemoes, has an excellent write-up here
Another excellent article by Bill Castner is located here
Another from quietman7 here

====================================================

Uninstall Google Chrome

When you uninstalled Chrome it’s possible that it remembered your previous setting when you re-installed it.

Uninstall Google Chrome. You can reinstall it later if you like, (personally I wouldn’t touch it because it has flaws that Google have been aware of for years and refuses to fix).

Uninstall Chrome and if asked about user data or settings, don’t check the box that asks to remember settings. We need to remove those also.

====================================================

I think the best thing is to uninstall and reinstall Firefox again; this will clear out all user data and plugins, so we are starting with a fresh install of Firefox,

You can backup your bookmarks if you need to but you will need to install any addins again.

Also note down any passwords etc.

Download a new copy of Firefox from here and save it to your desktop.


How to backup your bookmarks

  • open Firefox.
  • click the “Bookmarks” menu
  • click select Show All Bookmarks
  • in the “Library” window, click the Import and Backup button and then select Backup
  • in the “Bookmarks backup filename” window that opens, choose a location to save the file, which is named Bookmarks-"date".json by default
  • once the backup has run, close all windows and check location for backup file.

Remove Firefox


  • click on Start, Run
  • in the open text entry box please copy/paste appwiz.cpl Then click Enter.
  • press the Remove or Change/Remove...button to uninstall Firefox.

Delete folders in red

C:\Program Files\Mozilla Firefox
C:\Users\Cindy\AppData\Roaming\Mozilla


Reboot

Install the new copy of Firefox that you saved to the desktop.

Restore Bookmarks


  • open Firefox
  • click the “Bookmarks” menu
  • click Show All Bookmarks
  • in the “Library” window, click the “Import and Backup” button and then select Restore
  • in the “Bookmarks backup filename” window that opens, choose the location you saved the backup file to

When the restore has taken place, close all windows.

Open Firefox again and let me know how it is working now.

===================================================

Download and run Windows Repair (all in one)

Download Windows Repair (all in one) from here

  • install and then run the program.
  • on the “Start Repairs” tab click Start


    DwysfIW.jpg
     

  • at the “Repair Options” screen, be sure to select all items
  • also check Restart System When Finished.
  • now press Start

Once that is complete, check and see if you can get online without any problems in IE & Firefox.

Satchfan

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#14 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:16 AM

Posted 01 July 2014 - 04:50 AM

1)  Chrome was already uninstalled.

2)  saved my bookmarks in Firefox, then I uninstalled it,

3)  I could not find the files in red that I was suppose to delete. I did a search for them as well as following the file path.

4)  Reinstalled firefox using your link, restored, my bookmarks, and it is working just fine.

5)  I read the suggested information on registry cleaning and will follow the advice.  I was cleaning my registry once a day using ccleaner! Thank you for that simplified language information.

6)   I am now following the instructions for the repair tool and will post status when it is done.


Edited by Momadice, 01 July 2014 - 04:57 AM.


#15 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:16 AM

Posted 01 July 2014 - 09:16 AM

Neither browser is running decently at the moment.  I am getting an error in firefox.  i typed in bleepimgcomputer

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2853053

 

I can launch IE, but it still does not work nicely.


Edited by Momadice, 01 July 2014 - 02:21 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users