Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Lenovo with Windows 7 - won't boot [Closed]


  • This topic is locked This topic is locked

#1
capnblubs

capnblubs

    Member

  • Member
  • PipPip
  • 74 posts
A friend's computer will not boot properly. One of a couple things happens:

- After powering on and beginning to open Windows, screen just goes black, OR...
- Sometimes it gives you the option of starting Windows normally, or running in repair/safe mode. Both of these usually result in failure as well.

While I was over at their house checking it out, somehow the computer did open Windows properly, so I ran scans with McAfee and Malwarebytes (nothing was found). I also ran a scan with hijackthis (log below) but when I tried to restart the computer, it went back to not even booting up. Any ideas? Thanks very much for your time.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:18:46 PM, on 3/27/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\UMonit.exe
C:\Windows\jmesoft\hotkey.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
F:\Antivirus stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search-Results Toolbar - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
O2 - BHO: Ask Toolbar - {5714e6d7-246d-4f1c-aa4d-2f401fe6cb0a} - C:\Program Files (x86)\asktoolbar3\asktoolbar3X.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Nick\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Ask Toolbar - {5714e6d7-246d-4f1c-aa4d-2f401fe6cb0a} - C:\Program Files (x86)\asktoolbar3\asktoolbar3X.dll
O3 - Toolbar: Search-Results Toolbar - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [jmekey] C:\windows\jmesoft\hotkey.exe
O4 - HKLM\..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
O23 - Service: McAfee Application Installer Cleanup (0155121364426942) (0155121364426942mcinstcleanup) - Unknown owner - C:\windows\TEMP\015512~1.EXE (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\Nick\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: JME Keyboard Driver (JME Keyboard) - Unknown owner - C:\Windows\jmesoft\Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11494 bytes
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,024 posts
Hello capnblubs,

For 32 bit machine:

Download Farbar Recovery Scan Tool and save it to a flash drive.

For a 64 bit machine:

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will create a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]
  • 1

#3
capnblubs

capnblubs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Thanks very much for the reply! I will try to make it over to my friend's house this weekend and follow your instructions. As soon as I have the new log file I will post again.
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,024 posts
:thumbsup:
  • 1

#5
capnblubs

capnblubs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Finally got back over to my friend's house and followed your instructions. Here are the results:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 27 days old)
Ran by SYSTEM at 09-04-2013 18:45:22
Running from K:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11543656 2010-10-26] (Realtek Semiconductor)
HKLM\...\Run: [UMonit] C:\windows\SysWOW64\UMonit.exe [28672 2010-11-30] ()
HKLM-x32\...\Run: [jmekey] C:\windows\jmesoft\hotkey.exe [118784 2011-03-21] (Lenovo)
HKLM-x32\...\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE [1899448 2012-10-18] (Bandoo Media, inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Nick\...\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe -update activex [429784 2013-03-18] (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Services (Whitelisted) ===================

2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [572928 2013-02-10] ()
2 DefaultTabUpdate; "C:\Users\Nick\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe" [107520 2012-10-19] ()
2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] ()
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [383608 2012-11-16] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [241456 2013-02-19] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218760 2013-02-19] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [182752 2013-02-19] (McAfee, Inc.)

==================== Drivers (Whitelisted) =====================

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
3 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [57856 2010-12-16] (GenesysLogic)
3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
3 mfeavfk01; [x]
2 TMAgent; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-04-04 23:02 - 2013-04-04 23:02 - 19221504 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 15407616 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 14317568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-04 23:02 - 2013-04-04 23:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-04 23:02 - 2013-04-04 23:02 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-04 23:02 - 2013-04-04 23:02 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-04 23:02 - 2013-04-04 23:02 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-04-04 23:02 - 2013-04-04 23:02 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-04-04 23:02 - 2013-04-04 23:02 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00526848 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-04-04 23:02 - 2013-04-04 23:02 - 00391680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-04-04 23:02 - 2013-04-04 23:02 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-04-04 23:02 - 2013-04-04 23:02 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-04-04 23:02 - 2013-04-04 23:02 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-04-04 23:01 - 2013-04-04 23:01 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-04 23:00 - 2013-04-04 23:04 - 00007985 ____A C:\Windows\IE10_main.log
2013-03-27 15:27 - 2013-02-11 20:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-03-27 15:20 - 2013-03-27 15:20 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-27 15:20 - 2013-03-27 15:20 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Malwarebytes
2013-03-27 15:20 - 2013-03-27 15:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-27 15:20 - 2013-03-27 15:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-27 15:20 - 2012-12-14 12:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-03-18 23:00 - 2013-03-18 23:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-18 23:00 - 2013-03-18 23:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight


==================== One Month Modified Files and Folders =======

2013-04-09 18:44 - 2013-04-09 18:44 - 00000000 ____D C:\FRST
2013-04-09 14:39 - 2011-06-03 14:24 - 01195074 ____A C:\Windows\WindowsUpdate.log
2013-04-09 14:28 - 2012-09-12 14:56 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-09 13:51 - 2009-07-13 20:45 - 00020688 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-09 13:51 - 2009-07-13 20:45 - 00020688 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-09 13:45 - 2011-08-24 03:54 - 00060896 ____A C:\Users\Nick\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-09 13:44 - 2012-04-27 19:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-09 12:35 - 2011-06-03 14:34 - 00001828 ____A C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-04-09 12:33 - 2009-07-13 21:13 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-09 12:26 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-09 12:26 - 2009-07-13 20:51 - 00046983 ____A C:\Windows\setupact.log
2013-04-04 23:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-04-04 23:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-04-04 23:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-04-04 23:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-04-04 23:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-04-04 23:04 - 2013-04-04 23:00 - 00007985 ____A C:\Windows\IE10_main.log
2013-04-04 23:02 - 2013-04-04 23:02 - 19221504 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 15407616 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 14317568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-04 23:02 - 2013-04-04 23:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-04 23:02 - 2013-04-04 23:02 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-04 23:02 - 2013-04-04 23:02 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-04 23:02 - 2013-04-04 23:02 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-04-04 23:02 - 2013-04-04 23:02 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-04-04 23:02 - 2013-04-04 23:02 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00526848 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-04-04 23:02 - 2013-04-04 23:02 - 00391680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-04-04 23:02 - 2013-04-04 23:02 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-04-04 23:02 - 2013-04-04 23:02 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-04-04 23:02 - 2013-04-04 23:02 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-04-04 23:02 - 2013-04-04 23:02 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-04-04 23:02 - 2013-04-04 23:02 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-04-04 23:01 - 2013-04-04 23:01 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-04 23:01 - 2013-04-04 23:01 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-04 17:23 - 2012-09-12 14:56 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-01 15:28 - 2012-09-12 14:57 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-03-28 17:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-03-28 17:15 - 2011-08-24 03:52 - 00000000 ____D C:\Users\Nick\AppData\Roaming\SoftGrid Client
2013-03-28 04:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-03-27 16:50 - 2010-11-20 19:47 - 00289340 ____A C:\Windows\PFRO.log
2013-03-27 16:18 - 2011-08-24 03:03 - 00000000 ____D C:\Users\Nick\AppData\Local\VirtualStore
2013-03-27 15:20 - 2013-03-27 15:20 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-27 15:20 - 2013-03-27 15:20 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Malwarebytes
2013-03-27 15:20 - 2013-03-27 15:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-27 15:20 - 2013-03-27 15:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-27 15:19 - 2012-10-19 18:50 - 00000000 ____D C:\Program Files (x86)\DefaultTab
2013-03-27 15:18 - 2011-06-03 14:33 - 00000000 ____D C:\Program Files\Common Files\mcafee
2013-03-18 23:01 - 2011-08-25 09:29 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-03-18 23:00 - 2013-03-18 23:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-18 23:00 - 2013-03-18 23:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-18 05:43 - 2012-04-27 19:37 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-03-18 05:43 - 2011-09-12 03:59 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-03-17 09:39 - 2012-12-13 13:47 - 300905302 ____A C:\Windows\MEMORY.DMP
2013-03-12 17:48 - 2009-07-13 21:08 - 00029652 ____A C:\Windows\Tasks\SCHEDLGU.TXT

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 5992.44 MB
Available physical RAM: 5292.62 MB
Total Pagefile: 5990.64 MB
Available Pagefile: 5280.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:906.34 GB) (Free:865.5 GB) NTFS
8 Drive k: (LEXAR MEDIA) (Removable) (Total:0.24 GB) (Free:0.13 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 247 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 3F8AFFFA

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 906 GB 101 MB
Partition 3 OEM 25 GB 906 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 906 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 LENOVO_PART NTFS Partition 25 GB Healthy Hidden

=========================================================

Partitions of Disk 6:
===============

Disk ID: C3072E18

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 247 MB 16 KB

==================================================================================

Disk: 6
Partition 1
Type : 04
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K LEXAR MEDIA FAT Removable 247 MB Healthy

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 3F8AFFFA

Partition 1:
=========
Hex: 8020210007DF130C0008000000200300
Active: YES
Type: 07 (NTFS)
Size: 100 MB

Partition 2:
=========
Hex: 00DF140C07FEFFFF0028030000E84A71
Active: NO
Type: 07 (NTFS)
Size: 906 GB

Partition 3:
=========
Hex: 00FEFFFF12FEFFFF00104E71B05D2203
Active: NO
Type: 12
Size: 25 GB

==============================
Partitions of Disk 6:
===============
Disk ID: C3072E18

Partition 1:
=========
Hex: 00010100044020F920000000E0BB0700
Active: NO
Type: 04
Size: 247 MB


Last Boot: 2013-03-28 04:07

==================== End Of Log =============================
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,024 posts
Hello capnblubs,

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE [1899448 2012-10-18] (Bandoo Media, inc)
C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll
C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll


Start your computer into System Recovery Options, as we've done previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Caution: This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unbootable.
  • 1

#7
capnblubs

capnblubs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Thanks for all your help! As soon as I have the new log I will post a reply.
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,024 posts
:thumbsup:
  • 1

#9
capnblubs

capnblubs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
I ran the fix as instructed. The first good sign is that the first restart after this fix loaded Windows properly. This doesn't prove it's 100% okay yet, since the computer has seemed to randomly work or not work depending on its mood. But at least there is the possibility that it's fixed (or somewhat better). Here is the fix log you requested:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-04-11 19:31:58 Run:1
Running from K:\

==============================================

HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR Value deleted successfully.
C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE moved successfully.
C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll moved successfully.
C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll moved successfully.

==== End of Fixlog ====
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,024 posts
Hello capnblubs,

Making progress.

Now

Please download ComboFix from one of this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older machine you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 1

#11
capnblubs

capnblubs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
I ran ComboFix and it completed successfully, but the problem is that Internet Explorer isn't functioning properly now. At first, it wouldn't open at all. Then I restarted the computer, IE opened properly and loaded the home page, but you can't navigate to any other pages. Any ideas (from the ComboFix log below, perhaps?) as to what may be the new problem?

ComboFix 13-04-17.01 - Nick 04/17/2013 19:54:35.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5992.4432 [GMT -4:00]
Running from: c:\users\Nick\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\imdb_ie.ico
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\update.exe
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabSearch
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2013-03-18 to 2013-04-18 )))))))))))))))))))))))))))))))
.
.
2013-04-17 23:59 . 2013-04-17 23:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-15 23:18 . 2013-04-15 23:24 -------- d-----w- c:\users\Nick\AppData\Roaming\Apple Computer
2013-04-15 23:18 . 2013-04-15 23:18 -------- d-----w- c:\users\Nick\AppData\Local\Apple Computer
2013-04-15 23:18 . 2013-04-15 23:18 -------- dc----w- c:\windows\system32\DRVSTORE
2013-04-15 23:18 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-04-15 23:17 . 2013-04-15 23:17 -------- d-----w- c:\program files\iPod
2013-04-15 23:17 . 2013-04-15 23:18 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-15 23:17 . 2013-04-15 23:18 -------- d-----w- c:\program files\iTunes
2013-04-15 23:17 . 2013-04-15 23:18 -------- d-----w- c:\program files (x86)\iTunes
2013-04-15 23:17 . 2013-04-15 23:17 -------- d-----w- c:\programdata\Apple Computer
2013-04-15 23:17 . 2013-04-15 23:17 -------- d-----w- c:\users\Nick\AppData\Local\Apple
2013-04-15 23:17 . 2013-04-15 23:17 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-04-15 23:17 . 2013-04-15 23:17 -------- d-----w- c:\program files\Common Files\Apple
2013-04-15 23:17 . 2013-04-15 23:17 -------- d-----w- c:\program files\Bonjour
2013-04-15 23:17 . 2013-04-15 23:17 -------- d-----w- c:\program files (x86)\Bonjour
2013-04-15 23:17 . 2013-04-15 23:17 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-04-15 23:17 . 2013-04-15 23:17 -------- d-----w- c:\programdata\Apple
2013-04-10 23:12 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 02:44 . 2013-04-10 02:44 -------- d-----w- C:\FRST
2013-04-05 07:01 . 2013-04-05 07:01 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-27 23:27 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-27 23:20 . 2013-03-27 23:20 -------- d-----w- c:\users\Nick\AppData\Roaming\Malwarebytes
2013-03-27 23:20 . 2013-03-27 23:20 -------- d-----w- c:\programdata\Malwarebytes
2013-03-27 23:20 . 2013-03-27 23:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-27 23:20 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-27 23:20 . 2013-03-27 23:20 -------- d-----w- c:\users\Nick\AppData\Local\Programs
2013-03-19 07:00 . 2013-03-19 07:00 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-19 07:00 . 2013-03-19 07:00 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-11 07:01 . 2011-08-25 17:29 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-18 13:43 . 2012-04-28 03:37 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-18 13:43 . 2011-09-12 11:59 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-19 17:59 . 2010-01-06 01:04 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-02-19 17:56 . 2010-01-06 01:04 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 17:55 . 2011-06-03 22:33 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-02-19 17:55 . 2010-01-06 01:04 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-02-19 17:54 . 2010-01-06 01:04 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-02-19 17:53 . 2010-01-06 01:04 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-02-19 17:53 . 2010-01-06 01:04 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-02-19 17:52 . 2010-01-06 01:04 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-02-12 05:45 . 2013-03-18 12:51 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-18 12:51 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-18 12:51 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-18 12:51 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-18 12:51 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-18 12:51 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}]
2012-10-09 23:29 89288 ----a-w- c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{5714e6d7-246d-4f1c-aa4d-2f401fe6cb0a}]
2012-01-05 07:15 81920 ----a-w- c:\program files (x86)\asktoolbar3\asktoolbar3X.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5714e6d7-246d-4f1c-aa4d-2f401fe6cb0a}"= "c:\program files (x86)\asktoolbar3\asktoolbar3X.dll" [2012-01-05 81920]
"{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}"= "c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll" [2012-10-09 89288]
.
[HKEY_CLASSES_ROOT\clsid\{5714e6d7-246d-4f1c-aa4d-2f401fe6cb0a}]
.
[HKEY_CLASSES_ROOT\clsid\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"jmekey"="c:\windows\jmesoft\hotkey.exe" [2011-03-21 118784]
"jmesoft"="c:\windows\jmesoft\ServiceLoader.exe" [2011-03-16 28672]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-25 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe [2011-03-16 32768]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2013-02-19 182752]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys [2010-12-17 57856]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-12 22:36 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 13:43]
.
2013-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 22:56]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 22:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-18 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-18 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-18 417304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-26 11543656]
"UMonit"="c:\windows\SysWOW64\UMonit.exe" [2010-12-01 28672]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-DefaultTab - c:\users\Nick\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-04-17 20:04:37 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-18 00:04
.
Pre-Run: 927,359,750,144 bytes free
Post-Run: 928,530,411,520 bytes free
.
- - End Of File - - 034C5C5B6FF2396172ABEEAC75198469
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,024 posts

I ran ComboFix and it completed successfully, but the problem is that Internet Explorer isn't functioning properly now. At first, it wouldn't open at all. Then I restarted the computer, IE opened properly and loaded the home page, but you can't navigate to any other pages. Any ideas (from the ComboFix log below, perhaps?) as to what may be the new problem?


ComboFix does disconnect from the Internet when it runs. Usually reversed upon reboot. It did remove some appdata with some infection but it shouldn't have stopped IE from functioning.

Let's use Microsofts Mr Fixit to reset your Internet Explorer back to it's default settings and see if that helps.

Go to the link below:

http://support.microsoft.com/kb/923737

Scroll down to an click on To Reset Internet Explorer Automatically

Click on Mr Fixit and follow the instructions.

Posted Image

Tell me how you get on.

After that

Download and run Junkware removal Tool by thisisu

When the scan completes a log will be produced please post it back here.

After that

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
So when you return please post
  • Junkware log
  • OTL.txt
  • Extras.txt
  • tell me how IE is now

  • 1

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,024 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP