Jump to content

Recommended Posts

A couple of days ago, I was recommended Vuze to download.

I did so, but now even though I click on Firefox, it opens up but will not load. It will not go to any site and says it's connecting. It has also changed my default search engine to Yahoo. I declined all of this during installation of vuze , but that obviously did not matter.

I've tried to delete everything concerning vuze, but that has not helped. I have found spigot on my computer as well and I'm not sure how to delete and remove all of this.

What do I do to clean my computer from this mess and know for a fact vuze/spigot is gone from my computer completely ?

Link to post
Share on other sites

Hi and Welcome!! Chelle_s :)

My name is Robybel.

I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

Having said that....Let's get going!! ;)

==================================

Scan with OTL

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs

    %SYSTEMDRIVE%\*.exe

    /md5start

    explorer.exe

    winlogon.exe

    Userinit.exe

    svchost.exe

    services.exe

    /md5stop

    %systemroot%\*. /rp /s

    %systemdrive%\$Recycle.Bin|@;true;true;true /fp

    DRIVES

    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.
=============================== Next =======================================

Please download aswMBR.exe and save it to your desktop.

  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
On your next reply please post :

  • OTL.txt
  • Extras.txt
  • aswMBR log

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

Link to post
Share on other sites

Hi Chelle_s

Ok!!

FRST.jpgFRST

Download the 32 bit or 64 bit version for your system of FRST and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair

      System Restore

      Windows Complete PC Restore

      Windows Memory Diagnostic Tool

      Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Link to post
Share on other sites

thank you so much for this! (:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2013 01
Ran by SYSTEM on MININT-OEH2PCD on 21-10-2013 21:13:07
Running from L:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [bambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-12-11] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-07-19] (Apple Inc.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [sendori Tray] - "C:\Program Files (x86)\Sendori\SendoriTray.exe"
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [NCUpdateHelper] - C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [528360 2013-08-18] (NCSOFT Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKU\Chance\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Chance\...\Run: [AS2014] - C:\ProgramData\7spggpns\7spggpns.exe
HKU\Chelle\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\Chelle\...\Run: [PlayNC Launcher] - [x]
HKU\Chelle\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-02] ()
HKU\Chelle\...\Run: [NCsoft Launcher] - C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe [43304 2013-07-16] (NCSOFT)
HKU\Chelle\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
HKU\Chelle\...\Run: [Akamai NetSession Interface] - C:\Users\Chelle\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)
HKU\Chelle\...\Run: [pronto] - "C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe"
HKU\Chelle\...\Run: [GoogleChromeAutoLaunch_189481A45EC53BD85532A15547E4B699] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752 2013-10-02] (Google Inc.)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Joe\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Joe\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKU\Joe\...\Run: [AS2014] - C:\ProgramData\7spggpns\7spggpns.exe
HKU\UpdatusUser\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
AppInit_DLLs: c:\progra~2\musict~1\datamngr\x64\mgrldr.dll   [97280 2009-07-13] ()
AppInit_DLLs-x32: c:\progra~2\musict~1\datamngr\mgrldr.dll   [ ] ()
IMEO\bitguard.exe: [Debugger] tasklist.exe
IMEO\bprotect.exe: [Debugger] tasklist.exe
IMEO\browsemngr.exe: [Debugger] tasklist.exe
IMEO\browserdefender.exe: [Debugger] tasklist.exe
IMEO\browsermngr.exe: [Debugger] tasklist.exe
IMEO\browserprotect.exe: [Debugger] tasklist.exe
IMEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IMEO\cltmngsvc.exe: [Debugger] tasklist.exe
IMEO\delta babylon.exe: [Debugger] tasklist.exe
IMEO\delta tb.exe: [Debugger] tasklist.exe
IMEO\delta2.exe: [Debugger] tasklist.exe
IMEO\deltainstaller.exe: [Debugger] tasklist.exe
IMEO\deltasetup.exe: [Debugger] tasklist.exe
IMEO\deltatb.exe: [Debugger] tasklist.exe
IMEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IMEO\iminentsetup.exe: [Debugger] tasklist.exe
IMEO\rjatydimofu.exe: [Debugger] tasklist.exe
IMEO\sweetimsetup.exe: [Debugger] tasklist.exe
IMEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2013 01
Ran by SYSTEM on MININT-OEH2PCD on 21-10-2013 21:13:07
Running from L:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [bambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-12-11] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-07-19] (Apple Inc.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [sendori Tray] - "C:\Program Files (x86)\Sendori\SendoriTray.exe"
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [NCUpdateHelper] - C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [528360 2013-08-18] (NCSOFT Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKU\Chance\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Chance\...\Run: [AS2014] - C:\ProgramData\7spggpns\7spggpns.exe
HKU\Chelle\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\Chelle\...\Run: [PlayNC Launcher] - [x]
HKU\Chelle\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-02] ()
HKU\Chelle\...\Run: [NCsoft Launcher] - C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe [43304 2013-07-16] (NCSOFT)
HKU\Chelle\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
HKU\Chelle\...\Run: [Akamai NetSession Interface] - C:\Users\Chelle\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)
HKU\Chelle\...\Run: [pronto] - "C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe"
HKU\Chelle\...\Run: [GoogleChromeAutoLaunch_189481A45EC53BD85532A15547E4B699] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752 2013-10-02] (Google Inc.)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Joe\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Joe\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKU\Joe\...\Run: [AS2014] - C:\ProgramData\7spggpns\7spggpns.exe
HKU\UpdatusUser\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
AppInit_DLLs: c:\progra~2\musict~1\datamngr\x64\mgrldr.dll   [97280 2009-07-13] ()
AppInit_DLLs-x32: c:\progra~2\musict~1\datamngr\mgrldr.dll   [ ] ()
IMEO\bitguard.exe: [Debugger] tasklist.exe
IMEO\bprotect.exe: [Debugger] tasklist.exe
IMEO\browsemngr.exe: [Debugger] tasklist.exe
IMEO\browserdefender.exe: [Debugger] tasklist.exe
IMEO\browsermngr.exe: [Debugger] tasklist.exe
IMEO\browserprotect.exe: [Debugger] tasklist.exe
IMEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IMEO\cltmngsvc.exe: [Debugger] tasklist.exe
IMEO\delta babylon.exe: [Debugger] tasklist.exe
IMEO\delta tb.exe: [Debugger] tasklist.exe
IMEO\delta2.exe: [Debugger] tasklist.exe
IMEO\deltainstaller.exe: [Debugger] tasklist.exe
IMEO\deltasetup.exe: [Debugger] tasklist.exe
IMEO\deltatb.exe: [Debugger] tasklist.exe
IMEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IMEO\iminentsetup.exe: [Debugger] tasklist.exe
IMEO\rjatydimofu.exe: [Debugger] tasklist.exe
IMEO\sweetimsetup.exe: [Debugger] tasklist.exe
IMEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe

==================== Services (Whitelisted) =================

S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-12] (Lavasoft Limited)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
S2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2024864 2010-08-17] (Microsoft Corp.)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4702568 2012-10-24] (INCA Internet Co., Ltd.)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 svcboot_xncic; c:\windows\syswow64\dxdibs\svcboot_xncic.dll [231752 2013-01-28] ()
S2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-03] (Microsoft Corporation)
S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [x]
S2 DatamngrCoordinator; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [x]
S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [x]
S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [x]
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{dabdfb26-42a5-721d-d640-a5cc8c091362}\   \...\???\{dabdfb26-42a5-721d-d640-a5cc8c091362}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-04-02] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-30] (GFI Software)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-04-02] ()
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527872 2007-11-08] (PixArt Imaging Inc.)
S2 BFE;
S2 iphlpsvc;
S2 MpsSvc;
S3 PolicyAgent;
S3 usj; \??\C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [x]
S2 wscsvc;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-21 21:13 - 2013-10-21 21:13 - 00000000 ____D C:\FRST
2013-10-19 23:13 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-19 23:13 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-19 23:13 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-19 23:13 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-19 23:13 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-19 23:13 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-19 23:13 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-19 23:13 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-19 23:13 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-19 23:13 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-19 23:13 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-19 23:13 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-19 23:13 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-19 23:13 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-19 23:13 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-19 23:13 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-19 23:13 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-19 23:13 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-19 23:13 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-19 23:13 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-19 23:13 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-19 23:13 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-19 23:13 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-19 23:13 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-19 23:13 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-19 23:13 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-19 23:13 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-19 23:13 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-19 23:13 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-19 23:13 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-19 23:13 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-19 18:57 - 2013-10-19 18:57 - 00012288 ___SH C:\Users\Chelle\Thumbs.db
2013-10-19 17:59 - 2013-09-13 17:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-10-19 17:59 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-19 17:59 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-10-19 17:59 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-19 17:59 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-19 17:59 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-10-19 17:59 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2013-10-19 17:59 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-10-19 17:59 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2013-10-19 17:59 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-19 17:59 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-19 17:59 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-19 17:59 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-19 17:59 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-19 17:59 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-19 17:59 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-19 17:59 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-19 17:59 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-19 17:59 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-19 17:59 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-19 17:59 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-10-19 17:59 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-10-19 17:59 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-10-19 17:59 - 2013-08-01 18:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-10-19 17:59 - 2013-08-01 18:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-10-19 17:59 - 2013-08-01 17:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-10-19 17:59 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-10-19 17:59 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-10-19 17:59 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-19 17:59 - 2013-07-25 18:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-10-19 17:59 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-10-19 17:59 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-19 17:59 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-10-19 17:59 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-19 17:59 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-19 17:59 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-19 17:59 - 2013-07-12 02:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBAUDIO.sys
2013-10-19 17:59 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-10-19 17:59 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-19 17:59 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-10-19 17:59 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-19 17:59 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-19 17:59 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-19 17:59 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-10-19 17:59 - 2013-07-02 20:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2013-10-19 17:59 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-19 17:59 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-19 17:59 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-19 17:59 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-19 17:59 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-19 17:59 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-19 17:59 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-19 17:59 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-19 17:59 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-19 17:59 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-19 17:59 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-19 17:59 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-19 17:59 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-19 17:14 - 2013-10-19 17:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple
2013-10-17 11:21 - 2013-10-17 11:21 - 00000000 ____D C:\ProgramData\Oracle
2013-10-15 14:20 - 2013-10-19 17:47 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\Azureus
2013-10-15 14:20 - 2013-10-19 17:47 - 00000000 ____D C:\Program Files (x86)\Vuze
2013-10-15 14:20 - 2013-10-18 19:06 - 00000000 ____D C:\Users\Chelle\AppData\Local\Slick Savings
2013-10-12 19:55 - 2013-10-12 19:55 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\wacomid-desktop-launcher
2013-10-07 17:25 - 2013-10-07 17:25 - 00002287 _____ C:\Users\Public\Desktop\TI-83 Plus Flash Debugger.lnk
2013-10-07 17:25 - 2013-10-07 17:25 - 00000047 _____ C:\AUTOEXEC.BAT
2013-10-07 17:24 - 2013-10-19 17:47 - 00000000 ____D C:\Program Files (x86)\TI Education
2013-10-02 15:32 - 2013-10-02 15:32 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-10-02 15:32 - 2013-10-02 15:32 - 00000000 ____D C:\ProgramData\Browser Manager
2013-10-02 15:32 - 2013-10-02 15:32 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-28 00:27 - 2013-09-28 00:27 - 00001190 _____ C:\Windows\SysWOW64\ServiceConfig.xml
2013-09-21 22:10 - 2013-09-21 22:10 - 00000000 ____D C:\Users\Chelle\AppData\Local\HP MediaSmart Video

==================== One Month Modified Files and Folders =======

2013-10-21 21:13 - 2013-10-21 21:13 - 00000000 ____D C:\FRST
2013-10-21 17:03 - 2013-08-30 08:08 - 00001830 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-10-21 17:03 - 2013-08-26 13:14 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-21 17:03 - 2012-05-14 12:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-21 17:02 - 2012-01-06 18:24 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-21 17:02 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-21 17:02 - 2009-07-13 20:51 - 00178224 _____ C:\Windows\setupact.log
2013-10-20 18:28 - 2010-08-18 19:14 - 01188910 _____ C:\Windows\WindowsUpdate.log
2013-10-20 18:21 - 2013-08-26 13:14 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-20 00:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-10-19 23:43 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-19 23:43 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-19 23:40 - 2009-07-13 21:13 - 00727144 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-19 23:34 - 2013-03-13 18:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-19 23:34 - 2013-03-13 18:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-19 23:34 - 2010-08-18 21:15 - 00254554 _____ C:\Windows\PFRO.log
2013-10-19 23:34 - 2009-07-13 20:45 - 00286832 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-19 23:16 - 2011-02-23 17:28 - 00743348 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-19 23:16 - 2011-02-23 17:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-10-19 23:05 - 2013-07-22 23:00 - 00000000 ____D C:\Windows\System32\MRT
2013-10-19 18:57 - 2013-10-19 18:57 - 00012288 ___SH C:\Users\Chelle\Thumbs.db
2013-10-19 18:57 - 2010-11-12 18:39 - 00000000 ____D C:\users\Chelle
2013-10-19 18:18 - 2011-02-26 08:30 - 00000000 ____D C:\Users\Chelle\AppData\Local\CrashDumps
2013-10-19 18:15 - 2012-07-01 17:03 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForChelle.job
2013-10-19 18:04 - 2012-12-10 18:50 - 00000000 ____D C:\Program Files (x86)\Sendori
2013-10-19 18:02 - 2013-08-27 01:56 - 00000000 ____D C:\Program Files (x86)\BearShare Applications
2013-10-19 18:01 - 2012-07-01 17:03 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForChelle
2013-10-19 17:54 - 2011-05-14 12:00 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\Skype
2013-10-19 17:47 - 2013-10-15 14:20 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\Azureus
2013-10-19 17:47 - 2013-10-15 14:20 - 00000000 ____D C:\Program Files (x86)\Vuze
2013-10-19 17:47 - 2013-10-07 17:24 - 00000000 ____D C:\Program Files (x86)\TI Education
2013-10-19 17:47 - 2013-08-30 08:08 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-10-19 17:47 - 2013-07-09 19:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-19 17:47 - 2013-03-08 04:50 - 00000000 ____D C:\Windows\SysWOW64\dxdibs
2013-10-19 17:47 - 2013-02-13 13:08 - 00000000 ____D C:\Users\Chelle\AppData\Local\Akamai
2013-10-19 17:47 - 2013-02-02 22:33 - 00000000 ____D C:\ProgramData\PMB Files
2013-10-19 17:47 - 2013-01-21 08:38 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\.minecraft
2013-10-19 17:47 - 2013-01-11 16:33 - 00000000 ____D C:\Windows\Minidump
2013-10-19 17:47 - 2012-08-03 15:53 - 00000000 ____D C:\users\Administrator
2013-10-19 17:47 - 2012-05-04 20:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-19 17:47 - 2011-12-27 07:49 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-19 17:47 - 2011-05-14 12:00 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-19 17:47 - 2010-08-18 19:25 - 00000000 ____D C:\ProgramData\CinemaNow
2013-10-19 17:47 - 2010-08-18 19:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-19 17:47 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-10-19 17:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-10-19 17:14 - 2013-10-19 17:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple
2013-10-19 17:02 - 2013-03-29 12:04 - 00000000 ____D C:\Riot Games
2013-10-19 17:02 - 2013-02-27 14:37 - 00000000 ____D C:\users\Chance
2013-10-19 17:02 - 2012-05-27 10:10 - 00000000 ____D C:\users\Joe
2013-10-19 17:02 - 2011-11-30 10:28 - 00000000 ____D C:\Windows\System32\Macromed
2013-10-19 17:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-10-19 17:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-19 17:01 - 2013-08-30 06:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-19 17:01 - 2011-05-14 12:00 - 00000000 ____D C:\ProgramData\Skype
2013-10-19 17:01 - 2011-02-23 17:28 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\SoftGrid Client
2013-10-19 17:01 - 2010-11-13 04:26 - 00000000 ____D C:\Users\Chelle\AppData\Local\Mozilla
2013-10-19 17:00 - 2011-02-23 17:34 - 00000000 __RHD C:\MSOCache
2013-10-19 17:00 - 2010-12-18 17:49 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-19 16:23 - 2012-08-03 15:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-10-18 20:39 - 2013-02-02 22:33 - 00000000 ____D C:\Users\Chelle\AppData\Local\PMB Files
2013-10-18 20:18 - 2010-11-14 12:16 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\HP Support Assistant
2013-10-18 20:18 - 2010-11-14 06:11 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\HpUpdate
2013-10-18 20:09 - 2010-08-18 19:14 - 00000000 ____D C:\ProgramData\PDFC
2013-10-18 20:04 - 2009-07-13 23:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-10-18 19:06 - 2013-10-15 14:20 - 00000000 ____D C:\Users\Chelle\AppData\Local\Slick Savings
2013-10-17 11:21 - 2013-10-17 11:21 - 00000000 ____D C:\ProgramData\Oracle
2013-10-12 20:36 - 2011-01-24 12:38 - 00000000 ____D C:\Users\Chelle\.gimp-2.6
2013-10-12 19:55 - 2013-10-12 19:55 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\wacomid-desktop-launcher
2013-10-08 14:38 - 2012-12-11 14:03 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-10-08 14:38 - 2012-05-14 12:11 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 14:38 - 2012-05-14 12:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 14:38 - 2011-05-16 11:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-07 17:25 - 2013-10-07 17:25 - 00002287 _____ C:\Users\Public\Desktop\TI-83 Plus Flash Debugger.lnk
2013-10-07 17:25 - 2013-10-07 17:25 - 00000047 _____ C:\AUTOEXEC.BAT
2013-10-02 15:32 - 2013-10-02 15:32 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-10-02 15:32 - 2013-10-02 15:32 - 00000000 ____D C:\ProgramData\Browser Manager
2013-10-02 15:32 - 2013-10-02 15:32 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-28 00:27 - 2013-09-28 00:27 - 00001190 _____ C:\Windows\SysWOW64\ServiceConfig.xml
2013-09-26 14:29 - 2010-08-18 21:15 - 00301517 ____N C:\Windows\Minidump\092613-27518-01.dmp
2013-09-25 21:46 - 2010-11-13 04:48 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-09-22 15:28 - 2013-10-19 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-22 15:28 - 2013-10-19 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-22 15:27 - 2013-10-19 23:13 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-22 15:27 - 2013-10-19 23:13 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-22 15:27 - 2013-10-19 23:13 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-22 15:27 - 2013-10-19 23:13 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-22 15:27 - 2013-10-19 23:13 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-22 15:27 - 2013-10-19 23:13 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-22 15:27 - 2013-10-19 23:13 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-22 15:27 - 2013-10-19 23:13 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-22 15:27 - 2013-10-19 23:13 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-22 15:27 - 2013-10-19 23:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-22 15:27 - 2013-10-19 23:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-22 14:55 - 2013-10-19 23:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-22 14:55 - 2013-10-19 23:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-22 14:55 - 2013-10-19 23:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-22 14:54 - 2013-10-19 23:13 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-22 14:54 - 2013-10-19 23:13 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-22 14:54 - 2013-10-19 23:13 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-22 14:54 - 2013-10-19 23:13 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-22 14:54 - 2013-10-19 23:13 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-22 14:54 - 2013-10-19 23:13 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-22 14:54 - 2013-10-19 23:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-22 14:54 - 2013-10-19 23:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-22 14:54 - 2013-10-19 23:13 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-22 14:54 - 2013-10-19 23:13 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-22 14:54 - 2013-10-19 23:13 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-21 22:10 - 2013-09-21 22:10 - 00000000 ____D C:\Users\Chelle\AppData\Local\HP MediaSmart Video
2013-09-21 22:10 - 2010-11-18 14:24 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\CyberLink

Files to move or delete:
====================
C:\Users\Chelle\AppData\Roaming\cache.ini
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install


Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\29668e6e-eded-4ef7-9533-5b5934e0d1a6.exe
C:\Users\Administrator\AppData\Local\Temp\67a585a3-53cd-4c55-a55d-c9e705fe2c48.exe
C:\Users\Administrator\AppData\Local\Temp\svcboot.dll
C:\Users\Administrator\AppData\Local\Temp\{0F886B32-0662-4A4F-95EC-A2984B8C2D31}.dll
C:\Users\Administrator\AppData\Local\Temp\{335503E4-5F57-428E-8AA3-2FA26A6871D0}.dll
C:\Users\Administrator\AppData\Local\Temp\{36B6CEA4-E8C1-415D-AADE-F53AF2F69AFC}.dll
C:\Users\Administrator\AppData\Local\Temp\{5C09ABB4-F4F0-4497-8194-F0AD6C30B61E}.dll
C:\Users\Administrator\AppData\Local\Temp\{74F803E3-4748-4C53-83AB-B26FCA1380BC}.dll
C:\Users\Administrator\AppData\Local\Temp\{B9255035-7609-4B5E-9D28-FB878E5683D1}.dll
C:\Users\Administrator\AppData\Local\Temp\{EF8D735F-91E1-475F-953F-63D0A3240F59}.dll
C:\Users\Administrator\AppData\Local\Temp\{F11F0182-DB7B-47A6-A446-7339248F4E7E}.dll
C:\Users\Administrator\AppData\Local\Temp\{FE5AB429-27B9-44FE-827C-33A40C33FD3D}.dll
C:\Users\Chelle\AppData\Local\Temp\bpuninstall.exe
C:\Users\Chelle\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Chelle\AppData\Local\Temp\Delta.exe
C:\Users\Chelle\AppData\Local\Temp\DeltaTB.exe
C:\Users\Chelle\AppData\Local\Temp\i4jdel0.exe
C:\Users\Chelle\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Chelle\AppData\Local\Temp\propsys.dll
C:\Users\Chelle\AppData\Local\Temp\setup.exe
C:\Users\Chelle\AppData\Local\Temp\WSSetup.exe
C:\Users\Joe\AppData\Local\Temp\SkypeSetup.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

11
Restore point made on: 2013-09-30 20:10:38
Restore point made on: 2013-10-08 12:14:11
Restore point made on: 2013-10-15 17:37:35
Restore point made on: 2013-10-17 11:19:29
Restore point made on: 2013-10-18 19:27:21
Restore point made on: 2013-10-18 19:32:28
Restore point made on: 2013-10-18 20:00:03
Restore point made on: 2013-10-19 18:03:48
Restore point made on: 2013-10-19 18:06:46
Restore point made on: 2013-10-19 18:42:29
Restore point made on: 2013-10-19 23:00:31

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 6143.29 MB
Available physical RAM: 5219.57 MB
Total Pagefile: 6141.43 MB
Available Pagefile: 5185.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.33 GB) (Free:607.59 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:12.09 GB) (Free:1.48 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive l: (My U3 Drive) (Removable) (Total:0.95 GB) (Free:0.74 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 27F15F0D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 974 MB) (Disk ID: 3E0D058B)
Partition 1: (Active) - (Size=974 MB) - (Type=0E)


LastRegBack: 2013-10-11 12:12

==================== End Of Log ============================

Link to post
Share on other sites

Hi Chelle

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{dabdfb26-42a5-721d-d640-a5cc8c091362}\   \...\???\{dabdfb26-42a5-721d-d640-a5cc8c091362}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)C:\Users\Chelle\AppData\Roaming\cache.iniC:\Program Files (x86)\Google\Desktop\InstallLastRegBack: 2013-10-11 12:12
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

On Windows XP: Now please boot into the BartPE CD.

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Please let me know if you can to reboot in normal mode.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.