Jump to content

Malwarebytes found things

Blackjack

By Blackjack
in Resolved Malware Removal Logs

 Share

Recommended Posts

  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Combofix found some items that should not be running on the computer and removed them.

 

The entry for Microsoft Excel allows it to display an export to Excel so it's normal and should be left alone in most cases.

 

There is something there though that I don't think should be running.   svcboot_cyjcgd.dll

 

Let me have you delete any FRST files you may have from a previous run and download a new version and run it and post back both logs.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Link to post
Share on other sites
Blackjack

Blackjack

Posted
  • Author
Posted
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013

Ran by Allen (administrator) on ALLEN-PC on 16-11-2013 05:28:53

Running from C:\Users\Allen\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Google Inc.) C:\Sandbox\Allen\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Sandbox\Allen\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

(Google Inc.) C:\Sandbox\Allen\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe

(Google Inc.) C:\Sandbox\Allen\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Sandbox\Allen\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Sandbox\Allen\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-09-08] (Lenovo)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [sandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)

HKLM-x32\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056 2007-04-27] (Lenovo(beijing) Limited)

HKLM-x32\...\Run: [EnergyCut] - C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe [1167360 2007-03-09] (Lenovo (Beijing) Limited)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

Tcpip\..\Interfaces\{2D2093C2-D542-42D1-8A2F-27A7AA54C040}: [NameServer]8.8.8.8 4.2.2.2

 

FireFox:

========

FF ProfilePath: C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\sx3zrdti.default


FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()

FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: No Name - C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\sx3zrdti.default\Extensions\trash

FF Extension: No Name - C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\sx3zrdti.default\Extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi

 

Chrome: 

=======



CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Java Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

CHR Extension: (Google Wallet) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

 

==================== Services (Whitelisted) =================

 

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)

 

==================== Drivers (Whitelisted) ====================

 

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [250752 2011-06-14] (Vimicro Corporation)

S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

U3 BcmSqlStartupSvc; 

S4 catchme; \??\C:\ComboFix\catchme.sys [x]

U2 CLKMSVC10_3A60B698; 

U2 CLKMSVC10_C3B3B687; 

S3 clwvd; system32\DRIVERS\clwvd.sys [x]

U2 DriverService; 

U2 iATAgentService; 

U2 idealife Update Service; 

U3 IGRS; 

U2 IviRegMgr; 

S0 LHDmgr; System32\DRIVERS\LhdX64.sys [x]

U2 nvUpdatusService; 

U2 Oasis2Service; 

U2 PCCarerService; 

U2 ReadyComm.DirectRouter; 

U2 RichVideo; 

U2 RtLedService; 

U2 SeaPort; 

U2 SoftwareService; 

U3 SQLWriter; 

U2 Stereo Service; 

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-11-16 05:28 - 2013-11-16 05:29 - 00010852 _____ C:\Users\Allen\Desktop\FRST.txt

2013-11-16 05:28 - 2013-11-16 05:28 - 01957794 _____ (Farbar) C:\Users\Allen\Desktop\FRST64.exe

2013-11-16 05:28 - 2013-11-16 05:28 - 00000000 ____D C:\FRST

2013-11-16 02:53 - 2013-11-16 02:53 - 00000000 ____D C:\Users\Allen\AppData\Local\{0260E89E-FBB6-43B6-915E-BEDEFAAFB713}

2013-11-15 17:45 - 2013-11-15 17:45 - 00017583 _____ C:\ComboFix.txt

2013-11-15 17:29 - 2011-06-25 22:45 - 00256000 _____ C:\windows\PEV.exe

2013-11-15 17:29 - 2010-11-07 09:20 - 00208896 _____ C:\windows\MBR.exe

2013-11-15 17:29 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe

2013-11-15 17:29 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe

2013-11-15 17:29 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe

2013-11-15 17:29 - 2000-08-30 16:00 - 00098816 _____ C:\windows\sed.exe

2013-11-15 17:29 - 2000-08-30 16:00 - 00080412 _____ C:\windows\grep.exe

2013-11-15 17:29 - 2000-08-30 16:00 - 00068096 _____ C:\windows\zip.exe

2013-11-15 17:28 - 2013-11-15 17:46 - 00000000 ____D C:\Qoobox

2013-11-15 08:32 - 2013-11-15 08:32 - 00000000 ____D C:\Users\Allen\AppData\Local\{9DD2206E-EB3B-4237-AC1C-43BDE9303D2B}

2013-11-15 08:30 - 2013-11-15 08:30 - 00000493 _____ C:\windows\SynInst.log

2013-11-15 07:30 - 2013-11-15 07:30 - 00000020 ___SH C:\Users\Allen\ntuser.ini

2013-11-14 23:07 - 2013-11-14 23:07 - 07020032 _____ C:\Users\Allen\Documents\AutoRuns.arn

2013-11-14 18:45 - 2013-11-14 18:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{23368A9D-272E-4F42-9305-062C4F119EEF}

2013-11-14 06:44 - 2013-11-14 06:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{982B774A-DBBF-4413-966B-3510539E52F3}

2013-11-13 21:24 - 2013-11-13 21:24 - 00003128 _____ C:\windows\System32\Tasks\{94045FC0-11AC-4BED-8E9B-5ED3F4213049}

2013-11-13 21:21 - 2013-11-13 21:21 - 00003128 _____ C:\windows\System32\Tasks\{EFD3E1F1-B9C7-4893-89A8-6ACDB10A80E0}

2013-11-13 14:06 - 2013-11-13 14:06 - 00000000 ____D C:\Users\Allen\AppData\Local\{6F6ED3AC-9386-4B44-B4AF-5EC80C57F8F4}

2013-11-13 02:05 - 2013-11-13 02:05 - 00000000 ____D C:\Users\Allen\AppData\Local\{894B07E1-86D9-4DBF-8699-74F394090789}

2013-11-13 01:56 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys

2013-11-13 01:56 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2013-11-13 01:56 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2013-11-13 01:56 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll

2013-11-13 01:56 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll

2013-11-13 01:56 - 2013-10-01 17:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll

2013-11-13 01:56 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll

2013-11-13 01:56 - 2013-10-01 16:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll

2013-11-13 01:56 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll

2013-11-13 01:56 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll

2013-11-13 01:56 - 2013-10-01 16:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe

2013-11-13 01:56 - 2013-10-01 16:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe

2013-11-13 01:56 - 2013-10-01 15:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll

2013-11-13 01:56 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe

2013-11-13 01:56 - 2013-10-01 15:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll

2013-11-13 01:56 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe

2013-11-13 01:56 - 2013-10-01 12:57 - 06578176 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll

2013-11-13 01:56 - 2013-10-01 12:55 - 05698048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll

2013-11-13 01:51 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll

2013-11-13 01:51 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll

2013-11-13 01:51 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll

2013-11-13 01:51 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll

2013-11-13 01:51 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll

2013-11-13 01:51 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll

2013-11-13 01:51 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll

2013-11-13 01:51 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll

2013-11-13 01:51 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys

2013-11-13 01:51 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

2013-11-13 01:51 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys

2013-11-13 01:51 - 2013-09-24 18:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll

2013-11-13 01:51 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll

2013-11-13 01:51 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll

2013-11-13 01:51 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll

2013-11-13 01:51 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2013-11-13 01:51 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2013-11-13 01:51 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll

2013-11-13 01:51 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

2013-11-13 01:51 - 2013-09-24 17:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll

2013-11-13 01:51 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll

2013-11-13 01:51 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll

2013-11-13 01:51 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll

2013-11-13 01:51 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe

2013-11-13 01:51 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys

2013-11-13 01:50 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll

2013-11-13 01:50 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL

2013-11-13 01:50 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL

2013-11-13 01:50 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll

2013-11-13 01:50 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL

2013-11-13 01:50 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll

2013-11-13 01:50 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll

2013-11-12 14:05 - 2013-11-12 14:05 - 00000000 ____D C:\Users\Allen\AppData\Local\{785B9571-91A3-449B-AD8C-E9539363A03F}

2013-11-12 02:04 - 2013-11-12 02:05 - 00000000 ____D C:\Users\Allen\AppData\Local\{1CB115BF-F1F2-4F90-819B-4D0562315336}

2013-11-11 14:04 - 2013-11-11 14:04 - 00000000 ____D C:\Users\Allen\AppData\Local\{03CF13AD-8664-4688-AFFB-EA1E2EB2A564}

2013-11-11 02:04 - 2013-11-11 02:04 - 00000000 ____D C:\Users\Allen\AppData\Local\{12B2B0E3-C28C-421B-97FB-FF1B63628E5A}

2013-11-10 12:46 - 2013-11-10 12:47 - 00000000 ____D C:\Users\Allen\AppData\Local\{601CCCA4-D03A-44EE-86E6-A8BE26C9A4F1}

2013-11-10 02:14 - 2013-11-10 02:14 - 1464364738 _____ C:\windows\MEMORY.DMP

2013-11-10 02:14 - 2013-11-10 02:14 - 00280320 _____ C:\windows\Minidump\111013-22729-01.dmp

2013-11-10 00:45 - 2013-11-10 00:46 - 00000000 ____D C:\Users\Allen\AppData\Local\{79DB994E-D837-4EAA-8AD5-811DA12B3677}

2013-11-09 12:45 - 2013-11-09 12:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{F38E45B7-C83A-4243-9EFA-9961AF03173F}

2013-11-09 00:44 - 2013-11-09 00:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{5F07EBF8-DB64-472F-BDFA-3EF355967A77}

2013-11-08 12:44 - 2013-11-08 12:44 - 00000000 ____D C:\Users\Allen\AppData\Local\{0670ED63-8060-41A5-AD95-866E8BA17E00}

2013-11-08 11:46 - 2013-11-08 11:46 - 00000000 ____D C:\Program Files (x86)\Imagenomic

2013-11-08 00:44 - 2013-11-08 00:44 - 00000000 ____D C:\Users\Allen\AppData\Local\{70EF9723-6C0B-45D1-81C6-45A985BF8ED2}

2013-11-07 12:43 - 2013-11-07 12:43 - 00000000 ____D C:\Users\Allen\AppData\Local\{F53B0A45-4DC7-4500-9FF6-A5236082118C}

2013-11-06 21:46 - 2013-11-06 21:46 - 00000000 ____D C:\Users\Allen\AppData\Local\{DC1D963C-8997-41DC-924A-E37D8B118CBA}

2013-11-06 09:45 - 2013-11-06 09:46 - 00000000 ____D C:\Users\Allen\AppData\Local\{0F0A907A-BD52-4AFB-B235-AE78EA04C26D}

2013-11-06 07:57 - 2013-11-06 07:57 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-11-06 07:57 - 2013-11-06 07:57 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Malwarebytes

2013-11-06 07:57 - 2013-11-06 07:57 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-06 07:57 - 2013-11-06 07:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-06 07:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2013-11-05 21:45 - 2013-11-05 21:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{FDF6E9BD-AD86-48C7-90AF-604EB3A2A5C1}

2013-11-05 09:45 - 2013-11-05 09:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{8DF1CD3B-701C-465C-8658-D824C9DFE0F8}

2013-11-04 23:57 - 2013-11-04 23:57 - 00000895 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk

2013-11-04 23:57 - 2013-11-04 23:57 - 00000000 ____D C:\Users\Allen\YTD Video Downloader

2013-11-04 23:57 - 2013-11-04 23:57 - 00000000 ____D C:\ProgramData\YTD Video Downloader

2013-11-04 19:46 - 2013-11-04 19:46 - 00000000 ____D C:\Users\Allen\AppData\Local\{8412FA03-2E69-4318-B86B-17F60F035ACC}

2013-11-04 07:45 - 2013-11-04 07:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{C8CEE8AE-0AFB-4523-8F81-9099A155FC66}

2013-11-03 19:45 - 2013-11-03 19:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{568F16E5-906A-44B8-A724-92B6BD8D52A0}

2013-11-03 07:44 - 2013-11-03 07:44 - 00000000 ____D C:\Users\Allen\AppData\Local\{BAFDF9A7-82AB-45AE-8409-C4840BE69B1E}

2013-11-02 19:43 - 2013-11-02 19:44 - 00000000 ____D C:\Users\Allen\AppData\Local\{9899A46E-A084-4457-9246-1003E610C888}

2013-11-02 07:43 - 2013-11-02 07:43 - 00000000 ____D C:\Users\Allen\AppData\Local\{AF583A82-41A2-4325-A6B9-34828BB27FE4}

2013-11-01 15:01 - 2013-11-01 15:01 - 00000000 ____D C:\Users\Allen\AppData\Local\{49EBBF29-A193-4CAB-9B00-8B277BDFEA69}

2013-11-01 03:00 - 2013-11-01 03:01 - 00000000 ____D C:\Users\Allen\AppData\Local\{1540AB48-F254-458C-9BB2-BA676E19BEB7}

2013-10-31 10:59 - 2013-10-31 10:59 - 00000000 ____D C:\Users\Allen\AppData\Local\{37F07E98-432A-42F1-A199-A76E9B5CED6B}

2013-10-30 21:08 - 2013-10-30 21:08 - 00000000 ____D C:\Users\Allen\AppData\Local\{2A9C8E4E-8616-42F7-B72D-F39F9694E6C4}

2013-10-30 14:50 - 2013-10-30 15:38 - 00000000 ____D C:\MATS

2013-10-30 09:08 - 2013-10-30 09:08 - 00000000 ____D C:\Users\Allen\AppData\Local\{2041A833-FA50-42D6-990E-873BC255CF08}

2013-10-29 21:07 - 2013-10-29 21:07 - 00000000 ____D C:\Users\Allen\AppData\Local\{2C250098-97DD-4E46-AB94-841659BC6594}

2013-10-29 09:06 - 2013-10-29 09:07 - 00000000 ____D C:\Users\Allen\AppData\Local\{7AC2816D-8ABD-4448-BB7C-16FF3B30777E}

2013-10-28 21:06 - 2013-10-28 21:06 - 00000000 ____D C:\Users\Allen\AppData\Local\{E23E7827-3A09-4DA0-805F-30E405DEBF26}

2013-10-28 18:16 - 2013-10-28 18:15 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe

2013-10-28 18:16 - 2013-10-28 18:15 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe

2013-10-28 18:16 - 2013-10-28 18:15 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe

2013-10-28 18:16 - 2013-10-28 18:15 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll

2013-10-28 18:15 - 2013-10-28 18:15 - 00000000 ____D C:\Program Files (x86)\Java

2013-10-28 18:06 - 2013-10-28 18:05 - 01093032 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll

2013-10-28 18:06 - 2013-10-28 18:05 - 00972712 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll

2013-10-28 18:06 - 2013-10-28 18:05 - 00312232 _____ (Oracle Corporation) C:\windows\system32\javaws.exe

2013-10-28 18:05 - 2013-10-28 18:05 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe

2013-10-28 18:05 - 2013-10-28 18:05 - 00188840 _____ (Oracle Corporation) C:\windows\system32\java.exe

2013-10-28 18:05 - 2013-10-28 18:05 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll

2013-10-28 18:05 - 2013-10-28 18:05 - 00000000 ____D C:\Program Files\Java

2013-10-28 09:05 - 2013-10-28 09:06 - 00000000 ____D C:\Users\Allen\AppData\Local\{C5803F7D-E272-43D7-B342-F46C06E80B3D}

2013-10-27 13:28 - 2013-10-27 13:28 - 00000000 ____D C:\Users\Allen\AppData\Local\{EB8B1E64-02D9-4962-B276-80916EF1E9FA}

2013-10-27 01:28 - 2013-10-27 01:28 - 00000000 ____D C:\Users\Allen\AppData\Local\{27210557-3F57-4B3B-8262-422A1A69EE7B}

2013-10-27 00:56 - 2013-10-27 00:56 - 00000000 ____D C:\Program Files (x86)\ESET

2013-10-27 00:23 - 2013-10-27 00:23 - 00000000 ____D C:\windows\ERUNT

2013-10-26 23:57 - 2013-10-27 00:17 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-10-26 17:27 - 2013-10-26 17:27 - 00002968 _____ C:\windows\System32\Tasks\{513A39DE-196E-4980-B19E-2C0B8022DDEA}

2013-10-26 02:11 - 2013-11-15 17:43 - 00000000 ____D C:\windows\ERDNT

2013-10-25 18:57 - 2013-11-12 02:56 - 00000000 ____D C:\AdwCleaner

2013-10-25 17:50 - 2013-09-04 04:12 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys

2013-10-25 17:50 - 2013-09-04 04:11 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys

2013-10-25 17:50 - 2013-09-04 04:11 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys

2013-10-25 17:50 - 2013-09-04 04:11 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys

2013-10-25 17:50 - 2013-09-04 04:11 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys

2013-10-25 17:50 - 2013-09-04 04:11 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys

2013-10-25 17:50 - 2013-09-04 04:11 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys

2013-10-24 15:35 - 2013-11-16 02:51 - 00065536 _____ C:\windows\system32\Ikeext.etl

2013-10-22 15:23 - 2013-10-22 15:23 - 00001193 _____ C:\Users\Allen\Desktop\Moo0 FileShredder 1.17.lnk

2013-10-22 15:23 - 2013-10-22 15:23 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0

2013-10-22 15:23 - 2013-10-22 15:23 - 00000000 ____D C:\Program Files (x86)\Moo0

2013-10-21 14:16 - 2013-10-21 14:16 - 00000087 _____ C:\Users\Allen\AppData\Roaming\WB.CFG

2013-10-21 13:53 - 2013-10-21 13:25 - 00659264 _____ (Microsoft Corporation) C:\windows\system32\mscomct2.ocx

2013-10-20 14:26 - 2013-11-02 07:41 - 00438024 _____ C:\windows\system32\FNTCACHE.DAT

2013-10-20 14:25 - 2013-11-16 02:51 - 00085322 _____ C:\windows\PFRO.log

2013-10-20 08:04 - 2013-11-16 02:51 - 00003089 _____ C:\windows\setupact.log

2013-10-20 08:04 - 2013-10-20 08:04 - 00000000 _____ C:\windows\setuperr.log

2013-10-20 03:58 - 2013-11-01 05:43 - 00114848 _____ C:\Users\Allen\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-20 03:53 - 2013-10-20 03:53 - 00003130 _____ C:\windows\System32\Tasks\{6FD5D953-82C7-4DE0-84C6-42CFBE92A668}

2013-10-20 03:39 - 2013-10-20 03:39 - 00003132 _____ C:\windows\System32\Tasks\{73F0D62D-6021-421B-9E6C-BE57BA8F9EA7}

2013-10-20 03:38 - 2013-10-20 03:38 - 00003130 _____ C:\windows\System32\Tasks\{3CE0E019-97A7-4CB6-A7D1-A59FBD2C2A64}

2013-10-20 03:37 - 2013-10-20 03:37 - 00003130 _____ C:\windows\System32\Tasks\{5DEA9D6B-306B-48F9-9A45-BA17802C18ED}

2013-10-20 03:33 - 2010-09-30 15:45 - 00299520 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\rtsuvstor.sys

2013-10-20 03:33 - 2009-11-25 13:21 - 07367200 _____ (Realtek Semiconductor Corp.) C:\windows\SysWOW64\RtsUVStoricon.dll

2013-10-20 03:24 - 2013-10-20 03:24 - 00003130 _____ C:\windows\System32\Tasks\{8D162DEE-BED6-4289-8D4A-6C4F91C12841}

2013-10-20 03:18 - 2013-10-20 03:18 - 00000000 ____D C:\Users\Allen\AppData\Local\DriverTuner

2013-10-20 03:13 - 2013-10-20 03:13 - 00000000 ____D C:\Users\Allen\AppData\Roaming\InstallShield

2013-10-20 02:03 - 2013-10-20 02:04 - 00004154 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log

2013-10-20 02:02 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2013-10-20 02:02 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

2013-10-20 02:02 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2013-10-20 02:02 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2013-10-20 02:02 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll

2013-10-20 02:02 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2013-10-20 02:02 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2013-10-20 02:02 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2013-10-20 02:02 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2013-10-20 02:02 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2013-10-20 02:02 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2013-10-20 02:02 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2013-10-20 02:02 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll

2013-10-20 02:02 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2013-10-20 02:02 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2013-10-20 02:02 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2013-10-20 02:02 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2013-10-20 02:02 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe

2013-10-20 02:02 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe

2013-10-20 02:01 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2013-10-20 02:01 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2013-10-20 02:01 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2013-10-20 02:01 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2013-10-20 02:01 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2013-10-20 02:01 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2013-10-20 02:01 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2013-10-20 02:01 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2013-10-20 02:01 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2013-10-20 02:01 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2013-10-20 02:01 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2013-10-20 02:01 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2013-10-20 01:32 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys

2013-10-20 01:32 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll

2013-10-20 01:32 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll

2013-10-20 01:32 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2013-10-20 01:32 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll

2013-10-20 01:32 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll

2013-10-20 01:32 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll

2013-10-20 01:32 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll

2013-10-20 01:32 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe

2013-10-20 01:32 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe

2013-10-20 01:32 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll

2013-10-20 01:32 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll

2013-10-20 01:32 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll

2013-10-20 01:32 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll

2013-10-20 01:32 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe

2013-10-20 01:32 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll

2013-10-20 01:32 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe

2013-10-20 01:32 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe

2013-10-20 01:32 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll

2013-10-20 01:32 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-20 01:32 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-10-20 01:32 - 2013-07-12 02:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys

2013-10-20 01:32 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys

2013-10-20 01:32 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll

2013-10-20 01:32 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll

2013-10-20 01:32 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll

2013-10-20 01:32 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll

2013-10-20 01:32 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys

2013-10-20 01:32 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys

2013-10-20 01:31 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2013-10-20 01:31 - 2013-07-02 20:40 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys

2013-10-20 01:31 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys

2013-10-20 01:31 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys

2013-10-20 01:31 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll

2013-10-20 01:31 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll

2013-10-20 01:31 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll

2013-10-20 01:31 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll

2013-10-20 01:31 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll

2013-10-20 01:31 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll

2013-10-20 01:31 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll

2013-10-20 01:31 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll

2013-10-20 01:31 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll

2013-10-20 01:31 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll

2013-10-20 01:30 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll

2013-10-20 01:30 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll

 

==================== One Month Modified Files and Folders =======

 

2013-11-16 05:29 - 2013-11-16 05:28 - 00010852 _____ C:\Users\Allen\Desktop\FRST.txt

2013-11-16 05:28 - 2013-11-16 05:28 - 01957794 _____ (Farbar) C:\Users\Allen\Desktop\FRST64.exe

2013-11-16 05:28 - 2013-11-16 05:28 - 00000000 ____D C:\FRST

2013-11-16 04:44 - 2009-07-13 19:20 - 00000000 ____D C:\windows\tracing

2013-11-16 03:04 - 2012-09-08 15:56 - 01136582 _____ C:\windows\WindowsUpdate.log

2013-11-16 02:59 - 2009-07-13 20:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-11-16 02:59 - 2009-07-13 20:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-11-16 02:58 - 2009-07-13 21:13 - 00726444 _____ C:\windows\system32\PerfStringBackup.INI

2013-11-16 02:53 - 2013-11-16 02:53 - 00000000 ____D C:\Users\Allen\AppData\Local\{0260E89E-FBB6-43B6-915E-BEDEFAAFB713}

2013-11-16 02:52 - 2012-09-08 16:40 - 00466644 _____ C:\windows\system32\fastboot.set

2013-11-16 02:51 - 2013-10-24 15:35 - 00065536 _____ C:\windows\system32\Ikeext.etl

2013-11-16 02:51 - 2013-10-20 14:25 - 00085322 _____ C:\windows\PFRO.log

2013-11-16 02:51 - 2013-10-20 08:04 - 00003089 _____ C:\windows\setupact.log

2013-11-16 02:51 - 2009-07-13 21:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

2013-11-15 17:46 - 2013-11-15 17:28 - 00000000 ____D C:\Qoobox

2013-11-15 17:45 - 2013-11-15 17:45 - 00017583 _____ C:\ComboFix.txt

2013-11-15 17:43 - 2013-10-26 02:11 - 00000000 ____D C:\windows\ERDNT

2013-11-15 17:37 - 2009-07-13 18:34 - 00000215 _____ C:\windows\system.ini

2013-11-15 15:36 - 2009-07-13 19:20 - 00000000 ____D C:\windows\rescache

2013-11-15 14:59 - 2012-12-03 18:35 - 02210075 _____ C:\FaceProv.log

2013-11-15 14:59 - 2012-09-08 16:32 - 00000000 ____D C:\ProgramData\VeriFace

2013-11-15 14:59 - 2011-09-28 19:37 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-11-15 11:25 - 2009-07-13 19:20 - 00000000 ____D C:\windows\system32\NDF

2013-11-15 08:32 - 2013-11-15 08:32 - 00000000 ____D C:\Users\Allen\AppData\Local\{9DD2206E-EB3B-4237-AC1C-43BDE9303D2B}

2013-11-15 08:30 - 2013-11-15 08:30 - 00000493 _____ C:\windows\SynInst.log

2013-11-15 07:30 - 2013-11-15 07:30 - 00000020 ___SH C:\Users\Allen\ntuser.ini

2013-11-15 07:30 - 2012-12-03 18:35 - 00000000 ____D C:\Users\Allen

2013-11-14 23:07 - 2013-11-14 23:07 - 07020032 _____ C:\Users\Allen\Documents\AutoRuns.arn

2013-11-14 18:45 - 2013-11-14 18:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{23368A9D-272E-4F42-9305-062C4F119EEF}

2013-11-14 08:39 - 2013-04-17 18:08 - 00000000 ____D C:\Users\Allen\AppData\Local\Apps\2.0

2013-11-14 06:45 - 2013-11-14 06:44 - 00000000 ____D C:\Users\Allen\AppData\Local\{982B774A-DBBF-4413-966B-3510539E52F3}

2013-11-13 21:25 - 2013-07-02 14:45 - 00001890 _____ C:\Users\Allen\Desktop\IrfanView Thumbnails.lnk

2013-11-13 21:25 - 2013-07-02 14:45 - 00000998 _____ C:\Users\Allen\Desktop\IrfanView.lnk

2013-11-13 21:24 - 2013-11-13 21:24 - 00003128 _____ C:\windows\System32\Tasks\{94045FC0-11AC-4BED-8E9B-5ED3F4213049}

2013-11-13 21:21 - 2013-11-13 21:21 - 00003128 _____ C:\windows\System32\Tasks\{EFD3E1F1-B9C7-4893-89A8-6ACDB10A80E0}

2013-11-13 17:54 - 2013-04-17 17:31 - 00000000 ____D C:\Users\Allen\AppData\Local\Microsoft Help

2013-11-13 14:06 - 2013-11-13 14:06 - 00000000 ____D C:\Users\Allen\AppData\Local\{6F6ED3AC-9386-4B44-B4AF-5EC80C57F8F4}

2013-11-13 02:05 - 2013-11-13 02:05 - 00000000 ____D C:\Users\Allen\AppData\Local\{894B07E1-86D9-4DBF-8699-74F394090789}

2013-11-13 01:56 - 2013-04-17 17:30 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-11-13 01:55 - 2013-03-05 16:00 - 00001945 _____ C:\windows\epplauncher.mif

2013-11-13 01:55 - 2013-03-05 16:00 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-11-13 01:55 - 2013-03-05 16:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2013-11-13 01:54 - 2013-07-23 00:19 - 00000000 ____D C:\windows\system32\MRT

2013-11-13 01:52 - 2012-12-03 16:17 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2013-11-12 14:05 - 2013-11-12 14:05 - 00000000 ____D C:\Users\Allen\AppData\Local\{785B9571-91A3-449B-AD8C-E9539363A03F}

2013-11-12 09:57 - 2013-10-08 21:13 - 00006522 _____ C:\windows\Sandboxie.ini

2013-11-12 02:56 - 2013-10-25 18:57 - 00000000 ____D C:\AdwCleaner

2013-11-12 02:05 - 2013-11-12 02:04 - 00000000 ____D C:\Users\Allen\AppData\Local\{1CB115BF-F1F2-4F90-819B-4D0562315336}

2013-11-11 14:04 - 2013-11-11 14:04 - 00000000 ____D C:\Users\Allen\AppData\Local\{03CF13AD-8664-4688-AFFB-EA1E2EB2A564}

2013-11-11 02:04 - 2013-11-11 02:04 - 00000000 ____D C:\Users\Allen\AppData\Local\{12B2B0E3-C28C-421B-97FB-FF1B63628E5A}

2013-11-10 12:47 - 2013-11-10 12:46 - 00000000 ____D C:\Users\Allen\AppData\Local\{601CCCA4-D03A-44EE-86E6-A8BE26C9A4F1}

2013-11-10 02:14 - 2013-11-10 02:14 - 1464364738 _____ C:\windows\MEMORY.DMP

2013-11-10 02:14 - 2013-11-10 02:14 - 00280320 _____ C:\windows\Minidump\111013-22729-01.dmp

2013-11-10 02:14 - 2013-08-29 00:22 - 00000000 ____D C:\windows\Minidump

2013-11-10 00:46 - 2013-11-10 00:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{79DB994E-D837-4EAA-8AD5-811DA12B3677}

2013-11-09 12:45 - 2013-11-09 12:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{F38E45B7-C83A-4243-9EFA-9961AF03173F}

2013-11-09 00:45 - 2013-11-09 00:44 - 00000000 ____D C:\Users\Allen\AppData\Local\{5F07EBF8-DB64-472F-BDFA-3EF355967A77}

2013-11-08 12:44 - 2013-11-08 12:44 - 00000000 ____D C:\Users\Allen\AppData\Local\{0670ED63-8060-41A5-AD95-866E8BA17E00}

2013-11-08 11:46 - 2013-11-08 11:46 - 00000000 ____D C:\Program Files (x86)\Imagenomic

2013-11-08 00:44 - 2013-11-08 00:44 - 00000000 ____D C:\Users\Allen\AppData\Local\{70EF9723-6C0B-45D1-81C6-45A985BF8ED2}

2013-11-07 12:43 - 2013-11-07 12:43 - 00000000 ____D C:\Users\Allen\AppData\Local\{F53B0A45-4DC7-4500-9FF6-A5236082118C}

2013-11-06 21:46 - 2013-11-06 21:46 - 00000000 ____D C:\Users\Allen\AppData\Local\{DC1D963C-8997-41DC-924A-E37D8B118CBA}

2013-11-06 09:46 - 2013-11-06 09:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{0F0A907A-BD52-4AFB-B235-AE78EA04C26D}

2013-11-06 07:57 - 2013-11-06 07:57 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-11-06 07:57 - 2013-11-06 07:57 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Malwarebytes

2013-11-06 07:57 - 2013-11-06 07:57 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-06 07:57 - 2013-11-06 07:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-05 21:45 - 2013-11-05 21:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{FDF6E9BD-AD86-48C7-90AF-604EB3A2A5C1}

2013-11-05 09:45 - 2013-11-05 09:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{8DF1CD3B-701C-465C-8658-D824C9DFE0F8}

2013-11-05 00:02 - 2013-03-18 12:38 - 00000000 ____D C:\Users\Allen\Documents\Youcam

2013-11-04 23:57 - 2013-11-04 23:57 - 00000895 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk

2013-11-04 23:57 - 2013-11-04 23:57 - 00000000 ____D C:\Users\Allen\YTD Video Downloader

2013-11-04 23:57 - 2013-11-04 23:57 - 00000000 ____D C:\ProgramData\YTD Video Downloader

2013-11-04 19:46 - 2013-11-04 19:46 - 00000000 ____D C:\Users\Allen\AppData\Local\{8412FA03-2E69-4318-B86B-17F60F035ACC}

2013-11-04 07:45 - 2013-11-04 07:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{C8CEE8AE-0AFB-4523-8F81-9099A155FC66}

2013-11-03 19:45 - 2013-11-03 19:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{568F16E5-906A-44B8-A724-92B6BD8D52A0}

2013-11-03 18:54 - 2012-12-03 15:43 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Adobe

2013-11-03 07:44 - 2013-11-03 07:44 - 00000000 ____D C:\Users\Allen\AppData\Local\{BAFDF9A7-82AB-45AE-8409-C4840BE69B1E}

2013-11-02 19:44 - 2013-11-02 19:43 - 00000000 ____D C:\Users\Allen\AppData\Local\{9899A46E-A084-4457-9246-1003E610C888}

2013-11-02 07:43 - 2013-11-02 07:43 - 00000000 ____D C:\Users\Allen\AppData\Local\{AF583A82-41A2-4325-A6B9-34828BB27FE4}

2013-11-02 07:41 - 2013-10-20 14:26 - 00438024 _____ C:\windows\system32\FNTCACHE.DAT

2013-11-01 15:01 - 2013-11-01 15:01 - 00000000 ____D C:\Users\Allen\AppData\Local\{49EBBF29-A193-4CAB-9B00-8B277BDFEA69}

2013-11-01 05:43 - 2013-10-20 03:58 - 00114848 _____ C:\Users\Allen\AppData\Local\GDIPFONTCACHEV1.DAT

2013-11-01 03:01 - 2013-11-01 03:00 - 00000000 ____D C:\Users\Allen\AppData\Local\{1540AB48-F254-458C-9BB2-BA676E19BEB7}

2013-10-31 10:59 - 2013-10-31 10:59 - 00000000 ____D C:\Users\Allen\AppData\Local\{37F07E98-432A-42F1-A199-A76E9B5CED6B}

2013-10-30 21:08 - 2013-10-30 21:08 - 00000000 ____D C:\Users\Allen\AppData\Local\{2A9C8E4E-8616-42F7-B72D-F39F9694E6C4}

2013-10-30 15:53 - 2012-09-08 16:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2013-10-30 15:40 - 2011-09-28 19:37 - 00000000 ____D C:\windows\ShellNew

2013-10-30 15:38 - 2013-10-30 14:50 - 00000000 ____D C:\MATS

2013-10-30 15:29 - 2009-07-13 18:34 - 00000387 _____ C:\windows\win.ini

2013-10-30 15:26 - 2012-12-08 18:26 - 00000000 ____D C:\Program Files\Microsoft Office

2013-10-30 14:53 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-10-30 13:44 - 2009-07-13 19:20 - 00000000 ____D C:\windows\registration

2013-10-30 09:08 - 2013-10-30 09:08 - 00000000 ____D C:\Users\Allen\AppData\Local\{2041A833-FA50-42D6-990E-873BC255CF08}

2013-10-30 08:40 - 2013-03-04 12:58 - 00000000 ____D C:\Users\Allen\Desktop\[Default]My Computer

2013-10-29 21:07 - 2013-10-29 21:07 - 00000000 ____D C:\Users\Allen\AppData\Local\{2C250098-97DD-4E46-AB94-841659BC6594}

2013-10-29 09:07 - 2013-10-29 09:06 - 00000000 ____D C:\Users\Allen\AppData\Local\{7AC2816D-8ABD-4448-BB7C-16FF3B30777E}

2013-10-28 21:06 - 2013-10-28 21:06 - 00000000 ____D C:\Users\Allen\AppData\Local\{E23E7827-3A09-4DA0-805F-30E405DEBF26}

2013-10-28 18:16 - 2013-10-08 22:18 - 00000000 ____D C:\ProgramData\Oracle

2013-10-28 18:15 - 2013-10-28 18:16 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe

2013-10-28 18:15 - 2013-10-28 18:16 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe

2013-10-28 18:15 - 2013-10-28 18:16 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe

2013-10-28 18:15 - 2013-10-28 18:16 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll

2013-10-28 18:15 - 2013-10-28 18:15 - 00000000 ____D C:\Program Files (x86)\Java

2013-10-28 18:05 - 2013-10-28 18:06 - 01093032 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll

2013-10-28 18:05 - 2013-10-28 18:06 - 00972712 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll

2013-10-28 18:05 - 2013-10-28 18:06 - 00312232 _____ (Oracle Corporation) C:\windows\system32\javaws.exe

2013-10-28 18:05 - 2013-10-28 18:05 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe

2013-10-28 18:05 - 2013-10-28 18:05 - 00188840 _____ (Oracle Corporation) C:\windows\system32\java.exe

2013-10-28 18:05 - 2013-10-28 18:05 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll

2013-10-28 18:05 - 2013-10-28 18:05 - 00000000 ____D C:\Program Files\Java

2013-10-28 14:50 - 2012-12-03 15:52 - 00000000 ____D C:\windows\System32\Tasks\Games

2013-10-28 09:06 - 2013-10-28 09:05 - 00000000 ____D C:\Users\Allen\AppData\Local\{C5803F7D-E272-43D7-B342-F46C06E80B3D}

2013-10-27 13:28 - 2013-10-27 13:28 - 00000000 ____D C:\Users\Allen\AppData\Local\{EB8B1E64-02D9-4962-B276-80916EF1E9FA}

2013-10-27 01:28 - 2013-10-27 01:28 - 00000000 ____D C:\Users\Allen\AppData\Local\{27210557-3F57-4B3B-8262-422A1A69EE7B}

2013-10-27 00:56 - 2013-10-27 00:56 - 00000000 ____D C:\Program Files (x86)\ESET

2013-10-27 00:23 - 2013-10-27 00:23 - 00000000 ____D C:\windows\ERUNT

2013-10-27 00:17 - 2013-10-26 23:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-10-26 21:36 - 2012-09-08 16:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-10-26 21:34 - 2012-09-08 16:24 - 00000000 ____D C:\Program Files (x86)\Lenovo

2013-10-26 17:57 - 2012-09-08 16:22 - 00000000 ____D C:\Program Files (x86)\USB Camera

2013-10-26 17:27 - 2013-10-26 17:27 - 00002968 _____ C:\windows\System32\Tasks\{513A39DE-196E-4980-B19E-2C0B8022DDEA}

2013-10-26 09:22 - 2012-12-03 18:35 - 00000000 ___RD C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-10-22 15:23 - 2013-10-22 15:23 - 00001193 _____ C:\Users\Allen\Desktop\Moo0 FileShredder 1.17.lnk

2013-10-22 15:23 - 2013-10-22 15:23 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0

2013-10-22 15:23 - 2013-10-22 15:23 - 00000000 ____D C:\Program Files (x86)\Moo0

2013-10-21 14:16 - 2013-10-21 14:16 - 00000087 _____ C:\Users\Allen\AppData\Roaming\WB.CFG

2013-10-21 13:25 - 2013-10-21 13:53 - 00659264 _____ (Microsoft Corporation) C:\windows\system32\mscomct2.ocx

2013-10-21 13:25 - 2009-03-24 11:52 - 00659264 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscomct2.ocx

2013-10-21 11:40 - 2012-12-03 18:35 - 00000000 ____D C:\Users\Allen\AppData\Local\VirtualStore

2013-10-20 14:27 - 2011-02-22 03:19 - 00000000 ____D C:\windows\Panther

2013-10-20 14:25 - 2013-04-09 14:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-20 14:25 - 2013-04-09 14:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-10-20 08:04 - 2013-10-20 08:04 - 00000000 _____ C:\windows\setuperr.log

2013-10-20 03:55 - 2012-09-08 16:13 - 00000000 ____D C:\windows\SysWOW64\Atheros_L1e

2013-10-20 03:53 - 2013-10-20 03:53 - 00003130 _____ C:\windows\System32\Tasks\{6FD5D953-82C7-4DE0-84C6-42CFBE92A668}

2013-10-20 03:39 - 2013-10-20 03:39 - 00003132 _____ C:\windows\System32\Tasks\{73F0D62D-6021-421B-9E6C-BE57BA8F9EA7}

2013-10-20 03:38 - 2013-10-20 03:38 - 00003130 _____ C:\windows\System32\Tasks\{3CE0E019-97A7-4CB6-A7D1-A59FBD2C2A64}

2013-10-20 03:37 - 2013-10-20 03:37 - 00003130 _____ C:\windows\System32\Tasks\{5DEA9D6B-306B-48F9-9A45-BA17802C18ED}

2013-10-20 03:33 - 2012-09-08 16:14 - 00000000 ____D C:\Program Files (x86)\Realtek

2013-10-20 03:24 - 2013-10-20 03:24 - 00003130 _____ C:\windows\System32\Tasks\{8D162DEE-BED6-4289-8D4A-6C4F91C12841}

2013-10-20 03:19 - 2013-10-10 11:25 - 00000975 _____ C:\Users\Allen\Desktop\CCleaner.lnk

2013-10-20 03:18 - 2013-10-20 03:18 - 00000000 ____D C:\Users\Allen\AppData\Local\DriverTuner

2013-10-20 03:13 - 2013-10-20 03:13 - 00000000 ____D C:\Users\Allen\AppData\Roaming\InstallShield

2013-10-20 02:52 - 2012-12-08 18:27 - 00000000 ____D C:\Users\Allen\AppData\Roaming\SoftGrid Client

2013-10-20 02:51 - 2013-01-10 10:02 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-10-20 02:46 - 2012-12-03 18:36 - 00000000 ____D C:\ProgramData\Energy Management

2013-10-20 02:46 - 2012-12-03 18:35 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo

2013-10-20 02:45 - 2013-07-07 09:01 - 00000000 ____D C:\BigFishGamesCache

2013-10-20 02:04 - 2013-10-20 02:03 - 00004154 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log

2013-10-20 01:49 - 2013-10-08 20:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Works

2013-10-20 01:45 - 2012-09-08 16:07 - 00000000 ____D C:\Intel

2013-10-20 01:45 - 2012-09-08 16:06 - 00000000 ____D C:\Program Files (x86)\Intel

2013-10-18 23:18 - 2012-12-03 15:42 - 00000000 ____D C:\Users\Allen\AppData\Local\Google

2013-10-17 04:06 - 2013-03-26 01:42 - 00000000 ____D C:\Users\Allen\AppData\Local\Microsoft Games

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-11-10 06:54

 

==================== End Of Log ============================

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Though Microsoft Security Essentials used to be a decent antivirus it is no longer really considered very good.  I would recommend that you uninstall Microsoft Security Essentials and install something better.

 

Here are a couple of other good free alternatives.

 

avast

http://www.filehippo.com/download_avast_antivirus/

 

Avira

http://www.filehippo.com/download_antivir/

 

 

Please uninstall ALL versions of Java from your Control Panel, Add\Remove

 

Then run the following

 

Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 

 

 

Then run the following

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites
Blackjack

Blackjack

Posted
  • Author
Posted

I updated Firefox to version 24, maybe that's why the path is wrong below -- I think it should be C:\Program Files (x86)\Mozilla Firefox\BROWSER\extensions\{...}

 

JavaRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Sun Nov 17 22:35:10 2013
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
 
Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
 
Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
 
Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
 
Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit
 
Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
 
Found and removed: SOFTWARE\JavaSoft
 
Found and removed: SOFTWARE\JreMetrics
 
Found and removed: SOFTWARE\MozillaPlugins
 
------------------------------------
 
Finished reporting.
 
 
 
JavaRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Sun Nov 17 22:54:45 2013
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
 
------------------------------------
 
Finished reporting.
Link to post
Share on other sites
Blackjack

Blackjack

Posted
  • Author
Posted
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2013 02

Ran by Allen at 2013-11-17 23:09:55 Run:1

Running from C:\Users\Allen\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

 

*****************

 

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2 => Key deleted successfully.

C:\windows\system32\npDeployJava1.dll => Moved successfully.

HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2 => Key not found.

"C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll" => not found.

HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2 => Key not found.

C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found.

HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2 => Key not found.

C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.

C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found.

C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.

 

==== End of Fixlog ====

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

Then run the following again, please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply as an attachment: DDS.txt and Attach.txt
  • You can ignore the note about zipping the Attach.txt file and just post it or attach it.
Link to post
Share on other sites
Blackjack

Blackjack

Posted
  • Author
Posted

Hi, I haven't done them yet because I will have to repeat the steps to remove java. I have to use several java apps for work, so I re-installed them all. Plus I finally realized that the thing that was running was WebWatcher, which I knew was there, but thought was disabled. Is it dead yet?

Link to post
Share on other sites
Blackjack

Blackjack

Posted
  • Author
Posted

Well, I'm not real happy about WebWatcher running on my computer. Has it been removed? I can understand you if you say yes or no. =)

 

Do you think I need to follow the rest of those instructions, can you give me one sentence to kind of summarize what each step is meant to accomplish?

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.