rwoerz
-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by rwoerz
-
Malwarebytes shows no problem but it still a mess
rwoerz replied to rwoerz's topic in Resolved Malware Removal Logs
I did find the system log file. system-log.txt -
Malwarebytes shows no problem but it still a mess
rwoerz replied to rwoerz's topic in Resolved Malware Removal Logs
Sorry I missed the part about running the fixdamage tool I'll go do that now. -
Malwarebytes shows no problem but it still a mess
rwoerz replied to rwoerz's topic in Resolved Malware Removal Logs
I only found one log file after running the rootkit removal tool. Things seem somewhat better except I get a C++ run time error what I try to run IE and other Microsoft programs. Like trying to manage to computer. mbar-log-2013-01-10 (13-13-10).txt run Time Error.rtf TDSSKiller.2.8.7.0_10.01.2013_10.41.19_log.txt -
Malwarebytes shows no problem but it still a mess
rwoerz replied to rwoerz's topic in Resolved Malware Removal Logs
BTW is there any way of knowing where all this came from? These people should be hung up by parts of their bodies I can't mention here. -
Malwarebytes shows no problem but it still a mess
rwoerz replied to rwoerz's topic in Resolved Malware Removal Logs
I hope this is what you're looking for. The first mbam-log was just after I install Malwarebytes but before I update the database as I wasn't sure the update would work. The second one was after I updated the database. If you need anything else please let me know. I've worked in the computer support field for many years but as you know this type of stuff takes skills few people have so thanks again. The laptop is a Dell Studio 1555 and no matter what I do I can't get it to go into safe mode. dds.txt hijackthis.log mbam-log-2013-01-09 (10-24-06).txt mbam-log-2013-01-09 (12-11-48).txt -
Malwarebytes shows no problem but it still a mess
rwoerz replied to rwoerz's topic in Resolved Malware Removal Logs
<p> </p> <div>Thanks you very much for the help. I also ran tdsskill and it showed no errors. </div> <div> </div> <div> </div> <div>DDS (Ver_2012-11-20.01) - NTFS_AMD64 </div> <div>Internet Explorer: 9.0.8112.16457</div> <div>Run by Angie Murray at 22:00:09 on 2013-01-09</div> <div>Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4027.2684 [GMT -8:00]</div> <div>.</div> <div>AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}</div> <div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div> <div>SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}</div> <div>.</div> <div>============== Running Processes ===============</div> <div>.</div> <div>C:\Windows\system32\lsm.exe</div> <div>C:\Windows\system32\svchost.exe -k DcomLaunch</div> <div>C:\Windows\system32\svchost.exe -k RPCSS</div> <div>C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted</div> <div>C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted</div> <div>C:\Windows\system32\svchost.exe -k netsvcs</div> <div>C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe</div> <div>C:\Windows\system32\svchost.exe -k LocalService</div> <div>C:\Program Files\Dell\DellDock\DockLogin.exe</div> <div>C:\Windows\system32\svchost.exe -k NetworkService</div> <div>C:\Windows\System32\spoolsv.exe</div> <div>C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork</div> <div>C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div> <div>C:\Windows\system32\Dwm.exe</div> <div>C:\Windows\Explorer.EXE</div> <div>C:\Windows\system32\taskhost.exe</div> <div>C:\Program Files\Bonjour\mDNSResponder.exe</div> <div>C:\Program Files\IB Updater\ExtensionUpdaterService.exe</div> <div>C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe</div> <div>C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe</div> <div>C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe</div> <div>C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe</div> <div>C:\Windows\system32\mfevtps.exe</div> <div>C:\Program Files (x86)\McAfee\MSK\MskSrver.exe</div> <div>C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe</div> <div>c:\program files (x86)\dell datasafe local backup\sftservice.EXE</div> <div>C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe</div> <div>C:\Windows\system32\svchost.exe -k imgsvc</div> <div>C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe</div> <div>C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation</div> <div>C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe</div> <div>C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe</div> <div>C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</div> <div>C:\Program Files\IDT\WDM\sttray64.exe</div> <div>C:\WINDOWS\System32\igfxtray.exe</div> <div>C:\WINDOWS\System32\hkcmd.exe</div> <div>C:\WINDOWS\System32\igfxpers.exe</div> <div>C:\Windows\system32\igfxsrvc.exe</div> <div>C:\Windows\system32\wbem\wmiprvse.exe</div> <div>C:\Program Files\Dell\QuickSet\quickset.exe</div> <div>C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe</div> <div>C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe</div> <div>C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe</div> <div>C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe</div> <div>C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe</div> <div>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe</div> <div>C:\Users\Angie Murray\AppData\Local\StrongVault\StrongVaultApp.exe</div> <div>C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe</div> <div>C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe</div> <div>C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe</div> <div>C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe</div> <div>C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe</div> <div>C:\Program Files (x86)\Common Files\AOL\1357602860\ee\aolsoftware.exe</div> <div>C:\Program Files\Dell\DellDock\DellDock.exe</div> <div>C:\Program Files (x86)\iTunes\iTunesHelper.exe</div> <div>C:\Windows\system32\wbem\wmiprvse.exe</div> <div>C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe</div> <div>C:\Program Files\Synaptics\SynTP\SynTPHelper.exe</div> <div>C:\Windows\system32\SearchIndexer.exe</div> <div>C:\Program Files\iPod\bin\iPodService.exe</div> <div>C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe</div> <div>C:\Program Files\Windows Media Player\wmpnetwk.exe</div> <div>C:\Windows\System32\svchost.exe -k LocalServicePeerNet</div> <div>C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe</div> <div>C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe</div> <div>C:\Windows\system32\wuauclt.exe</div> <div>C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe</div> <div>C:\Windows\system32\taskeng.exe</div> <div>C:\Windows\System32\WUDFHost.exe</div> <div>C:\Windows\System32\cscript.exe</div> <div>.</div> <div>============== Pseudo HJT Report ===============</div> <div>.</div> <div>uStart Page = hxxp://www.google.com/</div> <div>mWinlogon: Userinit = userinit.exe,</div> <div>BHO: Deal Vault: {11111111-1111-1111-1111-110111981166} - C:\Program Files (x86)\Deal Vault\Deal Vault.dll</div> <div>BHO: 2YourFace Addon: {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - C:\Users\Angie Murray\AppData\Roaming\2YourFace\bho.dll</div> <div>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll</div> <div>BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\mskapbho.dll</div> <div>BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll</div> <div>BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll</div> <div>BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned></div> <div>BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll</div> <div>BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll</div> <div>BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll</div> <div>BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll</div> <div>BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll</div> <div>BHO: CouponAmazing: {AFE3CFBE-FB6B-4F00-9D96-D9CB1EB25B4C} - C:\Users\Angie Murray\AppData\Local\couponamazing\ie\couponamazing_1357432802.dll</div> <div>BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll</div> <div>BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll</div> <div>BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll</div> <div>TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll</div> <div>TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll</div> <div>TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll</div> <div>TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll</div> <div>TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll</div> <div>uRun: [Messenger] "C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe"</div> <div>uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe</div> <div>mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"</div> <div>mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"</div> <div>mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2</div> <div>mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"</div> <div>mRun: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey</div> <div>mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms</div> <div>mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter</div> <div>mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"</div> <div>mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1357602860\ee\AOLSoftware.exe</div> <div>mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"</div> <div>mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"</div> <div>mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe</div> <div>mRunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe</div> <div>StartupFolder: C:\Users\ANGIEM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\2YOURF~1.LNK - C:\Users\Angie Murray\AppData\Roaming\2YourFace\Updater.exe</div> <div>StartupFolder: C:\Users\ANGIEM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe</div> <div>StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe</div> <div>StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STRONG~1.LNK - C:\Users\Angie Murray\AppData\Local\StrongVault\StrongVaultApp.exe</div> <div>mPolicies-Explorer: NoActiveDesktop = dword:1</div> <div>mPolicies-Explorer: NoActiveDesktopChanges = dword:1</div> <div>mPolicies-System: ConsentPromptBehaviorAdmin = dword:5</div> <div>mPolicies-System: ConsentPromptBehaviorUser = dword:3</div> <div>mPolicies-System: EnableUIADesktopToggle = dword:0</div> <div>IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll</div> <div>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab</div> <div>DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab</div> <div>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab</div> <div>TCP: NameServer = 192.168.137.1</div> <div>TCP: Interfaces\{867B27DE-941C-4DD1-86AD-9980F73CBBEA} : DHCPNameServer = 10.0.0.1 10.0.0.2 10.0.0.5</div> <div>TCP: Interfaces\{98B589CB-767F-445A-B5E8-57F65D37EC0F} : DHCPNameServer = 192.168.137.1</div> <div>TCP: Interfaces\{98B589CB-767F-445A-B5E8-57F65D37EC0F}\D45727271697 : DHCPNameServer = 192.168.1.1</div> <div>TCP: Interfaces\{98B589CB-767F-445A-B5E8-57F65D37EC0F}\E4544574541425 : DHCPNameServer = 192.168.1.1</div> <div>SSODL: WebCheck - <orphaned></div> <div>x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\mskapbho64.dll</div> <div>x64-BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll</div> <div>x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll</div> <div>x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll</div> <div>x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe</div> <div>x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe</div> <div>x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe</div> <div>x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe</div> <div>x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe</div> <div>x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe</div> <div>x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"</div> <div>x64-Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"</div> <div>x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab</div> <div>x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab</div> <div>x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab</div> <div>x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll</div> <div>x64-Notify: igfxcui - igfxdev.dll</div> <div>x64-SSODL: WebCheck - <orphaned></div> <div>.</div> <div>============= SERVICES / DRIVERS ===============</div> <div>.</div> <div>R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-9-29 55280]</div> <div>R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-9-29 771096]</div> <div>R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]</div> <div>R2 IB Updater;IB Updater;C:\Program Files\IB Updater\ExtensionUpdaterService.exe [2013-1-7 188760]</div> <div>R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-9 398184]</div> <div>R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-9 682344]</div> <div>R2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe [2009-9-29 359952]</div> <div>R2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-9-29 155456]</div> <div>R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-1-6 177680]</div> <div>R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-9-29 689472]</div> <div>R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]</div> <div>R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-9-29 172704]</div> <div>R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-9-29 138752]</div> <div>R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]</div> <div>R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-9 24176]</div> <div>R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-9-29 102600]</div> <div>R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-9-29 5435904]</div> <div>S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]</div> <div>S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]</div> <div>S3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2009-9-29 606736]</div> <div>S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\System32\drivers\mfebopk.sys [2009-9-29 41032]</div> <div>S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-9-29 40904]</div> <div>S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-9-29 49480]</div> <div>S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-4 1255736]</div> <div>S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]</div> <div>.</div> <div>=============== Created Last 30 ================</div> <div>.</div> <div>2013-01-09 18:20:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\Malwarebytes</div> <div>2013-01-09 18:19:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\ProgramData\Malwarebytes</div> <div>2013-01-09 18:19:58<span class="Apple-tab-span" style="white-space:pre"> </span>24176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\mbam.sys</div> <div>2013-01-09 18:19:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Malwarebytes' Anti-Malware</div> <div>2013-01-09 18:19:45<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Programs</div> <div>2013-01-09 04:43:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Downloads</div> <div>2013-01-09 02:42:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\EventProviders</div> <div>2013-01-09 02:42:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\2894e7c58164526a91</div> <div>2013-01-09 02:12:33<span class="Apple-tab-span" style="white-space:pre"> </span>424960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\KernelBase.dll</div> <div>2013-01-09 02:10:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Apple Computer</div> <div>2013-01-09 02:10:35<span class="Apple-tab-span" style="white-space:pre"> </span>33240<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\GEARAspiWDM.sys</div> <div>2013-01-09 02:10:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files\iPod</div> <div>2013-01-09 02:10:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69</div> <div>2013-01-09 02:10:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files\iTunes</div> <div>2013-01-09 02:10:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\iTunes</div> <div>2013-01-09 02:09:44<span class="Apple-tab-span" style="white-space:pre"> </span>3147264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\win32k.sys</div> <div>2013-01-09 02:06:55<span class="Apple-tab-span" style="white-space:pre"> </span>74248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\FlashPlayerCPLApp.cpl</div> <div>2013-01-09 02:06:55<span class="Apple-tab-span" style="white-space:pre"> </span>697864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\FlashPlayerApp.exe</div> <div>2013-01-09 01:59:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Apple</div> <div>2013-01-09 01:58:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files\Bonjour</div> <div>2013-01-09 01:58:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Bonjour</div> <div>2013-01-09 01:58:23<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\2YourFace</div> <div>2013-01-09 01:54:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\Funmoods</div> <div>2013-01-09 01:48:27<span class="Apple-tab-span" style="white-space:pre"> </span>801280<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\usp10.dll</div> <div>2013-01-09 01:48:27<span class="Apple-tab-span" style="white-space:pre"> </span>627712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\usp10.dll</div> <div>2013-01-08 04:02:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Incredibar.com</div> <div>2013-01-08 04:02:08<span class="Apple-tab-span" style="white-space:pre"> </span>829264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msvcr100.dll</div> <div>2013-01-08 04:02:08<span class="Apple-tab-span" style="white-space:pre"> </span>608080<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msvcp100.dll</div> <div>2013-01-08 04:02:08<span class="Apple-tab-span" style="white-space:pre"> </span>35328<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\ImHttpComm.dll</div> <div>2013-01-08 04:02:08<span class="Apple-tab-span" style="white-space:pre"> </span>1261936<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\dmwu.exe</div> <div>2013-01-08 04:02:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\ARFC</div> <div>2013-01-08 04:02:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\WNLT</div> <div>2013-01-08 04:02:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files\IB Updater</div> <div>2013-01-08 04:01:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\Optimizer Pro</div> <div>2013-01-08 04:01:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Optimizer Pro</div> <div>2013-01-08 04:01:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\InfoAtoms</div> <div>2013-01-08 04:00:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Google</div> <div>2013-01-08 04:00:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Deal Vault</div> <div>2013-01-08 04:00:33<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Deal Vault</div> <div>2013-01-08 00:03:10<span class="Apple-tab-span" style="white-space:pre"> </span>230400<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll</div> <div>2013-01-07 23:59:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\AOL Toolbar</div> <div>2013-01-07 23:56:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\AOL</div> <div>2013-01-07 23:55:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\ProgramData\Viewpoint</div> <div>2013-01-07 23:55:49<span class="Apple-tab-span" style="white-space:pre"> </span>58696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\AOLParconLink.exe</div> <div>2013-01-07 23:55:49<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Viewpoint</div> <div>2013-01-07 23:55:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\ProgramData\AOL Toolbar</div> <div>2013-01-07 23:55:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\AOL Toolbar</div> <div>2013-01-07 23:55:40<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Common Files\Software Update Utility</div> <div>2013-01-07 23:54:41<span class="Apple-tab-span" style="white-space:pre"> </span>24064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\wanatw64.sys</div> <div>2013-01-07 23:54:32<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\AOL</div> <div>2013-01-07 23:54:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Common Files\aolshare</div> <div>2013-01-07 23:54:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Common Files\AOL</div> <div>2013-01-07 23:54:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\AOL Desktop 9.7</div> <div>2013-01-07 05:11:18<span class="Apple-tab-span" style="white-space:pre"> </span>177680<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\mfevtps.exe</div> <div>2013-01-07 04:41:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Deployment</div> <div>2013-01-07 04:41:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Apps</div> <div>2013-01-06 03:05:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files\Microsoft Mouse and Keyboard Center</div> <div>2013-01-06 00:55:55<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\CANON_INC</div> <div>2013-01-06 00:54:13<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\OpenOffice.org</div> <div>2013-01-06 00:52:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\ZoomBrowser EX</div> <div>2013-01-06 00:51:22<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\JRE</div> <div>2013-01-06 00:51:18<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\OpenOffice.org 3</div> <div>2013-01-06 00:44:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\StrongVault</div> <div>2013-01-06 00:44:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\ProgramData\Strongvault Online Backup</div> <div>2013-01-06 00:44:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Strongvault Online Backup</div> <div>2013-01-06 00:43:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\couponamazing</div> <div>2013-01-06 00:32:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\AI_RecycleBin</div> <div>2013-01-06 00:29:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\VideoLAN</div> <div>2013-01-06 00:21:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\Strongvault</div> <div>2013-01-06 00:20:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Stronghold_LLC</div> <div>2013-01-06 00:20:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\AI_RecycleBin</div> <div>2013-01-05 22:24:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\ProgramData\ZoomBrowser</div> <div>2013-01-05 22:23:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Canon</div> <div>2013-01-05 22:22:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Common Files\Canon</div> <div>2013-01-05 02:54:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\Wat</div> <div>2013-01-05 02:54:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\Wat</div> <div>2013-01-05 02:16:22<span class="Apple-tab-span" style="white-space:pre"> </span>367104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wcncsvc.dll</div> <div>2013-01-05 02:16:22<span class="Apple-tab-span" style="white-space:pre"> </span>276992<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\wcncsvc.dll</div> <div>2013-01-05 01:59:14<span class="Apple-tab-span" style="white-space:pre"> </span>311808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msv1_0.dll</div> <div>2013-01-05 01:59:14<span class="Apple-tab-span" style="white-space:pre"> </span>257024<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\msv1_0.dll</div> <div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>99176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\PresentationHostProxy.dll</div> <div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>49472<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\netfxperf.dll</div> <div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>48960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\netfxperf.dll</div> <div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>444752<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\mscoree.dll</div> <div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>320352<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\PresentationHost.exe</div> <div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>297808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\mscoree.dll</div> <div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>295264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\PresentationHost.exe</div> <div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>1942856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\dfshim.dll</div> <div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>1130824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\dfshim.dll</div> <div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>109912<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\PresentationHostProxy.dll</div> <div>2013-01-05 01:32:54<span class="Apple-tab-span" style="white-space:pre"> </span>80896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\imagehlp.dll</div> <div>2013-01-05 01:32:54<span class="Apple-tab-span" style="white-space:pre"> </span>5120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\wmi.dll</div> <div>2013-01-05 01:32:54<span class="Apple-tab-span" style="white-space:pre"> </span>5120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wmi.dll</div> <div>2013-01-05 01:32:54<span class="Apple-tab-span" style="white-space:pre"> </span>22896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\fs_rec.sys</div> <div>2013-01-05 01:32:54<span class="Apple-tab-span" style="white-space:pre"> </span>158720<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\imagehlp.dll</div> <div>2013-01-05 01:31:50<span class="Apple-tab-span" style="white-space:pre"> </span>1135104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\FntCache.dll</div> <div>2013-01-05 01:30:15<span class="Apple-tab-span" style="white-space:pre"> </span>243712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\ks.sys</div> <div>2013-01-05 01:30:15<span class="Apple-tab-span" style="white-space:pre"> </span>184832<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\usbvideo.sys</div> <div>2013-01-04 16:10:13<span class="Apple-tab-span" style="white-space:pre"> </span>82944<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\iccvid.dll</div> <div>2013-01-04 16:08:44<span class="Apple-tab-span" style="white-space:pre"> </span>1572864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\quartz.dll</div> <div>2013-01-04 16:07:59<span class="Apple-tab-span" style="white-space:pre"> </span>552960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msdri.dll</div> <div>2013-01-04 16:07:56<span class="Apple-tab-span" style="white-space:pre"> </span>43520<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\csrsrv.dll</div> <div>2013-01-04 16:07:53<span class="Apple-tab-span" style="white-space:pre"> </span>476160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\XpsGdiConverter.dll</div> <div>2013-01-04 16:07:53<span class="Apple-tab-span" style="white-space:pre"> </span>288256<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\XpsGdiConverter.dll</div> <div>2013-01-04 16:07:52<span class="Apple-tab-span" style="white-space:pre"> </span>515584<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\timedate.cpl</div> <div>2013-01-04 16:07:52<span class="Apple-tab-span" style="white-space:pre"> </span>478208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\timedate.cpl</div> <div>2013-01-04 16:02:03<span class="Apple-tab-span" style="white-space:pre"> </span>633856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\comctl32.dll</div> <div>2013-01-04 16:02:03<span class="Apple-tab-span" style="white-space:pre"> </span>530432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\comctl32.dll</div> <div>2013-01-04 16:02:00<span class="Apple-tab-span" style="white-space:pre"> </span>5505904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\ntoskrnl.exe</div> <div>2013-01-04 16:00:36<span class="Apple-tab-span" style="white-space:pre"> </span>295792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\volsnap.sys</div> <div>2013-01-04 15:56:59<span class="Apple-tab-span" style="white-space:pre"> </span>223448<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\fvevol.sys</div> <div>2013-01-04 15:56:21<span class="Apple-tab-span" style="white-space:pre"> </span>30208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\dnscacheugc.exe</div> <div>2013-01-04 15:56:21<span class="Apple-tab-span" style="white-space:pre"> </span>28672<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\dnscacheugc.exe</div> <div>2013-01-04 15:56:21<span class="Apple-tab-span" style="white-space:pre"> </span>182272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\dnsrslvr.dll</div> <div>2013-01-04 15:56:19<span class="Apple-tab-span" style="white-space:pre"> </span>208896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\profsvc.dll</div> <div>2013-01-04 15:47:56<span class="Apple-tab-span" style="white-space:pre"> </span>516096<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files\Windows Mail\wab.exe</div> <div>2013-01-04 15:42:30<span class="Apple-tab-span" style="white-space:pre"> </span>954752<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\mfc40.dll</div> <div>2013-01-04 15:42:30<span class="Apple-tab-span" style="white-space:pre"> </span>954288<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\mfc40u.dll</div> <div>2013-01-04 15:38:19<span class="Apple-tab-span" style="white-space:pre"> </span>9728<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\Wdfres.dll</div> <div>2013-01-04 15:38:19<span class="Apple-tab-span" style="white-space:pre"> </span>785512<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\Wdf01000.sys</div> <div>2013-01-04 15:38:19<span class="Apple-tab-span" style="white-space:pre"> </span>54376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\WdfLdr.sys</div> <div>2013-01-04 15:38:19<span class="Apple-tab-span" style="white-space:pre"> </span>2560<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\en-US\wdf01000.sys.mui</div> <div>2013-01-04 15:16:40<span class="Apple-tab-span" style="white-space:pre"> </span>477168<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\npdeployJava1.dll</div> <div>2013-01-04 15:16:40<span class="Apple-tab-span" style="white-space:pre"> </span>473072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\deployJava1.dll</div> <div>2013-01-04 15:10:58<span class="Apple-tab-span" style="white-space:pre"> </span>634368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msvcrt.dll</div> <div>2013-01-04 15:00:50<span class="Apple-tab-span" style="white-space:pre"> </span>139264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\cabview.dll</div> <div>2013-01-04 15:00:50<span class="Apple-tab-span" style="white-space:pre"> </span>132608<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\cabview.dll</div> <div>2013-01-04 14:58:39<span class="Apple-tab-span" style="white-space:pre"> </span>1031680<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\rdpcore.dll</div> <div>2013-01-04 14:58:38<span class="Apple-tab-span" style="white-space:pre"> </span>826368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\rdpcore.dll</div> <div>2013-01-04 14:58:38<span class="Apple-tab-span" style="white-space:pre"> </span>23552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\tdtcp.sys</div> <div>2013-01-04 14:51:41<span class="Apple-tab-span" style="white-space:pre"> </span>2622464<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wucltux.dll</div> <div>2013-01-04 14:51:30<span class="Apple-tab-span" style="white-space:pre"> </span>99840<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wudriver.dll</div> <div>2013-01-04 14:51:17<span class="Apple-tab-span" style="white-space:pre"> </span>36864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wuapp.exe</div> <div>2013-01-04 14:51:17<span class="Apple-tab-span" style="white-space:pre"> </span>186752<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wuwebv.dll</div> <div>2013-01-04 06:51:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\ElevatedDiagnostics</div> <div>2013-01-04 03:25:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Diagnostics</div> <div>2013-01-04 03:07:27<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SMINST</div> <div>2013-01-04 02:37:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Temp</div> <div>2013-01-04 02:30:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\My Backup Files</div> <div>2013-01-04 02:27:27<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\Dell</div> <div>2013-01-04 02:27:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Stardock_Corporation</div> <div>2013-01-04 02:26:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\SupportSoft</div> <div>2013-01-04 02:26:18<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\$RECYCLE.BIN</div> <div>2013-01-04 02:26:16<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\VirtualStore</div> <div>2013-01-04 02:25:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\System Recovery</div> <div>.</div> <div>==================== Find3M ====================</div> <div>.</div> <div>2012-12-16 16:52:02<span class="Apple-tab-span" style="white-space:pre"> </span>46080<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\atmlib.dll</div> <div>2012-12-16 14:40:45<span class="Apple-tab-span" style="white-space:pre"> </span>367616<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\atmfd.dll</div> <div>2012-12-16 14:25:27<span class="Apple-tab-span" style="white-space:pre"> </span>295424<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\atmfd.dll</div> <div>2012-12-16 14:25:19<span class="Apple-tab-span" style="white-space:pre"> </span>34304<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\atmlib.dll</div> <div>2012-12-07 05:41:16<span class="Apple-tab-span" style="white-space:pre"> </span>441856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\Wpc.dll</div> <div>2012-12-07 05:35:34<span class="Apple-tab-span" style="white-space:pre"> </span>2745856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\gameux.dll</div> <div>2012-12-07 05:04:20<span class="Apple-tab-span" style="white-space:pre"> </span>308736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\Wpc.dll</div> <div>2012-12-07 04:57:38<span class="Apple-tab-span" style="white-space:pre"> </span>2576384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\gameux.dll</div> <div>2012-12-07 03:21:08<span class="Apple-tab-span" style="white-space:pre"> </span>45568<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\oflc-nz.rs</div> <div>2012-11-30 05:50:00<span class="Apple-tab-span" style="white-space:pre"> </span>362496<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wow64win.dll</div> <div>2012-11-30 05:50:00<span class="Apple-tab-span" style="white-space:pre"> </span>243200<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wow64.dll</div> <div>2012-11-30 05:50:00<span class="Apple-tab-span" style="white-space:pre"> </span>13312<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wow64cpu.dll</div> <div>2012-11-30 05:49:28<span class="Apple-tab-span" style="white-space:pre"> </span>215040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\winsrv.dll</div> <div>2012-11-30 05:46:35<span class="Apple-tab-span" style="white-space:pre"> </span>16384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\ntvdm64.dll</div> <div>2012-11-30 05:06:50<span class="Apple-tab-span" style="white-space:pre"> </span>5120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\wow32.dll</div> <div>2012-11-30 05:06:49<span class="Apple-tab-span" style="white-space:pre"> </span>274944<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\KernelBase.dll</div> <div>2012-11-30 03:33:03<span class="Apple-tab-span" style="white-space:pre"> </span>338432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\conhost.exe</div> <div>2012-11-30 02:56:36<span class="Apple-tab-span" style="white-space:pre"> </span>25600<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\setup16.exe</div> <div>2012-11-30 02:56:35<span class="Apple-tab-span" style="white-space:pre"> </span>7680<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\instnm.exe</div> <div>2012-11-30 02:56:34<span class="Apple-tab-span" style="white-space:pre"> </span>14336<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\ntvdm64.dll</div> <div>2012-11-30 02:56:33<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\user.exe</div> <div>2012-11-30 02:51:41<span class="Apple-tab-span" style="white-space:pre"> </span>6144<span class="Apple-tab-span" style="white-space:pre"> </span>---ha-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll</div> <div>2012-11-30 02:51:41<span class="Apple-tab-span" style="white-space:pre"> </span>4608<span class="Apple-tab-span" style="white-space:pre"> </span>---ha-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll</div> <div>2012-11-30 02:51:41<span class="Apple-tab-span" style="white-space:pre"> </span>3584<span class="Apple-tab-span" style="white-space:pre"> </span>---ha-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll</div> <div>2012-11-30 02:51:41<span class="Apple-tab-span" style="white-space:pre"> </span>3072<span class="Apple-tab-span" style="white-space:pre"> </span>---ha-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll</div> <div>2012-11-09 14:35:50<span class="Apple-tab-span" style="white-space:pre"> </span>771096<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\mfehidk.sys</div> <div>2012-11-09 14:33:58<span class="Apple-tab-span" style="white-space:pre"> </span>178840<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\mfeapfk.sys</div> <div>2012-11-09 05:34:27<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\tzres.dll</div> <div>2012-11-09 04:49:37<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\tzres.dll</div> <div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>862664<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\msvcr110.dll</div> <div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>828872<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msvcr110.dll</div> <div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>661448<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msvcp110.dll</div> <div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>534480<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\msvcp110.dll</div> <div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>50856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\point64.sys</div> <div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>354264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\vccorlib110.dll</div> <div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>251864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\vccorlib110.dll</div> <div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>23960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\nuidfltr.sys</div> <div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>1721576<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wdfcoinstaller01009.dll</div> <div>2012-11-02 05:27:51<span class="Apple-tab-span" style="white-space:pre"> </span>478208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\dpnet.dll</div> <div>2012-11-02 04:48:28<span class="Apple-tab-span" style="white-space:pre"> </span>376832<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\dpnet.dll</div> <div>2012-10-16 21:20:49<span class="Apple-tab-span" style="white-space:pre"> </span>135168<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\apppatch\AppPatch64\AcXtrnal.dll</div> <div>2012-10-16 21:20:46<span class="Apple-tab-span" style="white-space:pre"> </span>347648<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\apppatch\AppPatch64\AcLayers.dll</div> <div>2012-10-16 20:34:37<span class="Apple-tab-span" style="white-space:pre"> </span>559104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\apppatch\AcLayers.dll</div> <div>2012-10-15 16:45:34<span class="Apple-tab-span" style="white-space:pre"> </span>348160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\msvcr71.dll</div> <div>2012-10-15 16:45:33<span class="Apple-tab-span" style="white-space:pre"> </span>499712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\msvcp71.dll</div> <div>.</div> <div>============= FINISH: 22:01:58.85 ===============</div> <div> </div> -
Please could someone please give me some help with this. Malwarebytes alread removed a bunch of malware but I still seem to be infected. Currently Malwarebytes shows 0 errors. This is my girlfriends laptop and she is a teacher so she needs it for work. I just reloaded it from scratch the other day and it's already messed up. Most things seemed OK until I did a Microsoft update but I think it was already infected. Thanks for the help! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:34:03 PM, on 1/9/2013 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe C:\Program Files (x86)\AOL Desktop 9.7\waol.exe C:\Users\Angie Murray\AppData\Local\StrongVault\StrongVaultApp.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\AOL\1357602860\ee\aolsoftware.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\internet explorer\iexplore.exe C:\Program Files (x86)\internet explorer\iexplore.exe C:\program files (x86)\deal vault\deal vault-bg.exe c:\program files (x86)\aol toolbar\aoltbServer.exe C:\Windows\SysWOW64\WerFault.exe E:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: CrossriderApp0019866 - {11111111-1111-1111-1111-110111981166} - C:\Program Files (x86)\Deal Vault\Deal Vault.dll O2 - BHO: C:\Users\Angie Murray\AppData\Roaming\2YourFace\bho.dll - {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - C:\Users\Angie Murray\AppData\Roaming\2YourFace\bho.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\MskAPBho.dll O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CouponAmazing - {AFE3CFBE-FB6B-4F00-9D96-D9CB1EB25B4C} - C:\Users\Angie Murray\AppData\Local\couponamazing\ie\couponamazing_1357432802.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1357602860\ee\AOLSoftware.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe O4 - HKLM\..\RunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe O4 - HKCU\..\Run: [Messenger] "C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe" O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE" -b O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe O4 - Startup: 2YourFace_Updater.lnk = Angie Murray\AppData\Roaming\2YourFace\Updater.exe O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe O4 - Global Startup: StrongVaultApp.exe O4 - Global Startup: StrongVaultApp.exe.lnk = Angie Murray\AppData\Local\StrongVault\StrongVaultApp.exe O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: IB Updater - Unknown owner - C:\Program Files\IB Updater\ExtensionUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\Program Files (x86)\McAfee\VIRUSS~1\mcods.exe (file missing) O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - c:\program files (x86)\dell datasafe local backup\sftservice.EXE O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SupportSoft Sprocket Service (DellComms) (sprtsvc_DellComms) - SupportSoft, Inc. - C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12913 bytes