rwoerz
-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by rwoerz
-
-
Sorry I missed the part about running the fixdamage tool I'll go do that now.
-
I only found one log file after running the rootkit removal tool. Things seem somewhat better except I get a C++ run time error what I try to run IE and other Microsoft programs. Like trying to manage to computer.
-
BTW is there any way of knowing where all this came from? These people should be hung up by parts of their bodies I can't mention here.
-
I hope this is what you're looking for. The first mbam-log was just after I install Malwarebytes but before I update the database as I wasn't sure the update would work. The second one was after I updated the database.
If you need anything else please let me know. I've worked in the computer support field for many years but as you know this type of stuff takes skills few people have so thanks again. The laptop is a Dell Studio 1555 and no matter what I do I can't get it to go into safe mode.
-
<p> </p>
<div>Thanks you very much for the help. I also ran tdsskill and it showed no errors. </div>
<div> </div>
<div> </div>
<div>DDS (Ver_2012-11-20.01) - NTFS_AMD64 </div>
<div>Internet Explorer: 9.0.8112.16457</div>
<div>Run by Angie Murray at 22:00:09 on 2013-01-09</div>
<div>Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4027.2684 [GMT -8:00]</div>
<div>.</div>
<div>AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}</div>
<div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>
<div>SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}</div>
<div>.</div>
<div>============== Running Processes ===============</div>
<div>.</div>
<div>C:\Windows\system32\lsm.exe</div>
<div>C:\Windows\system32\svchost.exe -k DcomLaunch</div>
<div>C:\Windows\system32\svchost.exe -k RPCSS</div>
<div>C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted</div>
<div>C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted</div>
<div>C:\Windows\system32\svchost.exe -k netsvcs</div>
<div>C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe</div>
<div>C:\Windows\system32\svchost.exe -k LocalService</div>
<div>C:\Program Files\Dell\DellDock\DockLogin.exe</div>
<div>C:\Windows\system32\svchost.exe -k NetworkService</div>
<div>C:\Windows\System32\spoolsv.exe</div>
<div>C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork</div>
<div>C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div>
<div>C:\Windows\system32\Dwm.exe</div>
<div>C:\Windows\Explorer.EXE</div>
<div>C:\Windows\system32\taskhost.exe</div>
<div>C:\Program Files\Bonjour\mDNSResponder.exe</div>
<div>C:\Program Files\IB Updater\ExtensionUpdaterService.exe</div>
<div>C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe</div>
<div>C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe</div>
<div>C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe</div>
<div>C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe</div>
<div>C:\Windows\system32\mfevtps.exe</div>
<div>C:\Program Files (x86)\McAfee\MSK\MskSrver.exe</div>
<div>C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe</div>
<div>c:\program files (x86)\dell datasafe local backup\sftservice.EXE</div>
<div>C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe</div>
<div>C:\Windows\system32\svchost.exe -k imgsvc</div>
<div>C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe</div>
<div>C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation</div>
<div>C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe</div>
<div>C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe</div>
<div>C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</div>
<div>C:\Program Files\IDT\WDM\sttray64.exe</div>
<div>C:\WINDOWS\System32\igfxtray.exe</div>
<div>C:\WINDOWS\System32\hkcmd.exe</div>
<div>C:\WINDOWS\System32\igfxpers.exe</div>
<div>C:\Windows\system32\igfxsrvc.exe</div>
<div>C:\Windows\system32\wbem\wmiprvse.exe</div>
<div>C:\Program Files\Dell\QuickSet\quickset.exe</div>
<div>C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe</div>
<div>C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe</div>
<div>C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe</div>
<div>C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe</div>
<div>C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe</div>
<div>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe</div>
<div>C:\Users\Angie Murray\AppData\Local\StrongVault\StrongVaultApp.exe</div>
<div>C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe</div>
<div>C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe</div>
<div>C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe</div>
<div>C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe</div>
<div>C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe</div>
<div>C:\Program Files (x86)\Common Files\AOL\1357602860\ee\aolsoftware.exe</div>
<div>C:\Program Files\Dell\DellDock\DellDock.exe</div>
<div>C:\Program Files (x86)\iTunes\iTunesHelper.exe</div>
<div>C:\Windows\system32\wbem\wmiprvse.exe</div>
<div>C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe</div>
<div>C:\Program Files\Synaptics\SynTP\SynTPHelper.exe</div>
<div>C:\Windows\system32\SearchIndexer.exe</div>
<div>C:\Program Files\iPod\bin\iPodService.exe</div>
<div>C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe</div>
<div>C:\Program Files\Windows Media Player\wmpnetwk.exe</div>
<div>C:\Windows\System32\svchost.exe -k LocalServicePeerNet</div>
<div>C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe</div>
<div>C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe</div>
<div>C:\Windows\system32\wuauclt.exe</div>
<div>C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe</div>
<div>C:\Windows\system32\taskeng.exe</div>
<div>C:\Windows\System32\WUDFHost.exe</div>
<div>C:\Windows\System32\cscript.exe</div>
<div>.</div>
<div>============== Pseudo HJT Report ===============</div>
<div>.</div>
<div>uStart Page = hxxp://www.google.com/</div>
<div>mWinlogon: Userinit = userinit.exe,</div>
<div>BHO: Deal Vault: {11111111-1111-1111-1111-110111981166} - C:\Program Files (x86)\Deal Vault\Deal Vault.dll</div>
<div>BHO: 2YourFace Addon: {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - C:\Users\Angie Murray\AppData\Roaming\2YourFace\bho.dll</div>
<div>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll</div>
<div>BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\mskapbho.dll</div>
<div>BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll</div>
<div>BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll</div>
<div>BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned></div>
<div>BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll</div>
<div>BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll</div>
<div>BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll</div>
<div>BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll</div>
<div>BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll</div>
<div>BHO: CouponAmazing: {AFE3CFBE-FB6B-4F00-9D96-D9CB1EB25B4C} - C:\Users\Angie Murray\AppData\Local\couponamazing\ie\couponamazing_1357432802.dll</div>
<div>BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll</div>
<div>BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll</div>
<div>BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll</div>
<div>TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll</div>
<div>TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll</div>
<div>TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll</div>
<div>TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll</div>
<div>TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll</div>
<div>uRun: [Messenger] "C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe"</div>
<div>uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe</div>
<div>mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"</div>
<div>mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"</div>
<div>mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2</div>
<div>mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"</div>
<div>mRun: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey</div>
<div>mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms</div>
<div>mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter</div>
<div>mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"</div>
<div>mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1357602860\ee\AOLSoftware.exe</div>
<div>mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"</div>
<div>mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"</div>
<div>mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe</div>
<div>mRunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe</div>
<div>StartupFolder: C:\Users\ANGIEM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\2YOURF~1.LNK - C:\Users\Angie Murray\AppData\Roaming\2YourFace\Updater.exe</div>
<div>StartupFolder: C:\Users\ANGIEM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe</div>
<div>StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe</div>
<div>StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STRONG~1.LNK - C:\Users\Angie Murray\AppData\Local\StrongVault\StrongVaultApp.exe</div>
<div>mPolicies-Explorer: NoActiveDesktop = dword:1</div>
<div>mPolicies-Explorer: NoActiveDesktopChanges = dword:1</div>
<div>mPolicies-System: ConsentPromptBehaviorAdmin = dword:5</div>
<div>mPolicies-System: ConsentPromptBehaviorUser = dword:3</div>
<div>mPolicies-System: EnableUIADesktopToggle = dword:0</div>
<div>IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll</div>
<div>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab</div>
<div>DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab</div>
<div>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab</div>
<div>TCP: NameServer = 192.168.137.1</div>
<div>TCP: Interfaces\{867B27DE-941C-4DD1-86AD-9980F73CBBEA} : DHCPNameServer = 10.0.0.1 10.0.0.2 10.0.0.5</div>
<div>TCP: Interfaces\{98B589CB-767F-445A-B5E8-57F65D37EC0F} : DHCPNameServer = 192.168.137.1</div>
<div>TCP: Interfaces\{98B589CB-767F-445A-B5E8-57F65D37EC0F}\D45727271697 : DHCPNameServer = 192.168.1.1</div>
<div>TCP: Interfaces\{98B589CB-767F-445A-B5E8-57F65D37EC0F}\E4544574541425 : DHCPNameServer = 192.168.1.1</div>
<div>SSODL: WebCheck - <orphaned></div>
<div>x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\mskapbho64.dll</div>
<div>x64-BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll</div>
<div>x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll</div>
<div>x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll</div>
<div>x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe</div>
<div>x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe</div>
<div>x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe</div>
<div>x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe</div>
<div>x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe</div>
<div>x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe</div>
<div>x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"</div>
<div>x64-Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"</div>
<div>x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab</div>
<div>x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab</div>
<div>x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab</div>
<div>x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll</div>
<div>x64-Notify: igfxcui - igfxdev.dll</div>
<div>x64-SSODL: WebCheck - <orphaned></div>
<div>.</div>
<div>============= SERVICES / DRIVERS ===============</div>
<div>.</div>
<div>R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-9-29 55280]</div>
<div>R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-9-29 771096]</div>
<div>R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]</div>
<div>R2 IB Updater;IB Updater;C:\Program Files\IB Updater\ExtensionUpdaterService.exe [2013-1-7 188760]</div>
<div>R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-9 398184]</div>
<div>R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-9 682344]</div>
<div>R2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe [2009-9-29 359952]</div>
<div>R2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-9-29 155456]</div>
<div>R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-1-6 177680]</div>
<div>R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-9-29 689472]</div>
<div>R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]</div>
<div>R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-9-29 172704]</div>
<div>R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-9-29 138752]</div>
<div>R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]</div>
<div>R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-9 24176]</div>
<div>R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-9-29 102600]</div>
<div>R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-9-29 5435904]</div>
<div>S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]</div>
<div>S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]</div>
<div>S3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2009-9-29 606736]</div>
<div>S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\System32\drivers\mfebopk.sys [2009-9-29 41032]</div>
<div>S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-9-29 40904]</div>
<div>S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-9-29 49480]</div>
<div>S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-4 1255736]</div>
<div>S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]</div>
<div>.</div>
<div>=============== Created Last 30 ================</div>
<div>.</div>
<div>2013-01-09 18:20:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\Malwarebytes</div>
<div>2013-01-09 18:19:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\ProgramData\Malwarebytes</div>
<div>2013-01-09 18:19:58<span class="Apple-tab-span" style="white-space:pre"> </span>24176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\mbam.sys</div>
<div>2013-01-09 18:19:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Malwarebytes' Anti-Malware</div>
<div>2013-01-09 18:19:45<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Programs</div>
<div>2013-01-09 04:43:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Downloads</div>
<div>2013-01-09 02:42:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\EventProviders</div>
<div>2013-01-09 02:42:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\2894e7c58164526a91</div>
<div>2013-01-09 02:12:33<span class="Apple-tab-span" style="white-space:pre"> </span>424960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\KernelBase.dll</div>
<div>2013-01-09 02:10:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Apple Computer</div>
<div>2013-01-09 02:10:35<span class="Apple-tab-span" style="white-space:pre"> </span>33240<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\GEARAspiWDM.sys</div>
<div>2013-01-09 02:10:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files\iPod</div>
<div>2013-01-09 02:10:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69</div>
<div>2013-01-09 02:10:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files\iTunes</div>
<div>2013-01-09 02:10:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\iTunes</div>
<div>2013-01-09 02:09:44<span class="Apple-tab-span" style="white-space:pre"> </span>3147264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\win32k.sys</div>
<div>2013-01-09 02:06:55<span class="Apple-tab-span" style="white-space:pre"> </span>74248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\FlashPlayerCPLApp.cpl</div>
<div>2013-01-09 02:06:55<span class="Apple-tab-span" style="white-space:pre"> </span>697864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\FlashPlayerApp.exe</div>
<div>2013-01-09 01:59:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Apple</div>
<div>2013-01-09 01:58:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files\Bonjour</div>
<div>2013-01-09 01:58:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Bonjour</div>
<div>2013-01-09 01:58:23<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\2YourFace</div>
<div>2013-01-09 01:54:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\Funmoods</div>
<div>2013-01-09 01:48:27<span class="Apple-tab-span" style="white-space:pre"> </span>801280<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\usp10.dll</div>
<div>2013-01-09 01:48:27<span class="Apple-tab-span" style="white-space:pre"> </span>627712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\usp10.dll</div>
<div>2013-01-08 04:02:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Incredibar.com</div>
<div>2013-01-08 04:02:08<span class="Apple-tab-span" style="white-space:pre"> </span>829264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msvcr100.dll</div>
<div>2013-01-08 04:02:08<span class="Apple-tab-span" style="white-space:pre"> </span>608080<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msvcp100.dll</div>
<div>2013-01-08 04:02:08<span class="Apple-tab-span" style="white-space:pre"> </span>35328<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\ImHttpComm.dll</div>
<div>2013-01-08 04:02:08<span class="Apple-tab-span" style="white-space:pre"> </span>1261936<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\dmwu.exe</div>
<div>2013-01-08 04:02:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\ARFC</div>
<div>2013-01-08 04:02:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\WNLT</div>
<div>2013-01-08 04:02:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files\IB Updater</div>
<div>2013-01-08 04:01:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\Optimizer Pro</div>
<div>2013-01-08 04:01:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Optimizer Pro</div>
<div>2013-01-08 04:01:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\InfoAtoms</div>
<div>2013-01-08 04:00:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Google</div>
<div>2013-01-08 04:00:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Deal Vault</div>
<div>2013-01-08 04:00:33<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Deal Vault</div>
<div>2013-01-08 00:03:10<span class="Apple-tab-span" style="white-space:pre"> </span>230400<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll</div>
<div>2013-01-07 23:59:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\AOL Toolbar</div>
<div>2013-01-07 23:56:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\AOL</div>
<div>2013-01-07 23:55:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\ProgramData\Viewpoint</div>
<div>2013-01-07 23:55:49<span class="Apple-tab-span" style="white-space:pre"> </span>58696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\AOLParconLink.exe</div>
<div>2013-01-07 23:55:49<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Viewpoint</div>
<div>2013-01-07 23:55:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\ProgramData\AOL Toolbar</div>
<div>2013-01-07 23:55:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\AOL Toolbar</div>
<div>2013-01-07 23:55:40<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Common Files\Software Update Utility</div>
<div>2013-01-07 23:54:41<span class="Apple-tab-span" style="white-space:pre"> </span>24064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\wanatw64.sys</div>
<div>2013-01-07 23:54:32<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\AOL</div>
<div>2013-01-07 23:54:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Common Files\aolshare</div>
<div>2013-01-07 23:54:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Common Files\AOL</div>
<div>2013-01-07 23:54:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\AOL Desktop 9.7</div>
<div>2013-01-07 05:11:18<span class="Apple-tab-span" style="white-space:pre"> </span>177680<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\mfevtps.exe</div>
<div>2013-01-07 04:41:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Deployment</div>
<div>2013-01-07 04:41:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Apps</div>
<div>2013-01-06 03:05:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files\Microsoft Mouse and Keyboard Center</div>
<div>2013-01-06 00:55:55<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\CANON_INC</div>
<div>2013-01-06 00:54:13<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\OpenOffice.org</div>
<div>2013-01-06 00:52:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\ZoomBrowser EX</div>
<div>2013-01-06 00:51:22<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\JRE</div>
<div>2013-01-06 00:51:18<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\OpenOffice.org 3</div>
<div>2013-01-06 00:44:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\StrongVault</div>
<div>2013-01-06 00:44:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\ProgramData\Strongvault Online Backup</div>
<div>2013-01-06 00:44:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Strongvault Online Backup</div>
<div>2013-01-06 00:43:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\couponamazing</div>
<div>2013-01-06 00:32:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\AI_RecycleBin</div>
<div>2013-01-06 00:29:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\VideoLAN</div>
<div>2013-01-06 00:21:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\Strongvault</div>
<div>2013-01-06 00:20:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Stronghold_LLC</div>
<div>2013-01-06 00:20:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\AI_RecycleBin</div>
<div>2013-01-05 22:24:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\ProgramData\ZoomBrowser</div>
<div>2013-01-05 22:23:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Canon</div>
<div>2013-01-05 22:22:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Common Files\Canon</div>
<div>2013-01-05 02:54:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\Wat</div>
<div>2013-01-05 02:54:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\Wat</div>
<div>2013-01-05 02:16:22<span class="Apple-tab-span" style="white-space:pre"> </span>367104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wcncsvc.dll</div>
<div>2013-01-05 02:16:22<span class="Apple-tab-span" style="white-space:pre"> </span>276992<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\wcncsvc.dll</div>
<div>2013-01-05 01:59:14<span class="Apple-tab-span" style="white-space:pre"> </span>311808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msv1_0.dll</div>
<div>2013-01-05 01:59:14<span class="Apple-tab-span" style="white-space:pre"> </span>257024<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\msv1_0.dll</div>
<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>99176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\PresentationHostProxy.dll</div>
<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>49472<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\netfxperf.dll</div>
<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>48960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\netfxperf.dll</div>
<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>444752<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\mscoree.dll</div>
<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>320352<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\PresentationHost.exe</div>
<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>297808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\mscoree.dll</div>
<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>295264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\PresentationHost.exe</div>
<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>1942856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\dfshim.dll</div>
<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>1130824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\dfshim.dll</div>
<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>109912<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\PresentationHostProxy.dll</div>
<div>2013-01-05 01:32:54<span class="Apple-tab-span" style="white-space:pre"> </span>80896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\imagehlp.dll</div>
<div>2013-01-05 01:32:54<span class="Apple-tab-span" style="white-space:pre"> </span>5120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\wmi.dll</div>
<div>2013-01-05 01:32:54<span class="Apple-tab-span" style="white-space:pre"> </span>5120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wmi.dll</div>
<div>2013-01-05 01:32:54<span class="Apple-tab-span" style="white-space:pre"> </span>22896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\fs_rec.sys</div>
<div>2013-01-05 01:32:54<span class="Apple-tab-span" style="white-space:pre"> </span>158720<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\imagehlp.dll</div>
<div>2013-01-05 01:31:50<span class="Apple-tab-span" style="white-space:pre"> </span>1135104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\FntCache.dll</div>
<div>2013-01-05 01:30:15<span class="Apple-tab-span" style="white-space:pre"> </span>243712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\ks.sys</div>
<div>2013-01-05 01:30:15<span class="Apple-tab-span" style="white-space:pre"> </span>184832<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\usbvideo.sys</div>
<div>2013-01-04 16:10:13<span class="Apple-tab-span" style="white-space:pre"> </span>82944<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\iccvid.dll</div>
<div>2013-01-04 16:08:44<span class="Apple-tab-span" style="white-space:pre"> </span>1572864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\quartz.dll</div>
<div>2013-01-04 16:07:59<span class="Apple-tab-span" style="white-space:pre"> </span>552960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msdri.dll</div>
<div>2013-01-04 16:07:56<span class="Apple-tab-span" style="white-space:pre"> </span>43520<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\csrsrv.dll</div>
<div>2013-01-04 16:07:53<span class="Apple-tab-span" style="white-space:pre"> </span>476160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\XpsGdiConverter.dll</div>
<div>2013-01-04 16:07:53<span class="Apple-tab-span" style="white-space:pre"> </span>288256<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\XpsGdiConverter.dll</div>
<div>2013-01-04 16:07:52<span class="Apple-tab-span" style="white-space:pre"> </span>515584<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\timedate.cpl</div>
<div>2013-01-04 16:07:52<span class="Apple-tab-span" style="white-space:pre"> </span>478208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\timedate.cpl</div>
<div>2013-01-04 16:02:03<span class="Apple-tab-span" style="white-space:pre"> </span>633856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\comctl32.dll</div>
<div>2013-01-04 16:02:03<span class="Apple-tab-span" style="white-space:pre"> </span>530432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\comctl32.dll</div>
<div>2013-01-04 16:02:00<span class="Apple-tab-span" style="white-space:pre"> </span>5505904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\ntoskrnl.exe</div>
<div>2013-01-04 16:00:36<span class="Apple-tab-span" style="white-space:pre"> </span>295792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\volsnap.sys</div>
<div>2013-01-04 15:56:59<span class="Apple-tab-span" style="white-space:pre"> </span>223448<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\fvevol.sys</div>
<div>2013-01-04 15:56:21<span class="Apple-tab-span" style="white-space:pre"> </span>30208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\dnscacheugc.exe</div>
<div>2013-01-04 15:56:21<span class="Apple-tab-span" style="white-space:pre"> </span>28672<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\dnscacheugc.exe</div>
<div>2013-01-04 15:56:21<span class="Apple-tab-span" style="white-space:pre"> </span>182272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\dnsrslvr.dll</div>
<div>2013-01-04 15:56:19<span class="Apple-tab-span" style="white-space:pre"> </span>208896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\profsvc.dll</div>
<div>2013-01-04 15:47:56<span class="Apple-tab-span" style="white-space:pre"> </span>516096<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files\Windows Mail\wab.exe</div>
<div>2013-01-04 15:42:30<span class="Apple-tab-span" style="white-space:pre"> </span>954752<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\mfc40.dll</div>
<div>2013-01-04 15:42:30<span class="Apple-tab-span" style="white-space:pre"> </span>954288<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\mfc40u.dll</div>
<div>2013-01-04 15:38:19<span class="Apple-tab-span" style="white-space:pre"> </span>9728<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\Wdfres.dll</div>
<div>2013-01-04 15:38:19<span class="Apple-tab-span" style="white-space:pre"> </span>785512<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\Wdf01000.sys</div>
<div>2013-01-04 15:38:19<span class="Apple-tab-span" style="white-space:pre"> </span>54376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\WdfLdr.sys</div>
<div>2013-01-04 15:38:19<span class="Apple-tab-span" style="white-space:pre"> </span>2560<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\en-US\wdf01000.sys.mui</div>
<div>2013-01-04 15:16:40<span class="Apple-tab-span" style="white-space:pre"> </span>477168<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\npdeployJava1.dll</div>
<div>2013-01-04 15:16:40<span class="Apple-tab-span" style="white-space:pre"> </span>473072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\deployJava1.dll</div>
<div>2013-01-04 15:10:58<span class="Apple-tab-span" style="white-space:pre"> </span>634368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msvcrt.dll</div>
<div>2013-01-04 15:00:50<span class="Apple-tab-span" style="white-space:pre"> </span>139264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\cabview.dll</div>
<div>2013-01-04 15:00:50<span class="Apple-tab-span" style="white-space:pre"> </span>132608<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\cabview.dll</div>
<div>2013-01-04 14:58:39<span class="Apple-tab-span" style="white-space:pre"> </span>1031680<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\rdpcore.dll</div>
<div>2013-01-04 14:58:38<span class="Apple-tab-span" style="white-space:pre"> </span>826368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\rdpcore.dll</div>
<div>2013-01-04 14:58:38<span class="Apple-tab-span" style="white-space:pre"> </span>23552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\tdtcp.sys</div>
<div>2013-01-04 14:51:41<span class="Apple-tab-span" style="white-space:pre"> </span>2622464<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wucltux.dll</div>
<div>2013-01-04 14:51:30<span class="Apple-tab-span" style="white-space:pre"> </span>99840<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wudriver.dll</div>
<div>2013-01-04 14:51:17<span class="Apple-tab-span" style="white-space:pre"> </span>36864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wuapp.exe</div>
<div>2013-01-04 14:51:17<span class="Apple-tab-span" style="white-space:pre"> </span>186752<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wuwebv.dll</div>
<div>2013-01-04 06:51:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\ElevatedDiagnostics</div>
<div>2013-01-04 03:25:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Diagnostics</div>
<div>2013-01-04 03:07:27<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SMINST</div>
<div>2013-01-04 02:37:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Temp</div>
<div>2013-01-04 02:30:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\My Backup Files</div>
<div>2013-01-04 02:27:27<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\Dell</div>
<div>2013-01-04 02:27:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Stardock_Corporation</div>
<div>2013-01-04 02:26:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\SupportSoft</div>
<div>2013-01-04 02:26:18<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\$RECYCLE.BIN</div>
<div>2013-01-04 02:26:16<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\VirtualStore</div>
<div>2013-01-04 02:25:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\System Recovery</div>
<div>.</div>
<div>==================== Find3M ====================</div>
<div>.</div>
<div>2012-12-16 16:52:02<span class="Apple-tab-span" style="white-space:pre"> </span>46080<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\atmlib.dll</div>
<div>2012-12-16 14:40:45<span class="Apple-tab-span" style="white-space:pre"> </span>367616<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\atmfd.dll</div>
<div>2012-12-16 14:25:27<span class="Apple-tab-span" style="white-space:pre"> </span>295424<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\atmfd.dll</div>
<div>2012-12-16 14:25:19<span class="Apple-tab-span" style="white-space:pre"> </span>34304<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\atmlib.dll</div>
<div>2012-12-07 05:41:16<span class="Apple-tab-span" style="white-space:pre"> </span>441856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\Wpc.dll</div>
<div>2012-12-07 05:35:34<span class="Apple-tab-span" style="white-space:pre"> </span>2745856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\gameux.dll</div>
<div>2012-12-07 05:04:20<span class="Apple-tab-span" style="white-space:pre"> </span>308736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\Wpc.dll</div>
<div>2012-12-07 04:57:38<span class="Apple-tab-span" style="white-space:pre"> </span>2576384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\gameux.dll</div>
<div>2012-12-07 03:21:08<span class="Apple-tab-span" style="white-space:pre"> </span>45568<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\oflc-nz.rs</div>
<div>2012-11-30 05:50:00<span class="Apple-tab-span" style="white-space:pre"> </span>362496<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wow64win.dll</div>
<div>2012-11-30 05:50:00<span class="Apple-tab-span" style="white-space:pre"> </span>243200<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wow64.dll</div>
<div>2012-11-30 05:50:00<span class="Apple-tab-span" style="white-space:pre"> </span>13312<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wow64cpu.dll</div>
<div>2012-11-30 05:49:28<span class="Apple-tab-span" style="white-space:pre"> </span>215040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\winsrv.dll</div>
<div>2012-11-30 05:46:35<span class="Apple-tab-span" style="white-space:pre"> </span>16384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\ntvdm64.dll</div>
<div>2012-11-30 05:06:50<span class="Apple-tab-span" style="white-space:pre"> </span>5120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\wow32.dll</div>
<div>2012-11-30 05:06:49<span class="Apple-tab-span" style="white-space:pre"> </span>274944<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\KernelBase.dll</div>
<div>2012-11-30 03:33:03<span class="Apple-tab-span" style="white-space:pre"> </span>338432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\conhost.exe</div>
<div>2012-11-30 02:56:36<span class="Apple-tab-span" style="white-space:pre"> </span>25600<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\setup16.exe</div>
<div>2012-11-30 02:56:35<span class="Apple-tab-span" style="white-space:pre"> </span>7680<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\instnm.exe</div>
<div>2012-11-30 02:56:34<span class="Apple-tab-span" style="white-space:pre"> </span>14336<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\ntvdm64.dll</div>
<div>2012-11-30 02:56:33<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\user.exe</div>
<div>2012-11-30 02:51:41<span class="Apple-tab-span" style="white-space:pre"> </span>6144<span class="Apple-tab-span" style="white-space:pre"> </span>---ha-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll</div>
<div>2012-11-30 02:51:41<span class="Apple-tab-span" style="white-space:pre"> </span>4608<span class="Apple-tab-span" style="white-space:pre"> </span>---ha-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll</div>
<div>2012-11-30 02:51:41<span class="Apple-tab-span" style="white-space:pre"> </span>3584<span class="Apple-tab-span" style="white-space:pre"> </span>---ha-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll</div>
<div>2012-11-30 02:51:41<span class="Apple-tab-span" style="white-space:pre"> </span>3072<span class="Apple-tab-span" style="white-space:pre"> </span>---ha-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll</div>
<div>2012-11-09 14:35:50<span class="Apple-tab-span" style="white-space:pre"> </span>771096<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\mfehidk.sys</div>
<div>2012-11-09 14:33:58<span class="Apple-tab-span" style="white-space:pre"> </span>178840<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\mfeapfk.sys</div>
<div>2012-11-09 05:34:27<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\tzres.dll</div>
<div>2012-11-09 04:49:37<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\tzres.dll</div>
<div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>862664<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\msvcr110.dll</div>
<div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>828872<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msvcr110.dll</div>
<div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>661448<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msvcp110.dll</div>
<div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>534480<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\msvcp110.dll</div>
<div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>50856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\point64.sys</div>
<div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>354264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\vccorlib110.dll</div>
<div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>251864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\vccorlib110.dll</div>
<div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>23960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\nuidfltr.sys</div>
<div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>1721576<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wdfcoinstaller01009.dll</div>
<div>2012-11-02 05:27:51<span class="Apple-tab-span" style="white-space:pre"> </span>478208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\dpnet.dll</div>
<div>2012-11-02 04:48:28<span class="Apple-tab-span" style="white-space:pre"> </span>376832<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\dpnet.dll</div>
<div>2012-10-16 21:20:49<span class="Apple-tab-span" style="white-space:pre"> </span>135168<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\apppatch\AppPatch64\AcXtrnal.dll</div>
<div>2012-10-16 21:20:46<span class="Apple-tab-span" style="white-space:pre"> </span>347648<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\apppatch\AppPatch64\AcLayers.dll</div>
<div>2012-10-16 20:34:37<span class="Apple-tab-span" style="white-space:pre"> </span>559104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\apppatch\AcLayers.dll</div>
<div>2012-10-15 16:45:34<span class="Apple-tab-span" style="white-space:pre"> </span>348160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\msvcr71.dll</div>
<div>2012-10-15 16:45:33<span class="Apple-tab-span" style="white-space:pre"> </span>499712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\msvcp71.dll</div>
<div>.</div>
<div>============= FINISH: 22:01:58.85 ===============</div>
<div> </div>
-
Please could someone please give me some help with this. Malwarebytes alread removed a bunch of malware but I still seem to be infected. Currently Malwarebytes shows 0 errors.
This is my girlfriends laptop and she is a teacher so she needs it for work. I just reloaded it from scratch the other day and it's already messed up. Most things seemed OK until I did a Microsoft update but I think it was already infected.
Thanks for the help!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:34:03 PM, on 1/9/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe
C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
C:\Users\Angie Murray\AppData\Local\StrongVault\StrongVaultApp.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\AOL\1357602860\ee\aolsoftware.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\program files (x86)\deal vault\deal vault-bg.exe
c:\program files (x86)\aol toolbar\aoltbServer.exe
C:\Windows\SysWOW64\WerFault.exe
E:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: CrossriderApp0019866 - {11111111-1111-1111-1111-110111981166} - C:\Program Files (x86)\Deal Vault\Deal Vault.dll
O2 - BHO: C:\Users\Angie Murray\AppData\Roaming\2YourFace\bho.dll - {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - C:\Users\Angie Murray\AppData\Roaming\2YourFace\bho.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\MskAPBho.dll
O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CouponAmazing - {AFE3CFBE-FB6B-4F00-9D96-D9CB1EB25B4C} - C:\Users\Angie Murray\AppData\Local\couponamazing\ie\couponamazing_1357432802.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1357602860\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKCU\..\Run: [Messenger] "C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE" -b
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O4 - Startup: 2YourFace_Updater.lnk = Angie Murray\AppData\Roaming\2YourFace\Updater.exe
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: StrongVaultApp.exe
O4 - Global Startup: StrongVaultApp.exe.lnk = Angie Murray\AppData\Local\StrongVault\StrongVaultApp.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: IB Updater - Unknown owner - C:\Program Files\IB Updater\ExtensionUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\Program Files (x86)\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - c:\program files (x86)\dell datasafe local backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellComms) (sprtsvc_DellComms) - SupportSoft, Inc. - C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12913 bytes
Malwarebytes shows no problem but it still a mess
in Resolved Malware Removal Logs
Posted
I did find the system log file.
system-log.txt