alureon.k

stuff2 · December 2, 2013

Hi

I got a unwanted guest that will not go away. took over . please i need some help.

I tried to do a re-install vista, nothing ran a program like this it show

I ran tddkiller, roguekiller, others still there.

here is txt. information off the vista.

=============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 11/25/2013 9:16:15 PM

System Uptime: 12/1/2013 3:26:16 PM (0 hours ago)

.

Motherboard: ASUSTek Computer INC. | | Acacia

Processor: AMD Athlon 64 X2 Dual Core Processor 5200+ | Socket AM2 | 2700/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 456 GiB total, 412.216 GiB free.

D: is FIXED (NTFS) - 9 GiB total, 1.267 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

==== Installed Programs ======================

.

Adobe Flash Player ActiveX

Adobe Reader 8.1.0

Cards_Calendar_OrderGift_DoMorePlugout

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite Deluxe

Enhanced Multimedia Keyboard Solution

Google Chrome

Google Update Helper

Hardware Diagnostic Tools

Hewlett-Packard Active Check

Hewlett-Packard Asset Agent for Health Check

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Experience Enhancements

HP Customer Feedback

HP Demo

HP Easy Setup - Frontend

HP On-Screen Cap/Num/Scroll Lock Indicator

HP Photosmart Essential 2.5

HP Picasso Media Center Add-In

HP Total Care Advisor

HP Update

HPPhotoSmartPhotobookWebPack1

Java SE Runtime Environment 6 Update 1

LabelPrint

LightScribe System Software 1.10.23.1

LightScribeTemplateLabeler

Microsoft .NET Framework 3.5 SP1

Microsoft Office Home and Student 60 day trial

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

muvee autoProducer 6.1

My HP Games

NVIDIA Drivers

Power2Go

PowerDirector

PSSWCORE

Python 2.5

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Snapfish Picture Mover

Soft Data Fax Modem with SmartCP

Toolwiz Care

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VideoToolkit01

WeatherBug Gadget

Yahoo! Toolbar

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK

Internet Explorer: 7.0.6001.18639

Run by zeeland at 15:27:43 on 2013-12-01

#Option MBR scan is disabled.

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3454.3018 [GMT -8:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Windows\Explorer.EXE

C:\Windows\helppane.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

.

============== Pseudo HJT Report ===============

.

ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [ToolwizCareFree] "c:\program files\toolwizcarefree\ToolwizCares.exe" -autorun

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [KBD] c:\hp\kbd\KbdStub.EXE

mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_01\bin\jusched.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll

DPF: {8AD9C840-044E-11D1-B3E9-java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 BTOWSVF;BTOWSVF;c:\windows\system32\drivers\BTOWSVF.sys [2013-11-26 45952]

R0 KSafeDISK;KSafeDISK;c:\windows\system32\drivers\KSafeDISK.sys [2013-11-26 48640]

R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2008-2-27 464384]

S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]

S1 BTOWSFF;BTOWSFF;c:\windows\system32\drivers\BTOWSFF.sys [2013-11-26 27648]

S1 MpKsl4057042a;MpKsl4057042a;c:\programdata\microsoft\microsoft antimalware\definition updates\{7af0674d-3bce-42a8-8af8-cdd11248f09c}\MpKsl4057042a.sys [2013-12-1 40392]

S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104768]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]

.

=============== Created Last 30 ================

.

2013-12-01 20:32:31 40392 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7af0674d-3bce-42a8-8af8-cdd11248f09c}\MpKsl4057042a.sys

2013-12-01 20:12:48 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7af0674d-3bce-42a8-8af8-cdd11248f09c}\offreg.dll

2013-11-30 02:18:30 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7af0674d-3bce-42a8-8af8-cdd11248f09c}\mpengine.dll

2013-11-30 02:17:56 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll

2013-11-30 02:17:56 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{928b0087-c1fc-4efc-bc57-4784ad9819db}\gapaengine.dll

2013-11-29 22:58:38 -------- d-----w- c:\windows\system32\MRT

2013-11-29 22:57:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2013-11-29 22:57:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2013-11-29 22:57:00 1695744 ----a-w- c:\windows\system32\gameux.dll

2013-11-28 18:07:28 -------- d-----w- C:\TDSSKiller_Quarantine

2013-11-28 17:43:01 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-11-28 17:33:39 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2013-11-28 17:33:39 49472 ----a-w- c:\windows\system32\netfxperf.dll

2013-11-28 17:33:39 297808 ----a-w- c:\windows\system32\mscoree.dll

2013-11-28 17:33:39 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2013-11-28 17:33:39 1130824 ----a-w- c:\windows\system32\dfshim.dll

2013-11-27 20:32:00 -------- d-----w- c:\users\zeeland\appdata\roaming\QuickScan

2013-11-27 20:27:50 -------- d-----w- c:\users\zeeland\appdata\roaming\HpUpdate

2013-11-27 20:27:49 -------- d-----w- c:\windows\Hewlett-Packard

2013-11-27 20:27:34 17920 ----a-w- c:\windows\system32\netevent.dll

2013-11-27 20:27:34 125952 ----a-w- c:\windows\system32\srvsvc.dll

2013-11-27 20:27:30 378368 ----a-w- c:\windows\system32\winhttp.dll

2013-11-27 20:25:09 -------- d-----w- c:\users\zeeland\appdata\local\Hewlett-Packard

2013-11-27 15:51:27 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll

2013-11-27 15:39:56 97800 ----a-w- c:\windows\system32\infocardapi.dll

2013-11-27 15:39:55 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-11-27 15:39:54 622080 ----a-w- c:\windows\system32\icardagt.exe

2013-11-27 15:39:54 37384 ----a-w- c:\windows\system32\infocardcpl.cpl

2013-11-27 15:39:54 11264 ----a-w- c:\windows\system32\icardres.dll

2013-11-27 15:39:51 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

2013-11-27 15:35:31 158720 ----a-w- c:\windows\system32\mscorier.dll

2013-11-27 15:35:25 83968 ----a-w- c:\windows\system32\mscories.dll

2013-11-27 15:33:37 24064 ----a-w- c:\windows\system32\nshhttp.dll

2013-11-27 15:33:34 411136 ----a-w- c:\windows\system32\drivers\http.sys

2013-11-27 15:33:33 31232 ----a-w- c:\windows\system32\httpapi.dll

2013-11-26 21:46:40 -------- d-----w- c:\program files\Microsoft Security Client

2013-11-26 21:24:54 48640 ----a-w- c:\windows\system32\drivers\KSafeDISK.sys

2013-11-26 21:24:53 45952 ----a-w- c:\windows\system32\drivers\BTOWSVF.sys

2013-11-26 21:24:53 27648 ----a-w- c:\windows\system32\drivers\BTOWSFF.sys

2013-11-26 21:24:53 -------- d--h--w- C:\TOOLWIZ

2013-11-26 21:24:52 -------- d-----w- c:\users\zeeland\appdata\local\ToolwizCareFree

2013-11-26 21:24:50 -------- d-----w- c:\program files\ToolwizCareFree

2013-11-26 21:15:58 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll

2013-11-26 21:15:56 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll

2013-11-26 21:15:50 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll

2013-11-26 21:12:35 -------- d-----w- c:\users\zeeland\appdata\local\Google

2013-11-26 21:12:11 -------- d-----w- c:\users\zeeland\appdata\roaming\Symantec

2013-11-26 18:13:52 168960 ----a-w- c:\program files\windows media player\wmplayer.exe

2013-11-26 18:12:59 302592 ----a-w- c:\windows\system32\wlansec.dll

2013-11-26 18:11:59 954288 ----a-w- c:\windows\system32\mfc40u.dll

2013-11-26 18:10:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll

2013-11-26 18:05:40 276992 ----a-w- c:\windows\system32\schannel.dll

2013-11-26 18:04:51 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2013-11-26 18:04:40 7772552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e5c07f36-803f-42f4-8e05-0a389246cac0}\mpengine.dll

2013-11-26 18:04:37 230048 ------w- c:\windows\system32\MpSigStub.exe

2013-11-26 18:03:27 171520 ----a-w- c:\windows\system32\wintrust.dll

2013-11-26 18:03:09 98304 ----a-w- c:\windows\system32\cabview.dll

2013-11-26 05:21:30 -------- d-sh--we C:\Documents and Settings

.

==================== Find3M ====================

.

2013-09-27 17:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-09-27 17:53:06 104768 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

.

============= FINISH: 15:28:35.54 ===============

Maniac · December 3, 2013

Hello stuff2 and :welcome: ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Why do you think that your system is infected with Alureon? Please give me more details.

Please download Malwarebytes Anti-Rootkit from here

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

stuff2 · December 5, 2013

Thanks for your replay.

sorry I have to go between machines infected one would not let me in safemode. I could not download the root.kit on either one. it will take me a day to figure out what is going on.

Sorry

stuff2 · December 5, 2013

The scan came back with nothing wrong and this is the only log I saw in the folder.

Microsoft essential show Trojandos/alureon.k was only partially removed.

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.700000 GHz

Memory total: 3621404672, free: 2614796288

Host not found

Downloaded database version: v2013.12.05.01

Downloaded database version: v2013.10.11.02

Initializing...

======================

------------ Kernel report ------------

12/04/2013 19:13:11

------------ Loaded modules -----------

\SystemRoot\system32\ntkrnlpa.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\acpi.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\nvraid.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\DRIVERS\nvstor32.sys

\SystemRoot\system32\DRIVERS\storport.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\msrpc.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\system32\Drivers\KSafeDISK.sys

\SystemRoot\System32\drivers\ecache.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\crcdisk.sys

\SystemRoot\system32\Drivers\BTOWSVF.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\tunmp.sys

\SystemRoot\system32\DRIVERS\amdk8.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\PS2.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\ohci1394.sys

\SystemRoot\system32\DRIVERS\1394BUS.SYS

\SystemRoot\system32\DRIVERS\HSXHWBS2.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\HSX_DP.sys

\SystemRoot\system32\DRIVERS\HSX_CNXT.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\nvmfdx32.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\system32\DRIVERS\msiscsi.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHDA.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\??\C:\Windows\system32\Drivers\BTOWSFF.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\smb.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\netr73.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_nvstor32.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\spsys.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\drivers\mrxdav.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\mdmxsdk.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\xaudio.sys

\SystemRoot\system32\DRIVERS\NisDrvWFP.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\??\C:\Windows\system32\drivers\mbam.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\WINDOWS\System32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xffffffff876d7190

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000005c\

Lower Device Object: 0xffffffff876cd088

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xffffffff876cf190

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000005b\

Lower Device Object: 0xffffffff876d9398

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xffffffff876cb190

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000005a\

Lower Device Object: 0xffffffff876c3398

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xffffffff876d3190

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\00000059\

Lower Device Object: 0xffffffff876c9398

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff859f98e0

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\00000050\

Lower Device Object: 0xffffffff846324f8

Lower Device Driver Name: \Driver\nvstor32\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff859f98e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff859f95d0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff859f98e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xffffffff846144a0, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff846324f8, DeviceName: \Device\00000050\, DriverName: \Driver\nvstor32\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 1549F232

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 957200832

Partition file system is NTFS

Partition is bootable

Partition 1 type is HIDDEN (0x17)

Partition is NOT ACTIVE.

Partition starts at LBA: 976768065 Numsec = 5087

Partition is not bootable

Hidden partition VBR is not infected.

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 957200895 Numsec = 19567170

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xffffffff876d3190, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff876cd3e8, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff876d3190, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

DevicePointer: 0xffffffff876c9398, DeviceName: \Device\00000059\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xffffffff876cb190, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff876b1208, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff876cb190, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\

DevicePointer: 0xffffffff876c3398, DeviceName: \Device\0000005a\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xffffffff876cf190, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff876d53e8, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff876cf190, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\

DevicePointer: 0xffffffff876d9398, DeviceName: \Device\0000005b\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xffffffff876d7190, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff876d9088, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff876d7190, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\

DevicePointer: 0xffffffff876cd088, DeviceName: \Device\0000005c\, DriverName: \Driver\USBSTOR\

------------ End ----------

Maniac · December 5, 2013

Thanks!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

stuff2 · December 10, 2013

I am lost

I looked and looked hit and hit the F8 for the days, still no Advanced Boot Options.

a screen comes on and offer; safe mode, network safe mode or safe mode with command prompts. I even went to safe mode with command prompts nothing no offer to repair machine.

I even checked on a vista board to see how to find Advanced Boot Options.

Looked like I was doing every thing right still nothing but safe mode.

This is a friend computer and she has no disc around.

Any ideas?

Maniac · December 11, 2013

Try to run it in Regular mode.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

stuff2 · December 11, 2013

here is

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2013

Ran by zeeland (administrator) on DONNATANAKA-PC on 11-12-2013 12:06:10

Running from C:\Users\zeeland\Desktop

Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: English(US)

Internet Explorer Version 7

Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe

(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Toolwiz) C:\Program Files\ToolwizCareFree\ToolwizCares.exe

() C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe

(Toolwiz.com) C:\Program Files\ToolwizCareFree\ToolwizTools.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\WINDOWS\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)

HKLM\...\Run: [hpsysdrv] - C:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)

HKLM\...\Run: [KBD] - C:\hp\KBD\KbdStub.exe [65536 2006-12-08] ()

HKLM\...\Run: [OsdMaestro] - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)

HKLM\...\Run: [NvSvc] - RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

HKLM\...\Run: [HP Health Check Scheduler] - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [132760 2007-04-07] (Sun Microsystems, Inc.)

HKLM\...\Run: [] - [x]

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)

HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKCU\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKCU\...\Run: [ToolwizCareFree] - C:\Program Files\ToolwizCareFree\ToolwizCares.exe [5286160 2013-11-26] (Toolwiz)

HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-01-18] (Hewlett-Packard)

HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-01-18] (Hewlett-Packard)

HKU\Donna Tanaka\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Donna Tanaka\...\Run: [HPAdvisor] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-01-18] (Hewlett-Packard)

HKU\Guest\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Guest\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-01-18] (Hewlett-Packard)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

SearchScopes: HKLM - DefaultScope {508A4A7F-C702-4AE4-B67F-0343CD614D48} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKLM - {3A3F7E4B-FA3B-4DDF-9929-8994B6A30D65} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKLM - {508A4A7F-C702-4AE4-B67F-0343CD614D48} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKCU - DefaultScope {508A4A7F-C702-4AE4-B67F-0343CD614D48} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKCU - {3A3F7E4B-FA3B-4DDF-9929-8994B6A30D65} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKCU - {508A4A7F-C702-4AE4-B67F-0343CD614D48} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Chrome:

=======

CHR DefaultSearchKeyword: google.com

CHR DefaultSearchProvider: Google

CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}

CHR Extension: (Google Docs) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Google Wallet) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

CHR Extension: (Bitdefender QuickScan) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.131_0

CHR Extension: (Gmail) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 BTOWSFF; C:\Windows\system32\Drivers\BTOWSFF.sys [27648 2013-11-26] (Toolwiz.com)

R0 BTOWSVF; C:\Windows\System32\Drivers\BTOWSVF.sys [45952 2013-11-26] (Toolwiz.com)

R0 KSafeDISK; C:\Windows\System32\Drivers\KSafeDISK.sys [48640 2013-11-26] (Toolwiz.com)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 MFE_RR; \??\C:\Users\zeeland\AppData\Local\Temp\mfe_rr.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

stuff2 · December 11, 2013

part 2 it said my post was to long

==================== One Month Created Files and Folders ========

2013-12-11 12:06 - 2013-12-11 12:06 - 00010113 _____ C:\Users\zeeland\Desktop\FRST.txt

2013-12-11 12:06 - 2013-12-11 12:06 - 00000000 ____D C:\FRST

2013-12-11 12:05 - 2013-12-11 12:05 - 01060135 _____ (Farbar) C:\Users\zeeland\Desktop\FRST.exe

2013-12-08 15:27 - 2013-12-08 15:27 - 00000714 _____ C:\Windows\setupact.log

2013-12-08 15:27 - 2013-12-08 15:27 - 00000000 _____ C:\Windows\setuperr.log

2013-12-04 19:06 - 2013-12-04 19:21 - 00000000 ____D C:\Users\zeeland\Desktop\mbar

2013-12-04 19:06 - 2013-12-04 19:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-12-04 19:06 - 2013-12-04 19:13 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2013-12-04 19:06 - 2013-12-04 19:12 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-12-04 19:05 - 2013-12-04 19:05 - 12576792 _____ (Malwarebytes Corp.) C:\Users\zeeland\Downloads\mbar-1.07.0.1007 (1).exe

2013-12-04 19:05 - 2013-12-04 19:05 - 12576792 _____ (Malwarebytes Corp.) C:\Users\zeeland\Desktop\mbar-1.07.0.1007.exe

2013-12-04 19:03 - 2013-12-04 19:03 - 00000000 ____D C:\Users\zeeland\Desktop\help

2013-12-04 18:16 - 2013-12-04 18:16 - 00000908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-04 18:16 - 2013-12-04 18:16 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\Malwarebytes

2013-12-04 18:16 - 2013-12-04 18:16 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-04 18:16 - 2013-12-04 18:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-12-04 18:16 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-12-04 18:15 - 2013-12-04 18:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\zeeland\Downloads\mbam-setup-1.75.0.1300.exe

2013-12-04 18:08 - 2013-12-04 18:08 - 00001917 _____ C:\Users\zeeland\Desktop\aswMBR.txt

2013-12-04 18:04 - 2013-12-04 18:04 - 00000104 _____ C:\Users\zeeland\Documents\Recycle Bin - Shortcut.lnk

2013-12-01 15:29 - 2013-12-01 15:29 - 00002384 _____ C:\Users\zeeland\Desktop\attach.txt

2013-12-01 15:29 - 2013-12-01 15:28 - 00010298 _____ C:\Users\zeeland\Desktop\dds.txt

2013-12-01 15:28 - 2013-12-01 15:28 - 00081276 _____ C:\Users\zeeland\Downloads\2.xps

2013-12-01 12:53 - 2013-12-01 12:53 - 00688992 ____R (Swearware) C:\Users\zeeland\Desktop\dds.com

2013-12-01 12:53 - 2013-12-01 12:53 - 00688992 _____ (Swearware) C:\Users\zeeland\Downloads\dds.scr

2013-12-01 12:32 - 2013-12-01 12:32 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131201_123229.log

2013-12-01 12:13 - 2013-12-01 12:13 - 00072192 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT

2013-12-01 12:13 - 2013-12-01 12:13 - 00000951 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-12-01 12:13 - 2013-12-01 12:13 - 00000946 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2013-12-01 12:13 - 2013-12-01 12:13 - 00000917 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk

2013-12-01 12:13 - 2013-12-01 12:13 - 00000020 ___SH C:\Users\Guest\ntuser.ini

2013-12-01 12:13 - 2013-12-01 12:13 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Snapfish

2013-12-01 12:13 - 2013-12-01 12:13 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore

2013-12-01 12:13 - 2013-12-01 12:13 - 00000000 ____D C:\Users\Guest

2013-12-01 12:13 - 2008-02-27 13:58 - 00001034 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk

2013-12-01 12:13 - 2008-01-20 18:42 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-12-01 12:13 - 2008-01-20 18:42 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-11-29 18:53 - 2013-11-29 18:53 - 17245644 _____ C:\Users\zeeland\Downloads\fiction.xps

2013-11-29 18:21 - 2013-11-29 18:21 - 00860176 _____ (Microsoft Corporation) C:\Users\zeeland\Downloads\mssstool32.exe

2013-11-29 18:17 - 2013-11-29 18:17 - 00511248 _____ (Microsoft Corporation) C:\Users\zeeland\Downloads\nis_full.exe

2013-11-29 15:00 - 2013-12-04 18:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-11-29 14:58 - 2013-11-29 14:58 - 00000000 ____D C:\Windows\system32\MRT

2013-11-29 14:57 - 2011-03-03 06:56 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll

2013-11-29 14:57 - 2011-03-03 05:01 - 04240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll

2013-11-29 14:57 - 2008-03-07 20:21 - 01695744 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll

2013-11-29 14:56 - 2013-11-29 14:56 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131129_145639.log

2013-11-29 14:56 - 2013-11-29 14:56 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131129_145621.log

2013-11-29 14:56 - 2013-11-29 14:56 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131129_145618.log

2013-11-29 14:46 - 2013-11-29 14:46 - 00000680 _____ C:\Users\zeeland\AppData\Local\d3d9caps.dat

2013-11-29 13:42 - 2013-11-29 13:42 - 01441838 _____ C:\Users\zeeland\Downloads\Daily Deal Millionaires.zip

2013-11-28 19:13 - 2013-11-28 19:13 - 00283757 _____ C:\Users\zeeland\Desktop\3.xps

2013-11-28 19:12 - 2013-11-28 19:12 - 00081276 _____ C:\Users\zeeland\Desktop\2.xps

2013-11-28 19:11 - 2013-11-28 19:12 - 17245644 _____ C:\Users\zeeland\Desktop\fiction.xps

2013-11-28 18:51 - 2013-11-28 18:51 - 13317370 _____ C:\Users\zeeland\Desktop\Tee_Profits.zip

2013-11-28 18:33 - 2013-11-28 18:34 - 02990323 _____ C:\Users\zeeland\Downloads\KM.rar

2013-11-28 18:26 - 2013-11-28 18:26 - 19236964 _____ C:\DONNATANAKA-PC_2013.11.28-1752.27_9B31A9DB-00BD-00A1-006A-00153AC32D20_816.zip

2013-11-28 17:52 - 2013-11-28 18:26 - 00000000 ____D C:\Users\zeeland\Downloads\TrendMicro AntiThreat Toolkit

2013-11-28 17:48 - 2013-11-28 17:49 - 23658800 _____ (Trend Micro Inc.) C:\Users\zeeland\Downloads\attk_ScanCleanOnline_gui_x86.exe

2013-11-28 17:30 - 2013-11-28 17:30 - 03298896 _____ (Trend Micro Inc.) C:\Users\zeeland\Downloads\attk_collector_cli_x86 (1).exe

2013-11-28 17:27 - 2013-11-28 17:27 - 03298896 _____ (Trend Micro Inc.) C:\Users\zeeland\Downloads\attk_collector_cli_x86.exe

2013-11-28 17:24 - 2013-11-28 17:24 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131128_172405.log

2013-11-28 17:23 - 2013-11-28 17:23 - 00782640 _____ (McAfee, Inc.) C:\Users\zeeland\Downloads\rootkitremover.exe

2013-11-28 17:20 - 2013-11-28 17:20 - 07103512 _____ (Bitdefender LLC) C:\Users\zeeland\Desktop\BootkitRemoval_x86.exe

2013-11-28 17:13 - 2013-11-28 17:13 - 01258032 _____ C:\Users\zeeland\Downloads\avg_remover_bootkit (2).exe

2013-11-28 17:13 - 2013-11-28 17:13 - 00000151 _____ C:\Users\zeeland\Documents\VirusRemover.log

2013-11-28 17:12 - 2013-11-28 17:12 - 01258032 _____ C:\Users\zeeland\Downloads\avg_remover_bootkit (1).exe

2013-11-28 17:09 - 2013-11-28 17:09 - 01258032 _____ C:\Users\zeeland\Downloads\avg_remover_bootkit.exe

2013-11-28 17:03 - 2013-11-28 17:03 - 00044607 _____ C:\Users\zeeland\Downloads\bootkit_remover.zip

2013-11-28 17:02 - 2013-12-04 18:08 - 00000512 _____ C:\Users\zeeland\Desktop\MBR.dat

2013-11-28 17:02 - 2013-11-28 17:02 - 00002079 _____ C:\Users\zeeland\Downloads\aswMBR.txt

2013-11-28 15:36 - 2013-11-28 15:36 - 04745728 _____ (AVAST Software) C:\Users\zeeland\Downloads\aswMBR.exe

2013-11-28 15:33 - 2013-11-28 15:33 - 00235560 _____ C:\Users\zeeland\AppData\Local\census.cache

2013-11-28 15:33 - 2013-11-28 15:33 - 00199427 _____ C:\Users\zeeland\AppData\Local\ars.cache

2013-11-28 15:12 - 2013-11-28 15:12 - 02002320 _____ (Trend Micro Inc.) C:\Users\zeeland\Downloads\HousecallLauncher.exe

2013-11-28 15:12 - 2013-11-28 15:12 - 00000036 _____ C:\Users\zeeland\AppData\Local\housecall.guid.cache

2013-11-28 11:33 - 2013-11-28 11:33 - 00456799 _____ C:\Users\zeeland\Downloads\pg1155.txt

2013-11-28 10:41 - 2013-11-28 18:26 - 00000332 _____ C:\Users\zeeland\Downloads\Result.txt

2013-11-28 10:41 - 2013-11-28 10:41 - 00360587 _____ (Farbar) C:\Users\zeeland\Downloads\ListParts.exe

2013-11-28 10:07 - 2013-11-28 10:07 - 00000000 ____D C:\TDSSKiller_Quarantine

2013-11-28 10:04 - 2013-11-28 10:04 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\zeeland\Downloads\tdsskiller.exe

2013-11-28 09:42 - 2013-11-28 09:42 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\CyberLink

2013-11-28 09:42 - 2013-11-28 09:42 - 00000000 ____D C:\Users\Public\CyberLink

2013-11-28 09:42 - 2013-11-28 09:42 - 00000000 ____D C:\ProgramData\CyberLink

2013-11-28 09:36 - 2013-11-28 09:41 - 389330944 _____ C:\Users\zeeland\Downloads\kav_rescue_10.iso

2013-11-28 09:33 - 2009-11-08 10:55 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2013-11-28 09:33 - 2009-11-08 10:55 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll

2013-11-28 09:33 - 2009-11-08 10:55 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe

2013-11-28 09:33 - 2009-11-08 10:55 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll

2013-11-28 09:33 - 2009-11-08 10:55 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll

2013-11-27 13:43 - 2013-11-27 13:44 - 89886059 _____ C:\Users\zeeland\Downloads\Unconfirmed 419508.crdownload

2013-11-27 12:32 - 2013-11-27 12:32 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\QuickScan

2013-11-27 12:27 - 2013-11-27 12:28 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\HpUpdate

2013-11-27 12:27 - 2013-11-27 12:27 - 00000000 ____D C:\Windows\Hewlett-Packard

2013-11-27 12:27 - 2010-09-06 08:24 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll

2013-11-27 12:27 - 2010-09-06 08:23 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll

2013-11-27 12:27 - 2009-08-24 04:16 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll

2013-11-27 12:25 - 2013-11-27 12:25 - 00000000 ____D C:\Users\zeeland\AppData\Local\Hewlett-Packard

2013-11-27 07:39 - 2008-06-19 17:14 - 00781344 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll

2013-11-27 07:39 - 2008-06-19 17:14 - 00622080 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2013-11-27 07:39 - 2008-06-19 17:14 - 00105016 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-11-27 07:39 - 2008-06-19 17:14 - 00097800 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2013-11-27 07:39 - 2008-06-19 17:14 - 00037384 _____ (Microsoft Corporation) C:\Windows\system32\infocardcpl.cpl

2013-11-27 07:39 - 2008-06-19 17:14 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2013-11-27 07:35 - 2008-07-27 10:03 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2013-11-27 07:35 - 2008-07-27 10:03 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2013-11-27 07:33 - 2010-02-20 15:39 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll

2013-11-27 07:33 - 2010-02-20 15:37 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll

2013-11-27 07:33 - 2010-02-20 13:18 - 00411136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys

2013-11-27 07:30 - 2013-11-27 07:30 - 90642704 _____ (Microsoft Corporation) C:\Users\zeeland\Desktop\msert.exe

2013-11-26 13:53 - 2013-11-26 13:53 - 00002154 _____ C:\Windows\epplauncher.mif

2013-11-26 13:48 - 2013-11-26 13:48 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\Macromedia

2013-11-26 13:46 - 2013-11-26 13:47 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-11-26 13:46 - 2010-04-05 06:50 - 00208966 _____ C:\Windows\system32\WFP.TMF

2013-11-26 13:37 - 2013-11-26 13:37 - 00869456 _____ C:\Users\zeeland\Downloads\Norton_Removal_Tool (1).exe

2013-11-26 13:35 - 2013-11-26 13:35 - 00869456 _____ C:\Users\zeeland\Downloads\Norton_Removal_Tool.exe

2013-11-26 13:24 - 2013-11-29 18:06 - 00000000 ___HD C:\TOOLWIZ

2013-11-26 13:24 - 2013-11-27 12:42 - 00000000 ____D C:\Users\zeeland\AppData\Local\ToolwizCareFree

2013-11-26 13:24 - 2013-11-26 13:24 - 00048640 _____ (Toolwiz.com) C:\Windows\system32\Drivers\KSafeDISK.sys

2013-11-26 13:24 - 2013-11-26 13:24 - 00045952 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSVF.sys

2013-11-26 13:24 - 2013-11-26 13:24 - 00027648 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSFF.sys

2013-11-26 13:24 - 2013-11-26 13:24 - 00000877 _____ C:\Users\zeeland\Desktop\Toolwiz Care.lnk

2013-11-26 13:24 - 2013-11-26 13:24 - 00000877 _____ C:\Users\Donna Tanaka\Desktop\Toolwiz Care.lnk

2013-11-26 13:24 - 2013-11-26 13:24 - 00000000 ____D C:\Program Files\ToolwizCareFree

2013-11-26 13:23 - 2013-11-26 13:23 - 07619344 _____ (ToolWiz) C:\Users\zeeland\Downloads\Setup_ToolwizCare.exe

2013-11-26 13:17 - 2013-11-26 13:18 - 11125072 _____ (Microsoft Corporation) C:\Users\zeeland\Downloads\mseinstall.exe

2013-11-26 13:15 - 2008-06-25 19:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll

2013-11-26 13:15 - 2008-06-25 17:45 - 12240896 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0007.dll

2013-11-26 13:15 - 2008-06-25 17:45 - 02644480 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0009.dll

2013-11-26 13:13 - 2013-11-26 13:13 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\Hewlett-Packard

2013-11-26 13:12 - 2013-11-27 12:45 - 00072192 _____ C:\Users\zeeland\AppData\Local\GDIPFONTCACHEV1.DAT

2013-11-26 13:12 - 2013-11-26 13:12 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\Symantec

2013-11-26 13:12 - 2013-11-26 13:12 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\Snapfish

2013-11-26 13:12 - 2013-11-26 13:12 - 00000000 ____D C:\Users\zeeland\AppData\Local\Google

2013-11-26 13:11 - 2013-11-29 18:06 - 00000000 ____D C:\Users\zeeland

2013-11-26 13:11 - 2013-11-26 13:12 - 00000000 ____D C:\Users\zeeland\AppData\Local\VirtualStore

2013-11-26 13:11 - 2013-11-26 13:11 - 00000951 _____ C:\Users\zeeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-11-26 13:11 - 2013-11-26 13:11 - 00000946 _____ C:\Users\zeeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2013-11-26 13:11 - 2013-11-26 13:11 - 00000917 _____ C:\Users\zeeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk

2013-11-26 13:11 - 2013-11-26 13:11 - 00000020 ___SH C:\Users\zeeland\ntuser.ini

2013-11-26 13:11 - 2008-02-27 13:58 - 00001034 _____ C:\Users\zeeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk

2013-11-26 13:11 - 2008-01-20 18:42 - 00000000 ___RD C:\Users\zeeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-11-26 13:11 - 2008-01-20 18:42 - 00000000 ___RD C:\Users\zeeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-11-26 10:13 - 2011-04-21 07:00 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-11-26 10:13 - 2011-04-21 07:00 - 00833024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-11-26 10:13 - 2011-04-21 06:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2013-11-26 10:13 - 2011-04-21 06:58 - 03593728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-11-26 10:13 - 2011-04-21 06:58 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll

2013-11-26 10:13 - 2011-04-21 06:58 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-11-26 10:13 - 2011-04-21 06:58 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-11-26 10:13 - 2011-04-21 06:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-11-26 10:13 - 2011-04-21 06:57 - 06078976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-11-26 10:13 - 2011-04-21 06:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-11-26 10:13 - 2011-04-21 06:57 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-11-26 10:13 - 2011-04-21 06:57 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-11-26 10:13 - 2011-04-21 06:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll

2013-11-26 10:13 - 2011-04-21 06:57 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-11-26 10:13 - 2011-04-21 06:57 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\ieencode.dll

2013-11-26 10:13 - 2011-04-21 05:28 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-11-26 10:13 - 2011-04-21 05:08 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-11-26 10:13 - 2011-02-22 04:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys

2013-11-26 10:13 - 2011-02-16 07:29 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-11-26 10:13 - 2011-02-16 05:24 - 00292864 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-11-26 10:13 - 2010-12-28 06:57 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll

2013-11-26 10:13 - 2010-09-10 10:18 - 10626560 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2013-11-26 10:13 - 2010-09-10 08:37 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2013-11-26 10:13 - 2010-06-16 07:12 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-11-26 10:13 - 2010-05-04 08:53 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-11-26 10:13 - 2010-04-16 08:10 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2013-11-26 10:13 - 2010-02-25 20:03 - 02452872 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2013-11-26 10:13 - 2009-08-14 08:29 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll

2013-11-26 10:13 - 2009-08-14 06:16 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\NETSTAT.EXE

2013-11-26 10:13 - 2009-08-14 06:16 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\ARP.EXE

2013-11-26 10:13 - 2009-08-14 06:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\ROUTE.EXE

2013-11-26 10:13 - 2009-08-14 06:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\MRINFO.EXE

2013-11-26 10:13 - 2009-08-14 06:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\finger.exe

2013-11-26 10:13 - 2009-08-14 06:16 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\TCPSVCS.EXE

2013-11-26 10:13 - 2009-08-14 06:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\HOSTNAME.EXE

2013-11-26 10:13 - 2009-06-15 07:20 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-11-26 10:13 - 2008-06-18 19:31 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL

2013-11-26 10:12 - 2011-07-06 06:56 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2013-11-26 10:12 - 2011-06-02 04:59 - 02042368 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-11-26 10:12 - 2011-04-29 04:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2013-11-26 10:12 - 2011-04-29 04:49 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2013-11-26 10:12 - 2011-04-29 04:49 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2013-11-26 10:12 - 2011-04-29 04:49 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2013-11-26 10:12 - 2011-04-21 05:16 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-11-26 10:12 - 2011-04-14 06:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys

2013-11-26 10:12 - 2011-03-10 08:12 - 01161728 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll

2013-11-26 10:12 - 2011-03-10 08:12 - 01136640 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll

2013-11-26 10:12 - 2011-03-02 06:49 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll

2013-11-26 10:12 - 2011-03-02 06:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll

2013-11-26 10:12 - 2011-02-18 05:31 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2013-11-26 10:12 - 2011-02-16 07:35 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-11-26 10:12 - 2011-02-16 07:32 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-11-26 10:12 - 2010-12-20 07:39 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2013-11-26 10:12 - 2010-12-14 07:49 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe

2013-11-26 10:12 - 2010-10-15 06:08 - 03600272 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2013-11-26 10:12 - 2010-10-15 06:08 - 03548048 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-11-26 10:12 - 2010-10-15 05:48 - 01205080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-11-26 10:12 - 2010-08-31 07:41 - 00954752 _____ (Microsoft Corporation) C:\Windows\system32\mfc40.dll

2013-11-26 10:12 - 2010-08-26 08:07 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll

2013-11-26 10:12 - 2010-08-17 05:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe

2013-11-26 10:12 - 2010-06-28 08:15 - 01315840 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll

2013-11-26 10:12 - 2010-05-27 11:16 - 00081920 _____ (Radius Inc.) C:\Windows\system32\iccvid.dll

2013-11-26 10:12 - 2010-04-05 08:08 - 00317952 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL

2013-11-26 10:12 - 2010-04-05 08:07 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll

2013-11-26 10:12 - 2009-09-10 09:30 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2013-11-26 10:12 - 2009-08-10 03:01 - 01399296 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2013-11-26 10:12 - 2009-07-17 06:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\atl.dll

2013-11-26 10:12 - 2009-07-11 11:32 - 00513024 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll

2013-11-26 10:12 - 2009-07-11 11:32 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll

2013-11-26 10:12 - 2009-07-11 11:32 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll

2013-11-26 10:12 - 2009-07-11 11:29 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\L2SecHC.dll

2013-11-26 10:12 - 2009-07-11 09:18 - 02501921 _____ C:\Windows\system32\wlan.tmf

2013-11-26 10:12 - 2009-07-10 04:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll

2013-11-26 10:12 - 2009-06-10 04:12 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll

2013-11-26 10:12 - 2009-06-10 04:11 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2013-11-26 10:12 - 2009-06-10 04:11 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL

2013-11-26 10:12 - 2009-05-04 02:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe

2013-11-26 10:12 - 2009-04-23 04:42 - 00636928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll

2013-11-26 10:12 - 2008-10-20 21:25 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2013-11-26 10:12 - 2008-10-15 20:47 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll

2013-11-26 10:12 - 2008-06-25 19:29 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll

2013-11-26 10:12 - 2008-06-05 19:27 - 00562176 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll

2013-11-26 10:12 - 2008-06-05 19:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll

2013-11-26 10:12 - 2008-04-17 21:48 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\es.dll

2013-11-26 10:12 - 2008-04-04 19:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\pacerprf.dll

2013-11-26 10:12 - 2008-04-04 17:21 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys

2013-11-26 10:11 - 2011-05-02 07:58 - 00738816 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2013-11-26 10:11 - 2011-01-21 07:46 - 11582464 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2013-11-26 10:11 - 2011-01-21 07:46 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll

2013-11-26 10:11 - 2010-12-29 09:41 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll

2013-11-26 10:11 - 2010-12-29 09:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll

2013-11-26 10:11 - 2010-12-29 09:41 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll

2013-11-26 10:11 - 2010-12-29 09:39 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax

2013-11-26 10:11 - 2010-11-06 03:10 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll

2013-11-26 10:11 - 2010-11-06 03:10 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll

2013-11-26 10:11 - 2010-11-06 03:10 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll

2013-11-26 10:11 - 2010-11-06 03:09 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

2013-11-26 10:11 - 2010-11-04 16:53 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe

2013-11-26 10:11 - 2010-10-28 04:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-11-26 10:11 - 2010-10-18 06:01 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2013-11-26 10:11 - 2010-08-31 07:41 - 00954288 _____ (Microsoft Corporation) C:\Windows\system32\mfc40u.dll

2013-11-26 10:11 - 2010-08-20 07:21 - 00866816 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll

2013-11-26 10:11 - 2010-06-18 08:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll

2013-11-26 10:11 - 2010-06-11 07:30 - 01257472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2013-11-26 10:11 - 2010-05-04 10:39 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll

2013-11-26 10:11 - 2010-04-16 08:10 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2013-11-26 10:11 - 2010-02-18 06:11 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll

2013-11-26 10:11 - 2010-02-18 03:52 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys

2013-11-26 10:11 - 2010-01-21 07:59 - 00062464 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codeca.acm

2013-11-26 10:11 - 2009-07-14 05:00 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll

2013-11-26 10:11 - 2009-07-14 04:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2013-11-26 10:11 - 2009-07-14 04:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2013-11-26 10:11 - 2009-07-14 04:58 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2013-11-26 10:11 - 2009-07-14 00:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.tlb

2013-11-26 10:11 - 2009-07-14 00:30 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\amcompat.tlb

2013-11-26 10:11 - 2009-06-15 10:20 - 00439896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2013-11-26 10:11 - 2009-06-15 07:24 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2013-11-26 10:11 - 2009-06-15 07:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2013-11-26 10:11 - 2009-06-15 07:23 - 01256448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2013-11-26 10:11 - 2009-06-15 07:21 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2013-11-26 10:11 - 2009-06-15 04:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2013-11-26 10:11 - 2009-03-16 19:38 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\amxread.dll

2013-11-26 10:11 - 2009-03-16 19:38 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\apilogen.dll

2013-11-26 10:11 - 2009-03-02 20:39 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll

2013-11-26 10:11 - 2009-03-02 20:39 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll

2013-11-26 10:11 - 2009-03-02 20:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll

2013-11-26 10:11 - 2009-03-02 20:37 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll

2013-11-26 10:11 - 2009-03-02 20:37 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll

2013-11-26 10:11 - 2009-03-02 20:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll

2013-11-26 10:11 - 2009-03-02 19:04 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe

2013-11-26 10:11 - 2009-03-02 18:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe

2013-11-26 10:11 - 2009-02-13 00:49 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2013-11-26 10:11 - 2008-10-28 22:29 - 02927104 _____ (Microsoft Corporation) C:\Windows\explorer.exe

2013-11-26 10:11 - 2008-08-11 19:39 - 00443392 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll

2013-11-26 10:11 - 2008-08-01 19:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2013-11-26 10:11 - 2008-08-01 17:01 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-11-26 10:11 - 2008-06-25 19:29 - 00565248 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll

2013-11-26 10:11 - 2008-06-25 19:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll

2013-11-26 10:11 - 2008-05-19 18:07 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys

2013-11-26 10:11 - 2008-05-09 17:33 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys

2013-11-26 10:11 - 2008-02-28 23:14 - 00019000 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll

2013-11-26 10:11 - 2008-02-28 23:11 - 00988216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2013-11-26 10:11 - 2008-02-28 23:11 - 00927288 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2013-11-26 10:11 - 2008-02-28 22:53 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2013-11-26 10:11 - 2008-02-28 22:53 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2013-11-26 10:11 - 2008-02-28 22:53 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2013-11-26 10:11 - 2008-02-28 22:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\kbd106n.dll

2013-11-26 10:11 - 2008-02-28 20:12 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2013-11-26 10:11 - 2008-02-28 20:12 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\srdelayed.exe

2013-11-26 10:11 - 2008-02-21 21:05 - 00615992 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2013-11-26 10:10 - 2011-04-20 06:47 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2013-11-26 10:10 - 2011-04-20 06:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2013-11-26 10:10 - 2010-12-17 08:43 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2013-11-26 10:10 - 2010-12-17 07:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2013-11-26 10:10 - 2010-08-31 07:40 - 00531968 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-11-26 10:10 - 2010-06-16 07:56 - 00098192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2013-11-26 10:10 - 2010-06-16 07:55 - 00902032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-11-26 10:10 - 2010-06-16 07:55 - 00220040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2013-11-26 10:10 - 2010-06-16 07:11 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2013-11-26 10:10 - 2010-06-16 07:10 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2013-11-26 10:10 - 2010-06-16 07:09 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL

2013-11-26 10:10 - 2009-12-28 04:35 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll

2013-11-26 10:10 - 2009-12-28 04:32 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\msvfw32.dll

2013-11-26 10:10 - 2009-12-28 04:32 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll

2013-11-26 10:10 - 2009-12-28 04:32 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll

2013-11-26 10:10 - 2009-12-28 04:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll

2013-11-26 10:10 - 2009-12-28 04:31 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\mciavi32.dll

2013-11-26 10:10 - 2009-12-28 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll

2013-11-26 10:10 - 2009-12-28 04:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\avifil32.dll

2013-11-26 10:10 - 2009-12-28 04:28 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\avicap32.dll

2013-11-26 10:10 - 2009-10-07 04:41 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll

2013-11-26 10:10 - 2009-10-07 04:41 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2013-11-26 10:10 - 2009-09-04 04:24 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll

2013-11-26 10:10 - 2009-08-10 05:05 - 00351232 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll

2013-11-26 10:10 - 2009-04-23 04:43 - 00784896 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-11-26 10:10 - 2009-04-02 04:37 - 00604672 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL

2013-11-26 10:10 - 2008-06-22 17:59 - 00996352 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll

2013-11-26 10:10 - 2008-06-22 17:58 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe

2013-11-26 10:10 - 2008-05-08 13:59 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll

2013-11-26 10:10 - 2008-05-08 13:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2013-11-26 10:10 - 2008-05-08 13:59 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2013-11-26 10:10 - 2008-05-08 13:59 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\wshext.dll

2013-11-26 10:10 - 2008-05-08 13:58 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2013-11-26 10:10 - 2008-05-08 13:58 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2013-11-26 10:05 - 2011-04-29 06:54 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2013-11-26 10:04 - 2013-11-19 02:21 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2013-11-26 10:03 - 2010-01-14 16:04 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll

2013-11-26 10:03 - 2009-12-23 04:43 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-11-26 10:02 - 2013-11-26 10:02 - 00001973 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-11-26 10:01 - 2013-12-11 12:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-11-26 10:01 - 2013-12-04 19:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-11-26 10:01 - 2013-11-26 10:02 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Local\Google

2013-11-26 10:01 - 2013-11-26 10:02 - 00000000 ____D C:\Program Files\Google

2013-11-26 10:01 - 2013-11-26 10:01 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Local\Deployment

2013-11-26 10:01 - 2013-11-26 10:01 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Local\Apps\2.0

2013-11-26 09:57 - 2013-11-26 09:57 - 00000680 _____ C:\Users\Donna Tanaka\AppData\Local\d3d9caps.dat

2013-11-25 21:29 - 2013-11-25 21:29 - 00072192 _____ C:\Users\Donna Tanaka\AppData\Local\GDIPFONTCACHEV1.DAT

2013-11-25 21:29 - 2013-11-25 21:29 - 00000951 _____ C:\Users\Donna Tanaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-11-25 21:29 - 2013-11-25 21:29 - 00000946 _____ C:\Users\Donna Tanaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2013-11-25 21:29 - 2013-11-25 21:29 - 00000917 _____ C:\Users\Donna Tanaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk

2013-11-25 21:29 - 2013-11-25 21:29 - 00000044 _____ C:\Windows\system\hpsysdrv.dat

2013-11-25 21:29 - 2013-11-25 21:29 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Roaming\Symantec

2013-11-25 21:29 - 2013-11-25 21:29 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Roaming\Snapfish

2013-11-25 21:29 - 2013-11-25 21:29 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Local\VirtualStore

2013-11-25 21:27 - 2013-11-25 21:27 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Roaming\Macromedia

2013-11-25 21:26 - 2013-11-25 21:30 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Roaming\Hewlett-Packard

2013-11-25 21:25 - 2013-11-25 21:25 - 00001853 _____ C:\Users\Public\Desktop\Internet & Digital Services.lnk

2013-11-25 21:25 - 2013-11-25 21:25 - 00001834 __RSH C:\Windows\system32\Drivers\103C_HP_CPC_KJ375AA-ABA s3400f_YC_0Pavi_QMXU810_E82NAv3PrA1_49_IAcacia_SASUSTek Computer INC._V1.02_B5.11_T080212_WUH1_L409_M3454_J500_7AMD_8Athlon 64 X2 Dual Core_92.7_#080429_N10DE03EF_Z14F12F20_G10DE03D0.MRK

2013-11-25 21:25 - 2008-02-27 14:08 - 00002117 _____ C:\Users\Public\Desktop\eBay.lnk

2013-11-25 21:25 - 2008-02-27 14:08 - 00002047 _____ C:\Users\Public\Desktop\MSN.lnk

2013-11-25 21:24 - 2013-11-25 21:29 - 00000000 ____D C:\Users\Donna Tanaka

2013-11-25 21:24 - 2013-11-25 21:24 - 00000020 ___SH C:\Users\Donna Tanaka\ntuser.ini

2013-11-25 21:24 - 2008-02-27 13:58 - 00001034 _____ C:\Users\Donna Tanaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk

2013-11-25 21:24 - 2008-01-20 18:42 - 00000000 ___RD C:\Users\Donna Tanaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-11-25 21:24 - 2008-01-20 18:42 - 00000000 ___RD C:\Users\Donna Tanaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-11-25 21:21 - 2013-12-11 12:06 - 01964121 _____ C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

2013-12-11 12:06 - 2013-12-11 12:06 - 00010113 _____ C:\Users\zeeland\Desktop\FRST.txt

2013-12-11 12:06 - 2013-12-11 12:06 - 00000000 ____D C:\FRST

2013-12-11 12:06 - 2013-11-25 21:21 - 01964121 _____ C:\Windows\WindowsUpdate.log

2013-12-11 12:05 - 2013-12-11 12:05 - 01060135 _____ (Farbar) C:\Users\zeeland\Desktop\FRST.exe

2013-12-11 12:02 - 2013-11-26 10:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-11 12:02 - 2006-11-02 05:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-11 12:02 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-11 12:02 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-08 15:27 - 2013-12-08 15:27 - 00000714 _____ C:\Windows\setupact.log

2013-12-08 15:27 - 2013-12-08 15:27 - 00000000 _____ C:\Windows\setuperr.log

2013-12-08 15:27 - 2006-11-02 05:01 - 00016780 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-12-04 19:21 - 2013-12-04 19:06 - 00000000 ____D C:\Users\zeeland\Desktop\mbar

2013-12-04 19:21 - 2013-12-04 19:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-12-04 19:13 - 2013-12-04 19:06 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2013-12-04 19:12 - 2013-12-04 19:06 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-12-04 19:11 - 2013-11-26 10:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job