Fake internet explorer and adobe update.

MrCharlie · November 16, 2013

OK...Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look like this, not "sponsored ad links":

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Marc3800 · November 16, 2013

Okay I don't have the registered version of malwarebytes, which the instructions to disable malwarebtyes are for registered only. So do I have to unistall the trial and then reinstall to do this?

Marc3800 · November 16, 2013

I just wanted to let you know that I will be off and on here because I have a funeral that I have to attend over the next 3 days. So I appreciate your help and want to continue on with the removal process when I can over the next few days.

MrCharlie · November 16, 2013

OK...MrC

Marc3800 · November 17, 2013

I just wanted to post back that for sure on Tuesday, I will be able to resume the removal process. So I thought I would ask you in the mean about how to disable the trial version of malwarebytes, since the instructions are only showing for the full version and this way I can go ahead and follow the directions for and run the combo fix and post back the results on Tuesday.

MrCharlie · November 18, 2013

You don't have to, it doesn't provide any realtime protection.

MrC

Marc3800 · November 19, 2013

You don't have to, it doesn't provide any realtime protection.
MrC

Okay I am ready to resume the removal process, but before I do, I take it the firewall(s) need to be disabled also?

Marc3800 · November 19, 2013

Okay I seen the instructions on disabling Windows firewall, so here are the scan results ComboFix 13-11-19.01 - marks 11/19/2013 11:14:43.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8110.4914 [GMT -5:00]

Running from: c:\users\marks\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\PCDr\6361\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll

c:\programdata\PCDr\6361\AddOnDownloaded\2826f865-d520-4c94-a3ea-00f9ffdd388d.dll

c:\programdata\PCDr\6361\AddOnDownloaded\7afc0642-0a40-411e-b89b-18cb261f7deb.dll

c:\programdata\SPL15DA.tmp

c:\programdata\SPLB4FF.tmp

c:\programdata\SPLF6B7.tmp

c:\users\marks\en_res.dll

c:\users\marks\es_res.dll

c:\users\marks\fr_res.dll

c:\users\marks\grm_res.dll

c:\users\marks\it_res.dll

c:\users\marks\jp_res.dll

c:\users\marks\mfc80u.dll

c:\users\marks\msvcr80.dll

c:\users\marks\PCPE Setup.exe

c:\users\marks\pt_res.dll

c:\users\marks\ResourceReader.dll

c:\users\marks\ru_res.dll

c:\users\marks\zh_res.dll

c:\windows\RPSETUP.EXE.LOG

c:\windows\SysWow64\FlashPlayerApp.exe

c:\windows\SysWow64\frapsvid.dll

.

((((((((((((((((((((((((( Files Created from 2013-10-19 to 2013-11-19 )))))))))))))))))))))))))))))))

.

2013-11-19 16:18 . 2013-11-19 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-11-19 16:01 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-11-19 15:42 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6CEED86-7574-42E6-A15D-B06772DA867F}\mpengine.dll

2013-11-17 16:39 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-11-16 16:12 . 2013-11-16 16:12 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-11-16 03:12 . 2013-11-16 03:12 -------- d-----w- c:\program files (x86)\Dell Digital Delivery

2013-11-16 03:10 . 2013-11-16 03:11 -------- d-----w- c:\users\marks\AppData\Local\FileTypeAssistant

2013-11-16 02:31 . 2013-11-16 03:08 -------- d-----w- C:\AdwCleaner

2013-11-15 02:02 . 2013-11-15 02:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-11-15 02:02 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-11-12 22:46 . 2013-11-16 16:16 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-11-12 01:57 . 2013-11-12 01:57 -------- d-----w- c:\users\marks\AppData\Roaming\U3

2013-11-07 03:06 . 2013-11-07 03:06 -------- d-----w- c:\users\marks\My Games

2013-11-07 03:04 . 2010-06-02 09:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2013-11-07 03:04 . 2010-06-02 09:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll

2013-11-07 03:04 . 2010-06-02 09:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll

2013-11-07 03:04 . 2010-06-02 09:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll

2013-11-07 03:04 . 2010-06-02 09:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll

2013-11-07 03:04 . 2010-06-02 09:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll

2013-11-07 03:04 . 2010-05-26 16:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2013-11-07 03:04 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2013-11-07 02:40 . 2013-10-18 20:52 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{482E487F-1A82-4F15-9EF5-AA339A16143C}\gapaengine.dll

2013-11-05 16:27 . 2013-11-05 16:27 -------- d-----w- c:\program files (x86)\Cisco Systems

2013-11-05 16:26 . 2013-11-05 16:26 -------- d-----w- c:\programdata\Cisco Systems

2013-11-03 20:04 . 2013-11-03 20:04 -------- d-----w- c:\users\marks\AppData\Local\cache

2013-11-03 20:04 . 2013-11-03 20:06 -------- d-----w- c:\users\marks\AppData\Local\Mobogenie

2013-11-03 20:04 . 2013-11-19 15:30 -------- d-----w- c:\program files (x86)\File Type Assistant

2013-11-03 18:27 . 2013-11-03 18:27 -------- d-----w- c:\users\marks\openvr

2013-11-02 03:31 . 2013-11-02 03:31 -------- d-----w- c:\users\marks\AppData\Roaming\Malwarebytes

2013-11-02 03:30 . 2013-11-02 03:30 -------- d-----w- c:\programdata\Malwarebytes

2013-11-01 17:44 . 2013-11-01 17:44 -------- d-----w- c:\users\marks\AppData\Roaming\PowerUp Software

2013-11-01 17:41 . 2013-11-01 17:41 -------- d-----w- c:\programdata\PowerUp Software

2013-10-25 18:08 . 2013-10-25 19:25 -------- d-----w- c:\users\marks\Cisco Packet Tracer 6.0.1

2013-10-21 21:13 . 2013-10-21 21:13 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-11-13 17:00 . 2013-05-31 15:01 82896128 ----a-w- c:\windows\system32\MRT.exe

2013-10-18 20:52 . 2013-06-15 02:07 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-10-10 02:05 . 2013-06-03 22:11 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

2013-10-08 22:19 . 2013-05-22 06:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-27 14:53 . 2013-09-27 14:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-09-27 14:53 . 2013-01-20 19:59 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2013-09-24 16:57 . 2013-09-24 16:57 13338112 ----a-w- c:\users\marks\PCPE_3.0.1.msi

2013-09-08 02:30 . 2013-10-09 17:01 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-09-08 02:27 . 2013-10-09 17:01 327168 ----a-w- c:\windows\system32\mswsock.dll

2013-09-08 02:03 . 2013-10-09 17:01 231424 ----a-w- c:\windows\SysWow64\mswsock.dll

2013-09-04 01:37 . 2013-10-09 17:01 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-09-04 01:37 . 2013-10-09 17:01 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-09-04 01:37 . 2013-10-09 17:01 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-09-04 01:37 . 2013-10-09 17:01 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-09-04 01:37 . 2013-10-09 17:01 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-09-04 01:37 . 2013-10-09 17:01 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-09-04 01:37 . 2013-10-09 17:01 7808 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-08-29 02:17 . 2013-10-09 17:01 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-29 02:16 . 2013-10-09 17:01 1732032 ----a-w- c:\windows\system32\ntdll.dll

2013-08-29 02:16 . 2013-10-09 17:01 243712 ----a-w- c:\windows\system32\wow64.dll

2013-08-29 02:16 . 2013-10-09 17:01 859648 ----a-w- c:\windows\system32\tdh.dll

2013-08-29 02:13 . 2013-10-09 17:01 878080 ----a-w- c:\windows\system32\advapi32.dll

2013-08-29 01:51 . 2013-10-09 17:01 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-08-29 01:51 . 2013-10-09 17:01 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-08-29 01:50 . 2013-10-09 17:01 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-08-29 01:50 . 2013-10-09 17:01 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll

2013-08-29 01:50 . 2013-10-09 17:01 619520 ----a-w- c:\windows\SysWow64\tdh.dll

2013-08-29 01:48 . 2013-10-09 17:01 640512 ----a-w- c:\windows\SysWow64\advapi32.dll

2013-08-29 01:48 . 2013-10-09 17:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-08-29 00:49 . 2013-10-09 17:01 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-08-29 00:49 . 2013-10-09 17:01 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-08-29 00:49 . 2013-10-09 17:01 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-08-29 00:49 . 2013-10-09 17:01 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-08-28 01:21 . 2013-10-09 17:01 3155968 ----a-w- c:\windows\system32\win32k.sys

2013-08-28 01:12 . 2013-10-09 17:01 461312 ----a-w- c:\windows\system32\scavengeui.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-11-11 18:50 222832 ----a-w- c:\users\marks\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-11-11 18:50 222832 ----a-w- c:\users\marks\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-11-11 18:50 222832 ----a-w- c:\users\marks\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-10-16 3561816]

"SkyDrive"="c:\users\marks\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-11-11 257136]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe" [2012-08-08 286720]

"RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]

"Alienware Survey"="c:\program files (x86)\Alienware Customer Surveys\AlienSurvey.exe" [2012-06-19 7338256]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-09-03 40312]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-02-14 642656]

"Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2012-01-24 284024]

.

c:\users\marks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Intel® Turbo Boost Technology Monitor 2.6.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2012-5-30 207400]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas64.sys;c:\windows\SYSNATIVE\DRIVERS\dcdbas64.sys [x]

R3 iaStorS;iaStorS;c:\windows\system32\drivers\iaStorS.sys;c:\windows\SYSNATIVE\drivers\iaStorS.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 NTIOLib_Flash;NTIOLib_Flash;c:\users\marks\AppData\Local\Temp\2WSX3EDC\NTIOLib_X64.sys;c:\users\marks\AppData\Local\Temp\2WSX3EDC\NTIOLib_X64.sys [x]

R3 PCDSRVC{0FF99CEB-15C9CE9E-06020200}_0;PCDSRVC{0FF99CEB-15C9CE9E-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\alienautopsy\pcdsrvc_x64.pkms;c:\program files\alienautopsy\pcdsrvc_x64.pkms [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]

S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]

S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [x]

S2 DellDigitalDelivery;Alienware Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]

S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe;c:\windows\SYSNATIVE\dlcxcoms.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE;c:\program files (x86)\AlienRespawn\sftservice.EXE [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 mio;Master IO Filter Driver;c:\windows\system32\DRIVERS\mio.sys;c:\windows\SYSNATIVE\DRIVERS\mio.sys [x]

S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3hub.sys [x]

S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3xhc.sys [x]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - NISDRV

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-11-15 01:08 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-22 22:19]

.

2013-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28 23:01]

.

2013-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28 23:01]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-11-11 18:50 261744 ----a-w- c:\users\marks\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-11-11 18:50 261744 ----a-w- c:\users\marks\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-11-11 18:50 261744 ----a-w- c:\users\marks\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-10-10 02:05 2328264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-10-10 02:05 2328264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-10-10 02:05 2328264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-11-21 6419560]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-21 1156712]

"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2012-06-18 12656]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"dlcxmon.exe"="c:\program files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]

"MemoryCardManager"="c:\program files (x86)\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]

"DLCXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll" [2006-10-16 31744]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

Trusted Zone: dell.com

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

AddRemove-Cisco Packet Tracer 6.0.1_is1 - j:\cisco packet tracer 6.0.1\unins000.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{0FF99CEB-15C9CE9E-06020200}_0]

"ImagePath"="\??\c:\program files\alienautopsy\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-11-19 11:19:22

ComboFix-quarantined-files.txt 2013-11-19 16:19

.

Pre-Run: 765,452,169,216 bytes free

Post-Run: 766,019,682,304 bytes free

.

- - End Of File - - E5B758C058004635DA6BEB30357035EB

MrCharlie · November 19, 2013

OK...what problems remain??? MrC

Marc3800 · November 19, 2013

OK...what problems remain??? MrC

Did the combo fix find and fix any problems? If so I will have to wait and see how it goes today and tomorrow. I will say that prior to me running combo fix this morning, the fake update box did show up and was prompting me to update notepad++ So, unless there is anything else you want me to do in the mean time? Otherwise, I will just have to do like I said and wait and see and post back if there is still a problem.

MrCharlie · November 19, 2013

ComboFix found a bunch of malware.

Use it and let me know....MrC

Marc3800 · November 20, 2013

ComboFix found a bunch of malware.
Use it and let me know....MrC

Well so far so good, I will post back tomorrow if I see anything or not. Otherwise, if I don't see anything by tomorrow, then the combo fix probably fixed the problem.

MrCharlie · November 20, 2013

OK....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
If you get Unsupported operating system. Aborting now, just reboot and try again.
A Notepad document should open automatically called checkup.txt.
Please Post the contents of that document.
Do Not Attach It!!!

MrC

Marc3800 · November 20, 2013

Okay here are the contents, Results of screen317's Security Check version 0.99.77

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Adobe Reader 10.1.8 Adobe Reader out of Date!

Google Chrome 31.0.1650.48

Google Chrome 31.0.1650.57

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

Alienware Command Center ThermalController.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````[/u

MrCharlie · November 20, 2013

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adobe Reader 10.1.8 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (also HERE)

Good Luck and Thanks for using the forum, MrC

Marc3800 · November 20, 2013

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Adobe Reader 10.1.8 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A little clean up to do....
Please Uninstall ComboFix: (if you used it)
Press the Windows logo key + R to bring up the "run box"
Copy and paste next command in the field:
ComboFix /uninstall
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point
(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)
---------------------------------
Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe
Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.
Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.
Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.
-------------------------------
Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.
Take a look at My Preventive Maintenance to avoid being infected again. (also HERE)
Good Luck and Thanks for using the forum, MrC

Okay, I followed your instructions and ran the OTC and it prompted me to reboot, but when I rebooted and logged into Windows that box popped up again. So at this point I will wait to see what you think I need to do next, since this is a very stubborn problem.

MrCharlie · November 20, 2013

Can you right click on the box and choose properties and see if you can find out any info on it.

MrC

Marc3800 · November 20, 2013

Can you right click on the box and choose properties and see if you can find out any info on it.

MrC

I closed the box before you posted back here, so I will have to wait for it to come up again, but I will try what you just suggested.

MrCharlie · November 20, 2013

OK, no browsers were open when the box popped up..correct??

Do this........

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look like this, not "sponsored ad links":

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

Marc3800 · November 20, 2013

OK, no browsers were open when the box popped up..correct??

Do this........
Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)
Please make sure you click download buttons that look like this, not "sponsored ad links":
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC

Okay here is the first 1, Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013

Ran by marks (administrator) on MARKS-PC on 20-11-2013 14:47:54

Running from C:\Users\marks\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe

( ) C:\Windows\system32\dlcxcoms.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\sftservice.EXE

(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

() C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe

() C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe

(Microsoft Corporation) C:\Users\marks\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe

(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe

(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE

(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe

(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\TOASTER.EXE

(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe

() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

() C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE

(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe

(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe

(Alienware) C:\Program Files\Alienware\Command Center\ThermalController.exe

() C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe

(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe

(Dell Products, LP.) c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6419560 2011-11-21] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-21] (Realtek Semiconductor)

HKLM\...\Run: [Command Center Controllers] - C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-18] (Alienware)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM\...\Run: [intelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-05-30] ()

HKLM\...\Run: [dlcxmon.exe] - C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe [292336 2007-01-12] ()

HKLM\...\Run: [MemoryCardManager] - C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe [304008 2006-11-03] ()

HKLM\...\Run: [DLCXCATS] - rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll,RunDLLEntry

HKCU\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3561816 2013-10-15] (Electronic Arts)

HKCU\...\Run: [skyDrive] - C:\Users\marks\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-11-11] (Microsoft Corporation)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2012-08-07] (Intel Corporation)

HKLM-x32\...\Run: [RUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [Alienware Survey] - C:\Program Files (x86)\Alienware Customer Surveys\AlienSurvey.exe [7338256 2012-06-19] (Alienware, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-02-14] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [Display] - C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)

Startup: C:\Users\marks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk

ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alienwarearena.com/welcome-us

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {80B2E708-0CE9-4F10-9324-93F7618CE8DF} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0F0D0CtAyEtD0Czy0FtBtN0D0Tzu0CyCzztCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1907195845&ir=

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {633EA044-D211-8F2F-E7AC-4B516DFA8251} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS

SearchScopes: HKLM - {80B2E708-0CE9-4F10-9324-93F7618CE8DF} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0F0D0CtAyEtD0Czy0FtBtN0D0Tzu0CyCzztCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1907195845&ir=

SearchScopes: HKLM-x32 - {4260CB91-4ADE-8426-4567-6638B4F7505F} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS

SearchScopes: HKLM-x32 - {80B2E708-0CE9-4F10-9324-93F7618CE8DF} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0F0D0CtAyEtD0Czy0FtBtN0D0Tzu0CyCzztCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1907195845&ir=

SearchScopes: HKCU - {633EA044-D211-8F2F-E7AC-4B516DFA8251} URL =

SearchScopes: HKCU - {80B2E708-0CE9-4F10-9324-93F7618CE8DF} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0F0D0CtAyEtD0Czy0FtBtN0D0Tzu0CyCzztCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1907195845&ir=

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

Chrome:

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Extension: (Google Drive) - C:\Users\marks\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\marks\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\marks\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Google Wallet) - C:\Users\marks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

CHR Extension: (Gmail) - C:\Users\marks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)

R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)

R2 dlcx_device; C:\Windows\system32\dlcxcoms.exe [561152 2006-10-11] ( )

R2 dlcx_device; C:\Windows\SysWow64\dlcxcoms.exe [532480 2006-10-11] ( )

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-06-20] ()

==================== Drivers (Whitelisted) ====================

R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [26072 2012-08-07] (Intel Corporation)

S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [649688 2012-08-07] (Intel Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 mio; C:\Windows\System32\DRIVERS\mio.sys [7680 2011-05-04] (Dell/Alienware)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()

R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)

R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

S3 dcdbas; system32\DRIVERS\dcdbas64.sys [x]

S3 NTIOLib_Flash; \??\C:\Users\marks\AppData\Local\Temp\2WSX3EDC\NTIOLib_X64.sys [x]

S3 PCDSRVC{0FF99CEB-15C9CE9E-06020200}_0; \??\c:\program files\alienautopsy\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-20 14:47 - 2013-11-20 14:48 - 00014045 _____ C:\Users\marks\Downloads\FRST.txt

2013-11-20 14:47 - 2013-11-20 14:47 - 01957964 _____ (Farbar) C:\Users\marks\Downloads\FRST64.exe

2013-11-20 14:47 - 2013-11-20 14:47 - 00000000 ____D C:\FRST

2013-11-20 14:01 - 2013-11-20 14:01 - 01069568 _____ (Solid State Networks) C:\Users\marks\Downloads\install_reader11_en_mssd_aaa_aih.exe

2013-11-20 13:54 - 2013-11-20 13:54 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk

2013-11-20 13:54 - 2013-11-20 13:54 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-11-20 12:07 - 2013-11-20 12:07 - 00891200 _____ C:\Users\marks\Downloads\SecurityCheck.exe

2013-11-19 11:19 - 2013-11-19 11:20 - 00000000 ____D C:\Users\marks\AppData\Local\CrashDumps

2013-11-19 11:13 - 2013-11-20 13:35 - 00000000 ____D C:\Windows\erdnt

2013-11-19 11:01 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE

2013-11-19 11:00 - 2013-11-19 11:00 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-11-19 11:00 - 2013-11-19 11:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-11-19 11:00 - 2013-11-19 11:00 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-11-19 11:00 - 2013-11-19 11:00 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-11-19 11:00 - 2013-11-19 11:00 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2013-11-19 11:00 - 2013-11-19 11:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-11-19 11:00 - 2013-11-19 11:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2013-11-19 11:00 - 2013-11-19 11:00 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-11-19 11:00 - 2013-11-19 11:00 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-11-19 11:00 - 2013-11-19 11:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-11-19 11:00 - 2013-11-19 11:00 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2013-11-19 11:00 - 2013-11-19 11:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-11-19 11:00 - 2013-11-19 11:00 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2013-11-19 11:00 - 2013-11-19 11:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-11-19 11:00 - 2013-11-19 11:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-11-19 11:00 - 2013-11-19 11:00 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-11-19 11:00 - 2013-11-19 11:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2013-11-19 11:00 - 2013-11-19 11:00 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2013-11-19 11:00 - 2013-11-19 11:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-11-19 11:00 - 2013-11-19 11:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2013-11-19 11:00 - 2013-11-19 11:00 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-11-19 11:00 - 2013-11-19 11:00 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-11-19 11:00 - 2013-11-19 11:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-11-19 11:00 - 2013-11-19 11:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-11-19 11:00 - 2013-11-19 11:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2013-11-19 11:00 - 2013-11-19 11:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-11-19 11:00 - 2013-11-19 11:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-11-19 11:00 - 2013-11-19 11:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-11-19 11:00 - 2013-11-19 11:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2013-11-19 10:59 - 2013-11-19 11:02 - 00007469 _____ C:\Windows\IE11_main.log

2013-11-16 11:12 - 2013-11-16 11:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-11-16 11:11 - 2013-11-16 11:11 - 12576792 _____ (Malwarebytes Corp.) C:\Users\marks\Downloads\mbar-1.07.0.1007.exe

2013-11-15 22:12 - 2013-11-15 22:12 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery

2013-11-15 22:10 - 2013-11-15 22:11 - 00000000 ____D C:\Users\marks\AppData\Local\FileTypeAssistant

2013-11-15 21:31 - 2013-11-15 22:08 - 00000000 ____D C:\AdwCleaner

2013-11-15 21:04 - 2013-11-15 21:04 - 01085542 _____ C:\Users\marks\Downloads\AdwCleaner.exe

2013-11-15 19:11 - 2013-11-15 19:11 - 04161024 _____ C:\Users\marks\Downloads\RogueKillerX64 (1).exe

2013-11-14 22:59 - 2013-11-14 22:59 - 04161024 _____ C:\Users\marks\Downloads\RogueKillerX64.exe

2013-11-14 21:02 - 2013-11-14 21:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\marks\Downloads\mbam-setup-1.75.0.1300 (3).exe

2013-11-14 21:02 - 2013-11-14 21:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-14 21:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-11-13 22:02 - 2013-11-14 21:41 - 00000000 ____D C:\Users\marks\AppData\OICE_15_974FA576_32C1D314_7C8

2013-11-13 10:18 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2013-11-13 10:18 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2013-11-13 10:18 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2013-11-13 10:18 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll

2013-11-13 10:18 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

2013-11-13 10:18 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-11-13 10:18 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-11-13 10:18 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll

2013-11-13 10:18 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll

2013-11-13 10:18 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2013-11-13 10:18 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll

2013-11-13 10:18 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-11-13 10:18 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll

2013-11-13 10:18 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2013-11-13 10:18 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2013-11-13 10:18 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-11-13 10:18 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2013-11-13 10:18 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2013-11-13 10:18 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2013-11-13 10:18 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2013-11-13 10:18 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2013-11-13 10:18 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2013-11-13 10:18 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2013-11-13 10:18 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2013-11-13 10:18 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2013-11-13 10:18 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-11-13 10:18 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2013-11-13 10:18 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-11-13 10:18 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2013-11-13 10:18 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2013-11-12 17:46 - 2013-11-16 11:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-11-12 17:44 - 2013-11-12 17:44 - 00003288 _____ C:\Windows\System32\Tasks\{1E062F65-0A92-4F1B-BF42-9E22DD1006A4}

2013-11-12 15:58 - 2013-11-12 15:58 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\marks\Downloads\mbam-setup-1.75.0.1300 (2).exe

2013-11-11 20:57 - 2013-11-11 20:57 - 00000000 ____D C:\Users\marks\AppData\Roaming\U3

2013-11-11 16:27 - 2013-11-11 16:27 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\marks\Downloads\mbam-setup-1.75.0.1300 (1).exe

2013-11-11 16:20 - 2013-11-11 16:20 - 02753344 _____ (AVAST Software) C:\Users\marks\Downloads\avast-browser-cleanup.exe

2013-11-11 15:50 - 2013-11-11 15:49 - 50573696 _____ (Adobe Systems Incorporated) C:\Users\marks\Downloads\AdobeReaderSetup.exe

2013-11-11 13:51 - 2013-11-11 14:55 - 00000000 ____D C:\Users\marks\Documents\Cisco chapter 4 lab

2013-11-06 22:06 - 2013-11-06 22:06 - 00000000 ____D C:\Users\marks\My Games

2013-11-06 22:04 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll

2013-11-06 22:04 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll

2013-11-06 22:04 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll

2013-11-06 22:04 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll

2013-11-06 22:04 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll

2013-11-06 22:04 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll

2013-11-06 22:04 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll

2013-11-06 22:04 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll

2013-11-06 22:03 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll

2013-11-06 22:03 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll

2013-11-06 22:03 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll

2013-11-06 22:03 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll

2013-11-06 22:03 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll

2013-11-06 22:03 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll

2013-11-06 22:03 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll

2013-11-06 22:03 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll

2013-11-06 22:03 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll

2013-11-06 22:03 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll

2013-11-06 22:03 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll

2013-11-06 22:03 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll

2013-11-06 22:03 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll

2013-11-06 22:03 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll

2013-11-06 22:03 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll

2013-11-06 22:03 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll

2013-11-06 22:03 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll

2013-11-06 22:03 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll

2013-11-06 22:03 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll

2013-11-06 22:03 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll

2013-11-06 22:03 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll

2013-11-06 22:03 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll

2013-11-06 22:03 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll

2013-11-06 22:03 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll

2013-11-06 22:03 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll

2013-11-06 22:03 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll

2013-11-06 22:03 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll

2013-11-06 22:03 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll

2013-11-06 22:03 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll

2013-11-06 22:03 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll

2013-11-06 22:03 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll

2013-11-06 22:03 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll

2013-11-06 22:03 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll

2013-11-06 22:03 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll

2013-11-06 22:03 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll

2013-11-06 22:03 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll

2013-11-06 22:03 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll

2013-11-06 22:03 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll

2013-11-06 22:03 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll

2013-11-06 22:03 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll

2013-11-06 22:03 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll

2013-11-06 22:03 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll

2013-11-06 22:03 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll

2013-11-06 22:03 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll

2013-11-06 22:03 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll

2013-11-06 22:03 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll

2013-11-06 22:03 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll

2013-11-06 22:03 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll

2013-11-06 22:03 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll

2013-11-06 22:03 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll

2013-11-06 22:03 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll

2013-11-06 22:03 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll

2013-11-06 22:03 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll

2013-11-06 22:03 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll

2013-11-06 22:03 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll

2013-11-06 22:03 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll

2013-11-06 22:03 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll

2013-11-06 22:03 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll

2013-11-06 22:03 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll

2013-11-06 22:03 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll

2013-11-06 22:03 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll

2013-11-06 22:03 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll

2013-11-06 22:03 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll

2013-11-06 22:03 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll

2013-11-06 22:03 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll

2013-11-06 22:03 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll

2013-11-06 22:03 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2013-11-06 22:03 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll

2013-11-06 22:03 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll

2013-11-06 22:03 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll

2013-11-06 22:03 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll

2013-11-06 22:03 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll

2013-11-06 22:03 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll

2013-11-06 22:03 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll

2013-11-06 22:03 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll

2013-11-06 22:03 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll

2013-11-06 22:03 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll

2013-11-06 22:03 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll

2013-11-06 22:03 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll

2013-11-06 22:03 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll

2013-11-06 22:03 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll

2013-11-06 22:03 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll

2013-11-06 22:03 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll

2013-11-06 22:03 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll

2013-11-06 22:03 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll

2013-11-06 22:03 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll

2013-11-06 22:03 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll

2013-11-06 22:03 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll

2013-11-06 22:03 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll

2013-11-06 22:03 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll

2013-11-06 22:03 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll

2013-11-06 22:03 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll

2013-11-06 22:03 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll

2013-11-06 22:03 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll

2013-11-06 22:03 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll

2013-11-06 22:03 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll

2013-11-06 22:03 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll

2013-11-06 22:03 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll

2013-11-06 22:03 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll

2013-11-06 22:03 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll

2013-11-06 22:03 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll

2013-11-06 22:03 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll

2013-11-06 22:03 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll

2013-11-06 22:03 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll

2013-11-06 22:03 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll

2013-11-06 22:03 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll

2013-11-06 22:03 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll

2013-11-06 22:03 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll

2013-11-06 22:03 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll

2013-11-06 22:03 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll

2013-11-06 22:03 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll

2013-11-06 22:03 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll

2013-11-06 22:03 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll

2013-11-06 22:03 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll

2013-11-06 22:03 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll

2013-11-06 22:03 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll

2013-11-06 22:03 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll

2013-11-06 22:03 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll

2013-11-06 22:03 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll

2013-11-06 22:03 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll

2013-11-06 22:03 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll

2013-11-06 22:03 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll

2013-11-06 22:03 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll

2013-11-06 22:03 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll

2013-11-06 22:03 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll

2013-11-06 22:03 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll

2013-11-06 22:03 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll

2013-11-06 22:03 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll

2013-11-06 22:03 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll

2013-11-06 22:03 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll

2013-11-06 22:03 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll

2013-11-06 22:03 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll

2013-11-06 22:03 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll

2013-11-06 22:03 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll

2013-11-06 22:03 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll

2013-11-06 22:03 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll

2013-11-06 22:03 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll

2013-11-06 22:03 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll

2013-11-06 22:03 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll

2013-11-06 22:03 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll

2013-11-06 22:03 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll

2013-11-06 22:03 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll

2013-11-06 22:03 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll

2013-11-06 22:03 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll

2013-11-06 22:03 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll

2013-11-06 22:03 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll

2013-11-06 22:03 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll

2013-11-06 22:03 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll

2013-11-06 22:03 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll

2013-11-06 22:03 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll

2013-11-06 22:03 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll

2013-11-06 22:03 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll

2013-11-06 22:03 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll

2013-11-06 22:03 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll

2013-11-06 22:03 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll

2013-11-06 22:03 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll

2013-11-06 22:03 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll

2013-11-06 22:03 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll

2013-11-06 22:03 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll

2013-11-06 22:03 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll

2013-11-06 22:03 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll

2013-11-06 22:03 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll

2013-11-06 22:03 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll

2013-11-06 22:03 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll

2013-11-06 22:03 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll

2013-11-06 22:03 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll

2013-11-06 22:03 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll

2013-11-06 22:03 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll

2013-11-06 22:03 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll

2013-11-06 22:03 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll

2013-11-06 22:03 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll

2013-11-06 22:03 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll

2013-11-06 22:03 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll

2013-11-05 11:27 - 2013-11-05 11:27 - 00000000 ____D C:\Program Files (x86)\Cisco Systems

2013-11-05 11:26 - 2013-11-05 11:26 - 00000000 ____D C:\ProgramData\Cisco Systems

2013-11-05 11:06 - 2013-11-05 11:06 - 00000000 ____D C:\Users\marks\Documents\Linksys E2000 upgrade firmware

2013-11-05 11:01 - 2013-11-05 11:01 - 05444608 _____ C:\Users\marks\Downloads\FW_E2000_1.0.04.007_US_20101201_code.bin

2013-11-03 15:04 - 2013-11-19 15:06 - 00000000 ____D C:\Program Files (x86)\File Type Assistant

2013-11-03 15:04 - 2013-11-03 15:06 - 00000000 ____D C:\Users\marks\AppData\Local\Mobogenie

2013-11-03 15:04 - 2013-11-03 15:04 - 00003902 _____ C:\Windows\System32\Tasks\ProgramUpdateCheck

2013-11-03 15:04 - 2013-11-03 15:04 - 00003580 _____ C:\Windows\System32\Tasks\ProgramRefresh-ATFST

2013-11-03 15:04 - 2013-11-03 15:04 - 00000000 ____D C:\Users\marks\Documents\Mobogenie

2013-11-03 15:04 - 2013-11-03 15:04 - 00000000 ____D C:\Users\marks\AppData\Local\cache

2013-11-03 15:04 - 2013-11-03 15:04 - 00000000 _____ C:\Users\marks\daemonprocess.txt

2013-11-03 15:04 - 2013-11-03 15:02 - 16617352 _____ (Bitberry Software ) C:\Users\marks\Downloads\FreeFileViewerSetup [1].exe

2013-11-03 14:58 - 2013-11-03 14:58 - 00061472 _____ C:\Users\marks\Downloads\Linksys_E2000V1.0_v1.0.00.cfg

2013-11-03 13:27 - 2013-11-03 13:27 - 00000000 ____D C:\Users\marks\openvr

2013-11-01 22:31 - 2013-11-01 22:31 - 00000000 ____D C:\Users\marks\AppData\Roaming\Malwarebytes

2013-11-01 22:30 - 2013-11-01 22:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\marks\Downloads\mbam-setup-1.75.0.1300.exe

2013-11-01 22:30 - 2013-11-01 22:30 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-01 12:44 - 2013-11-01 12:44 - 00000000 ____D C:\Users\marks\AppData\Roaming\PowerUp Software

2013-11-01 12:41 - 2013-11-01 12:41 - 00000000 ____D C:\ProgramData\PowerUp Software

2013-11-01 12:38 - 2013-11-01 12:41 - 00119296 _____ C:\Windows\SysWOW64\zlib.dll

2013-11-01 12:38 - 2013-11-01 12:38 - 11346439 _____ (InstallShield Software Corporation) C:\Users\marks\Downloads\pinnacle-setup.exe

2013-11-01 12:38 - 2009-07-13 20:16 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vers81bb.rra

2013-11-01 12:38 - 2009-07-13 20:16 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsoc81ca.rra

2013-11-01 12:38 - 2009-07-13 20:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shfo81bb.rra

2013-11-01 12:38 - 2009-07-13 20:14 - 00126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advp818c.rra

2013-11-01 12:38 - 2008-04-13 19:11 - 00619008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dx7vb.dll

2013-11-01 12:38 - 2008-01-13 19:59 - 00036864 _____ C:\Windows\SysWOW64\dxinputdll.dll

2013-11-01 12:38 - 2008-01-13 16:36 - 00091632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsofile.dll

2013-11-01 12:38 - 2007-12-26 22:33 - 00608448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCTL32.OCX

2013-11-01 12:38 - 2007-04-11 10:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capicom.dll

2013-11-01 12:38 - 2007-04-04 21:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll

2013-11-01 12:38 - 2004-07-14 17:26 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx

2013-11-01 12:38 - 2004-03-09 18:45 - 00212240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX

2013-11-01 12:38 - 2003-01-26 13:41 - 00040960 _____ (vbAccelerator) C:\Windows\SysWOW64\SSubTmr6.dll

2013-11-01 12:38 - 2002-08-09 11:18 - 00045056 ____N (Microsoft) C:\Windows\SysWOW64\NTSVC.ocx

2013-11-01 12:38 - 2001-04-05 06:43 - 00094208 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\msstkprp.dll

2013-11-01 12:38 - 2000-12-06 02:00 - 00109248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswinsck.ocx

2013-11-01 12:38 - 2000-04-03 20:52 - 00164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx

2013-11-01 12:38 - 1999-05-17 13:55 - 00057344 ____N () C:\Windows\SysWOW64\ADsSecurity.dll

2013-11-01 12:38 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL

2013-11-01 12:19 - 2013-11-01 12:19 - 00119271 _____ C:\Users\marks\Downloads\(XBOX) - Killing Floor.zip

2013-10-28 11:20 - 2013-10-28 11:20 - 04881835 _____ C:\Users\marks\Downloads\1.wmv

2013-10-25 14:32 - 2013-11-20 14:42 - 00004974 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for marks-PC-marks marks-PC

2013-10-25 14:24 - 2013-10-25 14:25 - 00000000 ____D C:\Users\marks\Documents\Cisco lab 3-1

2013-10-25 13:08 - 2013-10-25 14:27 - 00000148 _____ C:\Users\marks\.packettracer

2013-10-25 13:08 - 2013-10-25 14:25 - 00000000 ____D C:\Users\marks\Cisco Packet Tracer 6.0.1

2013-10-25 13:01 - 2013-10-25 13:02 - 152545746 _____ (Cisco Systems, Inc. ) C:\Users\marks\Downloads\Cisco Packet Tracer 6.0.1 for Windows (with tutorials).exe

2013-10-25 10:06 - 2013-10-25 10:06 - 04288512 _____ C:\Users\marks\Downloads\CISCO I - Ch 7.ppt

2013-10-24 13:17 - 2013-10-24 13:18 - 05417813 _____ C:\Users\marks\Downloads\clip3 (2).wmv

2013-10-24 13:16 - 2013-10-24 13:16 - 05818885 _____ C:\Users\marks\Downloads\clip3 (1).wmv

2013-10-24 10:15 - 2013-10-24 10:15 - 05722725 _____ C:\Users\marks\Downloads\clip3.wmv

2013-10-24 10:10 - 2013-10-24 10:10 - 01445532 _____ C:\Users\marks\Downloads\cpc02 (1).mpg

2013-10-24 10:08 - 2013-10-24 10:08 - 01450180 _____ C:\Users\marks\Downloads\cpc02.mpg

2013-10-24 10:07 - 2013-10-24 10:07 - 01436236 _____ C:\Users\marks\Downloads\cpc01 (2).mpg

2013-10-24 10:03 - 2013-10-24 10:03 - 01533844 _____ C:\Users\marks\Downloads\cpc01 (1).mpg

2013-10-24 10:01 - 2013-10-24 10:01 - 01450180 _____ C:\Users\marks\Downloads\cpc01.mpg

2013-10-24 10:01 - 2013-10-24 10:01 - 01378136 _____ C:\Users\marks\Downloads\cpc03.mpg

2013-10-24 09:52 - 2013-10-24 09:52 - 108043605 _____ C:\Users\marks\Downloads\sr-newsletter255.wmv

==================== One Month Modified Files and Folders =======

2013-11-20 14:48 - 2013-11-20 14:47 - 00014045 _____ C:\Users\marks\Downloads\FRST.txt

2013-11-20 14:47 - 2013-11-20 14:47 - 01957964 _____ (Farbar) C:\Users\marks\Downloads\FRST64.exe

2013-11-20 14:47 - 2013-11-20 14:47 - 00000000 ____D C:\FRST

2013-11-20 14:42 - 2013-10-25 14:32 - 00004974 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for marks-PC-marks marks-PC

2013-11-20 14:21 - 2013-05-28 18:01 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-11-20 14:19 - 2013-05-22 01:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-11-20 14:19 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-11-20 14:19 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-11-20 14:16 - 2009-07-14 00:13 - 00780690 _____ C:\Windows\system32\PerfStringBackup.INI

2013-11-20 14:15 - 2013-05-22 03:38 - 01870712 _____ C:\Windows\WindowsUpdate.log

2013-11-20 14:13 - 2013-05-22 02:02 - 00000000 ____D C:\Program Files (x86)\AlienRespawn

2013-11-20 14:12 - 2013-06-03 17:15 - 00000000 ___RD C:\Users\marks\SkyDrive

2013-11-20 14:12 - 2013-05-31 21:37 - 00000000 ____D C:\Program Files (x86)\Origin

2013-11-20 14:12 - 2013-05-28 18:01 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-11-20 14:12 - 2013-05-22 02:09 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks

2013-11-20 14:12 - 2013-05-22 02:09 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks

2013-11-20 14:12 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-11-20 14:12 - 2009-07-13 23:51 - 00125931 _____ C:\Windows\setupact.log

2013-11-20 14:08 - 2013-06-06 21:11 - 00003022 _____ C:\Windows\System32\Tasks\MSIAfterburner

2013-11-20 14:01 - 2013-11-20 14:01 - 01069568 _____ (Solid State Networks) C:\Users\marks\Downloads\install_reader11_en_mssd_aaa_aih.exe

2013-11-20 13:58 - 2010-11-20 22:47 - 00068566 _____ C:\Windows\PFRO.log

2013-11-20 13:55 - 2013-06-01 18:16 - 00000000 ____D C:\Users\marks\AppData\Local\Adobe

2013-11-20 13:54 - 2013-11-20 13:54 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk

2013-11-20 13:54 - 2013-11-20 13:54 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-11-20 13:54 - 2013-05-22 02:06 - 00000000 ____D C:\ProgramData\Adobe

2013-11-20 13:35 - 2013-11-19 11:13 - 00000000 ____D C:\Windows\erdnt

2013-11-20 12:22 - 2013-05-22 02:05 - 00000000 ____D C:\Program Files (x86)\Steam

2013-11-20 12:07 - 2013-11-20 12:07 - 00891200 _____ C:\Users\marks\Downloads\SecurityCheck.exe

2013-11-19 23:43 - 2013-06-03 17:08 - 00000000 ____D C:\Program Files\Microsoft Office 15

2013-11-19 15:06 - 2013-11-03 15:04 - 00000000 ____D C:\Program Files (x86)\File Type Assistant

2013-11-19 14:03 - 2013-05-29 13:04 - 00003460 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask

2013-11-19 13:53 - 2013-05-22 02:06 - 00000000 ____D C:\ProgramData\PCDr

2013-11-19 13:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

2013-11-19 11:42 - 2013-06-01 18:15 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner

2013-11-19 11:20 - 2013-11-19 11:19 - 00000000 ____D C:\Users\marks\AppData\Local\CrashDumps

2013-11-19 11:19 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default

2013-11-19 11:18 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini

2013-11-19 11:17 - 2013-05-28 13:35 - 00000000 ____D C:\Users\marks

2013-11-19 11:08 - 2013-05-28 15:00 - 00000000 ____D C:\Users\marks\AppData\Local\Deployment

2013-11-19 11:07 - 2013-05-28 13:41 - 00001419 _____ C:\Users\marks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-11-19 11:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-11-19 11:02 - 2013-11-19 10:59 - 00007469 _____ C:\Windows\IE11_main.log