Jump to content

Infection Found - changing user settings, can't get rid of it?


jBaz

Recommended Posts

Have run MB over the last couple of months and some days it finds an infection (or 2 or 3) and some days it's clean but the machine never seems to completely recover.  Also, in the last day or so, it has decided to recover a previously deleted user account, too.   Machine is very sluggish and getting worse - please help!

 

Here are copies of the DDS logs and MB log

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.17.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Sarahlynn Hayden :: MSPOE-PC [administrator]
 
Protection: Enabled
 
9/17/2013 9:11:39 AM
MBAM-log-2013-09-17 (10-04-21) full log.txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 303994
Time elapsed: 52 minute(s), 21 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 3
C:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1000\$9a722e5aed15d0eb3ec82c42e116bfa4\U\00000001.@ (Trojan.0Access) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1000\$9a722e5aed15d0eb3ec82c42e116bfa4\U\80000000.@ (Trojan.0Access) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1000\$9a722e5aed15d0eb3ec82c42e116bfa4\U\800000cb.@ (Trojan.0Access) -> No action taken.
 
(end)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686
Run by Sarahlynn Hayden at 10:43:24 on 2013-09-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1639.711 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{FB797C5D-3987-49C5-A51C-D43257D41A6C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FB797C5D-3987-49C5-A51C-D43257D41A6C}\133747D223E646D2332746 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{FB797C5D-3987-49C5-A51C-D43257D41A6C}\353686F6F6C602F46666963656 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{FB797C5D-3987-49C5-A51C-D43257D41A6C}\7756374756C6C663139323 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{FB797C5D-3987-49C5-A51C-D43257D41A6C}\B4343502C49626271627970275962756C65637370225F657475627 : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2012-5-19 75904]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2012-5-19 38016]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-5-19 204288]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-17 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-17 701512]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-5-19 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-5-19 126392]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-5-19 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-9-27 76912]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-9-17 25928]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-5-19 1109096]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-5-19 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-5-19 243712]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-14 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-09-17 13:49:08 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Roaming\Malwarebytes
2013-09-17 13:38:59 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-17 13:38:56 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-09-17 13:38:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-17 13:38:25 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\Programs
2013-09-17 13:34:35 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DFF61F0C-805D-4B44-8B19-A39CE08369B4}\mpengine.dll
2013-09-17 13:06:58 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2013-09-17 13:05:44 4751752 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2013-09-17 01:38:38 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{A363A23C-33C4-438F-8813-FB296209EB0C}
2013-09-16 13:33:02 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{93FAC7D6-CB94-415B-A901-BA127DC52716}
2013-09-14 03:02:54 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{03424DA5-9F21-4CB0-9486-868286BF34BE}
2013-09-13 13:31:58 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{100562B7-7BC3-4E2F-AE84-9E89822328A0}
2013-09-12 12:20:42 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{AC6EF6F1-7C42-489E-95CA-B30AB90CBCFC}
2013-09-11 18:21:23 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{98319BBB-AC22-48CC-8AD4-875F59621B37}
2013-09-10 18:20:06 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{F087014F-5953-4E56-92FF-9B8896FDAF1B}
2013-09-09 15:47:55 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{9CF33945-0E4C-46A9-ACDC-0C863451B38C}
2013-09-08 19:19:55 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{10F3396A-F9C3-4E18-85E1-610B68603EC9}
2013-09-08 02:36:22 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{2965F2AC-A68C-48DB-9446-CDAB67FB6D10}
2013-09-05 13:59:56 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{2AF449D1-D7F1-47C0-BCD8-7168E932907A}
2013-09-05 02:00:03 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{35C9256F-0CE3-402B-B0B6-B91741C4952F}
2013-09-04 13:03:37 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{FF36426E-4267-44BF-BC58-AA488534C15B}
2013-08-28 18:50:49 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{A3616CD1-BA74-4F75-81A5-C55710EF4D9F}
2013-08-23 20:16:31 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{001CDFFC-2926-47D9-82CD-69CFE0F43CF6}
2013-08-22 21:13:48 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{E52CF6AD-F78E-40DF-8C39-ECE2759CE488}
2013-08-19 16:26:31 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{4F45E95B-02AB-4D6B-8B79-1CFB18F0BFDE}
2013-08-18 21:44:15 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{7C4D52D4-99A0-485A-9FFD-36B88624C85A}
2013-08-18 21:44:15 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{156D552D-5023-4E26-ACE0-91B6BAC4FFF6}
2013-08-18 18:02:09 -------- d-----w- C:\windows\System32\MRT
.
==================== Find3M  ====================
.
2013-09-17 13:05:57 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-17 13:05:57 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-08-10 05:22:18 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\windows\System32\win32k.sys
2013-08-07 09:22:02 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-08-05 02:25:45 155584 ----a-w- C:\windows\System32\drivers\ataport.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 10:44:26.69 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 8/9/2012 10:36:32 AM
System Uptime: 9/17/2013 10:05:55 AM (0 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: AMD E-300 APU with Radeon HD Graphics | Socket FT1 | 1300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 244.802 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP88: 8/12/2013 9:56:39 AM - Windows Update
RP89: 8/16/2013 4:57:18 PM - Windows Update
RP91: 8/18/2013 12:40:59 PM - Windows Modules Installer
RP92: 8/19/2013 11:25:01 AM - Windows Update
RP93: 8/23/2013 8:40:43 AM - Windows Update
RP94: 8/27/2013 8:36:50 AM - Windows Update
RP95: 9/3/2013 11:14:33 AM - Windows Update
RP96: 9/10/2013 7:39:32 AM - Windows Update
RP97: 9/13/2013 8:44:17 AM - Windows Update
RP98: 9/16/2013 7:35:18 AM - Windows Update
RP99: 9/17/2013 8:05:27 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) MUI
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
Bejeweled 3
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chuzzle Deluxe
Conexant HD Audio
D3DX10
ETDWare PS/2-X64 8.0.8.0_R01
FATE - The Traitor Soul
Fishdom 2
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Java Auto Updater
Java 6 Update 25
Junk Mail filter update
Label@Once 1.0
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition 
Skype Launcher
Tom Clancy's Splinter Cell
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBARegistration
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
9/17/2013 8:22:11 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/17/2013 8:22:11 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
9/17/2013 10:25:45 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer MYNETN600 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FB797C5D-3987-49C5-A51C-D43257D41A6C}. The master browser is stopping or an election is being forced.
9/16/2013 7:56:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2870699).
9/16/2013 7:34:26 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.
9/12/2013 7:21:39 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR4.
.
==== End Of File ===========================
 
 
Link to post
Share on other sites

Run the following:

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 8/9/2012 10:36:32 AM
System Uptime: 9/17/2013 10:05:55 AM (0 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: AMD E-300 APU with Radeon HD Graphics | Socket FT1 | 1300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 244.802 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP88: 8/12/2013 9:56:39 AM - Windows Update
RP89: 8/16/2013 4:57:18 PM - Windows Update
RP91: 8/18/2013 12:40:59 PM - Windows Modules Installer
RP92: 8/19/2013 11:25:01 AM - Windows Update
RP93: 8/23/2013 8:40:43 AM - Windows Update
RP94: 8/27/2013 8:36:50 AM - Windows Update
RP95: 9/3/2013 11:14:33 AM - Windows Update
RP96: 9/10/2013 7:39:32 AM - Windows Update
RP97: 9/13/2013 8:44:17 AM - Windows Update
RP98: 9/16/2013 7:35:18 AM - Windows Update
RP99: 9/17/2013 8:05:27 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) MUI
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
Bejeweled 3
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chuzzle Deluxe
Conexant HD Audio
D3DX10
ETDWare PS/2-X64 8.0.8.0_R01
FATE - The Traitor Soul
Fishdom 2
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Java Auto Updater
Java 6 Update 25
Junk Mail filter update
Label@Once 1.0
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition 
Skype Launcher
Tom Clancy's Splinter Cell
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBARegistration
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
9/17/2013 8:22:11 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/17/2013 8:22:11 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
9/17/2013 10:25:45 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer MYNETN600 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FB797C5D-3987-49C5-A51C-D43257D41A6C}. The master browser is stopping or an election is being forced.
9/16/2013 7:56:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2870699).
9/16/2013 7:34:26 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.
9/12/2013 7:21:39 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR4.
.
==== End Of File ===========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013 03
Ran by Sarahlynn Hayden at 2013-09-17 11:19:46
Running from C:\Users\Sarahlynn Hayden\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
Adobe AIR (x32 Version: 2.6.0.19140)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
AMD Media Foundation Decoders (Version: 1.0.60607.2201)
AMD VISION Engine Control Center (x32 Version: 2011.0607.2212.38019)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36)
ATI Catalyst Install Manager (Version: 3.0.829.0)
Bejeweled 3 (x32 Version: 2.2.0.97)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0607.2212.38019)
Catalyst Control Center InstallProxy (x32 Version: 2011.0607.2212.38019)
Catalyst Control Center Localization All (x32 Version: 2011.0607.2212.38019)
CCC Help Chinese Standard (x32 Version: 2011.0607.2211.38019)
CCC Help Chinese Traditional (x32 Version: 2011.0607.2211.38019)
CCC Help Czech (x32 Version: 2011.0607.2211.38019)
CCC Help Danish (x32 Version: 2011.0607.2211.38019)
CCC Help Dutch (x32 Version: 2011.0607.2211.38019)
CCC Help English (x32 Version: 2011.0607.2211.38019)
CCC Help Finnish (x32 Version: 2011.0607.2211.38019)
CCC Help French (x32 Version: 2011.0607.2211.38019)
CCC Help German (x32 Version: 2011.0607.2211.38019)
CCC Help Greek (x32 Version: 2011.0607.2211.38019)
CCC Help Hungarian (x32 Version: 2011.0607.2211.38019)
CCC Help Italian (x32 Version: 2011.0607.2211.38019)
CCC Help Japanese (x32 Version: 2011.0607.2211.38019)
CCC Help Korean (x32 Version: 2011.0607.2211.38019)
CCC Help Norwegian (x32 Version: 2011.0607.2211.38019)
CCC Help Polish (x32 Version: 2011.0607.2211.38019)
CCC Help Portuguese (x32 Version: 2011.0607.2211.38019)
CCC Help Russian (x32 Version: 2011.0607.2211.38019)
CCC Help Spanish (x32 Version: 2011.0607.2211.38019)
CCC Help Swedish (x32 Version: 2011.0607.2211.38019)
CCC Help Thai (x32 Version: 2011.0607.2211.38019)
CCC Help Turkish (x32 Version: 2011.0607.2211.38019)
ccc-utility64 (Version: 2011.0607.2212.38019)
CCleaner (Version: 4.05)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Conexant HD Audio (Version: 8.54.1.0)
D3DX10 (x32 Version: 15.4.2368.0902)
ETDWare PS/2-X64 8.0.8.0_R01 (Version: 8.0.8.0)
FATE - The Traitor Soul (x32 Version: 2.2.0.95)
Fishdom 2 (x32 Version: 2.2.0.98)
Google Chrome (x32 Version: 29.0.1547.66)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
Java Auto Updater (x32 Version: 2.0.4.1)
Java 6 Update 25 (x32 Version: 6.0.250)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Label@Once 1.0 (x32 Version: 1.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Penguins! (x32 Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Polar Bowler (x32 Version: 2.2.0.97)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30124)
Realtek WLAN Driver (x32 Version: 2.00.0016)
Skype Launcher (x32 Version: 2.01)
Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97)
Toshiba App Place (x32 Version: 1.0.6.3)
TOSHIBA Application Installer (x32 Version: 9.0.1.2)
TOSHIBA Assist (x32 Version: 4.2.3.0)
Toshiba Book Place (x32 Version: 2.2.7530)
TOSHIBA Bulletin Board (Version: 1.6.10.64)
TOSHIBA Bulletin Board (x32 Version: 1.6.10.64)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA Hardware Setup (x32 Version: 2.1.0.3)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.9)
Toshiba Laptop Checkup (x32 Version: 2.0.13.11)
TOSHIBA Media Controller (x32 Version: 1.0.87.4)
Toshiba Online Backup (x32 Version: 2.0.0.31)
TOSHIBA Quality Application (x32 Version: 1.0.3)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.5.5109a)
TOSHIBA ReelTime (Version: 1.7.21.64)
TOSHIBA ReelTime (x32 Version: 1.7.21.64)
TOSHIBA Service Station (x32 Version: 2.2.12)
TOSHIBA Supervisor Password (x32 Version: 2.1.0.2)
TOSHIBA Value Added Package (Version: 1.6.1.64)
TOSHIBA Value Added Package (x32 Version: 1.6.1.64)
TOSHIBARegistration (x32 Version: 1.0.6)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Update Installer for WildTangent Games App (x32)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97)
WildTangent Games (x32 Version: 1.0.2.5)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.14)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zuma's Revenge (x32 Version: 2.2.0.97)
 
==================== Restore Points  =========================
 
12-08-2013 14:56:39 Windows Update
16-08-2013 21:57:18 Windows Update
18-08-2013 17:40:59 Windows Modules Installer
19-08-2013 16:25:01 Windows Update
23-08-2013 13:40:43 Windows Update
27-08-2013 13:36:50 Windows Update
03-09-2013 16:14:33 Windows Update
10-09-2013 12:39:32 Windows Update
13-09-2013 13:44:17 Windows Update
16-09-2013 12:35:18 Windows Update
17-09-2013 13:05:27 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {431CF243-93F2-4019-A29A-5244F0C251E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19] (Google Inc.)
Task: {597CBCA2-DD49-4F5D-AB2D-AF8FD6D1A8B7} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {5DC9E37B-7504-49B9-B37C-A13F4D14291D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-17] (Adobe Systems Incorporated)
Task: {92DF686B-081C-4CDE-9AEC-13477D459D74} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {C1F4AB46-3857-4DD6-9EDF-809CC218CE53} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {CB274CDF-7D27-45E8-ABC6-7E9B26F43927} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3116364755-2672186534-3802511386-1003 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)
Task: {F909824F-6AA9-4DC3-A4F3-1451A9D1298D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2012-08-09 11:00 - 2012-08-09 11:00 - 08007680 _____ ( ) C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
2009-01-20 15:51 - 2009-01-20 15:51 - 00007168 _____ ( ) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
2011-06-08 00:11 - 2011-06-08 00:11 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-22 12:17 - 2011-03-22 12:17 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-06-09 23:09 - 2011-06-09 23:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/17/2013 10:07:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/17/2013 09:09:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/17/2013 08:29:31 AM) (Source: Microsoft-Windows-User Profiles Service) (User: MsPoe-PC)
Description: Windows cannot delete the profile directory C:\Users\Ms. Poe. This error may be caused by files in this directory being used by another program. 
 
 DETAIL - The directory is not empty.
 
Error: (09/17/2013 08:23:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/17/2013 08:22:11 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/17/2013 08:22:11 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/17/2013 08:22:11 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/17/2013 08:22:11 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (09/17/2013 08:22:10 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/17/2013 08:22:10 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
 
System errors:
=============
Error: (09/17/2013 10:25:45 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MYNETN600
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FB797C5D-3987-49C5-A51C-D43257D41A6C}.
The master browser is stopping or an election is being forced.
 
Error: (09/17/2013 10:05:14 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (09/17/2013 09:06:35 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (09/17/2013 08:22:11 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (09/17/2013 08:22:11 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
Error: (09/17/2013 08:19:58 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (09/16/2013 08:25:29 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (09/16/2013 07:56:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2870699).
 
Error: (09/16/2013 07:34:26 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.
 
Error: (09/12/2013 07:21:39 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR4.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 50%
Total physical RAM: 1638.87 MB
Available physical RAM: 806.08 MB
Total Pagefile: 3277.73 MB
Available Pagefile: 1879.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (TI106232W0C) (Fixed) (Total:284.4 GB) (Free:244.72 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: CBA03604)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Sorry - didn't realize that it did not paste when I copied it over.

 

Here it is:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03

Ran by Sarahlynn Hayden (administrator) on MSPOE-PC on 17-09-2013 11:18:09

Running from C:\Users\Sarahlynn Hayden\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\windows\system32\atiesrxx.exe

(AMD) C:\windows\system32\atieclxx.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

(Toshiba) C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [] - [x]

HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)

HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)

HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)

HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)

HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596912 2011-06-28] (TOSHIBA Corporation)

HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)

HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-19] (Google Inc.)

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-08] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)

HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)

HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

Chrome: 

=======



CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File

CHR Extension: (Google Docs) - C:\Users\SARAHL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\SARAHL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\SARAHL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\SARAHL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\SARAHL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR Extension: (Gmail) - C:\Users\SARAHL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

 

==================== Services (Whitelisted) =================

 

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2011-07-19] (Symantec Corporation)

R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-09-17 11:16 - 2013-09-17 11:16 - 01950524 _____ (Farbar) C:\Users\Sarahlynn Hayden\Downloads\FRST64.exe

2013-09-17 11:16 - 2013-09-17 11:16 - 00000000 ____D C:\FRST

2013-09-17 10:44 - 2013-09-17 10:44 - 00017488 _____ C:\Users\Sarahlynn Hayden\Desktop\dds.txt

2013-09-17 10:44 - 2013-09-17 10:44 - 00009953 _____ C:\Users\Sarahlynn Hayden\Desktop\attach.txt

2013-09-17 10:42 - 2013-09-17 10:42 - 00688992 ____R (Swearware) C:\Users\Sarahlynn Hayden\Downloads\dds.com

2013-09-17 08:49 - 2013-09-17 08:49 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Roaming\Malwarebytes

2013-09-17 08:39 - 2013-09-17 08:39 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-17 08:38 - 2013-09-17 08:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-17 08:38 - 2013-09-17 08:38 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-17 08:38 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2013-09-17 08:36 - 2013-09-17 08:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sarahlynn Hayden\Downloads\mbam-setup-1.75.0.1300.exe

2013-09-17 08:28 - 2013-09-17 08:28 - 00000000 ____D C:\Users\Sarahlynn Hayden\Desktop\Ms Poe remaining files

2013-09-17 08:07 - 2013-08-10 00:22 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2013-09-17 08:07 - 2013-08-10 00:20 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2013-09-17 08:07 - 2013-08-10 00:20 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2013-09-17 08:07 - 2013-08-10 00:20 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll

2013-09-17 08:07 - 2013-08-10 00:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2013-09-17 08:07 - 2013-08-10 00:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2013-09-17 08:07 - 2013-08-09 22:58 - 02048000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2013-09-17 08:07 - 2013-08-09 22:58 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2013-09-17 08:07 - 2013-08-09 22:58 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll

2013-09-17 08:07 - 2013-08-09 22:58 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2013-09-17 08:07 - 2013-08-09 22:58 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2013-09-17 08:07 - 2013-08-09 22:17 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2013-09-17 08:07 - 2013-08-09 22:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2013-09-17 08:07 - 2013-08-09 21:27 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe

2013-09-17 08:07 - 2013-08-09 21:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe

2013-09-17 08:06 - 2013-08-10 00:22 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2013-09-17 08:06 - 2013-08-10 00:22 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2013-09-17 08:06 - 2013-08-10 00:21 - 19246592 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2013-09-17 08:06 - 2013-08-10 00:21 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2013-09-17 08:06 - 2013-08-10 00:21 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2013-09-17 08:06 - 2013-08-10 00:20 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2013-09-17 08:06 - 2013-08-10 00:20 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2013-09-17 08:06 - 2013-08-10 00:20 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2013-09-17 08:06 - 2013-08-09 22:59 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2013-09-17 08:06 - 2013-08-09 22:59 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2013-09-17 08:06 - 2013-08-09 22:58 - 14332928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2013-09-17 08:06 - 2013-08-09 22:58 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2013-09-17 08:06 - 2013-08-09 22:58 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2013-09-17 08:06 - 2013-08-09 22:58 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

2013-09-17 08:06 - 2013-08-09 22:58 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2013-09-17 08:06 - 2013-08-09 22:58 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2013-09-17 08:05 - 2013-09-17 08:05 - 04751752 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe

2013-09-16 20:38 - 2013-09-16 20:38 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{A363A23C-33C4-438F-8813-FB296209EB0C}

2013-09-16 08:33 - 2013-09-16 08:33 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{93FAC7D6-CB94-415B-A901-BA127DC52716}

2013-09-13 22:02 - 2013-09-13 22:02 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{03424DA5-9F21-4CB0-9486-868286BF34BE}

2013-09-13 15:47 - 2013-09-13 15:47 - 04711424 _____ C:\Users\Sarahlynn Hayden\Documents\Language2a.ppt

2013-09-13 08:31 - 2013-09-13 08:32 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{100562B7-7BC3-4E2F-AE84-9E89822328A0}

2013-09-12 07:29 - 2013-08-07 20:20 - 03155456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2013-09-12 07:29 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys

2013-09-12 07:29 - 2013-08-01 21:23 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2013-09-12 07:29 - 2013-08-01 21:15 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll

2013-09-12 07:29 - 2013-08-01 21:15 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll

2013-09-12 07:29 - 2013-08-01 21:15 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll

2013-09-12 07:29 - 2013-08-01 21:15 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll

2013-09-12 07:29 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll

2013-09-12 07:29 - 2013-08-01 21:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll

2013-09-12 07:29 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll

2013-09-12 07:29 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:59 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe

2013-09-12 07:29 - 2013-08-01 20:59 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe

2013-09-12 07:29 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll

2013-09-12 07:29 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll

2013-09-12 07:29 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll

2013-09-12 07:29 - 2013-08-01 20:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe

2013-09-12 07:29 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe

2013-09-12 07:29 - 2013-08-01 19:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe

2013-09-12 07:29 - 2013-08-01 19:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll

2013-09-12 07:29 - 2013-08-01 19:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe

2013-09-12 07:29 - 2013-08-01 19:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe

2013-09-12 07:29 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-12 07:29 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-12 07:29 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll

2013-09-12 07:29 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll

2013-09-12 07:29 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll

2013-09-12 07:29 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll

2013-09-12 07:20 - 2013-09-12 07:20 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{AC6EF6F1-7C42-489E-95CA-B30AB90CBCFC}

2013-09-11 13:21 - 2013-09-11 13:21 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{98319BBB-AC22-48CC-8AD4-875F59621B37}

2013-09-10 13:20 - 2013-09-10 13:20 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{F087014F-5953-4E56-92FF-9B8896FDAF1B}

2013-09-09 10:47 - 2013-09-09 10:48 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{9CF33945-0E4C-46A9-ACDC-0C863451B38C}

2013-09-08 14:19 - 2013-09-08 14:20 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{10F3396A-F9C3-4E18-85E1-610B68603EC9}

2013-09-07 21:36 - 2013-09-07 21:36 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{2965F2AC-A68C-48DB-9446-CDAB67FB6D10}

2013-09-05 08:59 - 2013-09-05 09:00 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{2AF449D1-D7F1-47C0-BCD8-7168E932907A}

2013-09-04 21:00 - 2013-09-04 21:00 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{35C9256F-0CE3-402B-B0B6-B91741C4952F}

2013-09-04 08:03 - 2013-09-04 08:03 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{FF36426E-4267-44BF-BC58-AA488534C15B}

2013-08-28 13:50 - 2013-08-28 13:51 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{A3616CD1-BA74-4F75-81A5-C55710EF4D9F}

2013-08-25 21:30 - 2013-09-04 09:28 - 03082656 _____ C:\Users\Sarahlynn Hayden\Desktop\Language.pptx

2013-08-23 15:16 - 2013-08-23 15:16 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{001CDFFC-2926-47D9-82CD-69CFE0F43CF6}

2013-08-22 16:14 - 2013-08-27 07:54 - 00286610 _____ C:\Users\Sarahlynn Hayden\Desktop\Eye opener.pptx

2013-08-22 16:13 - 2013-08-22 16:13 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{E52CF6AD-F78E-40DF-8C39-ECE2759CE488}

2013-08-19 11:26 - 2013-08-19 11:26 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{4F45E95B-02AB-4D6B-8B79-1CFB18F0BFDE}

2013-08-18 16:44 - 2013-08-18 16:54 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{156D552D-5023-4E26-ACE0-91B6BAC4FFF6}

2013-08-18 16:44 - 2013-08-18 16:44 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{7C4D52D4-99A0-485A-9FFD-36B88624C85A}

2013-08-18 16:43 - 2013-08-18 16:44 - 01035696 _____ (Ask.com) C:\Users\Sarahlynn Hayden\Downloads\OffercastInstaller_AVR_U-0087-01-P_ (1).exe

2013-08-18 16:15 - 2013-08-18 16:15 - 01035696 _____ (Ask.com) C:\Users\Sarahlynn Hayden\Downloads\OffercastInstaller_AVR_U-0087-01-P_.exe

2013-08-18 15:03 - 2013-08-18 15:03 - 00218746 _____ C:\Users\Sarahlynn Hayden\Downloads\porcelain.zip

2013-08-18 15:02 - 2013-08-18 15:02 - 00047130 _____ C:\Users\Sarahlynn Hayden\Downloads\freebooter_script.zip

2013-08-18 15:01 - 2013-08-18 15:01 - 00038795 _____ C:\Users\Sarahlynn Hayden\Downloads\english.zip

2013-08-18 15:00 - 2013-08-18 15:01 - 01266941 _____ C:\Users\Sarahlynn Hayden\Downloads\billion_stars.zip

2013-08-18 15:00 - 2013-08-18 15:00 - 00031969 _____ C:\Users\Sarahlynn Hayden\Downloads\brittany.zip

2013-08-18 14:59 - 2013-08-18 14:59 - 00368831 _____ C:\Users\Sarahlynn Hayden\Downloads\k22_spiral_swash.zip

2013-08-18 14:58 - 2013-08-18 14:59 - 00023988 _____ C:\Users\Sarahlynn Hayden\Downloads\secesja_pl.zip

2013-08-18 14:58 - 2013-08-18 14:58 - 00051755 _____ C:\Users\Sarahlynn Hayden\Downloads\black_flowers_blossom.zip

2013-08-18 14:57 - 2013-08-18 14:58 - 00047921 _____ C:\Users\Sarahlynn Hayden\Downloads\gingersnaps.zip

2013-08-18 14:57 - 2013-08-18 14:57 - 00019499 _____ C:\Users\Sarahlynn Hayden\Downloads\grenouille.zip

2013-08-18 14:56 - 2013-08-18 14:56 - 00036327 _____ C:\Users\Sarahlynn Hayden\Downloads\girls_are_weird.zip

2013-08-18 14:56 - 2013-08-18 14:56 - 00036327 _____ C:\Users\Sarahlynn Hayden\Downloads\girls_are_weird (1).zip

2013-08-18 14:54 - 2013-08-18 14:54 - 00190866 _____ C:\Users\Sarahlynn Hayden\Downloads\djb_swirl_me_around (1).zip

2013-08-18 14:53 - 2013-08-18 14:54 - 00190866 _____ C:\Users\Sarahlynn Hayden\Downloads\djb_swirl_me_around.zip

2013-08-18 13:18 - 2013-08-18 13:18 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2013-08-18 13:18 - 2013-08-18 13:18 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2013-08-18 13:18 - 2013-08-18 13:18 - 01400416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat

2013-08-18 13:18 - 2013-08-18 13:18 - 01400416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat

2013-08-18 13:18 - 2013-08-18 13:18 - 01054720 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00905728 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00719360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00599552 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec

2013-08-18 13:18 - 2013-08-18 13:18 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec

2013-08-18 13:18 - 2013-08-18 13:18 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00270848 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00247296 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00242200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\url.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00232960 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00204800 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00185344 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00173568 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00137216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00117248 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx

2013-08-18 13:18 - 2013-08-18 13:18 - 00073728 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx

2013-08-18 13:18 - 2013-08-18 13:18 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe

2013-08-18 13:02 - 2013-09-16 07:49 - 00000000 ____D C:\windows\system32\MRT

2013-08-18 00:35 - 2013-08-18 00:35 - 00000000 ____D C:\Users\Sarahlynn Hayden\Desktop\Math Pics

 

==================== One Month Modified Files and Folders =======

 

2013-09-17 11:16 - 2013-09-17 11:16 - 01950524 _____ (Farbar) C:\Users\Sarahlynn Hayden\Downloads\FRST64.exe

2013-09-17 11:16 - 2013-09-17 11:16 - 00000000 ____D C:\FRST

2013-09-17 10:53 - 2012-05-19 11:22 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-17 10:44 - 2013-09-17 10:44 - 00017488 _____ C:\Users\Sarahlynn Hayden\Desktop\dds.txt

2013-09-17 10:44 - 2013-09-17 10:44 - 00009953 _____ C:\Users\Sarahlynn Hayden\Desktop\attach.txt

2013-09-17 10:42 - 2013-09-17 10:42 - 00688992 ____R (Swearware) C:\Users\Sarahlynn Hayden\Downloads\dds.com

2013-09-17 10:33 - 2013-01-16 15:13 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2013-09-17 10:25 - 2012-05-19 10:20 - 01491809 _____ C:\windows\WindowsUpdate.log

2013-09-17 10:23 - 2011-07-21 20:45 - 00000000 ____D C:\windows\Panther

2013-09-17 10:22 - 2013-01-16 15:01 - 00002030 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk

2013-09-17 10:15 - 2012-05-19 11:22 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-17 10:13 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-17 10:13 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-17 10:06 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

2013-09-17 08:49 - 2013-09-17 08:49 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Roaming\Malwarebytes

2013-09-17 08:39 - 2013-09-17 08:39 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-17 08:39 - 2013-09-17 08:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-17 08:38 - 2013-09-17 08:38 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-17 08:37 - 2013-09-17 08:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sarahlynn Hayden\Downloads\mbam-setup-1.75.0.1300.exe

2013-09-17 08:29 - 2012-08-09 10:36 - 00000000 ____D C:\Users\Ms. Poe

2013-09-17 08:28 - 2013-09-17 08:28 - 00000000 ____D C:\Users\Sarahlynn Hayden\Desktop\Ms Poe remaining files

2013-09-17 08:13 - 2013-07-10 13:20 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk

2013-09-17 08:13 - 2013-01-15 15:46 - 00002794 _____ C:\windows\System32\Tasks\CCleanerSkipUAC

2013-09-17 08:13 - 2013-01-15 15:46 - 00000000 ____D C:\Program Files\CCleaner

2013-09-17 08:07 - 2009-07-14 00:13 - 00732638 _____ C:\windows\system32\PerfStringBackup.INI

2013-09-17 08:06 - 2013-01-16 15:13 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

2013-09-17 08:05 - 2013-09-17 08:05 - 04751752 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe

2013-09-17 08:05 - 2013-01-16 15:13 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2013-09-17 08:05 - 2011-07-21 20:55 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-16 20:38 - 2013-09-16 20:38 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{A363A23C-33C4-438F-8813-FB296209EB0C}

2013-09-16 08:33 - 2013-09-16 08:33 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{93FAC7D6-CB94-415B-A901-BA127DC52716}

2013-09-16 08:31 - 2013-07-10 13:06 - 00000000 ___RD C:\Users\Sarahlynn Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-16 08:31 - 2013-07-10 13:06 - 00000000 ___RD C:\Users\Sarahlynn Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-16 08:27 - 2009-07-13 23:45 - 00312600 _____ C:\windows\system32\FNTCACHE.DAT

2013-09-16 07:49 - 2013-08-18 13:02 - 00000000 ____D C:\windows\system32\MRT

2013-09-16 07:44 - 2012-09-04 08:14 - 79143768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2013-09-16 07:44 - 2012-08-09 10:55 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-09-13 22:02 - 2013-09-13 22:02 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{03424DA5-9F21-4CB0-9486-868286BF34BE}

2013-09-13 15:47 - 2013-09-13 15:47 - 04711424 _____ C:\Users\Sarahlynn Hayden\Documents\Language2a.ppt

2013-09-13 08:32 - 2013-09-13 08:31 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{100562B7-7BC3-4E2F-AE84-9E89822328A0}

2013-09-12 07:20 - 2013-09-12 07:20 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{AC6EF6F1-7C42-489E-95CA-B30AB90CBCFC}

2013-09-11 13:21 - 2013-09-11 13:21 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{98319BBB-AC22-48CC-8AD4-875F59621B37}

2013-09-10 13:20 - 2013-09-10 13:20 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{F087014F-5953-4E56-92FF-9B8896FDAF1B}

2013-09-09 10:48 - 2013-09-09 10:47 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{9CF33945-0E4C-46A9-ACDC-0C863451B38C}

2013-09-08 14:20 - 2013-09-08 14:19 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{10F3396A-F9C3-4E18-85E1-610B68603EC9}

2013-09-07 21:36 - 2013-09-07 21:36 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{2965F2AC-A68C-48DB-9446-CDAB67FB6D10}

2013-09-05 09:00 - 2013-09-05 08:59 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{2AF449D1-D7F1-47C0-BCD8-7168E932907A}

2013-09-04 21:00 - 2013-09-04 21:00 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{35C9256F-0CE3-402B-B0B6-B91741C4952F}

2013-09-04 13:25 - 2013-07-10 13:09 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Roaming\Windows Live Writer

2013-09-04 09:28 - 2013-08-25 21:30 - 03082656 _____ C:\Users\Sarahlynn Hayden\Desktop\Language.pptx

2013-09-04 08:03 - 2013-09-04 08:03 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{FF36426E-4267-44BF-BC58-AA488534C15B}

2013-09-03 15:30 - 2013-08-15 13:08 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Roaming\Google

2013-08-31 10:57 - 2013-08-13 10:56 - 06340539 _____ C:\Users\Sarahlynn Hayden\Desktop\History Columbus.pptx

2013-08-28 16:35 - 2013-08-13 10:56 - 02315432 _____ C:\Users\Sarahlynn Hayden\Desktop\Science Ecology.pptx

2013-08-28 15:55 - 2013-07-10 21:45 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\Google

2013-08-28 13:51 - 2013-08-28 13:50 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{A3616CD1-BA74-4F75-81A5-C55710EF4D9F}

2013-08-27 07:54 - 2013-08-22 16:14 - 00286610 _____ C:\Users\Sarahlynn Hayden\Desktop\Eye opener.pptx

2013-08-25 21:33 - 2013-08-13 10:56 - 01545332 _____ C:\Users\Sarahlynn Hayden\Desktop\Mathematics PP-3rd.pptx

2013-08-25 21:28 - 2013-08-13 13:16 - 08408576 _____ C:\Users\Sarahlynn Hayden\Desktop\BIBLE PP-3rd.ppt

2013-08-23 15:16 - 2013-08-23 15:16 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{001CDFFC-2926-47D9-82CD-69CFE0F43CF6}

2013-08-23 14:27 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache

2013-08-22 16:13 - 2013-08-22 16:13 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{E52CF6AD-F78E-40DF-8C39-ECE2759CE488}

2013-08-20 13:08 - 2013-08-13 10:59 - 00000000 ____D C:\Users\Sarahlynn Hayden\Desktop\General Papers

2013-08-19 11:26 - 2013-08-19 11:26 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{4F45E95B-02AB-4D6B-8B79-1CFB18F0BFDE}

2013-08-18 16:54 - 2013-08-18 16:44 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{156D552D-5023-4E26-ACE0-91B6BAC4FFF6}

2013-08-18 16:44 - 2013-08-18 16:44 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{7C4D52D4-99A0-485A-9FFD-36B88624C85A}

2013-08-18 16:44 - 2013-08-18 16:43 - 01035696 _____ (Ask.com) C:\Users\Sarahlynn Hayden\Downloads\OffercastInstaller_AVR_U-0087-01-P_ (1).exe

2013-08-18 16:44 - 2013-07-10 13:09 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\Windows Live Writer

2013-08-18 16:44 - 2013-07-10 13:07 - 00069224 _____ C:\Users\Sarahlynn Hayden\AppData\Local\GDIPFONTCACHEV1.DAT

2013-08-18 16:15 - 2013-08-18 16:15 - 01035696 _____ (Ask.com) C:\Users\Sarahlynn Hayden\Downloads\OffercastInstaller_AVR_U-0087-01-P_.exe

2013-08-18 15:03 - 2013-08-18 15:03 - 00218746 _____ C:\Users\Sarahlynn Hayden\Downloads\porcelain.zip

2013-08-18 15:02 - 2013-08-18 15:02 - 00047130 _____ C:\Users\Sarahlynn Hayden\Downloads\freebooter_script.zip

2013-08-18 15:01 - 2013-08-18 15:01 - 00038795 _____ C:\Users\Sarahlynn Hayden\Downloads\english.zip

2013-08-18 15:01 - 2013-08-18 15:00 - 01266941 _____ C:\Users\Sarahlynn Hayden\Downloads\billion_stars.zip

2013-08-18 15:00 - 2013-08-18 15:00 - 00031969 _____ C:\Users\Sarahlynn Hayden\Downloads\brittany.zip

2013-08-18 14:59 - 2013-08-18 14:59 - 00368831 _____ C:\Users\Sarahlynn Hayden\Downloads\k22_spiral_swash.zip

2013-08-18 14:59 - 2013-08-18 14:58 - 00023988 _____ C:\Users\Sarahlynn Hayden\Downloads\secesja_pl.zip

2013-08-18 14:58 - 2013-08-18 14:58 - 00051755 _____ C:\Users\Sarahlynn Hayden\Downloads\black_flowers_blossom.zip

2013-08-18 14:58 - 2013-08-18 14:57 - 00047921 _____ C:\Users\Sarahlynn Hayden\Downloads\gingersnaps.zip

2013-08-18 14:57 - 2013-08-18 14:57 - 00019499 _____ C:\Users\Sarahlynn Hayden\Downloads\grenouille.zip

2013-08-18 14:56 - 2013-08-18 14:56 - 00036327 _____ C:\Users\Sarahlynn Hayden\Downloads\girls_are_weird.zip

2013-08-18 14:56 - 2013-08-18 14:56 - 00036327 _____ C:\Users\Sarahlynn Hayden\Downloads\girls_are_weird (1).zip

2013-08-18 14:54 - 2013-08-18 14:54 - 00190866 _____ C:\Users\Sarahlynn Hayden\Downloads\djb_swirl_me_around (1).zip

2013-08-18 14:54 - 2013-08-18 14:53 - 00190866 _____ C:\Users\Sarahlynn Hayden\Downloads\djb_swirl_me_around.zip

2013-08-18 14:17 - 2013-07-10 13:06 - 00001428 _____ C:\Users\Sarahlynn Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-08-18 14:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-08-18 14:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2013-08-18 14:12 - 2009-07-13 22:20 - 00000000 ____D C:\windows\PolicyDefinitions

2013-08-18 13:18 - 2013-08-18 13:18 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2013-08-18 13:18 - 2013-08-18 13:18 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2013-08-18 13:18 - 2013-08-18 13:18 - 01400416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat

2013-08-18 13:18 - 2013-08-18 13:18 - 01400416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat

2013-08-18 13:18 - 2013-08-18 13:18 - 01054720 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00905728 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00719360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00599552 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec

2013-08-18 13:18 - 2013-08-18 13:18 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec

2013-08-18 13:18 - 2013-08-18 13:18 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00270848 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00247296 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00242200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\url.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00232960 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00204800 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00185344 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00173568 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00137216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00117248 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx

2013-08-18 13:18 - 2013-08-18 13:18 - 00073728 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx

2013-08-18 13:18 - 2013-08-18 13:18 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll

2013-08-18 13:18 - 2013-08-18 13:18 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe

2013-08-18 13:18 - 2013-08-18 13:18 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe

2013-08-18 00:35 - 2013-08-18 00:35 - 00000000 ____D C:\Users\Sarahlynn Hayden\Desktop\Math Pics

2013-08-18 00:35 - 2013-08-13 10:58 - 00000000 ____D C:\Users\Sarahlynn Hayden\Desktop\History Pics

 

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1000\$9a722e5aed15d0eb3ec82c42e116bfa4

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-09-13 10:09

 

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from one of the following links and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

]

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 

Double Click mbam-setup.exe to install the application.


Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Let me see those logs...

 

Kevin....

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013 03

Ran by Sarahlynn Hayden at 2013-09-17 13:25:36 Run:1

Running from C:\Users\Sarahlynn Hayden\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

C:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1000\$9a722e5aed15d0eb3ec82c42e116bfa4

End

 

*****************

 

C:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1000\$9a722e5aed15d0eb3ec82c42e116bfa4 => Moved successfully.

 

==== End of Fixlog ====

 

WASN'T sure if the registry item should be removed or not, so I haven't cleaned:

 


# AdwCleaner v3.004 - Report created 17/09/2013 at 13:28:10

# Updated 15/09/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Sarahlynn Hayden - MSPOE-PC

# Running from : C:\Users\Sarahlynn Hayden\Downloads\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16686

 

 

-\\ Google Chrome v29.0.1547.66

 

[ File : C:\Users\Sarahlynn Hayden\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [766 octets] - [17/09/2013 13:28:10]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [825 octets] ##########

 

waiting to proceed until further instruction on if it should be cleaned or not...thanks!

 

Link to post
Share on other sites

# AdwCleaner v3.004 - Report created 17/09/2013 at 14:11:41

# Updated 15/09/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Sarahlynn Hayden - MSPOE-PC

# Running from : C:\Users\Sarahlynn Hayden\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16686

 

 

-\\ Google Chrome v29.0.1547.66

 

[ File : C:\Users\Sarahlynn Hayden\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [904 octets] - [17/09/2013 13:28:10]

AdwCleaner[s0].txt - [828 octets] - [17/09/2013 14:11:41]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [887 octets] ##########

 


Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.17.08

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16686

Sarahlynn Hayden :: MSPOE-PC [administrator]

 

Protection: Enabled

 

9/17/2013 2:20:17 PM

mbam-log-2013-09-17 (14-20-17).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 206351

Time elapsed: 5 minute(s), 43 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

Link to post
Share on other sites

RogueKiller V8.6.11 _x64_ [sep 11 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Sarahlynn Hayden [Admin rights]

Mode : Scan -- Date : 09/17/2013 14:55:01

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: TOSHIBA MQ01ABD032 SATA Disk Device +++++

--- User ---

[MBR] 0c13800222c21f6dca3e965c9fcdad92

[bSP] 41c3235da47578c83c7d3c8a3d73b855 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 291228 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 599508992 | Size: 12516 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_09172013_145501.txt >>
Link to post
Share on other sites

Nothing sinister in the RK log, OK we can run an Online AV scan to ensure we`ve missed nothing. This scan is very thorough so will take several hours....

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report here

 

Next,

 

Also check system basics...

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those two logs..

 

Kevin

Link to post
Share on other sites

ok - home from getting kids and can continue.  Have started the scan in IE - what do I do with the RK window that is still open...do I need to fix/clean any of the items it found??  Will post the results when done with the other items you have listed.

Link to post
Share on other sites

scan took overnight to finish...here are the logs you requested:

 

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 6 Update 25  
 Java version out of Date! 
 Adobe Flash Player 11.8.800.168  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 
 
 
C:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1003\$RB2OV13.exe a variant of Win32/Bundled.Toolbar.Ask.D application
C:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1003\$RW12UON.exe a variant of Win32/Bundled.Toolbar.Ask.D application
 
Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Filesipconfig /flushdns /cC:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1003\$RB2OV13.exeC:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1003\$RW12UON.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

 

Next,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for McAfee security scanner if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

Post the log from OTM, also let me know if the Adobe/Java updates complete. Also tell if any issues or concerns remain..

 

Kevin

Link to post
Share on other sites

All processes killed

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Sarahlynn Hayden\Downloads\cmd.bat deleted successfully.

C:\Users\Sarahlynn Hayden\Downloads\cmd.txt deleted successfully.

File/Folder C:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1003\$RB2OV13.exe not found.

File/Folder C:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1003\$RW12UON.exe not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Ms. Poe

 

User: Public

 

User: Sarahlynn Hayden

->Temp folder emptied: 706815241 bytes

->Temporary Internet Files folder emptied: 128 bytes

->Java cache emptied: 46019 bytes

->Google Chrome cache emptied: 8890923 bytes

->Flash cache emptied: 56972 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5138 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36908 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 747 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33633 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 683.00 mb

 

 

OTM by OldTimer - Version 3.1.21.0 log created on 09182013_102945

 

Files moved on Reboot...

C:\Users\Sarahlynn Hayden\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Sarahlynn Hayden\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

 

Registry entries deleted on Reboot...

 

 

And, Java & Adobe are updated.

Link to post
Share on other sites

Delete C:\Users\Sarahlynn Hayden\Downloads\FRST64

Delete C:\FRST

Next,

Remove ESET online scanner  (Only If installed):

  • Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
  • Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.


Next,

Uninstall adwcleaner.exe
  •   Please close all open programs and internet browsers.
  •   Double click on adwcleaner.exe to run the tool.
  •   Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner



Next,

  • Double-click OTM.exe to run it. Windows 7 or Vista accept UAC alert..
  • Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
  • It should ask if you want to clean up, select Yes. You maybe asked to reboot, allow that to happen.



Also Delete Security Checks plus any produced logs....

Let me know if those steps complete OK.....

Kevin

Link to post
Share on other sites

Yes please delete  RogueKiller and folder RK_Quarantine, DDS and logs. Security Check was used from reply #14, delete that also.  

 

If all is ok with no issues here are some tips to reduce the potential for malware infection in the future:

 

Make proper use of your antivirus and firewall

 

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

 

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

 

Install and use WinPatrol from here http://www.winpatrol.com/download.html  This will inform you of any attempted unauthorized changes to your system.

 

WinPatrol features explained here http://www.winpatrol.com/features.html

 

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

 

Use a safer web browser

 

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

 

FireFox http://www.mozilla.com/en-US/,

 

Opera http://www.opera.com/, and

 

Chrome http://www.google.com/chrome.

 

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

 

These browser add-ons will help to make your browser safer:

 

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

 

Available for Firefox and Internet Explorer.

 

Green to go,

Yellow for caution, and

Red to stop.

 

 

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

 

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

 

Here a couple of links by two security experts that will give some excellent tips and advice.

 

So how did I get infected in the first place by Tony Klein from here: http://www.spywareinfoforum.com/index.php?/topic/60955-so-how-did-i-get-infected-in-the-first-place/

 

How to prevent Malware by Miekiemoes from here: http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

 

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

 

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

 

Let me know when its OK to close out your thread....

 

Take care,

 

Kevin

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.