FBI virus

[cajungenes2]

Suddenly, every time I open Internet Explorer, I get this screen that says, "Your computer has been locked by the FBI for cyber crimes". It goes on to say if I click on this link and pay $300, they will unlock it. Naturally, I didn't.

I ran Malwarebytes and it found 7 infected files. I deleted them ran Malware again and it says it's clean, but I still get the screen. Once it pops up, I have to go into "safe mode" to use my computer.

I read the fix for Melissa, but saw the disclaimer that it was for her computer only.

Thanks,

Cyndie

[schrauber]

Hello, Cyndie
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:

• Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
• If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
• Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
• Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
• Please set your system to show all files.
  Click Start, open My Computer, select the Tools menu and click Folder Options.
  Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
  Uncheck: Hide file extensions for known file types
  Uncheck the Hide protected operating system files (recommended) option.
  Click Yes to confirm.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[cajungenes2]

Hi Tom,


I am running in 'safe mode with networking'. How do I get 'my computer' to recognize that I have a flash drive plugged in? I went to download the Farbar Recovery Scan Tool, but I couldn't select the flash drive as a download destination because it doesn't show up on 'my computer' as an available drive.

[cajungenes2]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2013
Ran by SYSTEM on 10-06-2013 20:06:38
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] [x]
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor .exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\n. ATTENTION! ====> ZeroAccess
HKLM-x32\...\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2009-08-12] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-07-12] ()
HKLM-x32\...\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [RoxioNowMediaManagerApp] C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe -start [2785776 2011-07-05] (Rovi Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-update [239336 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [295072 2013-01-17] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] C:\windows\Samsung\PanelMgr\ssmmgr.exe /autorun [614400 2009-08-28] ()
HKU\Cyndie\...\Run: [EPLTarget\P0000000000000000] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIJCE. EXE /EPT "EPLTarget\P0000000000000000" /M "XP-600 Series" [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\Cyndie\...\Run: [Adobe CSS5.1 Manager] C:\Users\Cyndie\AppData\Local\18aa933a-b185-4219-a5aa-ca31769e4299ad\aaabaaacaead.exe [237568 2013-06-10] () <===== ATTENTION
HKU\Cyndie\...\Run: [DisplaySwitch] "C:\ProgramData\DisplaySwitch.exe" [54272 2013-06-10] ()
HKU\Cyndie\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Cyndie\AppData\Local\18aa933a-b185-4219-a5aa-ca31769e4299ad\aaabaaacaead.exe [237568 2013-06-10] () <===== ATTENTION
HKU\Guest\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [x]
IMEO: [Debugger] svchost.exe

==================== Services (Whitelisted) =================

S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [52288 2011-03-01] (NOS Microsystems Ltd.)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc. exe [38608 2012-11-29] ()
S2 RoxioNow Service; C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [400368 2011-07-05] (Rovi Corporation)

==================== Drivers (Whitelisted) ====================

S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-03-26] (SlySoft, Inc.)
S3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [446976 2009-08-20] (Realtek Semiconductor Corporation )
S2 SSPORT; C:\Windows\SysWow64\Drivers\SSPORT.sys [11576 2009-08-26] (Samsung Electronics)
S2 DgiVecp; \??\C:\windows\system32\Drivers\DgiVecp.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S2 SSPORT; \??\C:\windows\system32\Drivers\SSPORT.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-10 16:49 - 2013-06-10 16:49 - 00000000 ____D C:\FRST
2013-06-10 05:22 - 2013-06-10 05:22 - 00123814 ____A C:\Users\Cyndie\Desktop\OTL.Txt
2013-06-10 04:20 - 2013-06-10 04:42 - 00000328 ___AH C:\Windows\Tasks\{6BF62A63-0DC1-492C-B1B9-894ED29EA2F4}.job
2013-06-10 04:20 - 2013-06-10 04:20 - 02250054 ____A C:\ProgramData\1.bmp
2013-06-10 04:20 - 2013-06-10 04:20 - 00000000 ____D C:\Users\Cyndie\AppData\Local\18aa933a-b185-4219-a5aa-ca31769e4299ad
2013-06-10 04:20 - 2013-06-10 04:19 - 00054272 ____A C:\ProgramData\DisplaySwitch.exe
2013-06-10 04:19 - 2013-06-10 04:19 - 00109568 ____A (Advanced Micro Devices, Inc.) C:\Users\Cyndie\conhost.exe
2013-06-10 04:19 - 2013-06-10 04:19 - 00000000 ____A C:\Users\Cyndie\notepad.exe
2013-06-02 11:32 - 2013-06-02 11:32 - 00276632 ____A C:\Windows\Minidump\060213-20451-01.dmp
2013-05-23 05:12 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-23 05:12 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-23 05:12 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-23 05:12 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-23 05:12 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-23 05:12 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-23 05:12 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-23 05:12 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-23 05:12 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-23 05:12 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-23 05:12 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-23 05:12 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-23 05:12 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-23 05:12 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-23 05:12 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-23 05:12 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-23 05:12 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-23 05:12 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-23 05:12 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-23 05:12 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-23 05:12 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-23 05:12 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-23 05:12 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-23 05:12 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-23 05:12 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-23 05:12 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-23 05:12 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-23 05:12 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-23 05:12 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-23 05:12 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-23 05:12 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-18 10:24 - 2013-05-18 10:24 - 00276632 ____A C:\Windows\Minidump\051813-29920-01.dmp
2013-05-17 04:21 - 2013-05-17 04:21 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-17 04:21 - 2013-05-17 04:21 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-17 04:21 - 2013-05-17 04:21 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-17 04:21 - 2013-05-17 04:21 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-17 04:21 - 2013-05-17 04:21 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-17 04:21 - 2013-05-17 04:21 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-17 04:21 - 2013-05-17 04:21 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-17 04:21 - 2013-05-17 04:21 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-17 04:21 - 2013-05-17 04:21 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-05-17 04:19 - 2013-05-17 04:19 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-17 04:17 - 2013-05-17 04:25 - 00008392 ____A C:\Windows\IE10_main.log
2013-05-16 07:18 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 07:18 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 07:18 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 07:18 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-16 07:18 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-16 07:18 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 07:18 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 07:18 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 07:18 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 07:18 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-16 07:18 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-16 07:18 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-16 07:18 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-16 07:18 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll

==================== One Month Modified Files and Folders =======

2013-06-10 16:52 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-10 16:49 - 2013-06-10 16:49 - 00000000 ____D C:\FRST
2013-06-10 13:18 - 2010-04-21 16:45 - 01257610 ____A C:\Windows\WindowsUpdate.log
2013-06-10 05:22 - 2013-06-10 05:22 - 00123814 ____A C:\Users\Cyndie\Desktop\OTL.Txt
2013-06-10 05:08 - 2011-02-28 09:20 - 00602112 ____A (OldTimer Tools) C:\Users\Cyndie\Desktop\OTL.exe
2013-06-10 05:04 - 2013-03-18 18:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-10 04:44 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-10 04:44 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-10 04:42 - 2013-06-10 04:20 - 00000328 ___AH C:\Windows\Tasks\{6BF62A63-0DC1-492C-B1B9-894ED29EA2F4}.job
2013-06-10 04:42 - 2011-11-28 12:38 - 00015322 ____A C:\Windows\setupact.log
2013-06-10 04:42 - 2011-11-28 12:37 - 00181266 ____A C:\Windows\PFRO.log
2013-06-10 04:42 - 2010-05-21 21:27 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-10 04:42 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-10 04:40 - 2010-05-21 20:39 - 00000000 ____D C:\users\Cyndie
2013-06-10 04:26 - 2011-12-14 01:47 - 00427520 __ASH C:\Users\Cyndie\Desktop\Thumbs.db
2013-06-10 04:23 - 2012-04-04 09:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-10 04:20 - 2013-06-10 04:20 - 02250054 ____A C:\ProgramData\1.bmp
2013-06-10 04:20 - 2013-06-10 04:20 - 00000000 ____D C:\Users\Cyndie\AppData\Local\18aa933a-b185-4219-a5aa-ca31769e4299ad
2013-06-10 04:19 - 2013-06-10 04:20 - 00054272 ____A C:\ProgramData\DisplaySwitch.exe
2013-06-10 04:19 - 2013-06-10 04:19 - 00109568 ____A (Advanced Micro Devices, Inc.) C:\Users\Cyndie\conhost.exe
2013-06-10 04:19 - 2013-06-10 04:19 - 00000000 ____A C:\Users\Cyndie\notepad.exe
2013-06-10 04:01 - 2010-05-21 21:27 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-08 03:41 - 2010-05-22 04:10 - 00012482 ____A C:\Users\Cyndie\AppData\Roaming\wklnhst.dat
2013-06-06 13:45 - 2011-11-28 11:34 - 00002194 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-02 11:32 - 2013-06-02 11:32 - 00276632 ____A C:\Windows\Minidump\060213-20451-01.dmp
2013-06-02 11:32 - 2010-06-05 13:15 - 00000000 ____D C:\Windows\Minidump
2013-06-02 11:31 - 2011-12-04 12:14 - 391921611 ____A C:\Windows\MEMORY.DMP
2013-05-22 17:41 - 2010-09-01 18:28 - 00000000 ____D C:\users\Guest
2013-05-22 17:40 - 2011-08-23 07:18 - 00000000 ____D C:\ProgramData\RoxioNow
2013-05-22 17:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-05-22 17:40 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-05-22 17:38 - 2013-01-17 13:19 - 00000000 ____D C:\ProgramData\Real
2013-05-18 10:24 - 2013-05-18 10:24 - 00276632 ____A C:\Windows\Minidump\051813-29920-01.dmp
2013-05-18 08:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-05-18 06:02 - 2009-07-13 20:45 - 00341192 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-17 09:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-05-17 09:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-05-17 09:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-17 09:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-17 09:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-05-17 04:25 - 2013-05-17 04:17 - 00008392 ____A C:\Windows\IE10_main.log
2013-05-17 04:21 - 2013-05-17 04:21 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-17 04:21 - 2013-05-17 04:21 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-17 04:21 - 2013-05-17 04:21 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-17 04:21 - 2013-05-17 04:21 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-17 04:21 - 2013-05-17 04:21 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-17 04:21 - 2013-05-17 04:21 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-17 04:21 - 2013-05-17 04:21 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-17 04:21 - 2013-05-17 04:21 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-17 04:21 - 2013-05-17 04:21 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-17 04:21 - 2013-05-17 04:21 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-17 04:21 - 2013-05-17 04:21 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-05-17 04:19 - 2013-05-17 04:19 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-17 04:19 - 2013-05-17 04:19 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-17 04:14 - 2010-06-02 20:28 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-16 07:23 - 2012-04-04 09:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-16 07:23 - 2011-05-20 07:47 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\00000004.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\201d3dde
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\6715e287
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\76603ac3
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\00000004.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\00000008.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\000000cb.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000000.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000032.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000064.@

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\00000004.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\201d3dde
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\6715e287
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\76603ac3
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\00000004.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\00000008.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\000000cb.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000000.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000032.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000064.@

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-211347547-2098133201-2859789311-1000\$98b6b1bd2581720063b7b3bc2cc89f69

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\00000004.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\201d3dde
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\6715e287
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\76603ac3
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\00000004.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\00000008.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\000000cb.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000000.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000032.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000064.@

Files to move or delete:
====================
C:\ProgramData\DisplaySwitch.exe
C:\Users\Cyndie\AuditSupportCenter_Installer.exe
C:\Users\Cyndie\conhost.exe
C:\Users\Cyndie\DMSetup-Serial.exe
C:\Users\Cyndie\flashplayer_10_plugin_debug.exe
C:\Users\Cyndie\notepad.exe
C:\Users\Cyndie\setupUS.exe
C:\Users\Cyndie\U3update.exe
C:\Windows\Tasks\{6BF62A63-0DC1-492C-B1B9-894ED29EA2F4}.job

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-03 04:10:59
Restore point made on: 2013-05-07 03:53:37
Restore point made on: 2013-05-16 07:19:19
Restore point made on: 2013-05-17 04:05:31
Restore point made on: 2013-05-18 05:44:46
Restore point made on: 2013-05-19 05:37:20
Restore point made on: 2013-05-22 15:25:37
Restore point made on: 2013-05-23 05:11:32
Restore point made on: 2013-05-28 03:51:11
Restore point made on: 2013-05-31 04:40:28
Restore point made on: 2013-06-05 17:53:58
Restore point made on: 2013-06-09 05:15:17

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3932.88 MB
Available physical RAM: 3353.91 MB
Total Pagefile: 3931.03 MB
Available Pagefile: 3349.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (TI105756W0B) (Fixed) (Total:287.64 GB) (Free:200.45 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:1.87 GB) (Free:1.29 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: CE865B76)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=288 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

================================================== ======
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=2 GB) - (Type=0E)


LastRegBack: 2013-06-07 18:32

==================== End Of Log ============================

[schrauber]

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Code:

HKLM\...\Run: [] [x]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\n. ATTENTION! ====> ZeroAccess
HKU\Cyndie\...\Run: [Adobe CSS5.1 Manager] C:\Users\Cyndie\AppData\Local\18aa933a-b185-4219-a5aa-ca31769e4299ad\aaabaaacaead.exe [237568 2013-06-10] () <===== ATTENTION
HKU\Cyndie\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Cyndie\AppData\Local\18aa933a-b185-4219-a5aa-ca31769e4299ad\aaabaaacaead.exe [237568 2013-06-10] () <===== ATTENTION
IMEO: [Debugger] svchost.exe
2013-06-10 04:19 - 2013-06-10 04:19 - 00109568 ____A (Advanced Micro Devices, Inc.) C:\Users\Cyndie\conhost.exe
2013-06-10 04:19 - 2013-06-10 04:19 - 00000000 ____A C:\Users\Cyndie\notepad.exe
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\00000004.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\201d3dde
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\6715e287
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\76603ac3
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\00000004.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\00000008.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\000000cb.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000000.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000032.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000064.@

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\00000004.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\201d3dde
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\6715e287
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\76603ac3
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\00000004.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\00000008.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\000000cb.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000000.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000032.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000064.@

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-211347547-2098133201-2859789311-1000\$98b6b1bd2581720063b7b3bc2cc89f69

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\00000004.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\201d3dde
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\6715e287
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\76603ac3
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\00000004.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\00000008.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\000000cb.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000000.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000032.@
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000064.@

C:\ProgramData\DisplaySwitch.exe
C:\Users\Cyndie\AuditSupportCenter_Installer.exe
C:\Users\Cyndie\conhost.exe
C:\Users\Cyndie\DMSetup-Serial.exe
C:\Users\Cyndie\flashplayer_10_plugin_debug.exe
C:\Users\Cyndie\notepad.exe
C:\Users\Cyndie\setupUS.exe
C:\Users\Cyndie\U3update.exe
C:\Windows\Tasks\{6BF62A63-0DC1-492C-B1B9-894ED29EA2F4}.job
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

[cajungenes2]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-06-2013
Ran by SYSTEM at 2013-06-11 08:31:20 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \\ => Value deleted successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKU\Cyndie\Software\Microsoft\Windows\CurrentVersi on\Run\\Adobe CSS5.1 Manager => Value deleted successfully.
HKU\Cyndie\Software\Microsoft\Windows\CurrentVersi on\RunOnce\\Adobe CSS5.1 Manager => Value deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\\Debugger => Value deleted successfully.
C:\Users\Cyndie\conhost.exe => Moved successfully.
C:\Users\Cyndie\notepad.exe => Moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69 => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\00000004.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\201d3dde => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\6715e287 => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\76603ac3 => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\00000004.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\00000008.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\000000cb.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000000.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000032.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000064.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69 => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\00000004.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\201d3dde => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\6715e287 => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\76603ac3 => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\00000004.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\00000008.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\000000cb.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000000.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000032.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000064.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-21-211347547-2098133201-2859789311-1000\$98b6b1bd2581720063b7b3bc2cc89f69 => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69 => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\00000004.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\201d3dde => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\6715e287 => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\L\76603ac3 => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\00000004.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\00000008.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\000000cb.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000000.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000032.@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$98b6b1bd2581720063b7b3bc2cc89f69\U\80000064.@ => File/Directory not found.
C:\ProgramData\DisplaySwitch.exe => Moved successfully.
C:\Users\Cyndie\AuditSupportCenter_Installer.exe => Moved successfully.
C:\Users\Cyndie\conhost.exe => File/Directory not found.
C:\Users\Cyndie\DMSetup-Serial.exe => Moved successfully.
C:\Users\Cyndie\flashplayer_10_plugin_debug.exe => Moved successfully.
C:\Users\Cyndie\notepad.exe => File/Directory not found.
C:\Users\Cyndie\setupUS.exe => Moved successfully.
C:\Users\Cyndie\U3update.exe => Moved successfully.
C:\Windows\Tasks\{6BF62A63-0DC1-492C-B1B9-894ED29EA2F4}.job => Moved successfully.
Error: DeleteJunctionsIndirectory: C:\Program Files\Windows Defender => entry should be fixed outside recovery mode.

==== End of Fixlog ====

[schrauber]

Are you able to boot normally? If yes, please download a fresh version of FRST to your desktop and run it with doubleclick, post back with the logfiles.

[cajungenes2]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2013 02
Ran by Cyndie (administrator) on 11-06-2013 11:00:48
Running from C:\Users\Cyndie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc. exe
(Rovi Corporation) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Rovi Corporation) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE. EXE
(Rovi Corporation) C:\Program Files (x86)\Roxio\RoxioNow Player\CNRpc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_11_7_700_202.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_11_7_700_202.exe
(Twain Working Group) C:\windows\twunk_32.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor .exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1832760 2012-09-20] (Logitech, Inc.)
HKCU\...\Run: [EPLTarget\P0000000000000000] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIJCE. EXE /EPT "EPLTarget\P0000000000000000" /M "XP-600 Series" [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [DisplaySwitch] "C:\ProgramData\DisplaySwitch.exe" [x]
HKCU\...\Run: [Adobe CSS5.1 Manager] C:\Users\Cyndie\AppData\Local\18aa933a-b185-4219-a5aa-ca31769e4299ad\aaabaaacaead.exe [237568 2013-06-10] () <===== ATTENTION
HKCU\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Cyndie\AppData\Local\18aa933a-b185-4219-a5aa-ca31769e4299ad\aaabaaacaead.exe [237568 2013-06-10] () <===== ATTENTION
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-211347547-2098133201-2859789311-1000\$98b6b1bd2581720063b7b3bc2cc89f69\n. ATTENTION! ====> ZeroAccess
MountPoints2: E - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2009-08-12] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-07-13] ()
HKLM-x32\...\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [RoxioNowMediaManagerApp] C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe -start [2785776 2011-07-05] (Rovi Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-update [239336 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [295072 2013-01-17] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] C:\windows\Samsung\PanelMgr\ssmmgr.exe /autorun [614400 2009-08-28] ()
HKU\Guest\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
URLSearchHook: (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2645238
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=113959&tt=031012_IKAN_4012_ 2&babsrc=SP_ss&mntrId=3ad6c62d00000000000070f1a162 b868
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.pogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms }
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://findgala.com/?&uid=195&q={searchTerms}
SearchScopes: HKCU - {8EA7260B-04F7-42E4-98E1-8CDB97E705F4} URL =
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2645238
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80469 &lng=en
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKCU - No Name - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Cyndie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\hog9nz91.default
FF Homepage: hxxp://m.www.yahoo.com/
FF SelectedSearchEngine: search
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_70 0_202.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_70 0_202.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\b in\npFFApi.dll No File
FF Plugin-x32: @DictionaryBoss.com/Plugin - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\NPv4Stub.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/npracplug;version=1.0.0.0 - C:\Program Files (x86)\Real\RealArcade\Plugins\Mozilla\npracplug.dl l (RealNetworks)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlchromebrowserrecordex t.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlpepperflashvideoshim. dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DictionaryBoss - C:\Users\Cyndie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\hog9nz91.default\Extensions\v4ffxtbr@Dictio naryBoss.com
FF Extension: eMusic Toolbar - C:\Users\Cyndie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\hog9nz91.default\Extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}

Chrome:
=======
CHR HomePage: hxxp://blekkosearch.mystart.com/blekko_soc/?source=f06b8e24&toolbarid=blekkotb_sa5&u=E09D46B0 B40305695503AF506C910536&tbp=homepage&v=1_2
CHR RestoreOnStartup: "urls_to_restore_on_startup": [
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcsw f32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGo ogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf. dll No File
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll (AOL LLC)
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll (AOL LLC)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\NPv4Stub.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Cyndie\AppData\Local\Yahoo!\BrowserPlus\2 .9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File

==================== Services (Whitelisted) =================

S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [52288 2011-03-01] (NOS Microsystems Ltd.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc. exe [38608 2012-11-29] ()
R2 RoxioNow Service; C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [400368 2011-07-05] (Rovi Corporation)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-03-26] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [446976 2009-08-20] (Realtek Semiconductor Corporation )
S2 SSPORT; C:\Windows\SysWow64\Drivers\SSPORT.sys [11576 2009-08-27] (Samsung Electronics)
S2 DgiVecp; \??\C:\windows\system32\Drivers\DgiVecp.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S2 SSPORT; \??\C:\windows\system32\Drivers\SSPORT.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-11 11:00 - 2013-06-11 11:00 - 01920272 ____A (Farbar) C:\Users\Cyndie\Desktop\FRST64.exe
2013-06-10 19:49 - 2013-06-10 19:49 - 00000000 ____D C:\FRST
2013-06-10 08:22 - 2013-06-10 08:22 - 00123814 ____A C:\Users\Cyndie\Desktop\OTL.Txt
2013-06-10 07:20 - 2013-06-10 07:20 - 02250054 ____A C:\ProgramData\1.bmp
2013-06-10 07:20 - 2013-06-10 07:20 - 00000000 ____D C:\Users\Cyndie\AppData\Local\18aa933a-b185-4219-a5aa-ca31769e4299ad
2013-06-02 14:32 - 2013-06-02 14:32 - 00276632 ____A C:\Windows\Minidump\060213-20451-01.dmp
2013-05-23 08:12 - 2013-04-05 01:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-23 08:12 - 2013-04-05 01:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-23 08:12 - 2013-04-05 01:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-23 08:12 - 2013-04-05 01:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-23 08:12 - 2013-04-05 01:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-23 08:12 - 2013-04-05 01:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-23 08:12 - 2013-04-05 01:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-23 08:12 - 2013-04-05 01:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-23 08:12 - 2013-04-05 01:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-23 08:12 - 2013-04-05 01:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-23 08:12 - 2013-04-05 01:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-23 08:12 - 2013-04-05 01:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-23 08:12 - 2013-04-05 01:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-23 08:12 - 2013-04-05 01:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-23 08:12 - 2013-04-05 00:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-23 08:12 - 2013-04-05 00:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-23 08:12 - 2013-04-05 00:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-23 08:12 - 2013-04-05 00:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-23 08:12 - 2013-04-05 00:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-23 08:12 - 2013-04-05 00:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-23 08:12 - 2013-04-05 00:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-23 08:12 - 2013-04-05 00:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-23 08:12 - 2013-04-05 00:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-23 08:12 - 2013-04-05 00:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-23 08:12 - 2013-04-05 00:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-23 08:12 - 2013-04-05 00:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-23 08:12 - 2013-04-05 00:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-23 08:12 - 2013-04-04 23:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-23 08:12 - 2013-04-04 23:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-23 08:12 - 2013-04-04 22:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-23 08:12 - 2013-04-04 22:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-18 13:24 - 2013-05-18 13:24 - 00276632 ____A C:\Windows\Minidump\051813-29920-01.dmp
2013-05-17 07:21 - 2013-05-17 07:21 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-17 07:21 - 2013-05-17 07:21 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-17 07:21 - 2013-05-17 07:21 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-17 07:21 - 2013-05-17 07:21 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-17 07:21 - 2013-05-17 07:21 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-17 07:21 - 2013-05-17 07:21 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-17 07:21 - 2013-05-17 07:21 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-17 07:21 - 2013-05-17 07:21 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-17 07:21 - 2013-05-17 07:21 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-05-17 07:19 - 2013-05-17 07:19 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-17 07:17 - 2013-05-17 07:25 - 00008392 ____A C:\Windows\IE10_main.log
2013-05-16 10:18 - 2013-04-10 01:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 10:18 - 2013-04-10 01:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 10:18 - 2013-04-09 22:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 10:18 - 2013-03-19 00:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-16 10:18 - 2013-03-19 00:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-16 10:18 - 2013-02-27 01:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 10:18 - 2013-02-27 00:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 10:18 - 2013-02-27 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 10:18 - 2013-02-27 00:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 10:18 - 2013-02-27 00:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-16 10:18 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-16 10:18 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-16 10:18 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-16 10:18 - 2011-02-03 06:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll

==================== One Month Modified Files and Folders =======

2013-06-11 11:31 - 2010-05-21 23:39 - 00000000 ____D C:\users\Cyndie
2013-06-11 11:01 - 2010-05-22 00:27 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-11 11:00 - 2013-06-11 11:00 - 01920272 ____A (Farbar) C:\Users\Cyndie\Desktop\FRST64.exe
2013-06-11 10:57 - 2009-07-13 23:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-11 10:57 - 2009-07-13 23:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-11 10:54 - 2009-07-14 00:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-11 10:50 - 2010-05-22 00:27 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-11 10:49 - 2011-11-28 15:38 - 00015378 ____A C:\Windows\setupact.log
2013-06-11 10:49 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-11 07:51 - 2013-03-18 21:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-10 19:49 - 2013-06-10 19:49 - 00000000 ____D C:\FRST

[cajungenes2]

2013-06-10 16:18 - 2010-04-21 19:45 - 01257610 ____A C:\Windows\WindowsUpdate.log
2013-06-10 08:22 - 2013-06-10 08:22 - 00123814 ____A C:\Users\Cyndie\Desktop\OTL.Txt
2013-06-10 08:08 - 2011-02-28 12:20 - 00602112 ____A (OldTimer Tools) C:\Users\Cyndie\Desktop\OTL.exe
2013-06-10 07:42 - 2011-11-28 15:37 - 00181266 ____A C:\Windows\PFRO.log
2013-06-10 07:26 - 2011-12-14 04:47 - 00427520 __ASH C:\Users\Cyndie\Desktop\Thumbs.db
2013-06-10 07:23 - 2012-04-04 12:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-10 07:20 - 2013-06-10 07:20 - 02250054 ____A C:\ProgramData\1.bmp
2013-06-10 07:20 - 2013-06-10 07:20 - 00000000 ____D C:\Users\Cyndie\AppData\Local\18aa933a-b185-4219-a5aa-ca31769e4299ad
2013-06-08 06:41 - 2010-05-22 07:10 - 00012482 ____A C:\Users\Cyndie\AppData\Roaming\wklnhst.dat
2013-06-06 16:45 - 2011-11-28 14:34 - 00002194 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-02 14:32 - 2013-06-02 14:32 - 00276632 ____A C:\Windows\Minidump\060213-20451-01.dmp
2013-06-02 14:32 - 2010-06-05 16:15 - 00000000 ____D C:\Windows\Minidump
2013-06-02 14:31 - 2011-12-04 15:14 - 391921611 ____A C:\Windows\MEMORY.DMP
2013-05-22 20:41 - 2010-09-01 21:28 - 00000000 ____D C:\users\Guest
2013-05-22 20:40 - 2011-08-23 10:18 - 00000000 ____D C:\ProgramData\RoxioNow
2013-05-22 20:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-05-22 20:40 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-05-22 20:38 - 2013-01-17 16:19 - 00000000 ____D C:\ProgramData\Real
2013-05-18 13:24 - 2013-05-18 13:24 - 00276632 ____A C:\Windows\Minidump\051813-29920-01.dmp
2013-05-18 11:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-05-18 09:02 - 2009-07-13 23:45 - 00341192 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-17 12:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-05-17 12:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-05-17 12:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-17 12:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-17 12:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-05-17 07:25 - 2013-05-17 07:17 - 00008392 ____A C:\Windows\IE10_main.log
2013-05-17 07:21 - 2013-05-17 07:21 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-17 07:21 - 2013-05-17 07:21 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-17 07:21 - 2013-05-17 07:21 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-17 07:21 - 2013-05-17 07:21 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-17 07:21 - 2013-05-17 07:21 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-17 07:21 - 2013-05-17 07:21 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-17 07:21 - 2013-05-17 07:21 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-17 07:21 - 2013-05-17 07:21 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-17 07:21 - 2013-05-17 07:21 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-17 07:21 - 2013-05-17 07:21 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-17 07:21 - 2013-05-17 07:21 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-05-17 07:19 - 2013-05-17 07:19 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-17 07:19 - 2013-05-17 07:19 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-17 07:14 - 2010-06-02 23:28 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-16 10:23 - 2012-04-04 12:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-16 10:23 - 2011-05-20 10:47 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-06-07 21:32

==================== End Of Log ============================

[schrauber]

Please run another fix with FRST like you did before, but this time save the fixlist.txt on the desktop, beside FRST, and hit the fix button. With this code please:

Code:

HKCU\...\Run: [Adobe CSS5.1 Manager] C:\Users\Cyndie\AppData\Local\18aa933a-b185-4219-a5aa-ca31769e4299ad\aaabaaacaead.exe [237568 2013-06-10] () <===== ATTENTION
HKCU\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Cyndie\AppData\Local\18aa933a-b185-4219-a5aa-ca31769e4299ad\aaabaaacaead.exe [237568 2013-06-10] () <===== ATTENTION
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-211347547-2098133201-2859789311-1000\$98b6b1bd2581720063b7b3bc2cc89f69\n. ATTENTION! ====> ZeroAccess
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

[cajungenes2]

I am going to have to start over. It was great and I opened Internet Explorer to do the last task you requested....and the "your pc is blocked" is back. It's even worse than before because now it blocks me in safe mode too.

[schrauber]

So you did not run the fix?

Please run FRST in Recovery mode, do a scan and post back with the logfile.

[maniacos]

Why do you need so many actions to remove this scam? It could be easily removed by Malwarebytes (great software and it's FREE!) just in a few steps

[jmnew51]

If you can't boot the computer than it won't work.

[GayleTek]

As per the CTH guidelines for the Malware Removal Forum shown Here, this post has been deleted. Members who have not been approved by the CTH Staff to provide infection removal/repair steps are prohibited from posting advice. Please disregard any information/steps that had been posted here.