Spectak26 Posted June 2, 2013 ID:686436 Share Posted June 2, 2013 I've been infected with the FBI Moneypak malware on a Windows 7. It is one of the versions that used my webcam to take a photo of me, which shows up on the FBI malware screen. I was infected with something similiar weeks back and was forced to restore to an earlier time. However, when I tried to do that this time, it began trying to restore for a few minutes, and then stopped and told me there was an error and to try again. When I did, it now says there are no points to restore to. Meanwhile, rebooting in Safe Mode with Networking results in the computer being restarted automatically. I am currently logged in as my wife's user profile (also an admin) and am running a Malwarebytes full scan. Assuming this won't solve the issue, I am at a loss what to do. Thanks in advance for any and all help!Thanks,Jason Link to post Share on other sites More sharing options...
Maniac Posted June 2, 2013 ID:686439 Share Posted June 2, 2013 Hello Jason and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press EnterNote: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Link to post Share on other sites More sharing options...
Spectak26 Posted June 2, 2013 Author ID:686440 Share Posted June 2, 2013 here it isScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2013Ran by SYSTEM on 02-06-2013 07:54:08Running from E:\Windows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [196648 2009-06-03] (ActivIdentity)HKLM\...\Run: [] [x]HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [483880 2009-06-03] (ActivIdentity)HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)HKLM\...\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.)HKLM\...\Run: [M-Audio Taskbar Icon] C:\Windows\system32\M-AudioTaskBarIcon.exe [798728 2010-12-07] (Avid Technology, Inc.)Winlogon\Notify\ScCertProp: wlnotify.dll [X]HKLM-x32\...\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [218408 2008-12-03] (CyberLink Corp.)HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r [237693 2008-12-29] (Creative Technology Ltd)HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)HKLM-x32\...\Run: [Turbo Gear Help] "C:\Program Files\ASUS\Turbo Gear\GearHelp.exe" [1026048 2009-08-05] ()HKLM-x32\...\Run: [Turbo Gear] "C:\Program Files\ASUS\Turbo Gear\TurboGear.exe" -r [2987520 2009-08-05] ()HKLM-x32\...\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd [x]HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [200704 2007-04-09] (PowerISO Computing, Inc.)HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-03-07] (Apple Inc.)HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1226928 2013-05-31] (AVG Secure Search)HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2339168 2012-01-17] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [295072 2012-12-25] (RealNetworks, Inc.)HKLM-x32\...\Run: [inboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP [1685808 2012-12-12] (Inbox.com, Inc.)HKLM-x32\...\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [81920 2011-08-11] (Avid Technology, Inc..)HKLM-x32\...\Run: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)HKU\IJ\...\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [79664 2012-06-10] (PC Utilities Pro)HKU\IJ\...\Run: [Facebook Update] "C:\Users\IJ\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]HKU\IJ\...\Run: [Yontoo Desktop] "C:\Users\IJ\AppData\Roaming\Yontoo\YontooDesktop.exe" [42784 2013-01-31] (Yontoo LLC)HKU\IJ\...\Run: [Driver Pro] C:\Program Files (x86)\Driver Pro\DPLauncher.exe [340512 2012-10-30] (PC Utilities Pro)HKU\IJ\...\Run: [image-Line] rundll32.exe C:\Users\IJ\AppData\Local\Image-Line\agkfmjkk.dll,ncfwizwbx [773120 2013-04-17] (Mozilla Foundation) <===== ATTENTIONHKU\IJ\...\Run: [searchProtect] C:\Users\IJ\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)HKU\IJ\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)HKU\IJ\...\Run: [wabEventSupport16] rundll32.exe "C:\Users\IJ\AppData\Roaming\wabEventSupport16\wabEventSupport16.dll",AwPath KernelUtilLibs [30208 2013-05-30] ()HKU\IJ\...\Run: [Adobe CSS5.1 Manager] C:\Users\IJ\AppData\Local\43394d62-0264-46ec-9656-d56f00c49010ad\decdfcad.exe [126976 2013-05-30] ()HKU\IJ\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\IJ\AppData\Local\43394d62-0264-46ec-9656-d56f00c49010ad\decdfcad.exe [126976 2013-05-30] ()HKU\IJ\...\Winlogon: [shell] explorer.exe,C:\Users\IJ\AppData\Roaming\skype.dat [123392 2011-11-16] (VSN Software LTD) <==== ATTENTION HKU\Matthew Ella\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [369200 2009-10-30] (DT Soft Ltd)HKU\Matthew Ella\...\Run: [Google Update] "C:\Users\Matthew Ella\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-06-04] (Google Inc.)HKU\Matthew Ella\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1632680 2013-03-15] (Valve Corporation)HKU\Mcx1-KRIEGOR\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exeStartup: C:\Users\Matthew Ella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiFrame.lnkShortcutTarget: MultiFrame.lnk -> C:\Program Files (x86)\ASUS\Asus MultiFrame\MultiFrame.exe (ASUSTek Computer Inc.)SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File==================== Services (Whitelisted) =================S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)S2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] ()S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)S2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-04-11] (Conduit)S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [81920 2011-08-11] (Avid Technology, Inc..)S2 IB Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760 2013-01-29] ()S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1455408 2013-04-07] ()S2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-09-07] ()S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()S2 Updater By SweetPacks; C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [188760 2013-02-28] ()S2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-31] (AVG Secure Search)S2 WBVGAservice; C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [72248 2009-02-06] ()S3 DAUpdaterSvc; c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]==================== Drivers (Whitelisted) ====================S2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2009-12-30] ()S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-31] (AVG Technologies)S3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12672 2007-08-02] (Razer (Asia-Pacific) Pte Ltd)S1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2009-07-22] (ASUSTeK Computer Inc.)S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2009-12-29] ()S3 MAUSBFASTTRACK; C:\Windows\System32\DRIVERS\MAudioFastTrack.sys [187912 2010-12-07] (Avid Technology, Inc.)S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-05-20] ()S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-12-26] (Duplex Secure Ltd.)S3 PRLVNIC; system32\DRIVERS\prl_vnic.sys [x]S2 prl_net; system32\DRIVERS\prl_net.sys [x]S3 tmlwf; S3 tmwfp; S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-06-02 06:55 - 2013-06-02 06:55 - 00000000 ____D C:\FRST2013-06-02 05:00 - 2013-06-02 06:12 - 00000000 ____D C:\Users\Matthew Ella\AppData\Roaming\SearchProtect2013-06-02 05:00 - 2013-06-02 05:00 - 00000000 ____D C:\Users\Matthew Ella\AppData\Roaming\Real2013-05-31 20:32 - 2013-05-31 20:32 - 00000000 __SHD C:\found.0002013-05-31 04:34 - 2013-05-31 04:34 - 00126976 ____A C:\Users\IJ\windowsupdate.exe2013-05-31 04:34 - 2013-05-31 04:34 - 00123392 ____A (VSN Software LTD) C:\Users\IJ\jucheck.exe2013-05-31 04:34 - 2013-05-31 04:34 - 00000000 ____A C:\Users\IJ\java.exe2013-05-31 04:34 - 2013-05-31 04:34 - 00000000 ____A C:\Users\IJ\icq.exe2013-05-31 04:34 - 2013-05-31 04:34 - 00000000 ____A C:\Users\IJ\flashplayer.exe2013-05-31 04:16 - 2013-06-02 04:56 - 00000004 ____A C:\Users\IJ\AppData\Roaming\skype.ini2013-05-30 17:11 - 2013-05-30 17:11 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-05-30 17:11 - 2013-05-30 17:11 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-05-30 17:11 - 2013-05-30 17:11 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-05-30 17:11 - 2013-05-30 17:11 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-05-30 17:11 - 2013-05-30 17:11 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-05-30 17:11 - 2013-05-30 17:11 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-05-30 17:11 - 2013-05-30 17:11 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-05-30 17:11 - 2013-05-30 17:11 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-05-30 17:11 - 2013-05-30 17:11 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-05-30 17:11 - 2013-05-30 17:11 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-05-30 17:11 - 2013-05-30 17:11 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-05-30 17:11 - 2013-05-30 17:11 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-05-30 17:11 - 2013-05-30 17:11 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-05-30 17:11 - 2013-05-30 17:11 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-05-30 17:11 - 2013-05-30 17:11 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat2013-05-30 17:11 - 2013-05-30 17:11 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat2013-05-30 17:11 - 2013-05-30 17:11 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-05-30 17:11 - 2013-05-30 17:11 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-05-30 17:11 - 2013-05-30 17:11 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec2013-05-30 17:11 - 2013-05-30 17:11 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2013-05-30 17:11 - 2013-05-30 17:11 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx2013-05-30 17:11 - 2013-05-30 17:11 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2013-05-30 17:11 - 2013-05-30 17:11 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2013-05-30 17:10 - 2013-05-30 17:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll2013-05-30 17:10 - 2013-05-30 17:10 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll2013-05-30 17:10 - 2013-05-30 17:10 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll2013-05-30 17:10 - 2013-05-30 17:10 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll2013-05-30 17:10 - 2013-05-30 17:10 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-05-30 17:08 - 2013-05-30 17:14 - 00007985 ____A C:\Windows\IE10_main.log2013-05-30 17:07 - 2013-06-02 06:12 - 00000000 ____D C:\Users\IJ\AppData\Local\43394d62-0264-46ec-9656-d56f00c49010ad2013-05-30 17:07 - 2013-06-02 05:00 - 00000304 ___AH C:\Windows\Tasks\{E9EE4ED0-1C09-4AF4-AA8E-F87B1218B94A}.job2013-05-30 16:35 - 2013-05-30 16:35 - 00161280 ____A (HSN Software LLC) C:\Users\IJ\mstsc.exe2013-05-30 16:35 - 2013-05-30 16:35 - 00000000 ____A C:\Users\IJ\googleupdate.exe2013-05-30 16:35 - 2013-05-30 16:35 - 00000000 ____A C:\Users\IJ\firefox.exe2013-05-30 16:35 - 2013-05-30 16:35 - 00000000 ____A C:\Users\IJ\alg.exe2013-05-30 15:27 - 2013-06-02 06:12 - 00000000 ____D C:\Users\IJ\AppData\Roaming\wabEventSupport162013-05-30 13:37 - 2013-06-02 06:12 - 00000000 ____D C:\Users\IJ\AppData\Local\Xfinity.com2013-05-30 13:37 - 2013-05-30 13:37 - 00005290 ____A C:\comcastrelease.log2013-05-30 13:37 - 2013-05-30 13:37 - 00001266 ____A C:\Users\IJ\Desktop\XFINITY Connect.lnk2013-05-30 13:37 - 2013-05-30 13:37 - 00001238 ____A C:\Users\IJ\Desktop\Constant Guard Protection Suite.lnk2013-05-30 13:37 - 2013-05-30 13:37 - 00001232 ____A C:\Users\IJ\Desktop\XFINITY TV.lnk2013-05-30 13:36 - 2013-05-30 13:37 - 00776792 ____A C:\Users\IJ\Downloads\Comcast_Desktop_Software_1203.exe2013-05-19 12:40 - 2013-05-19 12:40 - 00000000 ____D C:\Users\IJ\AppData\Local\{A9C12D66-4392-4FFF-9F44-1C8E9EE27C82}2013-05-18 21:17 - 2013-05-18 21:17 - 49800416 ____A C:\Users\IJ\Desktop\Stamped Up.wav2013-05-18 17:32 - 2013-05-18 17:32 - 00000000 ____D C:\Users\IJ\AppData\Local\{3AAC252D-42B9-4829-A832-6B44DAE9A683}2013-05-17 15:46 - 2013-05-17 15:46 - 00000000 ____D C:\Users\IJ\AppData\Local\{F0DFFFE8-8FC7-4418-BE94-4AA4E51566D1}2013-05-17 15:30 - 2013-05-17 15:30 - 11474280 ____A C:\Users\IJ\Desktop\how many bars verse.wav2013-05-17 15:14 - 2013-05-17 16:35 - 00000000 ____D C:\Users\IJ\Desktop\how many bars2013-05-15 15:50 - 2013-05-15 15:50 - 44983156 ____A C:\Users\IJ\Desktop\The Cypher.wav2013-05-14 18:41 - 2013-05-14 18:41 - 00000118 ____A C:\Windows\System32\MRT.INI2013-05-14 18:16 - 2013-05-14 18:16 - 41648296 ____A C:\Users\IJ\Desktop\addicted 2.wav2013-05-14 18:01 - 2013-05-14 18:01 - 41648296 ____A C:\Users\IJ\Desktop\Addicted feat Swizz.wav2013-05-14 18:01 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys2013-05-14 18:01 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys2013-05-14 18:01 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll2013-05-14 18:01 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll2013-05-14 18:00 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-05-14 18:00 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll2013-05-14 18:00 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll2013-05-14 18:00 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe2013-05-14 18:00 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll2013-05-14 18:00 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll2013-05-14 18:00 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll2013-05-14 18:00 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2013-05-14 18:00 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll2013-05-14 18:00 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2013-05-14 11:53 - 2013-05-14 11:53 - 00000000 ____D C:\Users\IJ\AppData\Local\{9DC02FAF-F627-49E4-8E7E-75406EC7E65C}2013-05-13 11:45 - 2013-05-13 11:45 - 00000000 ____D C:\Users\IJ\AppData\Local\{23401D01-B20B-435F-AA92-2ED93153E36A}2013-05-13 09:14 - 2013-05-13 09:14 - 00000000 ____D C:\SearchProtect2013-05-11 21:53 - 2013-05-11 21:53 - 33700084 ____A C:\Users\IJ\Desktop\My Own Class MP3.wav2013-05-11 21:40 - 2013-05-11 21:40 - 00000000 ____D C:\Users\IJ\Desktop\Copy of My own class2013-05-11 02:59 - 2013-05-11 02:59 - 00028317 ____A C:\Users\IJ\Downloads\the reach2013-05-10 18:24 - 2013-05-10 18:26 - 15063368 ____A C:\Users\IJ\Downloads\Movie on 5-10-13 at 6.37 PM.mov2013-05-03 18:32 - 2013-05-30 12:52 - 00000000 ____D C:\Program Files (x86)\The KMPlayer2013-05-03 18:32 - 2013-05-03 18:32 - 00001041 ____A C:\Users\IJ\Desktop\KMPlayer.lnk2013-05-03 18:32 - 2013-05-03 18:32 - 00000000 ____D C:\Program Files (x86)\PANDORA.TV2013-05-03 18:29 - 2013-05-03 18:31 - 32642064 ____A C:\Users\IJ\Desktop\KMPlayer_3-6-0-87.exe2013-05-03 18:29 - 2013-05-03 18:29 - 00393024 ____A (Softonic ) C:\Users\IJ\Downloads\SoftonicDownloader_for_kmplayer.exe2013-05-03 07:57 - 2013-05-03 08:03 - 00000000 ____D C:\Users\IJ\Desktop\Piano2013-05-03 07:46 - 2013-05-03 07:55 - 00000000 ____D C:\Users\IJ\Desktop\Keyboards2013-05-03 07:24 - 2013-05-03 07:25 - 00000000 ____D C:\Users\IJ\AppData\Local\{44401BC5-9A61-4B4E-9DB9-9A7D1295A708}==================== One Month Modified Files and Folders =======2013-06-02 06:55 - 2013-06-02 06:55 - 00000000 ____D C:\FRST2013-06-02 06:12 - 2013-06-02 05:00 - 00000000 ____D C:\Users\Matthew Ella\AppData\Roaming\SearchProtect2013-06-02 06:12 - 2013-05-30 17:07 - 00000000 ____D C:\Users\IJ\AppData\Local\43394d62-0264-46ec-9656-d56f00c49010ad2013-06-02 06:12 - 2013-05-30 15:27 - 00000000 ____D C:\Users\IJ\AppData\Roaming\wabEventSupport162013-06-02 06:12 - 2013-05-30 13:37 - 00000000 ____D C:\Users\IJ\AppData\Local\Xfinity.com2013-06-02 06:12 - 2013-03-21 13:58 - 00000000 ____D C:\Users\IJ\AppData\Roaming\Digidesign2013-06-02 06:12 - 2012-05-14 15:05 - 00000000 ____D C:\users\IJ2013-06-02 06:12 - 2011-12-12 06:02 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search2013-06-02 06:12 - 2009-12-26 17:09 - 00000000 ____D C:\users\Matthew Ella2013-06-02 06:12 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages2013-06-02 06:12 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media2013-06-02 06:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK2013-06-02 06:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR2013-06-02 06:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK2013-06-02 06:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR2013-06-02 06:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache2013-06-02 06:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions2013-06-02 06:12 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared2013-06-02 05:31 - 2010-06-04 14:32 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283913179-3707219626-3989253274-1000UA.job2013-06-02 05:31 - 2009-09-26 15:17 - 01506842 ____A C:\Windows\WindowsUpdate.log2013-06-02 05:28 - 2012-09-02 00:00 - 00029453 ____A C:\Windows\setupact.log2013-06-02 05:28 - 2009-09-26 15:49 - 00000000 ____D C:\ProgramData\NVIDIA2013-06-02 05:28 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-06-02 05:01 - 2009-12-26 17:22 - 00000000 ____D C:\Program Files (x86)\Steam2013-06-02 05:00 - 2013-06-02 05:00 - 00000000 ____D C:\Users\Matthew Ella\AppData\Roaming\Real2013-06-02 05:00 - 2013-05-30 17:07 - 00000304 ___AH C:\Windows\Tasks\{E9EE4ED0-1C09-4AF4-AA8E-F87B1218B94A}.job2013-06-02 05:00 - 2009-12-26 17:09 - 00092856 ____A C:\Users\Matthew Ella\AppData\Local\GDIPFONTCACHEV1.DAT2013-06-02 04:56 - 2013-05-31 04:16 - 00000004 ____A C:\Users\IJ\AppData\Roaming\skype.ini2013-06-02 04:52 - 2013-02-02 10:39 - 00000000 ____D C:\Users\IJ\AppData\Roaming\Yontoo2013-06-02 04:51 - 2009-12-27 11:40 - 00045056 ____A C:\Windows\System32\acovcnt.exe2013-05-31 20:32 - 2013-05-31 20:32 - 00000000 __SHD C:\found.0002013-05-31 18:46 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-05-31 18:46 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-05-31 18:40 - 2009-09-26 15:48 - 00002793 ____A C:\Windows\System32\ServiceFilter.ini2013-05-31 18:39 - 2012-11-21 16:23 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys2013-05-31 07:16 - 2012-10-18 16:35 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-05-31 04:34 - 2013-05-31 04:34 - 00126976 ____A C:\Users\IJ\windowsupdate.exe2013-05-31 04:34 - 2013-05-31 04:34 - 00123392 ____A (VSN Software LTD) C:\Users\IJ\jucheck.exe2013-05-31 04:34 - 2013-05-31 04:34 - 00000000 ____A C:\Users\IJ\java.exe2013-05-31 04:34 - 2013-05-31 04:34 - 00000000 ____A C:\Users\IJ\icq.exe2013-05-31 04:34 - 2013-05-31 04:34 - 00000000 ____A C:\Users\IJ\flashplayer.exe2013-05-31 04:15 - 2009-09-26 15:48 - 00002728 ____A C:\Windows\System32\AutoRunFilter.ini2013-05-30 17:14 - 2013-05-30 17:08 - 00007985 ____A C:\Windows\IE10_main.log2013-05-30 17:11 - 2013-05-30 17:11 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-05-30 17:11 - 2013-05-30 17:11 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-05-30 17:11 - 2013-05-30 17:11 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-05-30 17:11 - 2013-05-30 17:11 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-05-30 17:11 - 2013-05-30 17:11 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-05-30 17:11 - 2013-05-30 17:11 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-05-30 17:11 - 2013-05-30 17:11 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-05-30 17:11 - 2013-05-30 17:11 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-05-30 17:11 - 2013-05-30 17:11 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-05-30 17:11 - 2013-05-30 17:11 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-05-30 17:11 - 2013-05-30 17:11 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-05-30 17:11 - 2013-05-30 17:11 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-05-30 17:11 - 2013-05-30 17:11 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-05-30 17:11 - 2013-05-30 17:11 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-05-30 17:11 - 2013-05-30 17:11 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat2013-05-30 17:11 - 2013-05-30 17:11 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat2013-05-30 17:11 - 2013-05-30 17:11 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-05-30 17:11 - 2013-05-30 17:11 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-05-30 17:11 - 2013-05-30 17:11 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec2013-05-30 17:11 - 2013-05-30 17:11 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2013-05-30 17:11 - 2013-05-30 17:11 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx2013-05-30 17:11 - 2013-05-30 17:11 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2013-05-30 17:11 - 2013-05-30 17:11 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2013-05-30 17:11 - 2013-05-30 17:11 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2013-05-30 17:11 - 2013-05-30 17:11 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2013-05-30 17:10 - 2013-05-30 17:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll2013-05-30 17:10 - 2013-05-30 17:10 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll2013-05-30 17:10 - 2013-05-30 17:10 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll2013-05-30 17:10 - 2013-05-30 17:10 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll2013-05-30 17:10 - 2013-05-30 17:10 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll2013-05-30 17:10 - 2013-05-30 17:10 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-05-30 17:10 - 2013-05-30 17:10 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-05-30 16:35 - 2013-05-30 16:35 - 00161280 ____A (HSN Software LLC) C:\Users\IJ\mstsc.exe2013-05-30 16:35 - 2013-05-30 16:35 - 00000000 ____A C:\Users\IJ\googleupdate.exe2013-05-30 16:35 - 2013-05-30 16:35 - 00000000 ____A C:\Users\IJ\firefox.exe2013-05-30 16:35 - 2013-05-30 16:35 - 00000000 ____A C:\Users\IJ\alg.exe2013-05-30 13:37 - 2013-05-30 13:37 - 00005290 ____A C:\comcastrelease.log2013-05-30 13:37 - 2013-05-30 13:37 - 00001266 ____A C:\Users\IJ\Desktop\XFINITY Connect.lnk2013-05-30 13:37 - 2013-05-30 13:37 - 00001238 ____A C:\Users\IJ\Desktop\Constant Guard Protection Suite.lnk2013-05-30 13:37 - 2013-05-30 13:37 - 00001232 ____A C:\Users\IJ\Desktop\XFINITY TV.lnk2013-05-30 13:37 - 2013-05-30 13:36 - 00776792 ____A C:\Users\IJ\Downloads\Comcast_Desktop_Software_1203.exe2013-05-30 12:52 - 2013-05-03 18:32 - 00000000 ____D C:\Program Files (x86)\The KMPlayer2013-05-27 09:59 - 2013-03-23 16:54 - 00000000 ____D C:\Users\IJ\Desktop\test2013-05-27 09:32 - 2012-10-06 22:38 - 00000000 __AHD C:\Users\IJ\AppData\Local\ooH0bP9Zvtp1Rp2013-05-27 09:29 - 2013-05-02 10:10 - 00000000 ____D C:\Users\IJ\Desktop\TRIFECTA2013-05-23 15:41 - 2009-07-13 21:13 - 00732638 ____A C:\Windows\System32\PerfStringBackup.INI2013-05-22 19:31 - 2010-06-04 14:32 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283913179-3707219626-3989253274-1000Core.job2013-05-19 12:40 - 2013-05-19 12:40 - 00000000 ____D C:\Users\IJ\AppData\Local\{A9C12D66-4392-4FFF-9F44-1C8E9EE27C82}2013-05-18 21:17 - 2013-05-18 21:17 - 49800416 ____A C:\Users\IJ\Desktop\Stamped Up.wav2013-05-18 17:32 - 2013-05-18 17:32 - 00000000 ____D C:\Users\IJ\AppData\Local\{3AAC252D-42B9-4829-A832-6B44DAE9A683}2013-05-17 16:35 - 2013-05-17 15:14 - 00000000 ____D C:\Users\IJ\Desktop\how many bars2013-05-17 15:46 - 2013-05-17 15:46 - 00000000 ____D C:\Users\IJ\AppData\Local\{F0DFFFE8-8FC7-4418-BE94-4AA4E51566D1}2013-05-17 15:30 - 2013-05-17 15:30 - 11474280 ____A C:\Users\IJ\Desktop\how many bars verse.wav2013-05-17 14:23 - 2009-07-13 21:08 - 00032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT2013-05-15 16:52 - 2013-04-30 10:29 - 00000000 ____D C:\Users\IJ\Desktop\Cypher32013-05-15 15:50 - 2013-05-15 15:50 - 44983156 ____A C:\Users\IJ\Desktop\The Cypher.wav2013-05-15 14:34 - 2009-07-13 20:45 - 00374176 ____A C:\Windows\System32\FNTCACHE.DAT2013-05-14 18:41 - 2013-05-14 18:41 - 00000118 ____A C:\Windows\System32\MRT.INI2013-05-14 18:38 - 2009-12-27 11:33 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-05-14 18:19 - 2012-10-18 16:35 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-05-14 18:19 - 2011-12-11 14:26 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-05-14 18:16 - 2013-05-14 18:16 - 41648296 ____A C:\Users\IJ\Desktop\addicted 2.wav2013-05-14 18:01 - 2013-05-14 18:01 - 41648296 ____A C:\Users\IJ\Desktop\Addicted feat Swizz.wav2013-05-14 11:56 - 2013-04-26 06:00 - 00000000 ____D C:\Users\IJ\Desktop\New folder2013-05-14 11:53 - 2013-05-14 11:53 - 00000000 ____D C:\Users\IJ\AppData\Local\{9DC02FAF-F627-49E4-8E7E-75406EC7E65C}2013-05-13 11:59 - 2013-04-30 11:32 - 00123904 ____A C:\Users\IJ\AppData\Local\svcxdcl32.exe2013-05-13 11:45 - 2013-05-13 11:45 - 00000000 ____D C:\Users\IJ\AppData\Local\{23401D01-B20B-435F-AA92-2ED93153E36A}2013-05-13 09:14 - 2013-05-13 09:14 - 00000000 ____D C:\SearchProtect2013-05-11 21:53 - 2013-05-11 21:53 - 33700084 ____A C:\Users\IJ\Desktop\My Own Class MP3.wav2013-05-11 21:40 - 2013-05-11 21:40 - 00000000 ____D C:\Users\IJ\Desktop\Copy of My own class2013-05-11 02:59 - 2013-05-11 02:59 - 00028317 ____A C:\Users\IJ\Downloads\the reach2013-05-10 18:26 - 2013-05-10 18:24 - 15063368 ____A C:\Users\IJ\Downloads\Movie on 5-10-13 at 6.37 PM.mov2013-05-08 17:36 - 2012-11-05 17:21 - 00000000 ____D C:\Users\IJ\AppData\Roaming\dvdcss2013-05-05 08:01 - 2012-09-06 18:14 - 00000000 ____D C:\Users\IJ\AppData\Roaming\vlc2013-05-03 18:46 - 2012-12-19 09:52 - 00000000 ____D C:\Users\IJ\Desktop\AVO Mixtape2013-05-03 18:46 - 2012-12-13 00:17 - 00000000 ____D C:\Users\IJ\Desktop\Fall Fashions Mixtape2013-05-03 18:32 - 2013-05-03 18:32 - 00001041 ____A C:\Users\IJ\Desktop\KMPlayer.lnk2013-05-03 18:32 - 2013-05-03 18:32 - 00000000 ____D C:\Program Files (x86)\PANDORA.TV2013-05-03 18:31 - 2013-05-03 18:29 - 32642064 ____A C:\Users\IJ\Desktop\KMPlayer_3-6-0-87.exe2013-05-03 18:29 - 2013-05-03 18:29 - 00393024 ____A (Softonic ) C:\Users\IJ\Downloads\SoftonicDownloader_for_kmplayer.exe2013-05-03 08:03 - 2013-05-03 07:57 - 00000000 ____D C:\Users\IJ\Desktop\Piano2013-05-03 07:56 - 2013-03-21 14:02 - 00000000 ____D C:\Users\IJ\Desktop\Empty Session2013-05-03 07:55 - 2013-05-03 07:46 - 00000000 ____D C:\Users\IJ\Desktop\Keyboards2013-05-03 07:25 - 2013-05-03 07:24 - 00000000 ____D C:\Users\IJ\AppData\Local\{44401BC5-9A61-4B4E-9DB9-9A7D1295A708}Files to move or delete:====================C:\Users\IJ\1427586.exeC:\Users\IJ\4696883.exeC:\Users\IJ\alg.exeC:\Users\IJ\firefox.exeC:\Users\IJ\flashplayer.exeC:\Users\IJ\googleupdate.exeC:\Users\IJ\icq.exeC:\Users\IJ\java.exeC:\Users\IJ\jucheck.exeC:\Users\IJ\mstsc.exeC:\Users\IJ\windowsupdate.exeC:\Users\IJ\AppData\Roaming\skype.datC:\Users\IJ\AppData\Roaming\skype.iniC:\Windows\Tasks\{E9EE4ED0-1C09-4AF4-AA8E-F87B1218B94A}.job==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2013-05-11 03:13:02Restore point made on: 2013-05-11 23:46:54Restore point made on: 2013-05-12 22:07:43Restore point made on: 2013-05-13 17:59:24Restore point made on: 2013-05-14 18:32:20Restore point made on: 2013-05-15 16:52:36Restore point made on: 2013-05-16 11:37:07Restore point made on: 2013-05-16 12:25:28Restore point made on: 2013-05-17 16:36:23Restore point made on: 2013-05-19 14:44:17Restore point made on: 2013-05-20 06:56:05Restore point made on: 2013-05-20 08:29:18Restore point made on: 2013-05-21 02:00:30Restore point made on: 2013-05-21 03:39:26Restore point made on: 2013-05-21 13:28:31Restore point made on: 2013-05-21 20:30:47Restore point made on: 2013-05-22 15:18:52Restore point made on: 2013-05-22 20:48:48Restore point made on: 2013-05-23 10:45:33Restore point made on: 2013-05-23 13:20:09Restore point made on: 2013-05-23 19:15:34Restore point made on: 2013-05-24 19:15:45Restore point made on: 2013-05-26 00:19:35Restore point made on: 2013-05-26 16:39:06Restore point made on: 2013-05-27 11:03:26Restore point made on: 2013-05-30 17:08:03Restore point made on: 2013-05-31 07:30:13Restore point made on: 2013-06-02 04:55:42Restore point made on: 2013-06-02 05:30:48==================== Memory info =========================== Percentage of memory in use: 14%Total physical RAM: 6143.04 MBAvailable physical RAM: 5239.82 MBTotal Pagefile: 6141.18 MBAvailable Pagefile: 5383.09 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.86 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:451.11 GB) (Free:298.51 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]Drive e: (IJASON) (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT (Disk=1 Partition=1)Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: D9B3496E)Partition 1: (Not Active) - (Size=15 GB) - (Type=1C)Partition 2: (Active) - (Size=451 GB) - (Type=07 NTFS)========================================================Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)Partition 1: (Active) - (Size=2 GB) - (Type=06)Last Boot: 2013-05-27 07:07==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Maniac Posted June 2, 2013 ID:686444 Share Posted June 2, 2013 Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txtHKLM\...\Run: [] [x]HKU\IJ\...\Run: [image-Line] rundll32.exe C:\Users\IJ\AppData\Local\Image-Line\agkfmjkk.dll,ncfwizwbx [773120 2013-04-17] (Mozilla Foundation) <===== ATTENTIONHKU\IJ\...\Winlogon: [shell] explorer.exe,C:\Users\IJ\AppData\Roaming\skype.dat [123392 2011-11-16] (VSN Software LTD) <==== ATTENTION HKU\IJ\...\Run: [Adobe CSS5.1 Manager] C:\Users\IJ\AppData\Local\43394d62-0264-46ec-9656-d56f00c49010ad\decdfcad.exe [126976 2013-05-30] ()HKU\IJ\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\IJ\AppData\Local\43394d62-0264-46ec-9656-d56f00c49010ad\decdfcad.exe [126976 2013-05-30] ()2013-05-31 04:34 - 2013-05-31 04:34 - 00123392 ____A (VSN Software LTD) C:\Users\IJ\jucheck.exe2013-05-31 04:34 - 2013-05-31 04:34 - 00000000 ____A C:\Users\IJ\java.exe2013-05-31 04:34 - 2013-05-31 04:34 - 00000000 ____A C:\Users\IJ\icq.exe2013-05-31 04:34 - 2013-05-31 04:34 - 00000000 ____A C:\Users\IJ\flashplayer.exe2013-05-31 04:16 - 2013-06-02 04:56 - 00000004 ____A C:\Users\IJ\AppData\Roaming\skype.ini2013-05-30 17:07 - 2013-06-02 06:12 - 00000000 ____D C:\Users\IJ\AppData\Local\43394d62-0264-46ec-9656-d56f00c49010ad2013-05-30 17:07 - 2013-06-02 05:00 - 00000304 ___AH C:\Windows\Tasks\{E9EE4ED0-1C09-4AF4-AA8E-F87B1218B94A}.job2013-05-30 16:35 - 2013-05-30 16:35 - 00161280 ____A (HSN Software LLC) C:\Users\IJ\mstsc.exe2013-05-30 16:35 - 2013-05-30 16:35 - 00000000 ____A C:\Users\IJ\googleupdate.exe2013-05-30 16:35 - 2013-05-30 16:35 - 00000000 ____A C:\Users\IJ\firefox.exe2013-05-30 16:35 - 2013-05-30 16:35 - 00000000 ____A C:\Users\IJ\alg.exeC:\Users\IJ\1427586.exeC:\Users\IJ\4696883.exeC:\Users\IJ\windowsupdate.exeC:\Users\IJ\AppData\Roaming\skype.datNOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options then select Command PromptRun FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.Reboot Normally. Link to post Share on other sites More sharing options...
Spectak26 Posted June 2, 2013 Author ID:686451 Share Posted June 2, 2013 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2013Ran by SYSTEM at 2013-06-02 08:17:42 Run:1Running from E:\Boot Mode: Recovery==============================================HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.HKEY_USERS\IJ\Software\Microsoft\Windows\CurrentVersion\Run\\Image-Line => Value deleted successfully.HKEY_USERS\IJ\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.HKEY_USERS\IJ\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully.HKEY_USERS\IJ\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe CSS5.1 Manager => Value deleted successfully.C:\Users\IJ\jucheck.exe => Moved successfully.C:\Users\IJ\java.exe => Moved successfully.C:\Users\IJ\icq.exe => Moved successfully.C:\Users\IJ\flashplayer.exe => Moved successfully.C:\Users\IJ\AppData\Roaming\skype.ini => Moved successfully.C:\Users\IJ\AppData\Local\43394d62-0264-46ec-9656-d56f00c49010ad => Moved successfully.C:\Windows\Tasks\{E9EE4ED0-1C09-4AF4-AA8E-F87B1218B94A}.job => Moved successfully.C:\Users\IJ\mstsc.exe => Moved successfully.C:\Users\IJ\googleupdate.exe => Moved successfully.C:\Users\IJ\firefox.exe => Moved successfully.C:\Users\IJ\alg.exe => Moved successfully.C:\Users\IJ\1427586.exe => Moved successfully.C:\Users\IJ\4696883.exe => Moved successfully.C:\Users\IJ\windowsupdate.exe => Moved successfully.C:\Users\IJ\AppData\Roaming\skype.dat => Moved successfully.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
Maniac Posted June 2, 2013 ID:686452 Share Posted June 2, 2013 Do you still have a problem to boot in Normal mode? Link to post Share on other sites More sharing options...
Spectak26 Posted June 2, 2013 Author ID:686457 Share Posted June 2, 2013 No. It is fixed!!!! Thank you! Link to post Share on other sites More sharing options...
Maniac Posted June 2, 2013 ID:686458 Share Posted June 2, 2013 We still have some work to do.Please follow the instructions here:http://forums.malwarebytes.org/index.php?showtopic=9573 Link to post Share on other sites More sharing options...
Spectak26 Posted June 2, 2013 Author ID:686463 Share Posted June 2, 2013 ok Link to post Share on other sites More sharing options...
Spectak26 Posted June 10, 2013 Author ID:689585 Share Posted June 10, 2013 I Have another computer with the same problem. Think you can help? Link to post Share on other sites More sharing options...
Maniac Posted June 10, 2013 ID:689669 Share Posted June 10, 2013 Please start another thread for another computer and follow the instructions here:http://forums.malwarebytes.org/index.php?showtopic=9573 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 25, 2013 Root Admin ID:695363 Share Posted June 25, 2013 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts