Jump to content

Malwarebytes shows no problem but it still a mess


Recommended Posts

Please could someone please give me some help with this. Malwarebytes alread removed a bunch of malware but I still seem to be infected. Currently Malwarebytes shows 0 errors.

This is my girlfriends laptop and she is a teacher so she needs it for work. I just reloaded it from scratch the other day and it's already messed up. Most things seemed OK until I did a Microsoft update but I think it was already infected.

Thanks for the help!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:34:03 PM, on 1/9/2013

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe

C:\Program Files (x86)\AOL Desktop 9.7\waol.exe

C:\Users\Angie Murray\AppData\Local\StrongVault\StrongVaultApp.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\AOL\1357602860\ee\aolsoftware.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe

C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\internet explorer\iexplore.exe

C:\Program Files (x86)\internet explorer\iexplore.exe

C:\program files (x86)\deal vault\deal vault-bg.exe

c:\program files (x86)\aol toolbar\aoltbServer.exe

C:\Windows\SysWOW64\WerFault.exe

E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: CrossriderApp0019866 - {11111111-1111-1111-1111-110111981166} - C:\Program Files (x86)\Deal Vault\Deal Vault.dll

O2 - BHO: C:\Users\Angie Murray\AppData\Roaming\2YourFace\bho.dll - {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - C:\Users\Angie Murray\AppData\Roaming\2YourFace\bho.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\MskAPBho.dll

O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll

O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: CouponAmazing - {AFE3CFBE-FB6B-4F00-9D96-D9CB1EB25B4C} - C:\Users\Angie Murray\AppData\Local\couponamazing\ie\couponamazing_1357432802.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll

O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1357602860\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

O4 - HKLM\..\RunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe

O4 - HKCU\..\Run: [Messenger] "C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe"

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE" -b

O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe

O4 - Startup: 2YourFace_Updater.lnk = Angie Murray\AppData\Roaming\2YourFace\Updater.exe

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Global Startup: StrongVaultApp.exe

O4 - Global Startup: StrongVaultApp.exe.lnk = Angie Murray\AppData\Local\StrongVault\StrongVaultApp.exe

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: IB Updater - Unknown owner - C:\Program Files\IB Updater\ExtensionUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\Program Files (x86)\McAfee\VIRUSS~1\mcods.exe (file missing)

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - c:\program files (x86)\dell datasafe local backup\sftservice.EXE

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SupportSoft Sprocket Service (DellComms) (sprtsvc_DellComms) - SupportSoft, Inc. - C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12913 bytes

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)


O2 - BHO: CrossriderApp0019866 - {11111111-1111-1111-1111-110111981166} - C:\Program Files (x86)\Deal Vault\Deal Vault.dll
O2 - BHO: C:\Users\Angie Murray\AppData\Roaming\2YourFace\bho.dll - {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - C:\Users\Angie Murray\AppData\Roaming\2YourFace\bho.dll
O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O2 - BHO: CouponAmazing - {AFE3CFBE-FB6B-4F00-9D96-D9CB1EB25B4C} - C:\Users\Angie Murray\AppData\Local\couponamazing\ie\couponamazing_1357432802.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O23 - Service: IB Updater - Unknown owner - C:\Program Files\IB Updater\ExtensionUpdaterService.exe

Link to post
Share on other sites

<p> </p>

<div>Thanks you very much for the help. I also ran tdsskill and it showed no errors. </div>

<div> </div>

<div> </div>

<div>DDS (Ver_2012-11-20.01) - NTFS_AMD64 </div>

<div>Internet Explorer: 9.0.8112.16457</div>

<div>Run by Angie Murray at 22:00:09 on 2013-01-09</div>

<div>Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4027.2684 [GMT -8:00]</div>

<div>.</div>

<div>AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}</div>

<div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>

<div>SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}</div>

<div>.</div>

<div>============== Running Processes ===============</div>

<div>.</div>

<div>C:\Windows\system32\lsm.exe</div>

<div>C:\Windows\system32\svchost.exe -k DcomLaunch</div>

<div>C:\Windows\system32\svchost.exe -k RPCSS</div>

<div>C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted</div>

<div>C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted</div>

<div>C:\Windows\system32\svchost.exe -k netsvcs</div>

<div>C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe</div>

<div>C:\Windows\system32\svchost.exe -k LocalService</div>

<div>C:\Program Files\Dell\DellDock\DockLogin.exe</div>

<div>C:\Windows\system32\svchost.exe -k NetworkService</div>

<div>C:\Windows\System32\spoolsv.exe</div>

<div>C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork</div>

<div>C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div>

<div>C:\Windows\system32\Dwm.exe</div>

<div>C:\Windows\Explorer.EXE</div>

<div>C:\Windows\system32\taskhost.exe</div>

<div>C:\Program Files\Bonjour\mDNSResponder.exe</div>

<div>C:\Program Files\IB Updater\ExtensionUpdaterService.exe</div>

<div>C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe</div>

<div>C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe</div>

<div>C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe</div>

<div>C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe</div>

<div>C:\Windows\system32\mfevtps.exe</div>

<div>C:\Program Files (x86)\McAfee\MSK\MskSrver.exe</div>

<div>C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe</div>

<div>c:\program files (x86)\dell datasafe local backup\sftservice.EXE</div>

<div>C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe</div>

<div>C:\Windows\system32\svchost.exe -k imgsvc</div>

<div>C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe</div>

<div>C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation</div>

<div>C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe</div>

<div>C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe</div>

<div>C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</div>

<div>C:\Program Files\IDT\WDM\sttray64.exe</div>

<div>C:\WINDOWS\System32\igfxtray.exe</div>

<div>C:\WINDOWS\System32\hkcmd.exe</div>

<div>C:\WINDOWS\System32\igfxpers.exe</div>

<div>C:\Windows\system32\igfxsrvc.exe</div>

<div>C:\Windows\system32\wbem\wmiprvse.exe</div>

<div>C:\Program Files\Dell\QuickSet\quickset.exe</div>

<div>C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe</div>

<div>C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe</div>

<div>C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe</div>

<div>C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe</div>

<div>C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe</div>

<div>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe</div>

<div>C:\Users\Angie Murray\AppData\Local\StrongVault\StrongVaultApp.exe</div>

<div>C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe</div>

<div>C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe</div>

<div>C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe</div>

<div>C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe</div>

<div>C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe</div>

<div>C:\Program Files (x86)\Common Files\AOL\1357602860\ee\aolsoftware.exe</div>

<div>C:\Program Files\Dell\DellDock\DellDock.exe</div>

<div>C:\Program Files (x86)\iTunes\iTunesHelper.exe</div>

<div>C:\Windows\system32\wbem\wmiprvse.exe</div>

<div>C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe</div>

<div>C:\Program Files\Synaptics\SynTP\SynTPHelper.exe</div>

<div>C:\Windows\system32\SearchIndexer.exe</div>

<div>C:\Program Files\iPod\bin\iPodService.exe</div>

<div>C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe</div>

<div>C:\Program Files\Windows Media Player\wmpnetwk.exe</div>

<div>C:\Windows\System32\svchost.exe -k LocalServicePeerNet</div>

<div>C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe</div>

<div>C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe</div>

<div>C:\Windows\system32\wuauclt.exe</div>

<div>C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe</div>

<div>C:\Windows\system32\taskeng.exe</div>

<div>C:\Windows\System32\WUDFHost.exe</div>

<div>C:\Windows\System32\cscript.exe</div>

<div>.</div>

<div>============== Pseudo HJT Report ===============</div>

<div>.</div>

<div>uStart Page = hxxp://www.google.com/</div>

<div>mWinlogon: Userinit = userinit.exe,</div>

<div>BHO: Deal Vault: {11111111-1111-1111-1111-110111981166} - C:\Program Files (x86)\Deal Vault\Deal Vault.dll</div>

<div>BHO: 2YourFace Addon: {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - C:\Users\Angie Murray\AppData\Roaming\2YourFace\bho.dll</div>

<div>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll</div>

<div>BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\mskapbho.dll</div>

<div>BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll</div>

<div>BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll</div>

<div>BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned></div>

<div>BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll</div>

<div>BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll</div>

<div>BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll</div>

<div>BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll</div>

<div>BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll</div>

<div>BHO: CouponAmazing: {AFE3CFBE-FB6B-4F00-9D96-D9CB1EB25B4C} - C:\Users\Angie Murray\AppData\Local\couponamazing\ie\couponamazing_1357432802.dll</div>

<div>BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll</div>

<div>BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll</div>

<div>BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll</div>

<div>TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll</div>

<div>TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll</div>

<div>TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll</div>

<div>TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll</div>

<div>TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll</div>

<div>uRun: [Messenger] "C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe"</div>

<div>uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe</div>

<div>mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"</div>

<div>mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"</div>

<div>mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2</div>

<div>mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"</div>

<div>mRun: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey</div>

<div>mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms</div>

<div>mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter</div>

<div>mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"</div>

<div>mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1357602860\ee\AOLSoftware.exe</div>

<div>mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"</div>

<div>mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"</div>

<div>mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe</div>

<div>mRunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe</div>

<div>StartupFolder: C:\Users\ANGIEM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\2YOURF~1.LNK - C:\Users\Angie Murray\AppData\Roaming\2YourFace\Updater.exe</div>

<div>StartupFolder: C:\Users\ANGIEM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe</div>

<div>StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe</div>

<div>StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STRONG~1.LNK - C:\Users\Angie Murray\AppData\Local\StrongVault\StrongVaultApp.exe</div>

<div>mPolicies-Explorer: NoActiveDesktop = dword:1</div>

<div>mPolicies-Explorer: NoActiveDesktopChanges = dword:1</div>

<div>mPolicies-System: ConsentPromptBehaviorAdmin = dword:5</div>

<div>mPolicies-System: ConsentPromptBehaviorUser = dword:3</div>

<div>mPolicies-System: EnableUIADesktopToggle = dword:0</div>

<div>IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll</div>

<div>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab</div>

<div>DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab</div>

<div>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab</div>

<div>TCP: NameServer = 192.168.137.1</div>

<div>TCP: Interfaces\{867B27DE-941C-4DD1-86AD-9980F73CBBEA} : DHCPNameServer = 10.0.0.1 10.0.0.2 10.0.0.5</div>

<div>TCP: Interfaces\{98B589CB-767F-445A-B5E8-57F65D37EC0F} : DHCPNameServer = 192.168.137.1</div>

<div>TCP: Interfaces\{98B589CB-767F-445A-B5E8-57F65D37EC0F}\D45727271697 : DHCPNameServer = 192.168.1.1</div>

<div>TCP: Interfaces\{98B589CB-767F-445A-B5E8-57F65D37EC0F}\E4544574541425 : DHCPNameServer = 192.168.1.1</div>

<div>SSODL: WebCheck - <orphaned></div>

<div>x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\mskapbho64.dll</div>

<div>x64-BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll</div>

<div>x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll</div>

<div>x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll</div>

<div>x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe</div>

<div>x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe</div>

<div>x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe</div>

<div>x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe</div>

<div>x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe</div>

<div>x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe</div>

<div>x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"</div>

<div>x64-Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"</div>

<div>x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab</div>

<div>x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab</div>

<div>x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab</div>

<div>x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll</div>

<div>x64-Notify: igfxcui - igfxdev.dll</div>

<div>x64-SSODL: WebCheck - <orphaned></div>

<div>.</div>

<div>============= SERVICES / DRIVERS ===============</div>

<div>.</div>

<div>R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-9-29 55280]</div>

<div>R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-9-29 771096]</div>

<div>R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]</div>

<div>R2 IB Updater;IB Updater;C:\Program Files\IB Updater\ExtensionUpdaterService.exe [2013-1-7 188760]</div>

<div>R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-9 398184]</div>

<div>R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-9 682344]</div>

<div>R2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe [2009-9-29 359952]</div>

<div>R2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-9-29 155456]</div>

<div>R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-1-6 177680]</div>

<div>R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-9-29 689472]</div>

<div>R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]</div>

<div>R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-9-29 172704]</div>

<div>R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-9-29 138752]</div>

<div>R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]</div>

<div>R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-9 24176]</div>

<div>R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-9-29 102600]</div>

<div>R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-9-29 5435904]</div>

<div>S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]</div>

<div>S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]</div>

<div>S3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2009-9-29 606736]</div>

<div>S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\System32\drivers\mfebopk.sys [2009-9-29 41032]</div>

<div>S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-9-29 40904]</div>

<div>S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-9-29 49480]</div>

<div>S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-4 1255736]</div>

<div>S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]</div>

<div>.</div>

<div>=============== Created Last 30 ================</div>

<div>.</div>

<div>2013-01-09 18:20:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\Malwarebytes</div>

<div>2013-01-09 18:19:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\ProgramData\Malwarebytes</div>

<div>2013-01-09 18:19:58<span class="Apple-tab-span" style="white-space:pre"> </span>24176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\mbam.sys</div>

<div>2013-01-09 18:19:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Malwarebytes' Anti-Malware</div>

<div>2013-01-09 18:19:45<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Programs</div>

<div>2013-01-09 04:43:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Downloads</div>

<div>2013-01-09 02:42:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\EventProviders</div>

<div>2013-01-09 02:42:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\2894e7c58164526a91</div>

<div>2013-01-09 02:12:33<span class="Apple-tab-span" style="white-space:pre"> </span>424960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\KernelBase.dll</div>

<div>2013-01-09 02:10:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Apple Computer</div>

<div>2013-01-09 02:10:35<span class="Apple-tab-span" style="white-space:pre"> </span>33240<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\GEARAspiWDM.sys</div>

<div>2013-01-09 02:10:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files\iPod</div>

<div>2013-01-09 02:10:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69</div>

<div>2013-01-09 02:10:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files\iTunes</div>

<div>2013-01-09 02:10:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\iTunes</div>

<div>2013-01-09 02:09:44<span class="Apple-tab-span" style="white-space:pre"> </span>3147264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\win32k.sys</div>

<div>2013-01-09 02:06:55<span class="Apple-tab-span" style="white-space:pre"> </span>74248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\FlashPlayerCPLApp.cpl</div>

<div>2013-01-09 02:06:55<span class="Apple-tab-span" style="white-space:pre"> </span>697864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\FlashPlayerApp.exe</div>

<div>2013-01-09 01:59:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Apple</div>

<div>2013-01-09 01:58:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files\Bonjour</div>

<div>2013-01-09 01:58:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Bonjour</div>

<div>2013-01-09 01:58:23<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\2YourFace</div>

<div>2013-01-09 01:54:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\Funmoods</div>

<div>2013-01-09 01:48:27<span class="Apple-tab-span" style="white-space:pre"> </span>801280<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\usp10.dll</div>

<div>2013-01-09 01:48:27<span class="Apple-tab-span" style="white-space:pre"> </span>627712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\usp10.dll</div>

<div>2013-01-08 04:02:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Incredibar.com</div>

<div>2013-01-08 04:02:08<span class="Apple-tab-span" style="white-space:pre"> </span>829264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msvcr100.dll</div>

<div>2013-01-08 04:02:08<span class="Apple-tab-span" style="white-space:pre"> </span>608080<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msvcp100.dll</div>

<div>2013-01-08 04:02:08<span class="Apple-tab-span" style="white-space:pre"> </span>35328<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\ImHttpComm.dll</div>

<div>2013-01-08 04:02:08<span class="Apple-tab-span" style="white-space:pre"> </span>1261936<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\dmwu.exe</div>

<div>2013-01-08 04:02:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\ARFC</div>

<div>2013-01-08 04:02:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\WNLT</div>

<div>2013-01-08 04:02:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files\IB Updater</div>

<div>2013-01-08 04:01:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\Optimizer Pro</div>

<div>2013-01-08 04:01:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Optimizer Pro</div>

<div>2013-01-08 04:01:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\InfoAtoms</div>

<div>2013-01-08 04:00:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Google</div>

<div>2013-01-08 04:00:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Deal Vault</div>

<div>2013-01-08 04:00:33<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Deal Vault</div>

<div>2013-01-08 00:03:10<span class="Apple-tab-span" style="white-space:pre"> </span>230400<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll</div>

<div>2013-01-07 23:59:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\AOL Toolbar</div>

<div>2013-01-07 23:56:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\AOL</div>

<div>2013-01-07 23:55:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\ProgramData\Viewpoint</div>

<div>2013-01-07 23:55:49<span class="Apple-tab-span" style="white-space:pre"> </span>58696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\AOLParconLink.exe</div>

<div>2013-01-07 23:55:49<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Viewpoint</div>

<div>2013-01-07 23:55:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\ProgramData\AOL Toolbar</div>

<div>2013-01-07 23:55:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\AOL Toolbar</div>

<div>2013-01-07 23:55:40<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Common Files\Software Update Utility</div>

<div>2013-01-07 23:54:41<span class="Apple-tab-span" style="white-space:pre"> </span>24064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\wanatw64.sys</div>

<div>2013-01-07 23:54:32<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\AOL</div>

<div>2013-01-07 23:54:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Common Files\aolshare</div>

<div>2013-01-07 23:54:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Common Files\AOL</div>

<div>2013-01-07 23:54:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\AOL Desktop 9.7</div>

<div>2013-01-07 05:11:18<span class="Apple-tab-span" style="white-space:pre"> </span>177680<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\mfevtps.exe</div>

<div>2013-01-07 04:41:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Deployment</div>

<div>2013-01-07 04:41:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Apps</div>

<div>2013-01-06 03:05:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files\Microsoft Mouse and Keyboard Center</div>

<div>2013-01-06 00:55:55<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\CANON_INC</div>

<div>2013-01-06 00:54:13<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\OpenOffice.org</div>

<div>2013-01-06 00:52:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\ZoomBrowser EX</div>

<div>2013-01-06 00:51:22<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\JRE</div>

<div>2013-01-06 00:51:18<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\OpenOffice.org 3</div>

<div>2013-01-06 00:44:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\StrongVault</div>

<div>2013-01-06 00:44:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\ProgramData\Strongvault Online Backup</div>

<div>2013-01-06 00:44:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Strongvault Online Backup</div>

<div>2013-01-06 00:43:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\couponamazing</div>

<div>2013-01-06 00:32:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\AI_RecycleBin</div>

<div>2013-01-06 00:29:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\VideoLAN</div>

<div>2013-01-06 00:21:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\Strongvault</div>

<div>2013-01-06 00:20:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Stronghold_LLC</div>

<div>2013-01-06 00:20:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\AI_RecycleBin</div>

<div>2013-01-05 22:24:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\ProgramData\ZoomBrowser</div>

<div>2013-01-05 22:23:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Canon</div>

<div>2013-01-05 22:22:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files (x86)\Common Files\Canon</div>

<div>2013-01-05 02:54:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\Wat</div>

<div>2013-01-05 02:54:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\Wat</div>

<div>2013-01-05 02:16:22<span class="Apple-tab-span" style="white-space:pre"> </span>367104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wcncsvc.dll</div>

<div>2013-01-05 02:16:22<span class="Apple-tab-span" style="white-space:pre"> </span>276992<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\wcncsvc.dll</div>

<div>2013-01-05 01:59:14<span class="Apple-tab-span" style="white-space:pre"> </span>311808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msv1_0.dll</div>

<div>2013-01-05 01:59:14<span class="Apple-tab-span" style="white-space:pre"> </span>257024<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\msv1_0.dll</div>

<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>99176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\PresentationHostProxy.dll</div>

<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>49472<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\netfxperf.dll</div>

<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>48960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\netfxperf.dll</div>

<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>444752<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\mscoree.dll</div>

<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>320352<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\PresentationHost.exe</div>

<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>297808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\mscoree.dll</div>

<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>295264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\PresentationHost.exe</div>

<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>1942856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\dfshim.dll</div>

<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>1130824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\dfshim.dll</div>

<div>2013-01-05 01:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>109912<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\PresentationHostProxy.dll</div>

<div>2013-01-05 01:32:54<span class="Apple-tab-span" style="white-space:pre"> </span>80896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\imagehlp.dll</div>

<div>2013-01-05 01:32:54<span class="Apple-tab-span" style="white-space:pre"> </span>5120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\wmi.dll</div>

<div>2013-01-05 01:32:54<span class="Apple-tab-span" style="white-space:pre"> </span>5120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wmi.dll</div>

<div>2013-01-05 01:32:54<span class="Apple-tab-span" style="white-space:pre"> </span>22896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\fs_rec.sys</div>

<div>2013-01-05 01:32:54<span class="Apple-tab-span" style="white-space:pre"> </span>158720<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\imagehlp.dll</div>

<div>2013-01-05 01:31:50<span class="Apple-tab-span" style="white-space:pre"> </span>1135104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\FntCache.dll</div>

<div>2013-01-05 01:30:15<span class="Apple-tab-span" style="white-space:pre"> </span>243712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\ks.sys</div>

<div>2013-01-05 01:30:15<span class="Apple-tab-span" style="white-space:pre"> </span>184832<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\usbvideo.sys</div>

<div>2013-01-04 16:10:13<span class="Apple-tab-span" style="white-space:pre"> </span>82944<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\iccvid.dll</div>

<div>2013-01-04 16:08:44<span class="Apple-tab-span" style="white-space:pre"> </span>1572864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\quartz.dll</div>

<div>2013-01-04 16:07:59<span class="Apple-tab-span" style="white-space:pre"> </span>552960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msdri.dll</div>

<div>2013-01-04 16:07:56<span class="Apple-tab-span" style="white-space:pre"> </span>43520<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\csrsrv.dll</div>

<div>2013-01-04 16:07:53<span class="Apple-tab-span" style="white-space:pre"> </span>476160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\XpsGdiConverter.dll</div>

<div>2013-01-04 16:07:53<span class="Apple-tab-span" style="white-space:pre"> </span>288256<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\XpsGdiConverter.dll</div>

<div>2013-01-04 16:07:52<span class="Apple-tab-span" style="white-space:pre"> </span>515584<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\timedate.cpl</div>

<div>2013-01-04 16:07:52<span class="Apple-tab-span" style="white-space:pre"> </span>478208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\timedate.cpl</div>

<div>2013-01-04 16:02:03<span class="Apple-tab-span" style="white-space:pre"> </span>633856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\comctl32.dll</div>

<div>2013-01-04 16:02:03<span class="Apple-tab-span" style="white-space:pre"> </span>530432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\comctl32.dll</div>

<div>2013-01-04 16:02:00<span class="Apple-tab-span" style="white-space:pre"> </span>5505904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\ntoskrnl.exe</div>

<div>2013-01-04 16:00:36<span class="Apple-tab-span" style="white-space:pre"> </span>295792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\volsnap.sys</div>

<div>2013-01-04 15:56:59<span class="Apple-tab-span" style="white-space:pre"> </span>223448<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\fvevol.sys</div>

<div>2013-01-04 15:56:21<span class="Apple-tab-span" style="white-space:pre"> </span>30208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\dnscacheugc.exe</div>

<div>2013-01-04 15:56:21<span class="Apple-tab-span" style="white-space:pre"> </span>28672<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\dnscacheugc.exe</div>

<div>2013-01-04 15:56:21<span class="Apple-tab-span" style="white-space:pre"> </span>182272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\dnsrslvr.dll</div>

<div>2013-01-04 15:56:19<span class="Apple-tab-span" style="white-space:pre"> </span>208896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\profsvc.dll</div>

<div>2013-01-04 15:47:56<span class="Apple-tab-span" style="white-space:pre"> </span>516096<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Program Files\Windows Mail\wab.exe</div>

<div>2013-01-04 15:42:30<span class="Apple-tab-span" style="white-space:pre"> </span>954752<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\mfc40.dll</div>

<div>2013-01-04 15:42:30<span class="Apple-tab-span" style="white-space:pre"> </span>954288<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\mfc40u.dll</div>

<div>2013-01-04 15:38:19<span class="Apple-tab-span" style="white-space:pre"> </span>9728<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\Wdfres.dll</div>

<div>2013-01-04 15:38:19<span class="Apple-tab-span" style="white-space:pre"> </span>785512<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\Wdf01000.sys</div>

<div>2013-01-04 15:38:19<span class="Apple-tab-span" style="white-space:pre"> </span>54376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\WdfLdr.sys</div>

<div>2013-01-04 15:38:19<span class="Apple-tab-span" style="white-space:pre"> </span>2560<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\en-US\wdf01000.sys.mui</div>

<div>2013-01-04 15:16:40<span class="Apple-tab-span" style="white-space:pre"> </span>477168<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\npdeployJava1.dll</div>

<div>2013-01-04 15:16:40<span class="Apple-tab-span" style="white-space:pre"> </span>473072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\deployJava1.dll</div>

<div>2013-01-04 15:10:58<span class="Apple-tab-span" style="white-space:pre"> </span>634368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msvcrt.dll</div>

<div>2013-01-04 15:00:50<span class="Apple-tab-span" style="white-space:pre"> </span>139264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\cabview.dll</div>

<div>2013-01-04 15:00:50<span class="Apple-tab-span" style="white-space:pre"> </span>132608<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\cabview.dll</div>

<div>2013-01-04 14:58:39<span class="Apple-tab-span" style="white-space:pre"> </span>1031680<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\rdpcore.dll</div>

<div>2013-01-04 14:58:38<span class="Apple-tab-span" style="white-space:pre"> </span>826368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\rdpcore.dll</div>

<div>2013-01-04 14:58:38<span class="Apple-tab-span" style="white-space:pre"> </span>23552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\tdtcp.sys</div>

<div>2013-01-04 14:51:41<span class="Apple-tab-span" style="white-space:pre"> </span>2622464<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wucltux.dll</div>

<div>2013-01-04 14:51:30<span class="Apple-tab-span" style="white-space:pre"> </span>99840<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wudriver.dll</div>

<div>2013-01-04 14:51:17<span class="Apple-tab-span" style="white-space:pre"> </span>36864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wuapp.exe</div>

<div>2013-01-04 14:51:17<span class="Apple-tab-span" style="white-space:pre"> </span>186752<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wuwebv.dll</div>

<div>2013-01-04 06:51:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\ElevatedDiagnostics</div>

<div>2013-01-04 03:25:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Diagnostics</div>

<div>2013-01-04 03:07:27<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SMINST</div>

<div>2013-01-04 02:37:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Temp</div>

<div>2013-01-04 02:30:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\My Backup Files</div>

<div>2013-01-04 02:27:27<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Roaming\Dell</div>

<div>2013-01-04 02:27:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\Stardock_Corporation</div>

<div>2013-01-04 02:26:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\SupportSoft</div>

<div>2013-01-04 02:26:18<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\$RECYCLE.BIN</div>

<div>2013-01-04 02:26:16<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Users\Angie Murray\AppData\Local\VirtualStore</div>

<div>2013-01-04 02:25:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\System Recovery</div>

<div>.</div>

<div>==================== Find3M  ====================</div>

<div>.</div>

<div>2012-12-16 16:52:02<span class="Apple-tab-span" style="white-space:pre"> </span>46080<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\atmlib.dll</div>

<div>2012-12-16 14:40:45<span class="Apple-tab-span" style="white-space:pre"> </span>367616<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\atmfd.dll</div>

<div>2012-12-16 14:25:27<span class="Apple-tab-span" style="white-space:pre"> </span>295424<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\atmfd.dll</div>

<div>2012-12-16 14:25:19<span class="Apple-tab-span" style="white-space:pre"> </span>34304<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\atmlib.dll</div>

<div>2012-12-07 05:41:16<span class="Apple-tab-span" style="white-space:pre"> </span>441856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\Wpc.dll</div>

<div>2012-12-07 05:35:34<span class="Apple-tab-span" style="white-space:pre"> </span>2745856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\gameux.dll</div>

<div>2012-12-07 05:04:20<span class="Apple-tab-span" style="white-space:pre"> </span>308736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\Wpc.dll</div>

<div>2012-12-07 04:57:38<span class="Apple-tab-span" style="white-space:pre"> </span>2576384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\gameux.dll</div>

<div>2012-12-07 03:21:08<span class="Apple-tab-span" style="white-space:pre"> </span>45568<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\oflc-nz.rs</div>

<div>2012-11-30 05:50:00<span class="Apple-tab-span" style="white-space:pre"> </span>362496<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wow64win.dll</div>

<div>2012-11-30 05:50:00<span class="Apple-tab-span" style="white-space:pre"> </span>243200<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wow64.dll</div>

<div>2012-11-30 05:50:00<span class="Apple-tab-span" style="white-space:pre"> </span>13312<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wow64cpu.dll</div>

<div>2012-11-30 05:49:28<span class="Apple-tab-span" style="white-space:pre"> </span>215040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\winsrv.dll</div>

<div>2012-11-30 05:46:35<span class="Apple-tab-span" style="white-space:pre"> </span>16384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\ntvdm64.dll</div>

<div>2012-11-30 05:06:50<span class="Apple-tab-span" style="white-space:pre"> </span>5120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\wow32.dll</div>

<div>2012-11-30 05:06:49<span class="Apple-tab-span" style="white-space:pre"> </span>274944<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\KernelBase.dll</div>

<div>2012-11-30 03:33:03<span class="Apple-tab-span" style="white-space:pre"> </span>338432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\conhost.exe</div>

<div>2012-11-30 02:56:36<span class="Apple-tab-span" style="white-space:pre"> </span>25600<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\setup16.exe</div>

<div>2012-11-30 02:56:35<span class="Apple-tab-span" style="white-space:pre"> </span>7680<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\instnm.exe</div>

<div>2012-11-30 02:56:34<span class="Apple-tab-span" style="white-space:pre"> </span>14336<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\ntvdm64.dll</div>

<div>2012-11-30 02:56:33<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\user.exe</div>

<div>2012-11-30 02:51:41<span class="Apple-tab-span" style="white-space:pre"> </span>6144<span class="Apple-tab-span" style="white-space:pre"> </span>---ha-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll</div>

<div>2012-11-30 02:51:41<span class="Apple-tab-span" style="white-space:pre"> </span>4608<span class="Apple-tab-span" style="white-space:pre"> </span>---ha-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll</div>

<div>2012-11-30 02:51:41<span class="Apple-tab-span" style="white-space:pre"> </span>3584<span class="Apple-tab-span" style="white-space:pre"> </span>---ha-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll</div>

<div>2012-11-30 02:51:41<span class="Apple-tab-span" style="white-space:pre"> </span>3072<span class="Apple-tab-span" style="white-space:pre"> </span>---ha-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll</div>

<div>2012-11-09 14:35:50<span class="Apple-tab-span" style="white-space:pre"> </span>771096<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\mfehidk.sys</div>

<div>2012-11-09 14:33:58<span class="Apple-tab-span" style="white-space:pre"> </span>178840<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\mfeapfk.sys</div>

<div>2012-11-09 05:34:27<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\tzres.dll</div>

<div>2012-11-09 04:49:37<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\tzres.dll</div>

<div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>862664<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\msvcr110.dll</div>

<div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>828872<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msvcr110.dll</div>

<div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>661448<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\msvcp110.dll</div>

<div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>534480<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\msvcp110.dll</div>

<div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>50856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\point64.sys</div>

<div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>354264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\vccorlib110.dll</div>

<div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>251864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\vccorlib110.dll</div>

<div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>23960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\drivers\nuidfltr.sys</div>

<div>2012-11-02 23:38:36<span class="Apple-tab-span" style="white-space:pre"> </span>1721576<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\wdfcoinstaller01009.dll</div>

<div>2012-11-02 05:27:51<span class="Apple-tab-span" style="white-space:pre"> </span>478208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\System32\dpnet.dll</div>

<div>2012-11-02 04:48:28<span class="Apple-tab-span" style="white-space:pre"> </span>376832<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\dpnet.dll</div>

<div>2012-10-16 21:20:49<span class="Apple-tab-span" style="white-space:pre"> </span>135168<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\apppatch\AppPatch64\AcXtrnal.dll</div>

<div>2012-10-16 21:20:46<span class="Apple-tab-span" style="white-space:pre"> </span>347648<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\apppatch\AppPatch64\AcLayers.dll</div>

<div>2012-10-16 20:34:37<span class="Apple-tab-span" style="white-space:pre"> </span>559104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\apppatch\AcLayers.dll</div>

<div>2012-10-15 16:45:34<span class="Apple-tab-span" style="white-space:pre"> </span>348160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\msvcr71.dll</div>

<div>2012-10-15 16:45:33<span class="Apple-tab-span" style="white-space:pre"> </span>499712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Windows\SysWow64\msvcp71.dll</div>

<div>.</div>

<div>============= FINISH: 22:01:58.85 ===============</div>

<div> </div>

Link to post
Share on other sites

I hope this is what you're looking for. The first mbam-log was just after I install Malwarebytes but before I update the database as I wasn't sure the update would work. The second one was after I updated the database.

If you need anything else please let me know. I've worked in the computer support field for many years but as you know this type of stuff takes skills few people have so thanks again. The laptop is a Dell Studio 1555 and no matter what I do I can't get it to go into safe mode.

dds.txt

hijackthis.log

mbam-log-2013-01-09 (10-24-06).txt

mbam-log-2013-01-09 (12-11-48).txt

Link to post
Share on other sites

BTW is there any way of knowing where all this came from? These people should be hung up by parts of their bodies I can't mention here.

You probably downloaded something and it came with it.

~~~~~~~~~~~~~~~~~~~~~~~

Please do this...........

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites

Next.............

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.