Chelle_s Posted October 20, 2013 ID:744036 Share Posted October 20, 2013 A couple of days ago, I was recommended Vuze to download.I did so, but now even though I click on Firefox, it opens up but will not load. It will not go to any site and says it's connecting. It has also changed my default search engine to Yahoo. I declined all of this during installation of vuze , but that obviously did not matter.I've tried to delete everything concerning vuze, but that has not helped. I have found spigot on my computer as well and I'm not sure how to delete and remove all of this.What do I do to clean my computer from this mess and know for a fact vuze/spigot is gone from my computer completely ? Link to post Share on other sites More sharing options...
Robybel Posted October 20, 2013 ID:744047 Share Posted October 20, 2013 Hi and Welcome!! Chelle_s My name is Robybel. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.The fixes are specific to your problem and should only be used for the issues on this machine.Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.It's often worth reading through these instructions and printing them for ease of reference.If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.Please reply to this thread. Do not start a new topic.IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so. DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data. Vista and Windows 7 users: These tools MUST be run from the executable. (.exe) every time you run them with Admin Rights (Right click, choose "Run as Administrator") Stay with this topic until I give you the all clean post. Having said that....Let's get going!! ================================== Scan with OTL Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Check the boxes beside LOP Check and Purity Check.Under Custom Scan paste this in netsvcs %SYSTEMDRIVE%\*.exe /md5start explorer.exe winlogon.exe Userinit.exe svchost.exe services.exe /md5stop %systemroot%\*. /rp /s %systemdrive%\$Recycle.Bin|@;true;true;true /fp DRIVES CREATERESTOREPOINTClick the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.You may need two posts to fit them both in.=============================== Next ======================================= Please download aswMBR.exe and save it to your desktop.Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)Allow it to update where necessaryClick ScanUpon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet. You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.On your next reply please post : OTL.txtExtras.txtaswMBR log Let me know if you have any problems in performing with the steps above or any questions you may have. Good Day! Link to post Share on other sites More sharing options...
Chelle_s Posted October 20, 2013 Author ID:744048 Share Posted October 20, 2013 I cant even get on the internet to do this, im not sure how to download that if i cant even get a site working .Im actually on my phone as of right now . Link to post Share on other sites More sharing options...
Robybel Posted October 20, 2013 ID:744049 Share Posted October 20, 2013 Ok Chelle Which OS do you use? XP or Win7 or others Link to post Share on other sites More sharing options...
Chelle_s Posted October 20, 2013 Author ID:744056 Share Posted October 20, 2013 Win7 Link to post Share on other sites More sharing options...
Robybel Posted October 20, 2013 ID:744061 Share Posted October 20, 2013 Hi Chelle_s Ok!! FRST Download the 32 bit or 64 bit version for your system of FRST and save it to a flash drive. Plug the flashdrive into the infected PC. Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command PromptSelect Command PromptIn the command window type in notepad and press Enter.The notepad opens. Under File menu select Open.Select "Computer" and find your flash drive letter and close the notepad.In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.The tool will start to run.When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Link to post Share on other sites More sharing options...
Chelle_s Posted October 22, 2013 Author ID:744755 Share Posted October 22, 2013 thank you so much for this! (: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2013 01Ran by SYSTEM on MININT-OEH2PCD on 21-10-2013 21:13:07Running from L:\Windows 7 Professional (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)HKLM-x32\...\Run: [bambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-12-11] ()HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-07-19] (Apple Inc.)HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)HKLM-x32\...\Run: [sendori Tray] - "C:\Program Files (x86)\Sendori\SendoriTray.exe"HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKLM-x32\...\Run: [NCUpdateHelper] - C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [528360 2013-08-18] (NCSOFT Corporation)HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)HKLM-x32\...\Run: [search Protection] - C:\ProgramData\Search Protection\SearchProtection.exeHKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-runHKU\Chance\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)HKU\Chance\...\Run: [AS2014] - C:\ProgramData\7spggpns\7spggpns.exeHKU\Chelle\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silentHKU\Chelle\...\Run: [PlayNC Launcher] - [x]HKU\Chelle\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-02] ()HKU\Chelle\...\Run: [NCsoft Launcher] - C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe [43304 2013-07-16] (NCSOFT)HKU\Chelle\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)HKU\Chelle\...\Run: [Akamai NetSession Interface] - C:\Users\Chelle\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)HKU\Chelle\...\Run: [pronto] - "C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe"HKU\Chelle\...\Run: [GoogleChromeAutoLaunch_189481A45EC53BD85532A15547E4B699] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752 2013-10-02] (Google Inc.)HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)HKU\Joe\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)HKU\Joe\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)HKU\Joe\...\Run: [AS2014] - C:\ProgramData\7spggpns\7spggpns.exeHKU\UpdatusUser\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)AppInit_DLLs: c:\progra~2\musict~1\datamngr\x64\mgrldr.dll [97280 2009-07-13] ()AppInit_DLLs-x32: c:\progra~2\musict~1\datamngr\mgrldr.dll [ ] ()IMEO\bitguard.exe: [Debugger] tasklist.exeIMEO\bprotect.exe: [Debugger] tasklist.exeIMEO\browsemngr.exe: [Debugger] tasklist.exeIMEO\browserdefender.exe: [Debugger] tasklist.exeIMEO\browsermngr.exe: [Debugger] tasklist.exeIMEO\browserprotect.exe: [Debugger] tasklist.exeIMEO\bundlesweetimsetup.exe: [Debugger] tasklist.exeIMEO\cltmngsvc.exe: [Debugger] tasklist.exeIMEO\delta babylon.exe: [Debugger] tasklist.exeIMEO\delta tb.exe: [Debugger] tasklist.exeIMEO\delta2.exe: [Debugger] tasklist.exeIMEO\deltainstaller.exe: [Debugger] tasklist.exeIMEO\deltasetup.exe: [Debugger] tasklist.exeIMEO\deltatb.exe: [Debugger] tasklist.exeIMEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exeIMEO\iminentsetup.exe: [Debugger] tasklist.exeIMEO\rjatydimofu.exe: [Debugger] tasklist.exeIMEO\sweetimsetup.exe: [Debugger] tasklist.exeIMEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe Link to post Share on other sites More sharing options...
Robybel Posted October 22, 2013 ID:744808 Share Posted October 22, 2013 Hi Chelle This log is incomplete Link to post Share on other sites More sharing options...
Chelle_s Posted October 24, 2013 Author ID:745954 Share Posted October 24, 2013 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2013 01Ran by SYSTEM on MININT-OEH2PCD on 21-10-2013 21:13:07Running from L:\Windows 7 Professional (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)HKLM-x32\...\Run: [bambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-12-11] ()HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-07-19] (Apple Inc.)HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)HKLM-x32\...\Run: [sendori Tray] - "C:\Program Files (x86)\Sendori\SendoriTray.exe"HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKLM-x32\...\Run: [NCUpdateHelper] - C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [528360 2013-08-18] (NCSOFT Corporation)HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)HKLM-x32\...\Run: [search Protection] - C:\ProgramData\Search Protection\SearchProtection.exeHKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-runHKU\Chance\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)HKU\Chance\...\Run: [AS2014] - C:\ProgramData\7spggpns\7spggpns.exeHKU\Chelle\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silentHKU\Chelle\...\Run: [PlayNC Launcher] - [x]HKU\Chelle\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-02] ()HKU\Chelle\...\Run: [NCsoft Launcher] - C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe [43304 2013-07-16] (NCSOFT)HKU\Chelle\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)HKU\Chelle\...\Run: [Akamai NetSession Interface] - C:\Users\Chelle\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)HKU\Chelle\...\Run: [pronto] - "C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe"HKU\Chelle\...\Run: [GoogleChromeAutoLaunch_189481A45EC53BD85532A15547E4B699] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752 2013-10-02] (Google Inc.)HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)HKU\Joe\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)HKU\Joe\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)HKU\Joe\...\Run: [AS2014] - C:\ProgramData\7spggpns\7spggpns.exeHKU\UpdatusUser\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)AppInit_DLLs: c:\progra~2\musict~1\datamngr\x64\mgrldr.dll [97280 2009-07-13] ()AppInit_DLLs-x32: c:\progra~2\musict~1\datamngr\mgrldr.dll [ ] ()IMEO\bitguard.exe: [Debugger] tasklist.exeIMEO\bprotect.exe: [Debugger] tasklist.exeIMEO\browsemngr.exe: [Debugger] tasklist.exeIMEO\browserdefender.exe: [Debugger] tasklist.exeIMEO\browsermngr.exe: [Debugger] tasklist.exeIMEO\browserprotect.exe: [Debugger] tasklist.exeIMEO\bundlesweetimsetup.exe: [Debugger] tasklist.exeIMEO\cltmngsvc.exe: [Debugger] tasklist.exeIMEO\delta babylon.exe: [Debugger] tasklist.exeIMEO\delta tb.exe: [Debugger] tasklist.exeIMEO\delta2.exe: [Debugger] tasklist.exeIMEO\deltainstaller.exe: [Debugger] tasklist.exeIMEO\deltasetup.exe: [Debugger] tasklist.exeIMEO\deltatb.exe: [Debugger] tasklist.exeIMEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exeIMEO\iminentsetup.exe: [Debugger] tasklist.exeIMEO\rjatydimofu.exe: [Debugger] tasklist.exeIMEO\sweetimsetup.exe: [Debugger] tasklist.exeIMEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe==================== Services (Whitelisted) =================S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-12] (Lavasoft Limited)S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)S2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2024864 2010-08-17] (Microsoft Corp.)S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4702568 2012-10-24] (INCA Internet Co., Ltd.)S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)S2 svcboot_xncic; c:\windows\syswow64\dxdibs\svcboot_xncic.dll [231752 2013-01-28] ()S2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-03] (Microsoft Corporation)S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [x]S2 DatamngrCoordinator; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [x]S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [x]S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [x]S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{dabdfb26-42a5-721d-d640-a5cc8c091362}\ \...\???\{dabdfb26-42a5-721d-d640-a5cc8c091362}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)==================== Drivers (Whitelisted) ====================S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-04-02] ()S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-30] (GFI Software)S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-04-02] ()S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527872 2007-11-08] (PixArt Imaging Inc.)S2 BFE;S2 iphlpsvc;S2 MpsSvc;S3 PolicyAgent;S3 usj; \??\C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [x]S2 wscsvc;==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-10-21 21:13 - 2013-10-21 21:13 - 00000000 ____D C:\FRST2013-10-19 23:13 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-10-19 23:13 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-10-19 23:13 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-10-19 23:13 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-10-19 23:13 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-10-19 23:13 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-10-19 23:13 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-10-19 23:13 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-10-19 23:13 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-10-19 23:13 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-10-19 23:13 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-10-19 23:13 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-10-19 23:13 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-10-19 23:13 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-10-19 23:13 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-10-19 23:13 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-10-19 23:13 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-10-19 23:13 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-10-19 23:13 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-10-19 23:13 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-10-19 23:13 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-10-19 23:13 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-10-19 23:13 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-10-19 23:13 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-10-19 23:13 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-10-19 23:13 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-10-19 23:13 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-10-19 23:13 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-10-19 23:13 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-10-19 23:13 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-10-19 23:13 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-10-19 18:57 - 2013-10-19 18:57 - 00012288 ___SH C:\Users\Chelle\Thumbs.db2013-10-19 17:59 - 2013-09-13 17:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys2013-10-19 17:59 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2013-10-19 17:59 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll2013-10-19 17:59 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll2013-10-19 17:59 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2013-10-19 17:59 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll2013-10-19 17:59 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll2013-10-19 17:59 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll2013-10-19 17:59 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll2013-10-19 17:59 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2013-10-19 17:59 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2013-10-19 17:59 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2013-10-19 17:59 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll2013-10-19 17:59 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2013-10-19 17:59 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll2013-10-19 17:59 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2013-10-19 17:59 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2013-10-19 17:59 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2013-10-19 17:59 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2013-10-19 17:59 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-10-19 17:59 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll2013-10-19 17:59 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys2013-10-19 17:59 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll2013-10-19 17:59 - 2013-08-01 18:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll2013-10-19 17:59 - 2013-08-01 18:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2013-10-19 17:59 - 2013-08-01 17:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe2013-10-19 17:59 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe2013-10-19 17:59 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2013-10-19 17:59 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys2013-10-19 17:59 - 2013-07-25 18:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll2013-10-19 17:59 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll2013-10-19 17:59 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2013-10-19 17:59 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll2013-10-19 17:59 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll2013-10-19 17:59 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2013-10-19 17:59 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys2013-10-19 17:59 - 2013-07-12 02:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBAUDIO.sys2013-10-19 17:59 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll2013-10-19 17:59 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll2013-10-19 17:59 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll2013-10-19 17:59 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll2013-10-19 17:59 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll2013-10-19 17:59 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll2013-10-19 17:59 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys2013-10-19 17:59 - 2013-07-02 20:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys2013-10-19 17:59 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys2013-10-19 17:59 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys2013-10-19 17:59 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys2013-10-19 17:59 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll2013-10-19 17:59 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll2013-10-19 17:59 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll2013-10-19 17:59 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll2013-10-19 17:59 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll2013-10-19 17:59 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll2013-10-19 17:59 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll2013-10-19 17:59 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll2013-10-19 17:59 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll2013-10-19 17:59 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll2013-10-19 17:14 - 2013-10-19 17:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple2013-10-17 11:21 - 2013-10-17 11:21 - 00000000 ____D C:\ProgramData\Oracle2013-10-15 14:20 - 2013-10-19 17:47 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\Azureus2013-10-15 14:20 - 2013-10-19 17:47 - 00000000 ____D C:\Program Files (x86)\Vuze2013-10-15 14:20 - 2013-10-18 19:06 - 00000000 ____D C:\Users\Chelle\AppData\Local\Slick Savings2013-10-12 19:55 - 2013-10-12 19:55 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\wacomid-desktop-launcher2013-10-07 17:25 - 2013-10-07 17:25 - 00002287 _____ C:\Users\Public\Desktop\TI-83 Plus Flash Debugger.lnk2013-10-07 17:25 - 2013-10-07 17:25 - 00000047 _____ C:\AUTOEXEC.BAT2013-10-07 17:24 - 2013-10-19 17:47 - 00000000 ____D C:\Program Files (x86)\TI Education2013-10-02 15:32 - 2013-10-02 15:32 - 00000000 ____D C:\ProgramData\BrowserProtect2013-10-02 15:32 - 2013-10-02 15:32 - 00000000 ____D C:\ProgramData\Browser Manager2013-10-02 15:32 - 2013-10-02 15:32 - 00000000 ____D C:\ProgramData\BitGuard2013-09-28 00:27 - 2013-09-28 00:27 - 00001190 _____ C:\Windows\SysWOW64\ServiceConfig.xml2013-09-21 22:10 - 2013-09-21 22:10 - 00000000 ____D C:\Users\Chelle\AppData\Local\HP MediaSmart Video==================== One Month Modified Files and Folders =======2013-10-21 21:13 - 2013-10-21 21:13 - 00000000 ____D C:\FRST2013-10-21 17:03 - 2013-08-30 08:08 - 00001830 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk2013-10-21 17:03 - 2013-08-26 13:14 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-10-21 17:03 - 2012-05-14 12:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-10-21 17:02 - 2012-01-06 18:24 - 00000000 ____D C:\ProgramData\NVIDIA2013-10-21 17:02 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-10-21 17:02 - 2009-07-13 20:51 - 00178224 _____ C:\Windows\setupact.log2013-10-20 18:28 - 2010-08-18 19:14 - 01188910 _____ C:\Windows\WindowsUpdate.log2013-10-20 18:21 - 2013-08-26 13:14 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-10-20 00:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache2013-10-19 23:43 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-10-19 23:43 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-10-19 23:40 - 2009-07-13 21:13 - 00727144 _____ C:\Windows\System32\PerfStringBackup.INI2013-10-19 23:34 - 2013-03-13 18:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-10-19 23:34 - 2013-03-13 18:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2013-10-19 23:34 - 2010-08-18 21:15 - 00254554 _____ C:\Windows\PFRO.log2013-10-19 23:34 - 2009-07-13 20:45 - 00286832 _____ C:\Windows\System32\FNTCACHE.DAT2013-10-19 23:16 - 2011-02-23 17:28 - 00743348 _____ C:\Windows\SysWOW64\PerfStringBackup.INI2013-10-19 23:16 - 2011-02-23 17:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client2013-10-19 23:05 - 2013-07-22 23:00 - 00000000 ____D C:\Windows\System32\MRT2013-10-19 18:57 - 2013-10-19 18:57 - 00012288 ___SH C:\Users\Chelle\Thumbs.db2013-10-19 18:57 - 2010-11-12 18:39 - 00000000 ____D C:\users\Chelle2013-10-19 18:18 - 2011-02-26 08:30 - 00000000 ____D C:\Users\Chelle\AppData\Local\CrashDumps2013-10-19 18:15 - 2012-07-01 17:03 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForChelle.job2013-10-19 18:04 - 2012-12-10 18:50 - 00000000 ____D C:\Program Files (x86)\Sendori2013-10-19 18:02 - 2013-08-27 01:56 - 00000000 ____D C:\Program Files (x86)\BearShare Applications2013-10-19 18:01 - 2012-07-01 17:03 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForChelle2013-10-19 17:54 - 2011-05-14 12:00 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\Skype2013-10-19 17:47 - 2013-10-15 14:20 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\Azureus2013-10-19 17:47 - 2013-10-15 14:20 - 00000000 ____D C:\Program Files (x86)\Vuze2013-10-19 17:47 - 2013-10-07 17:24 - 00000000 ____D C:\Program Files (x86)\TI Education2013-10-19 17:47 - 2013-08-30 08:08 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus2013-10-19 17:47 - 2013-07-09 19:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-10-19 17:47 - 2013-03-08 04:50 - 00000000 ____D C:\Windows\SysWOW64\dxdibs2013-10-19 17:47 - 2013-02-13 13:08 - 00000000 ____D C:\Users\Chelle\AppData\Local\Akamai2013-10-19 17:47 - 2013-02-02 22:33 - 00000000 ____D C:\ProgramData\PMB Files2013-10-19 17:47 - 2013-01-21 08:38 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\.minecraft2013-10-19 17:47 - 2013-01-11 16:33 - 00000000 ____D C:\Windows\Minidump2013-10-19 17:47 - 2012-08-03 15:53 - 00000000 ____D C:\users\Administrator2013-10-19 17:47 - 2012-05-04 20:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2013-10-19 17:47 - 2011-12-27 07:49 - 00000000 ____D C:\Program Files (x86)\Steam2013-10-19 17:47 - 2011-05-14 12:00 - 00000000 ___RD C:\Program Files (x86)\Skype2013-10-19 17:47 - 2010-08-18 19:25 - 00000000 ____D C:\ProgramData\CinemaNow2013-10-19 17:47 - 2010-08-18 19:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2013-10-19 17:47 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender2013-10-19 17:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration2013-10-19 17:14 - 2013-10-19 17:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple2013-10-19 17:02 - 2013-03-29 12:04 - 00000000 ____D C:\Riot Games2013-10-19 17:02 - 2013-02-27 14:37 - 00000000 ____D C:\users\Chance2013-10-19 17:02 - 2012-05-27 10:10 - 00000000 ____D C:\users\Joe2013-10-19 17:02 - 2011-11-30 10:28 - 00000000 ____D C:\Windows\System32\Macromed2013-10-19 17:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF2013-10-19 17:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat2013-10-19 17:01 - 2013-08-30 06:21 - 00000000 ____D C:\ProgramData\Malwarebytes2013-10-19 17:01 - 2011-05-14 12:00 - 00000000 ____D C:\ProgramData\Skype2013-10-19 17:01 - 2011-02-23 17:28 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\SoftGrid Client2013-10-19 17:01 - 2010-11-13 04:26 - 00000000 ____D C:\Users\Chelle\AppData\Local\Mozilla2013-10-19 17:00 - 2011-02-23 17:34 - 00000000 __RHD C:\MSOCache2013-10-19 17:00 - 2010-12-18 17:49 - 00000000 ____D C:\Program Files (x86)\Java2013-10-19 16:23 - 2012-08-03 15:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer2013-10-18 20:39 - 2013-02-02 22:33 - 00000000 ____D C:\Users\Chelle\AppData\Local\PMB Files2013-10-18 20:18 - 2010-11-14 12:16 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\HP Support Assistant2013-10-18 20:18 - 2010-11-14 06:11 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\HpUpdate2013-10-18 20:09 - 2010-08-18 19:14 - 00000000 ____D C:\ProgramData\PDFC2013-10-18 20:04 - 2009-07-13 23:45 - 00000000 ___RD C:\Users\Public\Recorded TV2013-10-18 19:06 - 2013-10-15 14:20 - 00000000 ____D C:\Users\Chelle\AppData\Local\Slick Savings2013-10-17 11:21 - 2013-10-17 11:21 - 00000000 ____D C:\ProgramData\Oracle2013-10-12 20:36 - 2011-01-24 12:38 - 00000000 ____D C:\Users\Chelle\.gimp-2.62013-10-12 19:55 - 2013-10-12 19:55 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\wacomid-desktop-launcher2013-10-08 14:38 - 2012-12-11 14:03 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2013-10-08 14:38 - 2012-05-14 12:11 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-10-08 14:38 - 2012-05-14 12:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2013-10-08 14:38 - 2011-05-16 11:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-10-07 17:25 - 2013-10-07 17:25 - 00002287 _____ C:\Users\Public\Desktop\TI-83 Plus Flash Debugger.lnk2013-10-07 17:25 - 2013-10-07 17:25 - 00000047 _____ C:\AUTOEXEC.BAT2013-10-02 15:32 - 2013-10-02 15:32 - 00000000 ____D C:\ProgramData\BrowserProtect2013-10-02 15:32 - 2013-10-02 15:32 - 00000000 ____D C:\ProgramData\Browser Manager2013-10-02 15:32 - 2013-10-02 15:32 - 00000000 ____D C:\ProgramData\BitGuard2013-09-28 00:27 - 2013-09-28 00:27 - 00001190 _____ C:\Windows\SysWOW64\ServiceConfig.xml2013-09-26 14:29 - 2010-08-18 21:15 - 00301517 ____N C:\Windows\Minidump\092613-27518-01.dmp2013-09-25 21:46 - 2010-11-13 04:48 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-09-22 15:28 - 2013-10-19 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-09-22 15:28 - 2013-10-19 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-09-22 15:27 - 2013-10-19 23:13 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-09-22 15:27 - 2013-10-19 23:13 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-09-22 15:27 - 2013-10-19 23:13 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-09-22 15:27 - 2013-10-19 23:13 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-09-22 15:27 - 2013-10-19 23:13 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-09-22 15:27 - 2013-10-19 23:13 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-09-22 15:27 - 2013-10-19 23:13 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-09-22 15:27 - 2013-10-19 23:13 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-09-22 15:27 - 2013-10-19 23:13 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-09-22 15:27 - 2013-10-19 23:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-09-22 15:27 - 2013-10-19 23:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-09-22 14:55 - 2013-10-19 23:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-09-22 14:55 - 2013-10-19 23:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-09-22 14:55 - 2013-10-19 23:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-09-22 14:54 - 2013-10-19 23:13 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-09-22 14:54 - 2013-10-19 23:13 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-09-22 14:54 - 2013-10-19 23:13 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-09-22 14:54 - 2013-10-19 23:13 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-09-22 14:54 - 2013-10-19 23:13 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-09-22 14:54 - 2013-10-19 23:13 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-09-22 14:54 - 2013-10-19 23:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-09-22 14:54 - 2013-10-19 23:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-09-22 14:54 - 2013-10-19 23:13 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-09-22 14:54 - 2013-10-19 23:13 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-09-22 14:54 - 2013-10-19 23:13 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-09-21 22:10 - 2013-09-21 22:10 - 00000000 ____D C:\Users\Chelle\AppData\Local\HP MediaSmart Video2013-09-21 22:10 - 2010-11-18 14:24 - 00000000 ____D C:\Users\Chelle\AppData\Roaming\CyberLinkFiles to move or delete:====================C:\Users\Chelle\AppData\Roaming\cache.iniZeroAccess:C:\Program Files (x86)\Google\Desktop\InstallSome content of TEMP:====================C:\Users\Administrator\AppData\Local\Temp\29668e6e-eded-4ef7-9533-5b5934e0d1a6.exeC:\Users\Administrator\AppData\Local\Temp\67a585a3-53cd-4c55-a55d-c9e705fe2c48.exeC:\Users\Administrator\AppData\Local\Temp\svcboot.dllC:\Users\Administrator\AppData\Local\Temp\{0F886B32-0662-4A4F-95EC-A2984B8C2D31}.dllC:\Users\Administrator\AppData\Local\Temp\{335503E4-5F57-428E-8AA3-2FA26A6871D0}.dllC:\Users\Administrator\AppData\Local\Temp\{36B6CEA4-E8C1-415D-AADE-F53AF2F69AFC}.dllC:\Users\Administrator\AppData\Local\Temp\{5C09ABB4-F4F0-4497-8194-F0AD6C30B61E}.dllC:\Users\Administrator\AppData\Local\Temp\{74F803E3-4748-4C53-83AB-B26FCA1380BC}.dllC:\Users\Administrator\AppData\Local\Temp\{B9255035-7609-4B5E-9D28-FB878E5683D1}.dllC:\Users\Administrator\AppData\Local\Temp\{EF8D735F-91E1-475F-953F-63D0A3240F59}.dllC:\Users\Administrator\AppData\Local\Temp\{F11F0182-DB7B-47A6-A446-7339248F4E7E}.dllC:\Users\Administrator\AppData\Local\Temp\{FE5AB429-27B9-44FE-827C-33A40C33FD3D}.dllC:\Users\Chelle\AppData\Local\Temp\bpuninstall.exeC:\Users\Chelle\AppData\Local\Temp\BundleSweetIMSetup.exeC:\Users\Chelle\AppData\Local\Temp\Delta.exeC:\Users\Chelle\AppData\Local\Temp\DeltaTB.exeC:\Users\Chelle\AppData\Local\Temp\i4jdel0.exeC:\Users\Chelle\AppData\Local\Temp\MybabylonTB.exeC:\Users\Chelle\AppData\Local\Temp\propsys.dllC:\Users\Chelle\AppData\Local\Temp\setup.exeC:\Users\Chelle\AppData\Local\Temp\WSSetup.exeC:\Users\Joe\AppData\Local\Temp\SkypeSetup.exe==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================11Restore point made on: 2013-09-30 20:10:38Restore point made on: 2013-10-08 12:14:11Restore point made on: 2013-10-15 17:37:35Restore point made on: 2013-10-17 11:19:29Restore point made on: 2013-10-18 19:27:21Restore point made on: 2013-10-18 19:32:28Restore point made on: 2013-10-18 20:00:03Restore point made on: 2013-10-19 18:03:48Restore point made on: 2013-10-19 18:06:46Restore point made on: 2013-10-19 18:42:29Restore point made on: 2013-10-19 23:00:31==================== Memory info ===========================Percentage of memory in use: 15%Total physical RAM: 6143.29 MBAvailable physical RAM: 5219.57 MBTotal Pagefile: 6141.43 MBAvailable Pagefile: 5185.26 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.88 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:919.33 GB) (Free:607.59 GB) NTFSDrive e: (HP_RECOVERY) (Fixed) (Total:12.09 GB) (Free:1.48 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive l: (My U3 Drive) (Removable) (Total:0.95 GB) (Free:0.74 GB) FATDrive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFSDrive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 932 GB) (Disk ID: 27F15F0D)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)========================================================Disk: 5 (Size: 974 MB) (Disk ID: 3E0D058B)Partition 1: (Active) - (Size=974 MB) - (Type=0E)LastRegBack: 2013-10-11 12:12==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Robybel Posted October 25, 2013 ID:746294 Share Posted October 25, 2013 Hi ChelleOpen notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txtS2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{dabdfb26-42a5-721d-d640-a5cc8c091362}\ \...\???\{dabdfb26-42a5-721d-d640-a5cc8c091362}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)C:\Users\Chelle\AppData\Roaming\cache.iniC:\Program Files (x86)\Google\Desktop\InstallLastRegBack: 2013-10-11 12:12NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7: Now please enter System Recovery Options.On Windows XP: Now please boot into the BartPE CD.Run FRST64 and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.Please let me know if you can to reboot in normal mode. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 31, 2013 Root Admin ID:748311 Share Posted October 31, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts