Jump to content

Recommended Posts

I believe I have what is known as the Money Pak Virus, the FBI virus or the White Screen of Death.

Like many other threads I have seen on the forum I can not start in safe mode as the computer will automatically restart and after user log in you can view the desktop for a second, then the screen turns white.

I did get lucky one time while powering down the computer and was able to pull up a system restore. It only showed 1 log from much earlier in the day and I tried running it but with no successes.

My next attempt would be to run Safe Mode with command prompt and see if I can get any more system restores from there.

I would like whatever help I can get to have the computer just running so I can get a program to remove the virus.

I am on a 64 bit Windows 7 machine.

Link to post
Share on other sites

Welcome to the forum, here's how we deal with that virus:

  1. Please download Farbar Recovery Scan Tool and save it to a flash drive.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    Plug the flash drive into the infected PC.
  2. If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
    If you are using Vista or Windows 7 enter System Recovery Options.
    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

[*]On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
      Select Command Prompt
      Once in the Command Prompt:

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

MrC

Link to post
Share on other sites

Thanks MrC for the info.

I did not have a flash drive with me yesterday so I grab what I had lastnight ( 8GB Lexer SD card) I am assuming it is all the same compared to a Flash USB stick?

I did more research and created a new account with admin rights, through command prompt last night and was able to log in, I still could not get internet to work.

I did run Repair Your Computer at the boot options the other day and not sure if there was any success. It still would only load a white screen. I will download FarBar and try to make a recovery disk while at work (My computer came preloaded without a disk) so I can try it later today.

Does this mean I can download FarBar and run it in the new account or will I still have to run it through command prompt?

Link to post
Share on other sites

I am assuming it is all the same compared to a Flash USB stick?

Yes

I will download FarBar and try to make a recovery disk while at work (My computer came preloaded without a disk) so I can try it later today.

You don't have to make a disk, use this method:

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Select Command Prompt

Once in the Command Prompt:

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Does this mean I can download FarBar and run it in the new account or will I still have to run it through command prompt?

Command prompt

MrC

Link to post
Share on other sites

Ran home and got the text file done.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-05-2013

Ran by SYSTEM on 02-05-2013 10:39:11

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST could be run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16334368 2009-07-18] (NVIDIA Corporation)

HKLM\...\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610360 2009-09-14] ()

HKLM\...\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)

HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [620152 2006-10-22] (Adobe Systems Inc.)

HKLM-x32\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2010-09-24] (Apple Inc.)

HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1164584 2010-09-16] ()

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [449608 2011-08-31] (Malwarebytes Corporation)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe [98304 2009-08-21] (Wireless Service)

HKLM-x32\...\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe [1708032 2009-09-18] (D-Link Corp.)

HKLM-x32\...\Run: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-140 revB\WZCSLDR2.exe [x]

HKU\Brandon\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)

HKU\Brandon\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

HKU\Brandon\...\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [5201528 2011-07-08] (SlySoft, Inc.)

HKU\Brandon\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)

HKU\Brandon\...\Run: [Windows Update Server] C:\Users\Brandon\1os0ieiryvktk-10083.exe [99840 2013-04-30] ()

HKU\Brandon\...\Winlogon: [shell] explorer.exe,C:\Users\Brandon\AppData\Roaming\skype.dat [58368 2011-11-16] () <==== ATTENTION

HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)

HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)

HKU\test\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)

HKU\Test.Brandon-PC\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)

HKU\Test.Brandon-PC.000\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)

SubSystems: [Windows] ATTENTION! ====> ZeroAccess

Startup: C:ProgramData\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()

Startup: C:ProgramData\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk

ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()

Startup: C:ProgramData\Start Menu\Programs\Startup\CineForm Status.lnk

ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)

Startup: C:ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

Startup: C:ProgramData\Start Menu\Programs\Startup\PictureMover.lnk

ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

Startup: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 ANIWConnService; C:\Windows\SysWow64\ANIWConnService.exe [151552 2009-07-07] ()

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [366152 2011-08-31] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)

S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\diMaster.dll [135032 2010-04-29] (Symantec Corporation)

S2 Packet; C:\Windows\system32\HabuFltr.dll [6656 2009-07-13] (Oak Technology Inc.)

S2 SPService; c:\windows\system32\config\systemprofile\appdata\roaming\adobe\sp.dll [x]

==================== Drivers (Whitelisted) ====================

S1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()

S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138872 2011-06-09] (SlySoft, Inc.)

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100709.001\BHDrvx64.sys [942640 2010-05-22] (Symantec Corporation)

S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-05-29] (Symantec Corporation)

S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2010-05-29] (Symantec Corporation)

S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100726.001\IDSvia64.sys [463408 2010-05-28] (Symantec Corporation)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25416 2011-08-31] (Malwarebytes Corporation)

S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-05-29] (Symantec Corporation)

S1 ccHP; \SystemRoot\system32\drivers\NISx64\1107000.00C\ccHPx64.sys [x]

S1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [x]

S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100728.021\ENG64.SYS [x]

S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100728.021\EX64.SYS [x]

S3 SRTSP; \SystemRoot\System32\Drivers\NISx64\1107000.00C\SRTSP64.SYS [x]

S1 SRTSPX; \SystemRoot\system32\drivers\NISx64\1107000.00C\SRTSPX64.SYS [x]

S0 SymDS; system32\drivers\NISx64\1107000.00C\SYMDS64.SYS [x]

S0 SymEFA; system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS [x]

S1 SymIRON; \SystemRoot\system32\drivers\NISx64\1107000.00C\Ironx64.SYS [x]

S1 SYMTDIv; \SystemRoot\System32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: Packet -> C:\Windows\system32\HabuFltr.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess

==================== One Month Created Files and Folders ========

2013-05-02 10:38 - 2013-05-02 10:38 - 00000000 ____D C:\FRST

2013-05-02 04:30 - 2013-05-02 04:30 - 00000000 ____D C:\Users\Test.Brandon-PC.000\AppData\Local\GoPro

2013-05-02 03:40 - 2013-05-02 04:19 - 00000000 ____D C:\Users\Test.Brandon-PC.000\AppData\Roaming\Hewlett-Packard

2013-05-02 03:40 - 2013-05-02 03:40 - 00123392 ____A C:\Users\Test.Brandon-PC.000\AppData\Local\GDIPFONTCACHEV1.DAT

2013-05-02 03:40 - 2013-05-02 03:40 - 00000000 ____D C:\Users\Test.Brandon-PC.000\AppData\Roaming\PictureMover

2013-05-02 03:40 - 2013-05-02 03:40 - 00000000 ____D C:\Users\Test.Brandon-PC.000\AppData\Roaming\Apple Computer

2013-05-02 03:40 - 2013-05-02 03:40 - 00000000 ____D C:\Users\Test.Brandon-PC.000\AppData\Local\Adobe

2013-05-02 03:39 - 2013-05-02 03:49 - 00000000 ____D C:\Users\Test.Brandon-PC.000\AppData\Local\Hewlett-Packard

2013-05-02 03:39 - 2013-05-02 03:40 - 00000000 ____D C:\Users\Test.Brandon-PC.000\AppData\Roaming\Adobe

2013-05-02 03:39 - 2013-05-02 03:39 - 00002261 ____A C:\Users\Test.Brandon-PC.000\Desktop\Google Chrome.lnk

2013-05-02 03:39 - 2013-05-02 03:39 - 00000020 ___SH C:\Users\Test.Brandon-PC.000\ntuser.ini

2013-05-02 03:39 - 2013-05-02 03:39 - 00000000 ____D C:\users\Test.Brandon-PC.000

2013-05-02 03:39 - 2010-05-30 22:25 - 00000000 ____D C:\Users\Test.Brandon-PC.000\AppData\Local\Microsoft Help

2013-05-02 03:36 - 2013-05-02 03:36 - 00000020 __ASH C:\Users\Test.Brandon-PC\ntuser.ini

2013-05-02 03:36 - 2013-05-02 03:36 - 00000000 ____D C:\users\Test.Brandon-PC

2013-05-02 03:36 - 2010-05-30 22:25 - 00000000 ____D C:\Users\Test.Brandon-PC\AppData\Local\Microsoft Help

2013-05-01 17:09 - 2013-05-01 17:09 - 00000000 ____D C:\Users\Brandon\AppData\Local\{50A565BA-E296-4B87-87AF-4C72B77DB827}

2013-05-01 12:28 - 2013-05-01 12:28 - 00000000 ____D C:\Users\test\AppData\Local\CrashDumps

2013-05-01 09:44 - 2013-05-01 15:35 - 00000000 ____D C:\Users\test\AppData\Local\GoPro

2013-05-01 09:43 - 2013-05-01 12:26 - 00000000 ____D C:\Users\test\AppData\Roaming\Malwarebytes

2013-05-01 09:42 - 2013-05-01 09:42 - 00123392 ____A C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT

2013-05-01 09:42 - 2013-05-01 09:42 - 00000000 ____D C:\Users\test\AppData\Roaming\Hewlett-Packard

2013-05-01 09:42 - 2013-05-01 09:42 - 00000000 ____D C:\Users\test\AppData\Roaming\Apple Computer

2013-05-01 09:42 - 2013-05-01 09:42 - 00000000 ____D C:\Users\test\AppData\Local\Adobe

2013-05-01 09:41 - 2013-05-01 15:35 - 00000000 ____D C:\Users\test\AppData\Roaming\PictureMover

2013-05-01 09:41 - 2013-05-01 15:35 - 00000000 ____D C:\Users\test\AppData\Local\Hewlett-Packard

2013-05-01 09:41 - 2013-05-01 09:42 - 00000000 ____D C:\Users\test\AppData\Roaming\Adobe

2013-05-01 09:40 - 2013-05-01 15:35 - 00000000 ____D C:\users\test

2013-05-01 09:40 - 2010-05-30 22:25 - 00000000 ____D C:\Users\test\AppData\Local\Microsoft Help

2013-04-30 18:00 - 2013-04-30 18:00 - 00000000 ____D C:\Users\Brandon\AppData\Local\{A7FD36F3-A6FF-4EA6-AB33-1F2F2836F35F}

2013-04-30 17:52 - 2013-04-30 17:52 - 00000000 ____D C:\Users\Brandon\AppData\Local\{9276B347-9747-4B00-A698-BD004112B247}

2013-04-30 17:33 - 2013-04-30 17:33 - 00000000 ____D C:\Users\Brandon\AppData\Local\{7D3D6AF1-9435-4A58-8DB6-4B49880DE64E}

2013-04-30 17:30 - 2013-04-30 17:30 - 00000000 ____D C:\Users\Brandon\AppData\Local\{6BFDC97A-1BD0-4DC2-BCC1-325E5885B67F}

2013-04-30 17:26 - 2013-05-01 17:09 - 00000004 ____A C:\Users\Brandon\AppData\Roaming\skype.ini

2013-04-30 17:21 - 2013-04-30 17:21 - 00099840 __ASH C:\Users\Brandon\1os0ieiryvktk-10083.exe

2013-04-30 17:08 - 2013-04-30 17:09 - 00000000 ___HD C:\Users\Brandon\Downloads\nikki benz9765896

2013-04-30 02:16 - 2013-04-30 02:16 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe(92).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml(115).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-04-30 02:16 - 2013-04-30 02:16 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-04-30 02:16 - 2013-04-30 02:16 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-04-30 02:16 - 2013-04-30 02:16 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl(96).cpl

2013-04-30 02:16 - 2013-04-30 02:16 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-04-30 02:16 - 2013-04-30 02:16 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-04-30 02:16 - 2013-04-30 02:16 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2013-04-30 02:16 - 2013-04-30 02:16 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript(98).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds(99).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript(123).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-04-30 02:16 - 2013-04-30 02:16 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-04-30 02:16 - 2013-04-30 02:16 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html(111).iec

2013-04-30 02:16 - 2013-04-30 02:16 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck(125).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt(94).exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating(116).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache(102).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack(91).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache(117).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng(97).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2013-04-30 02:16 - 2013-04-30 02:16 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc(103).ocx

2013-04-30 02:16 - 2013-04-30 02:16 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs(119).exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-04-30 02:16 - 2013-04-30 02:16 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc(121).ocx

2013-04-30 02:16 - 2013-04-30 02:16 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt(118).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil(95).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler(101).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs(114).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil(112).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10(113).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta(100).exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-04-30 02:03 - 2013-04-30 02:03 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1(81).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11(84).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint(105).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite(86).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9(83).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter(127).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt(104).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt(126).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1(82).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation(122).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-30 02:00 - 2013-04-30 02:19 - 00007985 ____A C:\Windows\IE10_main.log

2013-04-23 10:08 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-04-23 10:08 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs(85).sys

2013-04-22 14:42 - 2013-04-22 14:42 - 00000000 ____D C:\Users\Brandon\AppData\Local\{3878EBBA-5F18-4E08-A88B-16FD83A875D8}

2013-04-18 03:40 - 2013-04-18 03:40 - 00000000 ____D C:\Users\Brandon\AppData\Local\{D7C8B7CE-7751-480A-885C-F80AAEB738DA}

2013-04-17 03:30 - 2013-04-17 03:31 - 00000000 ___HD C:\Users\Brandon\Downloads\remy lacroix

2013-04-12 14:53 - 2013-04-12 14:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-04-12 14:11 - 2013-04-12 14:12 - 00000000 ____D C:\Users\Brandon\AppData\Local\{61F87703-0B8F-4CB6-AB64-890EB6987F29}

2013-04-10 17:31 - 2013-04-10 17:31 - 00000000 ____D C:\Users\Brandon\AppData\Local\{D8FB5C10-A628-48CB-9852-4CCA0C640DC9}

2013-04-10 11:11 - 2013-03-18 22:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-04-10 11:11 - 2013-03-18 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll

2013-04-10 11:11 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-04-10 11:11 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-04-10 11:11 - 2013-03-18 20:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-04-10 11:11 - 2013-03-18 19:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe

2013-04-10 11:11 - 2013-02-28 19:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-04-10 11:11 - 2013-02-14 22:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll

2013-04-10 11:11 - 2013-02-14 22:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll

2013-04-10 11:11 - 2013-02-14 22:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll

2013-04-10 11:11 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2013-04-10 11:11 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2013-04-10 11:11 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2013-04-10 11:11 - 2013-01-23 22:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys

2013-04-04 14:46 - 2013-04-04 14:47 - 00000000 ___HD C:\Users\Brandon\Downloads\rikki six

2013-04-03 03:21 - 2013-04-03 03:40 - 115250352 ___AH C:\Users\Brandon\Downloads\rikki_six_ck113012_pics.zip

2013-04-02 17:53 - 2013-04-03 17:54 - 00000000 ____D C:\Users\Brandon\AppData\Local\{4D664F2E-AD64-4A3D-BE7A-576634EE6A08}

==================== One Month Modified Files and Folders =======

2013-05-02 10:38 - 2013-05-02 10:38 - 00000000 ____D C:\FRST

2013-05-02 09:36 - 2012-11-11 19:18 - 00000005 ____A C:\Windows\SysWOW64\ANIWZCSUSERNAME{47CF9079-9B47-42C6-A0E3-37C1B656F4AF}

2013-05-02 09:35 - 2010-06-07 04:20 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-02 09:35 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-02 09:35 - 2009-07-13 20:51 - 00059887 ____A C:\Windows\setupact.log

2013-05-02 09:16 - 2010-10-21 22:02 - 00000406 ___AH C:\Windows\Tasks\Norton Security Scan for Brandon.job

2013-05-02 09:07 - 2010-06-07 04:20 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-02 09:06 - 2012-03-28 15:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-02 04:38 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-02 04:38 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-02 04:35 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-02 04:30 - 2013-05-02 04:30 - 00000000 ____D C:\Users\Test.Brandon-PC.000\AppData\Local\GoPro

2013-05-02 04:19 - 2013-05-02 03:40 - 00000000 ____D C:\Users\Test.Brandon-PC.000\AppData\Roaming\Hewlett-Packard

2013-05-02 03:49 - 2013-05-02 03:39 - 00000000 ____D C:\Users\Test.Brandon-PC.000\AppData\Local\Hewlett-Packard

2013-05-02 03:40 - 2013-05-02 03:40 - 00123392 ____A C:\Users\Test.Brandon-PC.000\AppData\Local\GDIPFONTCACHEV1.DAT

2013-05-02 03:40 - 2013-05-02 03:40 - 00000000 ____D C:\Users\Test.Brandon-PC.000\AppData\Roaming\PictureMover

2013-05-02 03:40 - 2013-05-02 03:40 - 00000000 ____D C:\Users\Test.Brandon-PC.000\AppData\Roaming\Apple Computer

2013-05-02 03:40 - 2013-05-02 03:40 - 00000000 ____D C:\Users\Test.Brandon-PC.000\AppData\Local\Adobe

2013-05-02 03:40 - 2013-05-02 03:39 - 00000000 ____D C:\Users\Test.Brandon-PC.000\AppData\Roaming\Adobe

2013-05-02 03:39 - 2013-05-02 03:39 - 00002261 ____A C:\Users\Test.Brandon-PC.000\Desktop\Google Chrome.lnk

2013-05-02 03:39 - 2013-05-02 03:39 - 00000020 ___SH C:\Users\Test.Brandon-PC.000\ntuser.ini

2013-05-02 03:39 - 2013-05-02 03:39 - 00000000 ____D C:\users\Test.Brandon-PC.000

2013-05-02 03:39 - 2010-02-13 09:26 - 00081190 ____A C:\Windows\PFRO.log

2013-05-02 03:36 - 2013-05-02 03:36 - 00000020 __ASH C:\Users\Test.Brandon-PC\ntuser.ini

2013-05-02 03:36 - 2013-05-02 03:36 - 00000000 ____D C:\users\Test.Brandon-PC

2013-05-01 17:10 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages

2013-05-01 17:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK

2013-05-01 17:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR

2013-05-01 17:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK

2013-05-01 17:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR

2013-05-01 17:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-05-01 17:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-05-01 17:09 - 2013-05-01 17:09 - 00000000 ____D C:\Users\Brandon\AppData\Local\{50A565BA-E296-4B87-87AF-4C72B77DB827}

2013-05-01 17:09 - 2013-04-30 17:26 - 00000004 ____A C:\Users\Brandon\AppData\Roaming\skype.ini

2013-05-01 17:09 - 2012-11-11 19:56 - 00003284 ____A C:\Windows\SysWOW64\ANIWZCS{47CF9079-9B47-42C6-A0E3-37C1B656F4AF}

2013-05-01 17:09 - 2012-11-11 19:56 - 00003284 ____A C:\Users\Brandon\AppData\Roaming\ANIWZCS{47CF9079-9B47-42C6-A0E3-37C1B656F4AF}

2013-05-01 17:09 - 2011-07-17 18:18 - 00000125 ___SH C:ProgramData\.zreglib

2013-05-01 17:09 - 2010-05-30 16:35 - 00000000 ___HD C:\Users\Brandon\Tracing

2013-05-01 17:09 - 2010-05-29 20:19 - 00000000 ____D C:\users\Brandon

2013-05-01 17:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat

2013-05-01 17:03 - 2012-04-30 19:37 - 00000000 ____D C:\Users\Brandon\AppData\Local\GoPro

2013-05-01 17:03 - 2011-11-29 04:54 - 00000000 ____D C:ProgramData\McAfee Security Scan

2013-05-01 17:03 - 2011-11-12 08:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-01 17:03 - 2010-05-30 21:04 - 00000000 ____D C:ProgramData\FLEXnet

2013-05-01 17:03 - 2010-05-29 20:21 - 00000000 ____D C:\Users\Brandon\AppData\Local\Hewlett-Packard

2013-05-01 17:03 - 2010-02-13 10:07 - 00000000 ____D C:ProgramData\Norton

2013-05-01 17:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2013-05-01 17:03 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-05-01 16:47 - 2011-11-12 08:17 - 00000000 ____D C:ProgramData\Malwarebytes

2013-05-01 15:35 - 2013-05-01 09:44 - 00000000 ____D C:\Users\test\AppData\Local\GoPro

2013-05-01 15:35 - 2013-05-01 09:41 - 00000000 ____D C:\Users\test\AppData\Roaming\PictureMover

2013-05-01 15:35 - 2013-05-01 09:41 - 00000000 ____D C:\Users\test\AppData\Local\Hewlett-Packard

2013-05-01 15:35 - 2013-05-01 09:40 - 00000000 ____D C:\users\test

2013-05-01 12:28 - 2013-05-01 12:28 - 00000000 ____D C:\Users\test\AppData\Local\CrashDumps

2013-05-01 12:26 - 2013-05-01 09:43 - 00000000 ____D C:\Users\test\AppData\Roaming\Malwarebytes

2013-05-01 09:42 - 2013-05-01 09:42 - 00123392 ____A C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT

2013-05-01 09:42 - 2013-05-01 09:42 - 00000000 ____D C:\Users\test\AppData\Roaming\Hewlett-Packard

2013-05-01 09:42 - 2013-05-01 09:42 - 00000000 ____D C:\Users\test\AppData\Roaming\Apple Computer

2013-05-01 09:42 - 2013-05-01 09:42 - 00000000 ____D C:\Users\test\AppData\Local\Adobe

2013-05-01 09:42 - 2013-05-01 09:41 - 00000000 ____D C:\Users\test\AppData\Roaming\Adobe

2013-05-01 03:56 - 2010-07-22 04:10 - 16505344 __ASH C:\Users\Brandon\Desktop\Thumbs.db

2013-04-30 18:00 - 2013-04-30 18:00 - 00000000 ____D C:\Users\Brandon\AppData\Local\{A7FD36F3-A6FF-4EA6-AB33-1F2F2836F35F}

2013-04-30 17:52 - 2013-04-30 17:52 - 00000000 ____D C:\Users\Brandon\AppData\Local\{9276B347-9747-4B00-A698-BD004112B247}

2013-04-30 17:52 - 2010-05-29 20:19 - 01287364 ____A C:\Windows\WindowsUpdate.log

2013-04-30 17:33 - 2013-04-30 17:33 - 00000000 ____D C:\Users\Brandon\AppData\Local\{7D3D6AF1-9435-4A58-8DB6-4B49880DE64E}

2013-04-30 17:30 - 2013-04-30 17:30 - 00000000 ____D C:\Users\Brandon\AppData\Local\{6BFDC97A-1BD0-4DC2-BCC1-325E5885B67F}

2013-04-30 17:30 - 2010-06-22 19:43 - 00000000 ____D C:\Users\Brandon\AppData\Local\CrashDumps

2013-04-30 17:21 - 2013-04-30 17:21 - 00099840 __ASH C:\Users\Brandon\1os0ieiryvktk-10083.exe

2013-04-30 17:09 - 2013-04-30 17:08 - 00000000 ___HD C:\Users\Brandon\Downloads\nikki benz9765896

2013-04-30 02:19 - 2013-04-30 02:00 - 00007985 ____A C:\Windows\IE10_main.log

2013-04-30 02:16 - 2013-04-30 02:16 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe(92).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml(115).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-04-30 02:16 - 2013-04-30 02:16 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-04-30 02:16 - 2013-04-30 02:16 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-04-30 02:16 - 2013-04-30 02:16 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl(96).cpl

2013-04-30 02:16 - 2013-04-30 02:16 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-04-30 02:16 - 2013-04-30 02:16 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-04-30 02:16 - 2013-04-30 02:16 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2013-04-30 02:16 - 2013-04-30 02:16 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript(98).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds(99).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript(123).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-04-30 02:16 - 2013-04-30 02:16 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-04-30 02:16 - 2013-04-30 02:16 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html(111).iec

2013-04-30 02:16 - 2013-04-30 02:16 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck(125).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt(94).exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating(116).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache(102).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack(91).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache(117).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng(97).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2013-04-30 02:16 - 2013-04-30 02:16 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc(103).ocx

2013-04-30 02:16 - 2013-04-30 02:16 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs(119).exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-04-30 02:16 - 2013-04-30 02:16 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc(121).ocx

2013-04-30 02:16 - 2013-04-30 02:16 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt(118).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil(95).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler(101).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs(114).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil(112).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10(113).dll

2013-04-30 02:16 - 2013-04-30 02:16 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta(100).exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-04-30 02:16 - 2013-04-30 02:16 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-04-30 02:03 - 2013-04-30 02:03 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1(81).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11(84).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint(105).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite(86).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9(83).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter(127).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt(104).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt(126).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1(82).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation(122).dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-30 02:03 - 2013-04-30 02:03 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-22 14:42 - 2013-04-22 14:42 - 00000000 ____D C:\Users\Brandon\AppData\Local\{3878EBBA-5F18-4E08-A88B-16FD83A875D8}

2013-04-18 03:40 - 2013-04-18 03:40 - 00000000 ____D C:\Users\Brandon\AppData\Local\{D7C8B7CE-7751-480A-885C-F80AAEB738DA}

2013-04-18 03:33 - 2012-05-07 17:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-04-17 03:31 - 2013-04-17 03:30 - 00000000 ___HD C:\Users\Brandon\Downloads\remy lacroix

2013-04-12 14:53 - 2013-04-12 14:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-04-12 14:12 - 2013-04-12 14:11 - 00000000 ____D C:\Users\Brandon\AppData\Local\{61F87703-0B8F-4CB6-AB64-890EB6987F29}

2013-04-12 06:45 - 2013-04-23 10:08 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-04-12 06:45 - 2013-04-23 10:08 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs(85).sys

2013-04-11 02:19 - 2009-07-13 20:45 - 02371656 ____A C:\Windows\System32\FNTCACHE.DAT

2013-04-10 17:31 - 2013-04-10 17:31 - 00000000 ____D C:\Users\Brandon\AppData\Local\{D8FB5C10-A628-48CB-9852-4CCA0C640DC9}

2013-04-10 17:30 - 2009-07-13 21:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-04-04 14:47 - 2013-04-04 14:46 - 00000000 ___HD C:\Users\Brandon\Downloads\rikki six

2013-04-03 17:54 - 2013-04-02 17:53 - 00000000 ____D C:\Users\Brandon\AppData\Local\{4D664F2E-AD64-4A3D-BE7A-576634EE6A08}

2013-04-03 03:40 - 2013-04-03 03:21 - 115250352 ___AH C:\Users\Brandon\Downloads\rikki_six_ck113012_pics.zip

ZeroAccess:

C:\Windows\System32\consrv.dll

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-1925604824-1092996795-2013925537-1000\$9dd3a2fe2e0340ccf325005d2adfdfe9

Other Malware:

===========

C:\Users\Brandon\AppData\Roaming\skype.dat

C:\Users\Brandon\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-17 23:00:10

Restore point made on: 2013-04-24 02:00:23

Restore point made on: 2013-04-30 02:00:22

Restore point made on: 2013-04-30 17:53:35

Restore point made on: 2013-05-02 04:19:35

==================== Memory info ===========================

Percentage of memory in use: 14%

Total physical RAM: 5887.24 MB

Available physical RAM: 5032.57 MB

Total Pagefile: 5885.39 MB

Available Pagefile: 5013.97 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920.61 GB) (Free:711.31 GB) NTFS (Disk=0 Partition=2)

Drive e: (FACTORY_IMAGE) (Fixed) (Total:10.81 GB) (Free:1.58 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)]

Drive g: (EOS_DIGITAL) (Removable) (Total:7.45 GB) (Free:7.43 GB) FAT32 (Disk=2 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS

Drive y: (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.06 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 7168 KB

Disk 1 No Media 0 B 0 B

Disk 2 Online 7631 MB 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Partitions of Disk 0:

===============

Disk ID: 46C4F4AE

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 90 MB 1024 KB

Partition 2 Primary 920 GB 94 MB

Partition 3 Primary 10 GB 920 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 90 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C HP NTFS Partition 920 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E FACTORY_IMA NTFS Partition 10 GB Healthy

=========================================================

Partitions of Disk 2:

===============

Disk ID: 00000000

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7631 MB 31 KB

==================================================================================

Disk: 2

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 G EOS_DIGITAL FAT32 Removable 7631 MB Healthy

=========================================================

============================== MBR & Partition Table ==================

====================================================================

Disk: 0 (Size: 932 GB) (Disk ID: 46C4F4AE)

Partition 1: (Active) - (Size=90 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=921 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

====================================================================

Disk: 2 (Size: 7 GB) (Disk ID: 00000000)

Partition 1: (Active) - (Size=7 GB) - (Type=0C)

Last Boot: 2013-04-23 23:02

==================== End Of Log ============================

Link to post
Share on other sites

OK, here you go......this should get you going:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now.

MrC

Link to post
Share on other sites

Computer started up, not sure if there is anything else we need to do.

Here is the fix text.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-05-2013

Ran by SYSTEM at 2013-05-03 04:29:18 Run:1

Running from I:\

Boot Mode: Recovery

==============================================

HKEY_USERS\Brandon\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

HKLM\System\ControlSet001\Control\Session Manager\SubSystems\\Windows => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Packet => Value eleted successfully.

C:\Users\Brandon\AppData\Roaming\skype.ini => Moved successfully.

C:\Users\Brandon\1os0ieiryvktk-10083.exe => Moved successfully.

C:\Users\Brandon\Downloads\nikki benz9765896 => Moved successfully.

C:\Windows\System32\consrv.dll => Moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.

C:\$Recycle.Bin\S-1-5-21-1925604824-1092996795-2013925537-1000\$9dd3a2fe2e0340ccf325005d2adfdfe9 => Moved successfully.

C:\Users\Brandon\AppData\Roaming\skype.dat => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Good....lets run some other scans to make sure you're clean:

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites

Sorry for the delay.

I have done 2 scans and both have returned items that need to be removed.

I removed those items and rebooted the computer but have yet to find the "......two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt"

I opened MBAR with the only program I have, winrar.

Not sure if I missed something but it opens the folder on the program but did not unzip it I guess. Wondering if the logs were dropped in another place? I will continue to run scans and clean them until it program stops finding issues.

The computer does seem to be functioning as it did before.

I will be sending you a donation for all your help. Thanks!

Link to post
Share on other sites

I just sent you a donation MrC, thanks again and let me know if there is anything else I need to run or do.

Oh and very nice dogs btw, I always admire a dog lover.

Sorry text was reduced......

I just sent you a donation MrC, thanks again and let me know if there is anything else I need to run or do.

Oh and very nice dogs btw, I always admire a dog lover.

Link to post
Share on other sites

OK...Thank You Very Much :)

Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Looks Good.....Lets check for any adware while you're here:

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites

Adware txt:

# AdwCleaner v2.300 - Logfile created 05/13/2013 at 04:28:38

# Updated 28/04/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Brandon - BRANDON-PC

# Boot Mode : Normal

# Running from : C:\Users\Brandon\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Program Files (x86)\Vuze_Remote

Folder Found : C:\Program Files (x86)\Vuze_Remote

Folder Found : C:\ProgramData\InstallMate

Folder Found : C:\ProgramData\SoftSafe

Folder Found : C:\Users\Brandon\AppData\LocalLow\Conduit

Folder Found : C:\Users\Brandon\AppData\LocalLow\PriceGong

Folder Found : C:\Users\Brandon\AppData\LocalLow\Vuze_Remote

Folder Found : C:\Users\Brandon\AppData\LocalLow\Vuze_Remote

Folder Found : C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\kodmzaao.default\CT2504091

Folder Found : C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\kodmzaao.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\Vuze_Remote

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B07649DD-4F84-49BA-8476-82F48F673884}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B07649DD-4F84-49BA-8476-82F48F673884}

Key Found : HKLM\Software\Vuze_Remote

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B07649DD-4F84-49BA-8476-82F48F673884}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar

Key Found : HKLM\SOFTWARE\Software

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\kodmzaao.default\prefs.js

Found : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT2504091.CTID", "CT2504091");

Found : user_pref("CT2504091.CurrentServerDate", "8-5-2012");

Found : user_pref("CT2504091.DialogsAlignMode", "LTR");

Found : user_pref("CT2504091.DownloadReferralCookieData", "");

Found : user_pref("CT2504091.EMailNotifierPollDate", "Mon May 07 2012 18:29:38 GMT-0700 (Pacific Daylight Ti[...]

Found : user_pref("CT2504091.FeedLastCount129079840422964131", 14);

Found : user_pref("CT2504091.FeedPollDate128891351169457140", "Mon May 07 2012 18:23:21 GMT-0700 (Pacific Da[...]

Found : user_pref("CT2504091.FeedPollDate129079840422964131", "Mon May 07 2012 18:23:21 GMT-0700 (Pacific Da[...]

Found : user_pref("CT2504091.FeedTTL128891351169457140", 40);

Found : user_pref("CT2504091.FirstServerDate", "23-6-2010");

Found : user_pref("CT2504091.FirstTime", true);

Found : user_pref("CT2504091.FirstTimeFF3", true);

Found : user_pref("CT2504091.FirstTimeSettingsDone", true);

Found : user_pref("CT2504091.FixPageNotFoundErrors", true);

Found : user_pref("CT2504091.GroupingServerCheckInterval", 1440);

Found : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT2504091.Initialize", true);

Found : user_pref("CT2504091.InitializeCommonPrefs", true);

Found : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);

Found : user_pref("CT2504091.InstallationType", "UnknownIntegration");

Found : user_pref("CT2504091.InstalledDate", "Tue Jun 22 2010 22:11:30 GMT-0700 (Pacific Daylight Time)");

Found : user_pref("CT2504091.InvalidateCache", false);

Found : user_pref("CT2504091.IsGrouping", false);

Found : user_pref("CT2504091.IsMulticommunity", false);

Found : user_pref("CT2504091.IsOpenThankYouPage", false);

Found : user_pref("CT2504091.IsOpenUninstallPage", false);

Found : user_pref("CT2504091.LanguagePackLastCheckTime", "Mon May 07 2012 18:23:21 GMT-0700 (Pacific Dayligh[...]

Found : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT2504091.LastLogin_2.7.1.3", "Mon May 07 2012 18:23:21 GMT-0700 (Pacific Daylight Time)"[...]

Found : user_pref("CT2504091.LatestVersion", "3.12.2.3");

Found : user_pref("CT2504091.Locale", "en-us");

Found : user_pref("CT2504091.LoginCache", 4);

Found : user_pref("CT2504091.MCDetectTooltipHeight", "83");

Found : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT2504091.MCDetectTooltipWidth", "295");

Found : user_pref("CT2504091.RadioIsPodcast", false);

Found : user_pref("CT2504091.RadioLastCheckTime", "Fri Nov 04 2011 23:58:31 GMT-0700 (Pacific Daylight Time)[...]

Found : user_pref("CT2504091.RadioLastUpdateIPServer", "3");

Found : user_pref("CT2504091.RadioLastUpdateServer", "0");

Found : user_pref("CT2504091.RadioMediaID", "9909");

Found : user_pref("CT2504091.RadioMediaType", "Media Player");

Found : user_pref("CT2504091.RadioMenuSelectedID", "EBRadioMenu_CT25040919909");

Found : user_pref("CT2504091.RadioStationName", "WQXR-FM%20NYC%20(Classical)");

Found : user_pref("CT2504091.RadioStationURL", "hxxp://htc-01.media.globix.net/COMP005996MOD1/meta/wqxr_live[...]

Found : user_pref("CT2504091.SHRINK_TOOLBAR", 1);

Found : user_pref("CT2504091.SearchBoxWidth", 151);

Found : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]

Found : user_pref("CT2504091.SearchFromAddressBarIsInit", true);

Found : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]

Found : user_pref("CT2504091.SearchInNewTabEnabled", true);

Found : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Mon May 07 2012 18:23:21 GMT-0700 (Pacific Dayli[...]

Found : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]

Found : user_pref("CT2504091.SettingsCheckIntervalMin", 120);

Found : user_pref("CT2504091.SettingsLastCheckTime", "Mon May 07 2012 18:23:21 GMT-0700 (Pacific Daylight Ti[...]

Found : user_pref("CT2504091.SettingsLastUpdate", "1335100296");

Found : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);

Found : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Tue Apr 17 2012 05:21:24 GMT-0700 (Pacific Day[...]

Found : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1312887586");

Found : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");

Found : user_pref("CT2504091.UserID", "UN41893000791607380");

Found : user_pref("CT2504091.ValidationData_Search", 2);

Found : user_pref("CT2504091.ValidationData_Toolbar", 2);

Found : user_pref("CT2504091.WeatherNetwork", "");

Found : user_pref("CT2504091.WeatherPollDate", "Fri Nov 11 2011 20:00:43 GMT-0800 (Pacific Standard Time)");

Found : user_pref("CT2504091.WeatherUnit", "F");

Found : user_pref("CT2504091.alertChannelId", "897164");

Found : user_pref("CT2504091.backendstorage._gpl_firstrun10100", "31333137393432313339");

Found : user_pref("CT2504091.backendstorage.cb_firstuse0100", "31");

Found : user_pref("CT2504091.backendstorage.cb_user_id_000", "43423432333538353837373232395F46697265666F78")[...]

Found : user_pref("CT2504091.backendstorage.cbcountry_000", "5553");

Found : user_pref("CT2504091.backendstorage.cbfirsttime", "4D6F6E204A616E20303920323031322030343A34303A30302[...]

Found : user_pref("CT2504091.backendstorage.for_aoi", "31333132363636323235");

Found : user_pref("CT2504091.backendstorage.for_ccid", "466F727420576F727468");

Found : user_pref("CT2504091.backendstorage.for_cdtr2", "31333135353639333935");

Found : user_pref("CT2504091.backendstorage.for_cdtr5", "31333132363636323235");

Found : user_pref("CT2504091.backendstorage.for_cdtr6", "31333135353639333930");

Found : user_pref("CT2504091.backendstorage.for_cid", "5553");

Found : user_pref("CT2504091.backendstorage.for_ip", "39392E3134372E3134322E3735");

Found : user_pref("CT2504091.backendstorage.for_lcut", "31333336343430323033");

Found : user_pref("CT2504091.backendstorage.for_pid", "31303231");

Found : user_pref("CT2504091.backendstorage.for_rid", "5458");

Found : user_pref("CT2504091.backendstorage.for_zoneid", "3130313537");

Found : user_pref("CT2504091.backendstorage.hxxp://dl_gameplaylabs_com/items/conduit/temp._gpl_firstrun10100[...]

Found : user_pref("CT2504091.backendstorage.shoppingapp.gk.exipres", "546875204D617920313020323031322030393A[...]

Found : user_pref("CT2504091.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");

Found : user_pref("CT2504091.backendstorage.url_history", "687474703A2F2F7777772E6272617A7A6572732E636F6D2F7[...]

Found : user_pref("CT2504091.backendstorage.url_history0001", "687474703A2F2F7777772E676F6F676C652E636F6D2F7[...]

Found : user_pref("CT2504091.backendstorage.url_history_time", "31333237333235333536313536");

Found : user_pref("CT2504091.clientLogIsEnabled", false);

Found : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]

Found : user_pref("CT2504091.myStuffEnabled", true);

Found : user_pref("CT2504091.myStuffPublihserMinWidth", 400);

Found : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]

Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]

Found : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");

Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12569 octets] - [13/05/2013 04:28:38]

########## EOF - C:\AdwCleaner[R1].txt - [12630 octets] ##########

Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Here is the adwcleaner txt:

# AdwCleaner v2.300 - Logfile created 05/13/2013 at 16:43:13

# Updated 28/04/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Brandon - BRANDON-PC

# Boot Mode : Normal

# Running from : C:\Users\Brandon\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\Vuze_Remote

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\SoftSafe

Folder Deleted : C:\Users\Brandon\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Brandon\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Brandon\AppData\LocalLow\Vuze_Remote

Folder Deleted : C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\kodmzaao.default\CT2504091

Folder Deleted : C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\kodmzaao.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B07649DD-4F84-49BA-8476-82F48F673884}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B07649DD-4F84-49BA-8476-82F48F673884}

Key Deleted : HKLM\Software\Vuze_Remote

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B07649DD-4F84-49BA-8476-82F48F673884}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar

Key Deleted : HKLM\SOFTWARE\Software

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\kodmzaao.default\prefs.js

Deleted : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT2504091.CTID", "CT2504091");

Deleted : user_pref("CT2504091.CurrentServerDate", "8-5-2012");

Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR");

Deleted : user_pref("CT2504091.DownloadReferralCookieData", "");

Deleted : user_pref("CT2504091.EMailNotifierPollDate", "Mon May 07 2012 18:29:38 GMT-0700 (Pacific Daylight Ti[...]

Deleted : user_pref("CT2504091.FeedLastCount129079840422964131", 14);

Deleted : user_pref("CT2504091.FeedPollDate128891351169457140", "Mon May 07 2012 18:23:21 GMT-0700 (Pacific Da[...]

Deleted : user_pref("CT2504091.FeedPollDate129079840422964131", "Mon May 07 2012 18:23:21 GMT-0700 (Pacific Da[...]

Deleted : user_pref("CT2504091.FeedTTL128891351169457140", 40);

Deleted : user_pref("CT2504091.FirstServerDate", "23-6-2010");

Deleted : user_pref("CT2504091.FirstTime", true);

Deleted : user_pref("CT2504091.FirstTimeFF3", true);

Deleted : user_pref("CT2504091.FirstTimeSettingsDone", true);

Deleted : user_pref("CT2504091.FixPageNotFoundErrors", true);

Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT2504091.Initialize", true);

Deleted : user_pref("CT2504091.InitializeCommonPrefs", true);

Deleted : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT2504091.InstallationType", "UnknownIntegration");

Deleted : user_pref("CT2504091.InstalledDate", "Tue Jun 22 2010 22:11:30 GMT-0700 (Pacific Daylight Time)");

Deleted : user_pref("CT2504091.InvalidateCache", false);

Deleted : user_pref("CT2504091.IsGrouping", false);

Deleted : user_pref("CT2504091.IsMulticommunity", false);

Deleted : user_pref("CT2504091.IsOpenThankYouPage", false);

Deleted : user_pref("CT2504091.IsOpenUninstallPage", false);

Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Mon May 07 2012 18:23:21 GMT-0700 (Pacific Dayligh[...]

Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT2504091.LastLogin_2.7.1.3", "Mon May 07 2012 18:23:21 GMT-0700 (Pacific Daylight Time)"[...]

Deleted : user_pref("CT2504091.LatestVersion", "3.12.2.3");

Deleted : user_pref("CT2504091.Locale", "en-us");

Deleted : user_pref("CT2504091.LoginCache", 4);

Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT2504091.RadioIsPodcast", false);

Deleted : user_pref("CT2504091.RadioLastCheckTime", "Fri Nov 04 2011 23:58:31 GMT-0700 (Pacific Daylight Time)[...]

Deleted : user_pref("CT2504091.RadioLastUpdateIPServer", "3");

Deleted : user_pref("CT2504091.RadioLastUpdateServer", "0");

Deleted : user_pref("CT2504091.RadioMediaID", "9909");

Deleted : user_pref("CT2504091.RadioMediaType", "Media Player");

Deleted : user_pref("CT2504091.RadioMenuSelectedID", "EBRadioMenu_CT25040919909");

Deleted : user_pref("CT2504091.RadioStationName", "WQXR-FM%20NYC%20(Classical)");

Deleted : user_pref("CT2504091.RadioStationURL", "hxxp://htc-01.media.globix.net/COMP005996MOD1/meta/wqxr_live[...]

Deleted : user_pref("CT2504091.SHRINK_TOOLBAR", 1);

Deleted : user_pref("CT2504091.SearchBoxWidth", 151);

Deleted : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]

Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]

Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true);

Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Mon May 07 2012 18:23:21 GMT-0700 (Pacific Dayli[...]

Deleted : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]

Deleted : user_pref("CT2504091.SettingsCheckIntervalMin", 120);

Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Mon May 07 2012 18:23:21 GMT-0700 (Pacific Daylight Ti[...]

Deleted : user_pref("CT2504091.SettingsLastUpdate", "1335100296");

Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Tue Apr 17 2012 05:21:24 GMT-0700 (Pacific Day[...]

Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1312887586");

Deleted : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");

Deleted : user_pref("CT2504091.UserID", "UN41893000791607380");

Deleted : user_pref("CT2504091.ValidationData_Search", 2);

Deleted : user_pref("CT2504091.ValidationData_Toolbar", 2);

Deleted : user_pref("CT2504091.WeatherNetwork", "");

Deleted : user_pref("CT2504091.WeatherPollDate", "Fri Nov 11 2011 20:00:43 GMT-0800 (Pacific Standard Time)");

Deleted : user_pref("CT2504091.WeatherUnit", "F");

Deleted : user_pref("CT2504091.alertChannelId", "897164");

Deleted : user_pref("CT2504091.backendstorage._gpl_firstrun10100", "31333137393432313339");

Deleted : user_pref("CT2504091.backendstorage.cb_firstuse0100", "31");

Deleted : user_pref("CT2504091.backendstorage.cb_user_id_000", "43423432333538353837373232395F46697265666F78")[...]

Deleted : user_pref("CT2504091.backendstorage.cbcountry_000", "5553");

Deleted : user_pref("CT2504091.backendstorage.cbfirsttime", "4D6F6E204A616E20303920323031322030343A34303A30302[...]

Deleted : user_pref("CT2504091.backendstorage.for_aoi", "31333132363636323235");

Deleted : user_pref("CT2504091.backendstorage.for_ccid", "466F727420576F727468");

Deleted : user_pref("CT2504091.backendstorage.for_cdtr2", "31333135353639333935");

Deleted : user_pref("CT2504091.backendstorage.for_cdtr5", "31333132363636323235");

Deleted : user_pref("CT2504091.backendstorage.for_cdtr6", "31333135353639333930");

Deleted : user_pref("CT2504091.backendstorage.for_cid", "5553");

Deleted : user_pref("CT2504091.backendstorage.for_ip", "39392E3134372E3134322E3735");

Deleted : user_pref("CT2504091.backendstorage.for_lcut", "31333336343430323033");

Deleted : user_pref("CT2504091.backendstorage.for_pid", "31303231");

Deleted : user_pref("CT2504091.backendstorage.for_rid", "5458");

Deleted : user_pref("CT2504091.backendstorage.for_zoneid", "3130313537");

Deleted : user_pref("CT2504091.backendstorage.hxxp://dl_gameplaylabs_com/items/conduit/temp._gpl_firstrun10100[...]

Deleted : user_pref("CT2504091.backendstorage.shoppingapp.gk.exipres", "546875204D617920313020323031322030393A[...]

Deleted : user_pref("CT2504091.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");

Deleted : user_pref("CT2504091.backendstorage.url_history", "687474703A2F2F7777772E6272617A7A6572732E636F6D2F7[...]

Deleted : user_pref("CT2504091.backendstorage.url_history0001", "687474703A2F2F7777772E676F6F676C652E636F6D2F7[...]

Deleted : user_pref("CT2504091.backendstorage.url_history_time", "31333237333235333536313536");

Deleted : user_pref("CT2504091.clientLogIsEnabled", false);

Deleted : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]

Deleted : user_pref("CT2504091.myStuffEnabled", true);

Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12698 octets] - [13/05/2013 04:28:38]

AdwCleaner[s1].txt - [11870 octets] - [13/05/2013 16:43:13]

########## EOF - C:\AdwCleaner[s1].txt - [11931 octets] ##########

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.