Jump to content

jBaz

Honorary Members
  • Posts

    28
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks, Kevin!!! Have completed all of the above and machine is much better You can close out my thread!!!!
  2. also - should I delete Rogue Killer and associated files and DDS and its associated files, too?
  3. not sure what's meant by delete "security checks"...sorry! I deleted all the logs that were created as a result of the various programs that were run. And, all other steps completed successfully.
  4. Seems to be responding much better...no unresolved issues as of now :-) Thanks tons for your help!!!
  5. All processes killed ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Sarahlynn Hayden\Downloads\cmd.bat deleted successfully. C:\Users\Sarahlynn Hayden\Downloads\cmd.txt deleted successfully. File/Folder C:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1003\$RB2OV13.exe not found. File/Folder C:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1003\$RW12UON.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Ms. Poe User: Public User: Sarahlynn Hayden ->Temp folder emptied: 706815241 bytes ->Temporary Internet Files folder emptied: 128 bytes ->Java cache emptied: 46019 bytes ->Google Chrome cache emptied: 8890923 bytes ->Flash cache emptied: 56972 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5138 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36908 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 747 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33633 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 683.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 09182013_102945 Files moved on Reboot... C:\Users\Sarahlynn Hayden\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Sarahlynn Hayden\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. Registry entries deleted on Reboot... And, Java & Adobe are updated.
  6. scan took overnight to finish...here are the logs you requested: Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 25 Java version out of Date! Adobe Flash Player 11.8.800.168 Adobe Reader 10.1.7 Adobe Reader out of Date! Google Chrome 29.0.1547.62 Google Chrome 29.0.1547.66 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` C:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1003\$RB2OV13.exe a variant of Win32/Bundled.Toolbar.Ask.D applicationC:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1003\$RW12UON.exe a variant of Win32/Bundled.Toolbar.Ask.D application
  7. ok - home from getting kids and can continue. Have started the scan in IE - what do I do with the RK window that is still open...do I need to fix/clean any of the items it found?? Will post the results when done with the other items you have listed.
  8. RogueKiller V8.6.11 _x64_ [sep 11 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Sarahlynn Hayden [Admin rights] Mode : Scan -- Date : 09/17/2013 14:55:01 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MQ01ABD032 SATA Disk Device +++++ --- User --- [MBR] 0c13800222c21f6dca3e965c9fcdad92 [bSP] 41c3235da47578c83c7d3c8a3d73b855 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 291228 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 599508992 | Size: 12516 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_09172013_145501.txt >>
  9. Got it to load...the link itself was bad but I just entered the address
  10. Sorry - but link to 64 bit version returns a 404 Not Found error And, the machine is running better but still slower than what I remember before it got bad. Thanks for your help thus far
  11. # AdwCleaner v3.004 - Report created 17/09/2013 at 14:11:41 # Updated 15/09/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Sarahlynn Hayden - MSPOE-PC # Running from : C:\Users\Sarahlynn Hayden\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Google Chrome v29.0.1547.66 [ File : C:\Users\Sarahlynn Hayden\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [904 octets] - [17/09/2013 13:28:10] AdwCleaner[s0].txt - [828 octets] - [17/09/2013 14:11:41] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [887 octets] ########## Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.17.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 Sarahlynn Hayden :: MSPOE-PC [administrator] Protection: Enabled 9/17/2013 2:20:17 PM mbam-log-2013-09-17 (14-20-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206351 Time elapsed: 5 minute(s), 43 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  12. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013 03 Ran by Sarahlynn Hayden at 2013-09-17 13:25:36 Run:1 Running from C:\Users\Sarahlynn Hayden\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Start C:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1000\$9a722e5aed15d0eb3ec82c42e116bfa4 End ***************** C:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1000\$9a722e5aed15d0eb3ec82c42e116bfa4 => Moved successfully. ==== End of Fixlog ==== WASN'T sure if the registry item should be removed or not, so I haven't cleaned: # AdwCleaner v3.004 - Report created 17/09/2013 at 13:28:10 # Updated 15/09/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Sarahlynn Hayden - MSPOE-PC # Running from : C:\Users\Sarahlynn Hayden\Downloads\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Google Chrome v29.0.1547.66 [ File : C:\Users\Sarahlynn Hayden\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [766 octets] - [17/09/2013 13:28:10] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [825 octets] ########## waiting to proceed until further instruction on if it should be cleaned or not...thanks!
  13. Sorry - didn't realize that it did not paste when I copied it over. Here it is: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03 Ran by Sarahlynn Hayden (administrator) on MSPOE-PC on 17-09-2013 11:18:09 Running from C:\Users\Sarahlynn Hayden\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\windows\system32\atiesrxx.exe (AMD) C:\windows\system32\atieclxx.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe (Toshiba) C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] - [x] HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.) HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596912 2011-06-28] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation) HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-19] (Google Inc.) HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-08] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba) HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\SARAHL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\SARAHL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\SARAHL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\SARAHL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\SARAHL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (Gmail) - C:\Users\SARAHL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2011-07-19] (Symantec Corporation) R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-17 11:16 - 2013-09-17 11:16 - 01950524 _____ (Farbar) C:\Users\Sarahlynn Hayden\Downloads\FRST64.exe 2013-09-17 11:16 - 2013-09-17 11:16 - 00000000 ____D C:\FRST 2013-09-17 10:44 - 2013-09-17 10:44 - 00017488 _____ C:\Users\Sarahlynn Hayden\Desktop\dds.txt 2013-09-17 10:44 - 2013-09-17 10:44 - 00009953 _____ C:\Users\Sarahlynn Hayden\Desktop\attach.txt 2013-09-17 10:42 - 2013-09-17 10:42 - 00688992 ____R (Swearware) C:\Users\Sarahlynn Hayden\Downloads\dds.com 2013-09-17 08:49 - 2013-09-17 08:49 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Roaming\Malwarebytes 2013-09-17 08:39 - 2013-09-17 08:39 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-17 08:38 - 2013-09-17 08:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-17 08:38 - 2013-09-17 08:38 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-17 08:38 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-09-17 08:36 - 2013-09-17 08:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sarahlynn Hayden\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-17 08:28 - 2013-09-17 08:28 - 00000000 ____D C:\Users\Sarahlynn Hayden\Desktop\Ms Poe remaining files 2013-09-17 08:07 - 2013-08-10 00:22 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-09-17 08:07 - 2013-08-10 00:20 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-09-17 08:07 - 2013-08-10 00:20 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-09-17 08:07 - 2013-08-10 00:20 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-09-17 08:07 - 2013-08-10 00:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-09-17 08:07 - 2013-08-10 00:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-09-17 08:07 - 2013-08-09 22:58 - 02048000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-09-17 08:07 - 2013-08-09 22:58 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2013-09-17 08:07 - 2013-08-09 22:58 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-09-17 08:07 - 2013-08-09 22:58 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-09-17 08:07 - 2013-08-09 22:58 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-09-17 08:07 - 2013-08-09 22:17 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-09-17 08:07 - 2013-08-09 22:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-09-17 08:07 - 2013-08-09 21:27 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-09-17 08:07 - 2013-08-09 21:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-17 08:06 - 2013-08-10 00:22 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-09-17 08:06 - 2013-08-10 00:22 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-09-17 08:06 - 2013-08-10 00:21 - 19246592 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-09-17 08:06 - 2013-08-10 00:21 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-09-17 08:06 - 2013-08-10 00:21 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-09-17 08:06 - 2013-08-10 00:20 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-09-17 08:06 - 2013-08-10 00:20 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-09-17 08:06 - 2013-08-10 00:20 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-09-17 08:06 - 2013-08-09 22:59 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-09-17 08:06 - 2013-08-09 22:59 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-09-17 08:06 - 2013-08-09 22:58 - 14332928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-09-17 08:06 - 2013-08-09 22:58 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-09-17 08:06 - 2013-08-09 22:58 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-09-17 08:06 - 2013-08-09 22:58 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-09-17 08:06 - 2013-08-09 22:58 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-09-17 08:06 - 2013-08-09 22:58 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-09-17 08:05 - 2013-09-17 08:05 - 04751752 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe 2013-09-16 20:38 - 2013-09-16 20:38 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{A363A23C-33C4-438F-8813-FB296209EB0C} 2013-09-16 08:33 - 2013-09-16 08:33 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{93FAC7D6-CB94-415B-A901-BA127DC52716} 2013-09-13 22:02 - 2013-09-13 22:02 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{03424DA5-9F21-4CB0-9486-868286BF34BE} 2013-09-13 15:47 - 2013-09-13 15:47 - 04711424 _____ C:\Users\Sarahlynn Hayden\Documents\Language2a.ppt 2013-09-13 08:31 - 2013-09-13 08:32 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{100562B7-7BC3-4E2F-AE84-9E89822328A0} 2013-09-12 07:29 - 2013-08-07 20:20 - 03155456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-09-12 07:29 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys 2013-09-12 07:29 - 2013-08-01 21:23 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2013-09-12 07:29 - 2013-08-01 21:15 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2013-09-12 07:29 - 2013-08-01 21:15 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll 2013-09-12 07:29 - 2013-08-01 21:15 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2013-09-12 07:29 - 2013-08-01 21:15 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll 2013-09-12 07:29 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll 2013-09-12 07:29 - 2013-08-01 21:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll 2013-09-12 07:29 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2013-09-12 07:29 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:59 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2013-09-12 07:29 - 2013-08-01 20:59 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2013-09-12 07:29 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2013-09-12 07:29 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2013-09-12 07:29 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2013-09-12 07:29 - 2013-08-01 20:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe 2013-09-12 07:29 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2013-09-12 07:29 - 2013-08-01 19:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2013-09-12 07:29 - 2013-08-01 19:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2013-09-12 07:29 - 2013-08-01 19:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2013-09-12 07:29 - 2013-08-01 19:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2013-09-12 07:29 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 07:29 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-12 07:29 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2013-09-12 07:29 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll 2013-09-12 07:29 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2013-09-12 07:29 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll 2013-09-12 07:20 - 2013-09-12 07:20 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{AC6EF6F1-7C42-489E-95CA-B30AB90CBCFC} 2013-09-11 13:21 - 2013-09-11 13:21 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{98319BBB-AC22-48CC-8AD4-875F59621B37} 2013-09-10 13:20 - 2013-09-10 13:20 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{F087014F-5953-4E56-92FF-9B8896FDAF1B} 2013-09-09 10:47 - 2013-09-09 10:48 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{9CF33945-0E4C-46A9-ACDC-0C863451B38C} 2013-09-08 14:19 - 2013-09-08 14:20 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{10F3396A-F9C3-4E18-85E1-610B68603EC9} 2013-09-07 21:36 - 2013-09-07 21:36 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{2965F2AC-A68C-48DB-9446-CDAB67FB6D10} 2013-09-05 08:59 - 2013-09-05 09:00 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{2AF449D1-D7F1-47C0-BCD8-7168E932907A} 2013-09-04 21:00 - 2013-09-04 21:00 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{35C9256F-0CE3-402B-B0B6-B91741C4952F} 2013-09-04 08:03 - 2013-09-04 08:03 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{FF36426E-4267-44BF-BC58-AA488534C15B} 2013-08-28 13:50 - 2013-08-28 13:51 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{A3616CD1-BA74-4F75-81A5-C55710EF4D9F} 2013-08-25 21:30 - 2013-09-04 09:28 - 03082656 _____ C:\Users\Sarahlynn Hayden\Desktop\Language.pptx 2013-08-23 15:16 - 2013-08-23 15:16 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{001CDFFC-2926-47D9-82CD-69CFE0F43CF6} 2013-08-22 16:14 - 2013-08-27 07:54 - 00286610 _____ C:\Users\Sarahlynn Hayden\Desktop\Eye opener.pptx 2013-08-22 16:13 - 2013-08-22 16:13 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{E52CF6AD-F78E-40DF-8C39-ECE2759CE488} 2013-08-19 11:26 - 2013-08-19 11:26 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{4F45E95B-02AB-4D6B-8B79-1CFB18F0BFDE} 2013-08-18 16:44 - 2013-08-18 16:54 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{156D552D-5023-4E26-ACE0-91B6BAC4FFF6} 2013-08-18 16:44 - 2013-08-18 16:44 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{7C4D52D4-99A0-485A-9FFD-36B88624C85A} 2013-08-18 16:43 - 2013-08-18 16:44 - 01035696 _____ (Ask.com) C:\Users\Sarahlynn Hayden\Downloads\OffercastInstaller_AVR_U-0087-01-P_ (1).exe 2013-08-18 16:15 - 2013-08-18 16:15 - 01035696 _____ (Ask.com) C:\Users\Sarahlynn Hayden\Downloads\OffercastInstaller_AVR_U-0087-01-P_.exe 2013-08-18 15:03 - 2013-08-18 15:03 - 00218746 _____ C:\Users\Sarahlynn Hayden\Downloads\porcelain.zip 2013-08-18 15:02 - 2013-08-18 15:02 - 00047130 _____ C:\Users\Sarahlynn Hayden\Downloads\freebooter_script.zip 2013-08-18 15:01 - 2013-08-18 15:01 - 00038795 _____ C:\Users\Sarahlynn Hayden\Downloads\english.zip 2013-08-18 15:00 - 2013-08-18 15:01 - 01266941 _____ C:\Users\Sarahlynn Hayden\Downloads\billion_stars.zip 2013-08-18 15:00 - 2013-08-18 15:00 - 00031969 _____ C:\Users\Sarahlynn Hayden\Downloads\brittany.zip 2013-08-18 14:59 - 2013-08-18 14:59 - 00368831 _____ C:\Users\Sarahlynn Hayden\Downloads\k22_spiral_swash.zip 2013-08-18 14:58 - 2013-08-18 14:59 - 00023988 _____ C:\Users\Sarahlynn Hayden\Downloads\secesja_pl.zip 2013-08-18 14:58 - 2013-08-18 14:58 - 00051755 _____ C:\Users\Sarahlynn Hayden\Downloads\black_flowers_blossom.zip 2013-08-18 14:57 - 2013-08-18 14:58 - 00047921 _____ C:\Users\Sarahlynn Hayden\Downloads\gingersnaps.zip 2013-08-18 14:57 - 2013-08-18 14:57 - 00019499 _____ C:\Users\Sarahlynn Hayden\Downloads\grenouille.zip 2013-08-18 14:56 - 2013-08-18 14:56 - 00036327 _____ C:\Users\Sarahlynn Hayden\Downloads\girls_are_weird.zip 2013-08-18 14:56 - 2013-08-18 14:56 - 00036327 _____ C:\Users\Sarahlynn Hayden\Downloads\girls_are_weird (1).zip 2013-08-18 14:54 - 2013-08-18 14:54 - 00190866 _____ C:\Users\Sarahlynn Hayden\Downloads\djb_swirl_me_around (1).zip 2013-08-18 14:53 - 2013-08-18 14:54 - 00190866 _____ C:\Users\Sarahlynn Hayden\Downloads\djb_swirl_me_around.zip 2013-08-18 13:18 - 2013-08-18 13:18 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2013-08-18 13:18 - 2013-08-18 13:18 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2013-08-18 13:18 - 2013-08-18 13:18 - 01400416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat 2013-08-18 13:18 - 2013-08-18 13:18 - 01400416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat 2013-08-18 13:18 - 2013-08-18 13:18 - 01054720 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00905728 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00719360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00599552 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2013-08-18 13:18 - 2013-08-18 13:18 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2013-08-18 13:18 - 2013-08-18 13:18 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00270848 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00247296 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00242200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00232960 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00204800 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00185344 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00173568 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00137216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00117248 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx 2013-08-18 13:18 - 2013-08-18 13:18 - 00073728 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx 2013-08-18 13:18 - 2013-08-18 13:18 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe 2013-08-18 13:02 - 2013-09-16 07:49 - 00000000 ____D C:\windows\system32\MRT 2013-08-18 00:35 - 2013-08-18 00:35 - 00000000 ____D C:\Users\Sarahlynn Hayden\Desktop\Math Pics ==================== One Month Modified Files and Folders ======= 2013-09-17 11:16 - 2013-09-17 11:16 - 01950524 _____ (Farbar) C:\Users\Sarahlynn Hayden\Downloads\FRST64.exe 2013-09-17 11:16 - 2013-09-17 11:16 - 00000000 ____D C:\FRST 2013-09-17 10:53 - 2012-05-19 11:22 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-17 10:44 - 2013-09-17 10:44 - 00017488 _____ C:\Users\Sarahlynn Hayden\Desktop\dds.txt 2013-09-17 10:44 - 2013-09-17 10:44 - 00009953 _____ C:\Users\Sarahlynn Hayden\Desktop\attach.txt 2013-09-17 10:42 - 2013-09-17 10:42 - 00688992 ____R (Swearware) C:\Users\Sarahlynn Hayden\Downloads\dds.com 2013-09-17 10:33 - 2013-01-16 15:13 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-09-17 10:25 - 2012-05-19 10:20 - 01491809 _____ C:\windows\WindowsUpdate.log 2013-09-17 10:23 - 2011-07-21 20:45 - 00000000 ____D C:\windows\Panther 2013-09-17 10:22 - 2013-01-16 15:01 - 00002030 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk 2013-09-17 10:15 - 2012-05-19 11:22 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-17 10:13 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-17 10:13 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-17 10:06 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-09-17 08:49 - 2013-09-17 08:49 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Roaming\Malwarebytes 2013-09-17 08:39 - 2013-09-17 08:39 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-17 08:39 - 2013-09-17 08:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-17 08:38 - 2013-09-17 08:38 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-17 08:37 - 2013-09-17 08:36 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sarahlynn Hayden\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-17 08:29 - 2012-08-09 10:36 - 00000000 ____D C:\Users\Ms. Poe 2013-09-17 08:28 - 2013-09-17 08:28 - 00000000 ____D C:\Users\Sarahlynn Hayden\Desktop\Ms Poe remaining files 2013-09-17 08:13 - 2013-07-10 13:20 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-09-17 08:13 - 2013-01-15 15:46 - 00002794 _____ C:\windows\System32\Tasks\CCleanerSkipUAC 2013-09-17 08:13 - 2013-01-15 15:46 - 00000000 ____D C:\Program Files\CCleaner 2013-09-17 08:07 - 2009-07-14 00:13 - 00732638 _____ C:\windows\system32\PerfStringBackup.INI 2013-09-17 08:06 - 2013-01-16 15:13 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-09-17 08:05 - 2013-09-17 08:05 - 04751752 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe 2013-09-17 08:05 - 2013-01-16 15:13 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-09-17 08:05 - 2011-07-21 20:55 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-16 20:38 - 2013-09-16 20:38 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{A363A23C-33C4-438F-8813-FB296209EB0C} 2013-09-16 08:33 - 2013-09-16 08:33 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{93FAC7D6-CB94-415B-A901-BA127DC52716} 2013-09-16 08:31 - 2013-07-10 13:06 - 00000000 ___RD C:\Users\Sarahlynn Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-16 08:31 - 2013-07-10 13:06 - 00000000 ___RD C:\Users\Sarahlynn Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-16 08:27 - 2009-07-13 23:45 - 00312600 _____ C:\windows\system32\FNTCACHE.DAT 2013-09-16 07:49 - 2013-08-18 13:02 - 00000000 ____D C:\windows\system32\MRT 2013-09-16 07:44 - 2012-09-04 08:14 - 79143768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-09-16 07:44 - 2012-08-09 10:55 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-13 22:02 - 2013-09-13 22:02 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{03424DA5-9F21-4CB0-9486-868286BF34BE} 2013-09-13 15:47 - 2013-09-13 15:47 - 04711424 _____ C:\Users\Sarahlynn Hayden\Documents\Language2a.ppt 2013-09-13 08:32 - 2013-09-13 08:31 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{100562B7-7BC3-4E2F-AE84-9E89822328A0} 2013-09-12 07:20 - 2013-09-12 07:20 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{AC6EF6F1-7C42-489E-95CA-B30AB90CBCFC} 2013-09-11 13:21 - 2013-09-11 13:21 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{98319BBB-AC22-48CC-8AD4-875F59621B37} 2013-09-10 13:20 - 2013-09-10 13:20 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{F087014F-5953-4E56-92FF-9B8896FDAF1B} 2013-09-09 10:48 - 2013-09-09 10:47 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{9CF33945-0E4C-46A9-ACDC-0C863451B38C} 2013-09-08 14:20 - 2013-09-08 14:19 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{10F3396A-F9C3-4E18-85E1-610B68603EC9} 2013-09-07 21:36 - 2013-09-07 21:36 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{2965F2AC-A68C-48DB-9446-CDAB67FB6D10} 2013-09-05 09:00 - 2013-09-05 08:59 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{2AF449D1-D7F1-47C0-BCD8-7168E932907A} 2013-09-04 21:00 - 2013-09-04 21:00 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{35C9256F-0CE3-402B-B0B6-B91741C4952F} 2013-09-04 13:25 - 2013-07-10 13:09 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Roaming\Windows Live Writer 2013-09-04 09:28 - 2013-08-25 21:30 - 03082656 _____ C:\Users\Sarahlynn Hayden\Desktop\Language.pptx 2013-09-04 08:03 - 2013-09-04 08:03 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{FF36426E-4267-44BF-BC58-AA488534C15B} 2013-09-03 15:30 - 2013-08-15 13:08 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Roaming\Google 2013-08-31 10:57 - 2013-08-13 10:56 - 06340539 _____ C:\Users\Sarahlynn Hayden\Desktop\History Columbus.pptx 2013-08-28 16:35 - 2013-08-13 10:56 - 02315432 _____ C:\Users\Sarahlynn Hayden\Desktop\Science Ecology.pptx 2013-08-28 15:55 - 2013-07-10 21:45 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\Google 2013-08-28 13:51 - 2013-08-28 13:50 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{A3616CD1-BA74-4F75-81A5-C55710EF4D9F} 2013-08-27 07:54 - 2013-08-22 16:14 - 00286610 _____ C:\Users\Sarahlynn Hayden\Desktop\Eye opener.pptx 2013-08-25 21:33 - 2013-08-13 10:56 - 01545332 _____ C:\Users\Sarahlynn Hayden\Desktop\Mathematics PP-3rd.pptx 2013-08-25 21:28 - 2013-08-13 13:16 - 08408576 _____ C:\Users\Sarahlynn Hayden\Desktop\BIBLE PP-3rd.ppt 2013-08-23 15:16 - 2013-08-23 15:16 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{001CDFFC-2926-47D9-82CD-69CFE0F43CF6} 2013-08-23 14:27 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache 2013-08-22 16:13 - 2013-08-22 16:13 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{E52CF6AD-F78E-40DF-8C39-ECE2759CE488} 2013-08-20 13:08 - 2013-08-13 10:59 - 00000000 ____D C:\Users\Sarahlynn Hayden\Desktop\General Papers 2013-08-19 11:26 - 2013-08-19 11:26 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{4F45E95B-02AB-4D6B-8B79-1CFB18F0BFDE} 2013-08-18 16:54 - 2013-08-18 16:44 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{156D552D-5023-4E26-ACE0-91B6BAC4FFF6} 2013-08-18 16:44 - 2013-08-18 16:44 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\{7C4D52D4-99A0-485A-9FFD-36B88624C85A} 2013-08-18 16:44 - 2013-08-18 16:43 - 01035696 _____ (Ask.com) C:\Users\Sarahlynn Hayden\Downloads\OffercastInstaller_AVR_U-0087-01-P_ (1).exe 2013-08-18 16:44 - 2013-07-10 13:09 - 00000000 ____D C:\Users\Sarahlynn Hayden\AppData\Local\Windows Live Writer 2013-08-18 16:44 - 2013-07-10 13:07 - 00069224 _____ C:\Users\Sarahlynn Hayden\AppData\Local\GDIPFONTCACHEV1.DAT 2013-08-18 16:15 - 2013-08-18 16:15 - 01035696 _____ (Ask.com) C:\Users\Sarahlynn Hayden\Downloads\OffercastInstaller_AVR_U-0087-01-P_.exe 2013-08-18 15:03 - 2013-08-18 15:03 - 00218746 _____ C:\Users\Sarahlynn Hayden\Downloads\porcelain.zip 2013-08-18 15:02 - 2013-08-18 15:02 - 00047130 _____ C:\Users\Sarahlynn Hayden\Downloads\freebooter_script.zip 2013-08-18 15:01 - 2013-08-18 15:01 - 00038795 _____ C:\Users\Sarahlynn Hayden\Downloads\english.zip 2013-08-18 15:01 - 2013-08-18 15:00 - 01266941 _____ C:\Users\Sarahlynn Hayden\Downloads\billion_stars.zip 2013-08-18 15:00 - 2013-08-18 15:00 - 00031969 _____ C:\Users\Sarahlynn Hayden\Downloads\brittany.zip 2013-08-18 14:59 - 2013-08-18 14:59 - 00368831 _____ C:\Users\Sarahlynn Hayden\Downloads\k22_spiral_swash.zip 2013-08-18 14:59 - 2013-08-18 14:58 - 00023988 _____ C:\Users\Sarahlynn Hayden\Downloads\secesja_pl.zip 2013-08-18 14:58 - 2013-08-18 14:58 - 00051755 _____ C:\Users\Sarahlynn Hayden\Downloads\black_flowers_blossom.zip 2013-08-18 14:58 - 2013-08-18 14:57 - 00047921 _____ C:\Users\Sarahlynn Hayden\Downloads\gingersnaps.zip 2013-08-18 14:57 - 2013-08-18 14:57 - 00019499 _____ C:\Users\Sarahlynn Hayden\Downloads\grenouille.zip 2013-08-18 14:56 - 2013-08-18 14:56 - 00036327 _____ C:\Users\Sarahlynn Hayden\Downloads\girls_are_weird.zip 2013-08-18 14:56 - 2013-08-18 14:56 - 00036327 _____ C:\Users\Sarahlynn Hayden\Downloads\girls_are_weird (1).zip 2013-08-18 14:54 - 2013-08-18 14:54 - 00190866 _____ C:\Users\Sarahlynn Hayden\Downloads\djb_swirl_me_around (1).zip 2013-08-18 14:54 - 2013-08-18 14:53 - 00190866 _____ C:\Users\Sarahlynn Hayden\Downloads\djb_swirl_me_around.zip 2013-08-18 14:17 - 2013-07-10 13:06 - 00001428 _____ C:\Users\Sarahlynn Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-08-18 14:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-08-18 14:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-08-18 14:12 - 2009-07-13 22:20 - 00000000 ____D C:\windows\PolicyDefinitions 2013-08-18 13:18 - 2013-08-18 13:18 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2013-08-18 13:18 - 2013-08-18 13:18 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2013-08-18 13:18 - 2013-08-18 13:18 - 01400416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat 2013-08-18 13:18 - 2013-08-18 13:18 - 01400416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat 2013-08-18 13:18 - 2013-08-18 13:18 - 01054720 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00905728 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00719360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00599552 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2013-08-18 13:18 - 2013-08-18 13:18 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2013-08-18 13:18 - 2013-08-18 13:18 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00270848 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00247296 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00242200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00232960 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00204800 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00185344 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00173568 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00137216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00117248 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx 2013-08-18 13:18 - 2013-08-18 13:18 - 00073728 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx 2013-08-18 13:18 - 2013-08-18 13:18 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll 2013-08-18 13:18 - 2013-08-18 13:18 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe 2013-08-18 13:18 - 2013-08-18 13:18 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe 2013-08-18 00:35 - 2013-08-18 00:35 - 00000000 ____D C:\Users\Sarahlynn Hayden\Desktop\Math Pics 2013-08-18 00:35 - 2013-08-13 10:58 - 00000000 ____D C:\Users\Sarahlynn Hayden\Desktop\History Pics ZeroAccess: C:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1000\$9a722e5aed15d0eb3ec82c42e116bfa4 ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-13 10:09 ==================== End Of Log ============================
  14. .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 8/9/2012 10:36:32 AMSystem Uptime: 9/17/2013 10:05:55 AM (0 hours ago).Motherboard: TOSHIBA | | Portable PCProcessor: AMD E-300 APU with Radeon HD Graphics | Socket FT1 | 1300/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 284 GiB total, 244.802 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP88: 8/12/2013 9:56:39 AM - Windows UpdateRP89: 8/16/2013 4:57:18 PM - Windows UpdateRP91: 8/18/2013 12:40:59 PM - Windows Modules InstallerRP92: 8/19/2013 11:25:01 AM - Windows UpdateRP93: 8/23/2013 8:40:43 AM - Windows UpdateRP94: 8/27/2013 8:36:50 AM - Windows UpdateRP95: 9/3/2013 11:14:33 AM - Windows UpdateRP96: 9/10/2013 7:39:32 AM - Windows UpdateRP97: 9/13/2013 8:44:17 AM - Windows UpdateRP98: 9/16/2013 7:35:18 AM - Windows UpdateRP99: 9/17/2013 8:05:27 AM - Windows Update.==== Installed Programs ======================.Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.7) MUIAMD Media Foundation DecodersAMD VISION Engine Control CenterAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverATI Catalyst Install ManagerBejeweled 3Catalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerChuzzle DeluxeConexant HD AudioD3DX10ETDWare PS/2-X64 8.0.8.0_R01FATE - The Traitor SoulFishdom 2Google ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperJava Auto UpdaterJava 6 Update 25Junk Mail filter updateLabel@Once 1.0Malwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office 2010Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319MSVCRTMSVCRT_amd64Penguins!Plants vs. Zombies - Game of the YearPlayReady PC Runtime amd64PlayReady PC Runtime x86Polar BowlerRealtek USB 2.0 Card ReaderRealtek WLAN DriverSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition Skype LauncherTom Clancy's Splinter CellToshiba App PlaceTOSHIBA Application InstallerTOSHIBA AssistToshiba Book PlaceTOSHIBA Bulletin BoardTOSHIBA Disc CreatorTOSHIBA Hardware SetupTOSHIBA HDD/SSD AlertToshiba Laptop CheckupTOSHIBA Media ControllerToshiba Online BackupTOSHIBA Quality ApplicationTOSHIBA Recovery Media CreatorTOSHIBA ReelTimeTOSHIBA Service StationTOSHIBA Supervisor PasswordTOSHIBA Value Added PackageTOSHIBARegistrationUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update Installer for WildTangent Games AppVirtual Villagers 5 - New BelieversWildTangent GamesWildTangent Games App (Toshiba Games)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesZuma's Revenge.==== Event Viewer Messages From Past Week ========.9/17/2013 8:22:11 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.9/17/2013 8:22:11 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.9/17/2013 10:25:45 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MYNETN600 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FB797C5D-3987-49C5-A51C-D43257D41A6C}. The master browser is stopping or an election is being forced.9/16/2013 7:56:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2870699).9/16/2013 7:34:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.9/12/2013 7:21:39 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4..==== End Of File =========================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013 03Ran by Sarahlynn Hayden at 2013-09-17 11:19:46Running from C:\Users\Sarahlynn Hayden\DownloadsBoot Mode: Normal========================================================== ==================== Installed Programs ======================= Adobe AIR (x32 Version: 2.6.0.19140)Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174)Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)AMD Media Foundation Decoders (Version: 1.0.60607.2201)AMD VISION Engine Control Center (x32 Version: 2011.0607.2212.38019)Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36)ATI Catalyst Install Manager (Version: 3.0.829.0)Bejeweled 3 (x32 Version: 2.2.0.97)Catalyst Control Center - Branding (x32 Version: 1.00.0000)Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0607.2212.38019)Catalyst Control Center InstallProxy (x32 Version: 2011.0607.2212.38019)Catalyst Control Center Localization All (x32 Version: 2011.0607.2212.38019)CCC Help Chinese Standard (x32 Version: 2011.0607.2211.38019)CCC Help Chinese Traditional (x32 Version: 2011.0607.2211.38019)CCC Help Czech (x32 Version: 2011.0607.2211.38019)CCC Help Danish (x32 Version: 2011.0607.2211.38019)CCC Help Dutch (x32 Version: 2011.0607.2211.38019)CCC Help English (x32 Version: 2011.0607.2211.38019)CCC Help Finnish (x32 Version: 2011.0607.2211.38019)CCC Help French (x32 Version: 2011.0607.2211.38019)CCC Help German (x32 Version: 2011.0607.2211.38019)CCC Help Greek (x32 Version: 2011.0607.2211.38019)CCC Help Hungarian (x32 Version: 2011.0607.2211.38019)CCC Help Italian (x32 Version: 2011.0607.2211.38019)CCC Help Japanese (x32 Version: 2011.0607.2211.38019)CCC Help Korean (x32 Version: 2011.0607.2211.38019)CCC Help Norwegian (x32 Version: 2011.0607.2211.38019)CCC Help Polish (x32 Version: 2011.0607.2211.38019)CCC Help Portuguese (x32 Version: 2011.0607.2211.38019)CCC Help Russian (x32 Version: 2011.0607.2211.38019)CCC Help Spanish (x32 Version: 2011.0607.2211.38019)CCC Help Swedish (x32 Version: 2011.0607.2211.38019)CCC Help Thai (x32 Version: 2011.0607.2211.38019)CCC Help Turkish (x32 Version: 2011.0607.2211.38019)ccc-utility64 (Version: 2011.0607.2212.38019)CCleaner (Version: 4.05)Chuzzle Deluxe (x32 Version: 2.2.0.95)Conexant HD Audio (Version: 8.54.1.0)D3DX10 (x32 Version: 15.4.2368.0902)ETDWare PS/2-X64 8.0.8.0_R01 (Version: 8.0.8.0)FATE - The Traitor Soul (x32 Version: 2.2.0.95)Fishdom 2 (x32 Version: 2.2.0.98)Google Chrome (x32 Version: 29.0.1547.66)Google Toolbar for Internet Explorer (x32 Version: 1.0.0)Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)Google Update Helper (x32 Version: 1.3.21.153)Java Auto Updater (x32 Version: 2.0.4.1)Java 6 Update 25 (x32 Version: 6.0.250)Junk Mail filter update (x32 Version: 15.4.3502.0922)Label@Once 1.0 (x32 Version: 1.0)Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)Mesh Runtime (x32 Version: 15.4.5722.2)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft Application Error Reporting (Version: 12.0.6015.5000)Microsoft Office 2007 Service Pack 3 (SP3) (x32)Microsoft Office 2010 (x32 Version: 14.0.4763.1000)Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)Microsoft Silverlight (Version: 5.1.20513.0)Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)MSVCRT (x32 Version: 15.4.2862.0708)MSVCRT_amd64 (x32 Version: 15.4.2862.0708)Penguins! (x32 Version: 2.2.0.95)Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)PlayReady PC Runtime amd64 (Version: 1.3.0)PlayReady PC Runtime x86 (x32 Version: 1.3.0)Polar Bowler (x32 Version: 2.2.0.97)Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30124)Realtek WLAN Driver (x32 Version: 2.00.0016)Skype Launcher (x32 Version: 2.01)Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97)Toshiba App Place (x32 Version: 1.0.6.3)TOSHIBA Application Installer (x32 Version: 9.0.1.2)TOSHIBA Assist (x32 Version: 4.2.3.0)Toshiba Book Place (x32 Version: 2.2.7530)TOSHIBA Bulletin Board (Version: 1.6.10.64)TOSHIBA Bulletin Board (x32 Version: 1.6.10.64)TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)TOSHIBA Hardware Setup (x32 Version: 2.1.0.3)TOSHIBA HDD/SSD Alert (Version: 3.1.64.9)Toshiba Laptop Checkup (x32 Version: 2.0.13.11)TOSHIBA Media Controller (x32 Version: 1.0.87.4)Toshiba Online Backup (x32 Version: 2.0.0.31)TOSHIBA Quality Application (x32 Version: 1.0.3)TOSHIBA Recovery Media Creator (x32 Version: 2.1.5.5109a)TOSHIBA ReelTime (Version: 1.7.21.64)TOSHIBA ReelTime (x32 Version: 1.7.21.64)TOSHIBA Service Station (x32 Version: 2.2.12)TOSHIBA Supervisor Password (x32 Version: 2.1.0.2)TOSHIBA Value Added Package (Version: 1.6.1.64)TOSHIBA Value Added Package (x32 Version: 1.6.1.64)TOSHIBARegistration (x32 Version: 1.0.6)Update for 2007 Microsoft Office System (KB967642) (x32)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)Update for Microsoft Office Excel 2007 Help (KB963678) (x32)Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)Update for Microsoft Office Script Editor Help (KB963671) (x32)Update for Microsoft Office Word 2007 Help (KB963665) (x32)Update Installer for WildTangent Games App (x32)Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97)WildTangent Games (x32 Version: 1.0.2.5)WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.14)Windows Live Communications Platform (x32 Version: 15.4.3502.0922)Windows Live Essentials (x32 Version: 15.4.3502.0922)Windows Live Essentials (x32 Version: 15.4.3555.0308)Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)Windows Live Installer (x32 Version: 15.4.3502.0922)Windows Live Language Selector (Version: 15.4.3555.0308)Windows Live Mail (x32 Version: 15.4.3502.0922)Windows Live Mesh (x32 Version: 15.4.3502.0922)Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)Windows Live Messenger (x32 Version: 15.4.3538.0513)Windows Live MIME IFilter (Version: 15.4.3502.0922)Windows Live Movie Maker (x32 Version: 15.4.3502.0922)Windows Live Photo Common (x32 Version: 15.4.3502.0922)Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)Windows Live Remote Client (Version: 15.4.5722.2)Windows Live Remote Client Resources (Version: 15.4.5722.2)Windows Live Remote Service (Version: 15.4.5722.2)Windows Live Remote Service Resources (Version: 15.4.5722.2)Windows Live SOXE (x32 Version: 15.4.3502.0922)Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)Windows Live UX Platform (x32 Version: 15.4.3502.0922)Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)Windows Live Writer (x32 Version: 15.4.3502.0922)Windows Live Writer Resources (x32 Version: 15.4.3502.0922)Zuma's Revenge (x32 Version: 2.2.0.97) ==================== Restore Points ========================= 12-08-2013 14:56:39 Windows Update16-08-2013 21:57:18 Windows Update18-08-2013 17:40:59 Windows Modules Installer19-08-2013 16:25:01 Windows Update23-08-2013 13:40:43 Windows Update27-08-2013 13:36:50 Windows Update03-09-2013 16:14:33 Windows Update10-09-2013 12:39:32 Windows Update13-09-2013 13:44:17 Windows Update16-09-2013 12:35:18 Windows Update17-09-2013 13:05:27 Windows Update ==================== Hosts content: ========================== 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_startedTask: {431CF243-93F2-4019-A29A-5244F0C251E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19] (Google Inc.)Task: {597CBCA2-DD49-4F5D-AB2D-AF8FD6D1A8B7} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update TaskTask: {5DC9E37B-7504-49B9-B37C-A13F4D14291D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-17] (Adobe Systems Incorporated)Task: {92DF686B-081C-4CDE-9AEC-13477D459D74} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)Task: {C1F4AB46-3857-4DD6-9EDF-809CC218CE53} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)Task: {CB274CDF-7D27-45E8-ABC6-7E9B26F43927} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3116364755-2672186534-3802511386-1003 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)Task: {F909824F-6AA9-4DC3-A4F3-1451A9D1298D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19] (Google Inc.)Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll2012-08-09 11:00 - 2012-08-09 11:00 - 08007680 _____ ( ) C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll2009-01-20 15:51 - 2009-01-20 15:51 - 00007168 _____ ( ) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll2011-06-08 00:11 - 2011-06-08 00:11 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll2011-03-22 12:17 - 2011-03-22 12:17 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll2011-06-09 23:09 - 2011-06-09 23:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll ==================== Alternate Data Streams (whitelisted) ========== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (09/17/2013 10:07:54 AM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/17/2013 09:09:23 AM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/17/2013 08:29:31 AM) (Source: Microsoft-Windows-User Profiles Service) (User: MsPoe-PC)Description: Windows cannot delete the profile directory C:\Users\Ms. Poe. This error may be caused by files in this directory being used by another program. DETAIL - The directory is not empty. Error: (09/17/2013 08:23:22 AM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/17/2013 08:22:11 AM) (Source: Windows Search Service) (User: )Description: The index cannot be initialized. Details:The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/17/2013 08:22:11 AM) (Source: Windows Search Service) (User: )Description: The application cannot be initialized. Context: Windows Application Details:The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/17/2013 08:22:11 AM) (Source: Windows Search Service) (User: )Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details:The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/17/2013 08:22:11 AM) (Source: Windows Search Service) (User: )Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details:Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (09/17/2013 08:22:10 AM) (Source: Windows Search Service) (User: )Description: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details:The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/17/2013 08:22:10 AM) (Source: Windows Search Service) (User: )Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details:The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) System errors:=============Error: (09/17/2013 10:25:45 AM) (Source: bowser) (User: )Description: The master browser has received a server announcement from the computer MYNETN600that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FB797C5D-3987-49C5-A51C-D43257D41A6C}.The master browser is stopping or an election is being forced. Error: (09/17/2013 10:05:14 AM) (Source: DCOM) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (09/17/2013 09:06:35 AM) (Source: DCOM) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (09/17/2013 08:22:11 AM) (Source: Service Control Manager) (User: )Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (09/17/2013 08:22:11 AM) (Source: Service Control Manager) (User: )Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (09/17/2013 08:19:58 AM) (Source: DCOM) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (09/16/2013 08:25:29 AM) (Source: DCOM) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (09/16/2013 07:56:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2870699). Error: (09/16/2013 07:34:26 AM) (Source: Service Control Manager) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service. Error: (09/12/2013 07:21:39 AM) (Source: Disk) (User: )Description: The driver detected a controller error on \Device\Harddisk1\DR4. Microsoft Office Sessions:========================= ==================== Memory info =========================== Percentage of memory in use: 50%Total physical RAM: 1638.87 MBAvailable physical RAM: 806.08 MBTotal Pagefile: 3277.73 MBAvailable Pagefile: 1879.8 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (TI106232W0C) (Fixed) (Total:284.4 GB) (Free:244.72 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: CBA03604)Partition 1: (Active) - (Size=1 GB) - (Type=27)Partition 2: (Not Active) - (Size=284 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=12 GB) - (Type=17) ==================== End Of Log ============================
  15. Have run MB over the last couple of months and some days it finds an infection (or 2 or 3) and some days it's clean but the machine never seems to completely recover. Also, in the last day or so, it has decided to recover a previously deleted user account, too. Machine is very sluggish and getting worse - please help! Here are copies of the DDS logs and MB log Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2013.09.17.06 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16686Sarahlynn Hayden :: MSPOE-PC [administrator] Protection: Enabled 9/17/2013 9:11:39 AMMBAM-log-2013-09-17 (10-04-21) full log.txt Scan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 303994Time elapsed: 52 minute(s), 21 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 3C:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1000\$9a722e5aed15d0eb3ec82c42e116bfa4\U\00000001.@ (Trojan.0Access) -> No action taken.C:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1000\$9a722e5aed15d0eb3ec82c42e116bfa4\U\80000000.@ (Trojan.0Access) -> No action taken.C:\$Recycle.Bin\S-1-5-21-3116364755-2672186534-3802511386-1000\$9a722e5aed15d0eb3ec82c42e116bfa4\U\800000cb.@ (Trojan.0Access) -> No action taken. (end) DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16686Run by Sarahlynn Hayden at 10:43:24 on 2013-09-17Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1639.711 [GMT -5:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\system32\atiesrxx.exeC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\atieclxx.exeC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exeC:\windows\system32\TODDSrv.exeC:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exeC:\windows\System32\svchost.exe -k secsvcsC:\Program Files\Windows Media Player\wmpnetwk.exeC:\windows\system32\taskhost.exeC:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\Program Files\Elantech\ETDCtrl.exeC:\Program Files\TOSHIBA\Power Saver\TPwrMain.exeC:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeC:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exeC:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exeC:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Elantech\ETDCtrlHelper.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\windows\system32\SearchIndexer.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\SearchFilterHost.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyOverride = <local>mWinlogon: Userinit = userinit.exe,BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDEDmRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 192.168.1.1TCP: Interfaces\{FB797C5D-3987-49C5-A51C-D43257D41A6C} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{FB797C5D-3987-49C5-A51C-D43257D41A6C}\133747D223E646D2332746 : DHCPNameServer = 192.168.0.1TCP: Interfaces\{FB797C5D-3987-49C5-A51C-D43257D41A6C}\353686F6F6C602F46666963656 : DHCPNameServer = 10.0.0.1TCP: Interfaces\{FB797C5D-3987-49C5-A51C-D43257D41A6C}\7756374756C6C663139323 : DHCPNameServer = 10.0.0.1TCP: Interfaces\{FB797C5D-3987-49C5-A51C-D43257D41A6C}\B4343502C49626271627970275962756C65637370225F657475627 : DHCPNameServer = 192.168.0.1Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /tx64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exex64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEx64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exex64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exex64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exex64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exex64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exex64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2012-5-19 75904]R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2012-5-19 38016]R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-5-19 204288]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-17 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-17 701512]R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-5-19 123320]R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-5-19 126392]R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512]R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-5-19 9216]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-9-27 76912]R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-9-17 25928]R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-5-19 1109096]R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-5-19 57216]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-5-19 243712]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-14 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-09-17 13:49:08 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Roaming\Malwarebytes2013-09-17 13:38:59 -------- d-----w- C:\ProgramData\Malwarebytes2013-09-17 13:38:56 25928 ----a-w- C:\windows\System32\drivers\mbam.sys2013-09-17 13:38:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-09-17 13:38:25 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\Programs2013-09-17 13:34:35 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DFF61F0C-805D-4B44-8B19-A39CE08369B4}\mpengine.dll2013-09-17 13:06:58 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll2013-09-17 13:05:44 4751752 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe2013-09-17 01:38:38 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{A363A23C-33C4-438F-8813-FB296209EB0C}2013-09-16 13:33:02 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{93FAC7D6-CB94-415B-A901-BA127DC52716}2013-09-14 03:02:54 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{03424DA5-9F21-4CB0-9486-868286BF34BE}2013-09-13 13:31:58 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{100562B7-7BC3-4E2F-AE84-9E89822328A0}2013-09-12 12:20:42 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{AC6EF6F1-7C42-489E-95CA-B30AB90CBCFC}2013-09-11 18:21:23 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{98319BBB-AC22-48CC-8AD4-875F59621B37}2013-09-10 18:20:06 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{F087014F-5953-4E56-92FF-9B8896FDAF1B}2013-09-09 15:47:55 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{9CF33945-0E4C-46A9-ACDC-0C863451B38C}2013-09-08 19:19:55 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{10F3396A-F9C3-4E18-85E1-610B68603EC9}2013-09-08 02:36:22 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{2965F2AC-A68C-48DB-9446-CDAB67FB6D10}2013-09-05 13:59:56 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{2AF449D1-D7F1-47C0-BCD8-7168E932907A}2013-09-05 02:00:03 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{35C9256F-0CE3-402B-B0B6-B91741C4952F}2013-09-04 13:03:37 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{FF36426E-4267-44BF-BC58-AA488534C15B}2013-08-28 18:50:49 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{A3616CD1-BA74-4F75-81A5-C55710EF4D9F}2013-08-23 20:16:31 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{001CDFFC-2926-47D9-82CD-69CFE0F43CF6}2013-08-22 21:13:48 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{E52CF6AD-F78E-40DF-8C39-ECE2759CE488}2013-08-19 16:26:31 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{4F45E95B-02AB-4D6B-8B79-1CFB18F0BFDE}2013-08-18 21:44:15 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{7C4D52D4-99A0-485A-9FFD-36B88624C85A}2013-08-18 21:44:15 -------- d-----w- C:\Users\Sarahlynn Hayden\AppData\Local\{156D552D-5023-4E26-ACE0-91B6BAC4FFF6}2013-08-18 18:02:09 -------- d-----w- C:\windows\System32\MRT.==================== Find3M ====================.2013-09-17 13:05:57 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-09-17 13:05:57 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2013-08-10 05:22:18 2241024 ----a-w- C:\windows\System32\wininet.dll2013-08-10 05:20:59 3959296 ----a-w- C:\windows\System32\jscript9.dll2013-08-10 05:20:55 67072 ----a-w- C:\windows\System32\iesetup.dll2013-08-10 05:20:55 136704 ----a-w- C:\windows\System32\iesysprep.dll2013-08-10 03:59:10 1767936 ----a-w- C:\windows\SysWow64\wininet.dll2013-08-10 03:58:09 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll2013-08-10 03:58:06 61440 ----a-w- C:\windows\SysWow64\iesetup.dll2013-08-10 03:58:06 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll2013-08-10 03:17:38 2706432 ----a-w- C:\windows\System32\mshtml.tlb2013-08-10 03:07:50 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb2013-08-10 02:27:59 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe2013-08-10 02:17:19 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe2013-08-08 01:20:43 3155456 ----a-w- C:\windows\System32\win32k.sys2013-08-07 09:22:02 278800 ------w- C:\windows\System32\MpSigStub.exe2013-08-05 02:25:45 155584 ----a-w- C:\windows\System32\drivers\ataport.sys2013-08-02 02:23:53 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe2013-08-02 02:15:44 1732032 ----a-w- C:\windows\System32\ntdll.dll2013-08-02 02:15:03 362496 ----a-w- C:\windows\System32\wow64win.dll2013-08-02 02:15:03 243712 ----a-w- C:\windows\System32\wow64.dll2013-08-02 02:15:03 13312 ----a-w- C:\windows\System32\wow64cpu.dll2013-08-02 02:14:57 215040 ----a-w- C:\windows\System32\winsrv.dll2013-08-02 02:14:11 16384 ----a-w- C:\windows\System32\ntvdm64.dll2013-08-02 02:13:34 424448 ----a-w- C:\windows\System32\KernelBase.dll2013-08-02 01:59:30 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe2013-08-02 01:59:30 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe2013-08-02 01:51:23 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll2013-08-02 01:50:42 5120 ----a-w- C:\windows\SysWow64\wow32.dll2013-08-02 01:50:42 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll2013-08-02 01:09:17 338432 ----a-w- C:\windows\System32\conhost.exe2013-08-02 00:59:09 112640 ----a-w- C:\windows\System32\smss.exe2013-08-02 00:45:37 25600 ----a-w- C:\windows\SysWow64\setup16.exe2013-08-02 00:45:36 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll2013-08-02 00:45:35 7680 ----a-w- C:\windows\SysWow64\instnm.exe2013-08-02 00:45:34 2048 ----a-w- C:\windows\SysWow64\user.exe2013-08-02 00:43:05 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2013-08-02 00:43:05 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2013-08-02 00:43:05 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2013-08-02 00:43:05 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll2013-07-09 05:52:52 224256 ----a-w- C:\windows\System32\wintrust.dll2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll2013-07-09 05:46:20 184320 ----a-w- C:\windows\System32\cryptsvc.dll2013-07-09 05:46:20 1472512 ----a-w- C:\windows\System32\crypt32.dll2013-07-09 05:46:20 139776 ----a-w- C:\windows\System32\cryptnet.dll2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll2013-07-09 04:46:31 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll2013-07-06 06:03:53 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys.============= FINISH: 10:44:26.69 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 8/9/2012 10:36:32 AMSystem Uptime: 9/17/2013 10:05:55 AM (0 hours ago).Motherboard: TOSHIBA | | Portable PCProcessor: AMD E-300 APU with Radeon HD Graphics | Socket FT1 | 1300/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 284 GiB total, 244.802 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP88: 8/12/2013 9:56:39 AM - Windows UpdateRP89: 8/16/2013 4:57:18 PM - Windows UpdateRP91: 8/18/2013 12:40:59 PM - Windows Modules InstallerRP92: 8/19/2013 11:25:01 AM - Windows UpdateRP93: 8/23/2013 8:40:43 AM - Windows UpdateRP94: 8/27/2013 8:36:50 AM - Windows UpdateRP95: 9/3/2013 11:14:33 AM - Windows UpdateRP96: 9/10/2013 7:39:32 AM - Windows UpdateRP97: 9/13/2013 8:44:17 AM - Windows UpdateRP98: 9/16/2013 7:35:18 AM - Windows UpdateRP99: 9/17/2013 8:05:27 AM - Windows Update.==== Installed Programs ======================.Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.7) MUIAMD Media Foundation DecodersAMD VISION Engine Control CenterAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverATI Catalyst Install ManagerBejeweled 3Catalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerChuzzle DeluxeConexant HD AudioD3DX10ETDWare PS/2-X64 8.0.8.0_R01FATE - The Traitor SoulFishdom 2Google ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperJava Auto UpdaterJava 6 Update 25Junk Mail filter updateLabel@Once 1.0Malwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office 2010Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319MSVCRTMSVCRT_amd64Penguins!Plants vs. Zombies - Game of the YearPlayReady PC Runtime amd64PlayReady PC Runtime x86Polar BowlerRealtek USB 2.0 Card ReaderRealtek WLAN DriverSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition Skype LauncherTom Clancy's Splinter CellToshiba App PlaceTOSHIBA Application InstallerTOSHIBA AssistToshiba Book PlaceTOSHIBA Bulletin BoardTOSHIBA Disc CreatorTOSHIBA Hardware SetupTOSHIBA HDD/SSD AlertToshiba Laptop CheckupTOSHIBA Media ControllerToshiba Online BackupTOSHIBA Quality ApplicationTOSHIBA Recovery Media CreatorTOSHIBA ReelTimeTOSHIBA Service StationTOSHIBA Supervisor PasswordTOSHIBA Value Added PackageTOSHIBARegistrationUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update Installer for WildTangent Games AppVirtual Villagers 5 - New BelieversWildTangent GamesWildTangent Games App (Toshiba Games)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesZuma's Revenge.==== Event Viewer Messages From Past Week ========.9/17/2013 8:22:11 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.9/17/2013 8:22:11 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.9/17/2013 10:25:45 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MYNETN600 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FB797C5D-3987-49C5-A51C-D43257D41A6C}. The master browser is stopping or an election is being forced.9/16/2013 7:56:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2870699).9/16/2013 7:34:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.9/12/2013 7:21:39 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4..==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.