Thought I had it licked....

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: Thought I had it licked....

Post by Heroes on Wed Aug 10, 2011 2:05 am

Here is the link:

[You must be registered and logged in to see this link.]


Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Sneakyone on Wed Aug 10, 2011 5:46 am

I'll get someone to look at those for you and post back with some updated advice.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56064
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Thu Aug 11, 2011 10:55 am

Thank you.

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Sneakyone on Fri Aug 12, 2011 2:59 am

Sit tight please. I will post a fix when they get analyzed.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56064
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Fri Aug 19, 2011 2:58 am

Hi, I'm sure this didn't fall through the cracks but just checking in. Thanks.

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Sneakyone on Fri Aug 19, 2011 3:37 am

Still no reply. In the meantime, please re-run OTL and ComboFix.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56064
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Fri Aug 19, 2011 11:56 am

OTL logfile created on: 8/19/2011 7:32:58 AM - Run 8
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Rick\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.68 Mb Total Physical Memory | 518.15 Mb Available Physical Memory | 51.12% Memory free
2.24 Gb Paging File | 1.85 Gb Available in Paging File | 82.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.77 Gb Total Space | 97.58 Gb Free Space | 69.32% Space Free | Partition Type: NTFS
Drive D: | 8.28 Gb Total Space | 1.82 Gb Free Space | 22.03% Space Free | Partition Type: NTFS
Drive G: | 931.28 Gb Total Space | 522.25 Gb Free Space | 56.08% Space Free | Partition Type: FAT32

Computer Name: DANNI-PC | User Name: Rick | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/22 05:59:04 | 001,101,960 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
PRC - [2011/05/30 20:02:06 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/30 20:02:06 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (UmxPol)
SRV - File not found [Auto | Stopped] -- -- (UmxFwHlp)
SRV - File not found [Auto | Stopped] -- -- (UmxCfg)
SRV - File not found [Auto | Stopped] -- -- (UmxAgent)
SRV - File not found [Auto | Stopped] -- -- (ccSchedulerSVC)
SRV - File not found [On_Demand | Stopped] -- -- (CaCCProvSP)
SRV - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/12 10:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2010/12/03 05:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/09/24 11:16:24 | 000,150,608 | ---- | M] (CA) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2010/09/24 11:16:24 | 000,107,600 | ---- | M] (CA) [Kernel | Boot | Stopped] -- C:\Windows\System32\DRIVERS\kmxfw.sys -- (KmxFw)
DRV - [2010/09/24 11:16:24 | 000,058,448 | ---- | M] (CA) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\KmxFilter.sys -- (KmxFilter)
DRV - [2010/09/24 11:16:18 | 000,244,304 | ---- | M] (CA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2010/09/24 11:16:18 | 000,079,864 | ---- | M] (CA) [File_System | System | Stopped] -- C:\Windows\System32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2010/09/24 11:16:18 | 000,061,008 | ---- | M] (CA) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2010/09/24 11:16:18 | 000,061,008 | ---- | M] (CA) [File_System | System | Stopped] -- C:\Windows\System32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2007/03/05 17:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/01 08:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/02/24 10:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 13:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 12:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/30 13:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/10/09 16:47:58 | 000,981,504 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/06/28 12:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/07/19 07:57:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\Windows\System32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\Windows\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/14 08:10:42 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2008/04/01 13:53:24 | 000,000,071 | -H-- | M] () - G:\AUTORUN.FCB -- [ FAT32 ]
O32 - AutoRun File - [2002/01/05 14:30:58 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/13 10:43:36 | 000,000,000 | ---D | C] -- C:\Users\Rick\Documents\tdsskiller
[2011/08/10 20:15:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/10 20:11:55 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\temp
[2011/08/10 20:10:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/10 19:57:27 | 000,000,000 | ---D | C] -- C:\commy11848c
[2011/08/10 19:56:34 | 000,000,000 | ---D | C] -- C:\commy26247c
[2011/08/08 07:27:57 | 000,000,000 | ---D | C] -- C:\commy17934c
[2011/08/08 07:27:12 | 000,000,000 | ---D | C] -- C:\commy3121c
[2011/08/08 03:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/08/07 17:49:45 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011/08/07 17:49:41 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/08/07 17:49:41 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/08/07 17:48:29 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011/08/07 17:48:29 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/08/07 17:48:19 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011/08/07 17:48:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2011/08/07 17:48:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2011/08/07 17:48:10 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/08/07 17:48:10 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/08/07 17:48:10 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/08/07 17:48:10 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2011/08/07 17:48:10 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011/08/07 17:48:10 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011/08/07 17:48:10 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011/08/07 17:46:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/08/07 17:46:23 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/08/07 17:27:49 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/08/07 16:33:56 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/08/07 16:33:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/07 16:33:54 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/08/07 16:33:52 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/08/07 16:33:51 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/08/07 16:33:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/07 16:33:49 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/08/07 16:33:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/08/07 16:33:46 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/07 16:33:46 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/08/07 16:33:46 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/08/07 16:33:45 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/08/07 16:33:45 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/08/07 16:33:45 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/08/07 16:33:45 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/08/07 16:33:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/07 16:33:44 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/08/07 16:33:43 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/07 16:33:42 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/08/07 16:33:41 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/08/07 16:33:41 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/08/07 16:33:41 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/08/07 16:33:39 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/07 16:33:39 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/08/07 16:33:38 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/08/07 16:33:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/07 16:33:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/08/07 16:33:34 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/08/07 16:33:33 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/08/07 16:33:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/08/07 16:33:33 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/08/07 16:33:32 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/07 16:33:32 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/08/07 16:33:31 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/08/07 16:33:30 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/07 16:33:30 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/08/07 16:33:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/08/07 16:33:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/07 16:33:29 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/08/07 16:29:05 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/08/07 16:29:04 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/08/07 16:29:03 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/08/07 16:29:00 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/08/07 16:28:59 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/08/07 16:28:58 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/08/07 16:28:52 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/08/07 16:28:34 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/08/07 16:28:33 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/08/07 16:28:28 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/08/07 16:28:27 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/08/07 16:28:26 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/08/07 16:28:26 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/08/07 16:28:25 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/08/07 16:28:25 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/08/07 16:28:24 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/08/07 16:28:23 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/08/07 16:28:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/08/07 16:28:20 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/08/07 16:28:18 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/08/07 16:28:16 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/08/07 16:22:56 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/08/07 16:22:56 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/08/07 16:22:55 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/08/07 16:22:43 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/08/07 16:22:41 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/08/07 16:22:40 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/08/06 17:02:29 | 000,000,000 | ---D | C] -- C:\commy20193c
[2011/08/06 15:55:45 | 000,000,000 | ---D | C] -- C:\commy21913c
[2011/08/06 15:55:06 | 000,000,000 | ---D | C] -- C:\commy27062c
[2011/08/02 16:42:59 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/08/02 16:42:57 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/08/02 16:41:43 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/08/02 11:43:41 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/02 11:43:41 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/08/02 10:50:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/08/02 10:50:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/08/02 10:50:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/08/02 10:47:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/08/02 10:30:16 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2011/08/02 10:30:06 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2011/08/02 10:29:41 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2011/08/02 10:29:41 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2011/08/02 10:29:40 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2011/08/02 10:29:40 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2011/08/02 10:29:40 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2011/08/02 10:29:40 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011/08/02 10:29:40 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2011/08/02 10:29:40 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2011/08/02 10:29:40 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011/08/02 10:29:40 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2011/08/02 10:29:39 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2011/08/02 10:29:39 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2011/08/02 10:29:37 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2011/08/02 10:29:36 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2011/08/02 10:29:36 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2011/08/02 10:29:36 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2011/08/02 10:29:36 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2011/08/02 10:29:35 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2011/08/02 10:29:35 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2011/08/02 10:29:35 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2011/08/02 10:29:35 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2011/08/02 10:29:35 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2011/08/02 10:29:35 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2011/08/02 10:29:35 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2011/08/02 10:29:35 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011/08/02 10:29:35 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2011/08/02 10:29:35 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2011/08/02 10:29:34 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2011/08/02 10:29:33 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2011/08/02 10:29:33 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011/08/02 10:29:33 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2011/08/02 10:29:33 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011/08/02 10:29:31 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2011/08/02 10:29:30 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2011/08/02 10:29:30 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2011/08/02 10:29:30 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2011/08/02 10:29:29 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2011/08/02 10:29:29 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2011/08/02 10:29:29 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/08/02 10:29:29 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2011/08/02 10:29:28 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2011/08/02 10:29:28 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2011/08/02 10:29:28 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2011/08/02 10:29:28 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011/08/02 10:29:27 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2011/08/02 10:29:27 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2011/08/02 10:29:27 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2011/08/02 10:29:27 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2011/08/02 10:29:27 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2011/08/02 10:29:27 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2011/08/02 10:29:27 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2011/08/02 10:29:27 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2011/08/02 10:29:27 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011/08/02 10:29:27 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2011/08/02 10:29:27 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2011/08/02 10:29:27 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2011/08/02 10:29:27 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2011/08/02 10:29:27 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2011/08/02 10:29:27 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2011/08/02 10:29:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2011/08/02 10:29:27 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2011/08/02 10:29:26 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2011/08/02 10:29:25 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011/08/02 10:29:25 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2011/08/02 10:29:25 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2011/08/02 10:29:25 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2011/08/02 10:29:25 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011/08/02 10:29:25 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2011/08/02 10:29:25 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2011/08/02 10:29:25 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2011/08/02 10:29:24 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011/08/02 10:29:24 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/08/02 10:29:24 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/08/02 10:29:24 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2011/08/02 10:29:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2011/08/02 10:29:24 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2011/08/02 10:29:21 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011/08/02 10:29:18 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2011/08/02 10:29:18 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2011/08/02 10:29:17 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2011/08/02 10:29:17 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2011/08/02 10:29:16 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2011/08/02 10:29:16 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2011/08/02 10:29:16 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011/08/02 10:29:16 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2011/08/02 10:29:16 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2011/08/02 10:29:16 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2011/08/02 10:29:16 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2011/08/02 10:29:16 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/08/02 10:29:15 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/08/02 10:29:15 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011/08/02 10:29:15 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2011/08/02 10:29:15 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2011/08/02 10:29:15 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2011/08/02 10:29:15 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2011/08/02 10:29:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2011/08/02 10:29:14 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2011/08/02 10:29:14 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/08/02 10:29:14 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/08/02 10:29:14 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/08/02 10:29:13 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2011/08/02 10:29:12 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2011/08/02 10:29:12 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2011/08/02 10:29:12 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2011/08/02 10:29:12 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011/08/02 10:29:12 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2011/08/02 10:29:12 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2011/08/02 10:29:11 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2011/08/02 10:29:11 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2011/08/02 10:29:11 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2011/08/02 10:29:11 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2011/08/02 10:29:11 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2011/08/02 10:29:11 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2011/08/02 10:29:11 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2011/08/02 10:29:11 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2011/08/02 10:29:11 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2011/08/02 10:29:11 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2011/08/02 10:29:11 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2011/08/02 10:29:11 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2011/08/02 10:29:11 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2011/08/02 10:29:11 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2011/08/02 10:29:10 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2011/08/02 10:29:10 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011/08/02 10:29:10 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2011/08/02 10:29:10 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2011/08/02 10:29:10 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2011/08/02 10:29:10 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2011/08/02 10:29:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2011/08/02 10:29:10 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/08/02 10:29:10 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2011/08/02 10:29:10 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2011/08/02 10:29:10 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2011/08/02 10:29:10 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2011/08/02 10:29:10 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2011/08/02 10:29:09 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2011/08/02 10:29:09 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2011/08/02 10:29:09 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011/08/02 10:29:09 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2011/08/02 10:29:09 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2011/08/02 10:29:09 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011/08/02 10:29:09 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\[You must be registered and logged in to see this link.]
[2011/08/02 10:29:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2011/08/02 10:29:08 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2011/08/02 10:29:08 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2011/08/02 10:29:08 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2011/08/02 10:29:08 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2011/08/02 10:29:08 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2011/08/02 10:29:08 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2011/08/02 10:29:08 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2011/08/02 10:29:08 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/08/02 10:29:07 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2011/08/02 10:29:07 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2011/08/02 10:29:07 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2011/08/02 10:29:07 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2011/08/02 10:29:07 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2011/08/02 10:29:07 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2011/08/02 10:29:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2011/08/02 10:29:06 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2011/08/02 10:29:05 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2011/08/02 10:29:04 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2011/08/02 10:29:04 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2011/08/02 10:29:03 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2011/08/02 10:29:03 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2011/08/02 10:29:03 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2011/08/02 10:29:03 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2011/08/02 10:29:03 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2011/08/02 10:29:03 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2011/08/02 10:29:02 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2011/08/02 10:29:02 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2011/08/02 10:29:02 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2011/08/02 10:29:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/08/02 10:29:02 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2011/08/02 10:29:01 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2011/08/02 10:29:01 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2011/08/02 10:29:01 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2011/08/02 10:29:01 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/08/02 10:29:01 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2011/08/02 10:29:01 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2011/08/02 10:29:01 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2011/08/02 10:29:01 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2011/08/02 10:29:01 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2011/08/02 10:29:00 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2011/08/02 10:29:00 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2011/08/02 10:29:00 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011/08/02 10:29:00 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2011/08/02 10:29:00 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2011/08/02 10:29:00 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011/08/02 10:29:00 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2011/08/02 10:29:00 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2011/08/02 10:29:00 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2011/08/02 10:29:00 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2011/08/02 10:29:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2011/08/02 10:29:00 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2011/08/02 10:29:00 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2011/08/02 10:28:59 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2011/08/02 10:28:59 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2011/08/02 10:28:59 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2011/08/02 10:28:59 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2011/08/02 10:28:59 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2011/08/02 10:28:59 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011/08/02 10:28:59 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2011/08/02 10:28:59 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2011/08/02 10:28:57 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011/08/02 10:28:57 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2011/08/02 10:28:57 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2011/08/02 10:28:56 | 000,288,256 | ---- | C] (Microsoft Corporation) --

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Fri Aug 19, 2011 11:57 am

and continuation of OTL.....

C:\Windows\System32\modemui.dll
[2011/08/02 10:28:56 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2011/08/02 10:28:56 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2011/08/02 10:28:56 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2011/08/02 10:28:54 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2011/08/02 10:28:54 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2011/08/02 10:28:54 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011/08/02 10:28:54 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011/08/02 10:28:53 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2011/08/02 10:28:53 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2011/08/02 10:28:53 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2011/08/02 10:28:53 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2011/08/02 10:28:53 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2011/08/02 10:28:53 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/08/02 10:28:53 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2011/08/02 10:28:51 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011/08/02 10:28:51 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2011/08/02 10:28:51 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2011/08/02 10:28:51 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2011/08/02 10:28:50 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2011/08/02 10:28:50 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2011/08/02 10:28:50 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2011/08/02 10:28:50 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2011/08/02 10:28:50 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/08/02 10:28:50 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2011/08/02 10:28:50 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2011/08/02 10:28:50 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2011/08/02 10:28:50 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2011/08/02 10:28:50 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2011/08/02 10:28:50 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2011/08/02 10:28:50 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2011/08/02 10:28:50 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/08/02 10:28:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2011/08/02 10:28:50 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/08/02 10:28:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2011/08/02 10:28:50 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2011/08/02 10:28:50 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2011/08/02 10:28:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2011/08/02 10:28:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2011/08/02 10:28:49 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/08/02 10:28:49 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2011/08/02 10:28:49 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/08/02 10:28:49 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2011/08/02 10:28:49 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2011/08/02 10:28:49 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2011/08/02 10:28:49 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/08/02 10:28:49 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2011/08/02 10:28:49 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/08/02 10:28:49 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2011/08/02 10:28:49 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2011/08/02 10:28:49 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2011/08/02 10:28:49 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2011/08/02 10:28:49 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2011/08/02 10:28:48 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2011/08/02 10:28:48 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2011/08/02 10:28:48 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011/08/02 10:28:48 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2011/08/02 10:28:47 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2011/08/02 10:28:47 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011/08/02 10:28:46 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2011/08/02 10:28:46 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2011/08/02 10:28:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2011/08/02 10:28:45 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2011/08/02 10:28:45 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2011/08/02 10:28:45 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2011/08/02 10:28:45 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2011/08/02 10:28:45 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2011/08/02 10:28:45 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2011/08/02 10:28:44 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2011/08/02 10:28:44 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2011/08/02 10:28:44 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/08/02 10:28:44 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2011/08/02 10:28:44 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2011/08/02 10:28:44 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011/08/02 10:28:44 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2011/08/02 10:28:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2011/08/02 10:28:44 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011/08/02 10:28:43 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2011/08/02 10:28:43 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2011/08/02 10:28:40 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2011/08/02 10:28:40 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2011/08/02 10:28:40 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2011/08/02 10:28:40 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011/08/02 10:28:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2011/08/02 10:28:39 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2011/08/02 10:28:39 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/08/02 10:28:39 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2011/08/02 10:28:39 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2011/08/02 10:28:38 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011/08/02 10:28:38 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2011/08/02 10:28:38 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2011/08/02 10:28:38 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2011/08/02 10:28:38 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2011/08/02 10:28:37 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/08/02 10:28:37 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2011/08/02 10:28:37 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2011/08/02 10:28:36 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/08/02 10:28:36 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/08/02 10:28:35 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2011/08/02 10:28:35 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2011/08/02 10:28:35 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2011/08/02 10:28:35 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2011/08/02 10:28:35 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2011/08/02 10:28:35 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2011/08/02 10:28:34 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2011/08/02 10:28:34 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011/08/02 10:28:34 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2011/08/02 10:28:34 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2011/08/02 10:28:34 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2011/08/02 10:28:34 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2011/08/02 10:28:33 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2011/08/02 10:28:33 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2011/08/02 10:28:33 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2011/08/02 10:28:33 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2011/08/02 10:28:33 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2011/08/02 10:28:33 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2011/08/02 10:28:33 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011/08/02 10:28:33 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/08/02 10:28:33 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2011/08/02 10:28:33 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2011/08/02 10:28:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2011/08/02 10:28:33 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2011/08/02 10:28:32 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2011/08/02 10:28:32 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2011/08/02 10:28:32 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2011/08/02 10:28:32 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2011/08/02 10:28:32 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2011/08/02 10:28:32 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2011/08/02 10:28:32 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2011/08/02 10:28:32 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2011/08/02 10:28:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/08/02 10:28:32 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2011/08/02 10:28:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2011/08/02 10:28:31 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2011/08/02 10:28:31 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2011/08/02 10:28:31 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/08/02 10:28:31 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2011/08/02 10:28:30 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2011/08/02 10:28:29 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2011/08/02 10:28:28 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2011/08/02 10:28:28 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/08/02 10:28:28 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2011/08/02 10:28:28 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2011/08/02 10:28:28 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2011/08/02 10:28:28 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2011/08/02 10:28:28 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2011/08/02 10:28:27 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011/08/02 10:28:27 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011/08/02 10:28:27 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/08/02 10:28:26 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011/08/02 10:28:24 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2011/08/02 10:28:23 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2011/08/02 10:28:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2011/08/02 10:28:23 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2011/08/02 10:28:22 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2011/08/02 10:28:21 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011/08/02 10:28:21 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011/08/02 10:28:19 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2011/08/02 10:28:18 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2011/08/02 10:28:18 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2011/08/02 10:28:18 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2011/08/02 10:28:18 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2011/08/02 10:28:18 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2011/08/02 10:28:18 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2011/08/02 10:28:18 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2011/08/02 10:28:17 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2011/08/02 10:28:17 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2011/08/02 10:28:17 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2011/08/02 10:28:17 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2011/08/02 10:28:17 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2011/08/02 10:28:17 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2011/08/02 10:28:17 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2011/08/02 10:28:17 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2011/08/02 10:28:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2011/08/02 10:28:17 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/08/02 10:28:16 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2011/08/02 10:28:16 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2011/08/02 10:28:16 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2011/08/02 10:28:16 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2011/08/02 10:28:16 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2011/08/02 10:28:16 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2011/08/02 10:28:15 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2011/08/02 10:28:15 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/08/02 10:28:15 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2011/08/02 10:28:14 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2011/08/02 10:28:14 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2011/08/02 10:28:13 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2011/08/02 10:28:13 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2011/08/02 10:28:13 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2011/08/02 10:28:13 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2011/08/02 10:28:13 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2011/08/02 10:28:12 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011/08/02 10:28:12 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2011/08/02 10:28:12 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2011/08/02 10:28:10 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/08/02 10:28:10 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2011/08/02 10:28:10 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2011/08/02 10:28:10 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011/08/02 10:28:10 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2011/08/02 10:28:10 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2011/08/02 09:53:13 | 000,000,000 | ---D | C] -- C:\symbols
[2011/08/02 03:05:51 | 000,000,000 | ---D | C] -- C:\Temp
[2011/07/31 19:30:35 | 003,180,272 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB897574-x86-Symbols-ENU.exe
[2011/07/31 19:30:35 | 002,838,256 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB897574-x86-ENU.exe
[2011/07/25 07:44:36 | 001,436,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rick\Desktop\tdsskiller.exe
[2011/07/24 16:26:05 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Rick\Desktop\aswMBR.exe
[2011/07/20 07:49:45 | 000,000,000 | ---D | C] -- C:\Users\Rick\DoctorWeb

========== Files - Modified Within 30 Days ==========

[2011/08/18 23:00:29 | 000,001,356 | ---- | M] () -- C:\Users\Rick\AppData\Local\d3d9caps.dat
[2011/08/16 23:17:12 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/08/16 23:17:12 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/08/16 23:16:50 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/08/16 23:15:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/16 07:25:05 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/16 07:25:05 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/15 22:56:33 | 205,018,553 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/13 10:45:42 | 000,002,521 | ---- | M] () -- C:\Users\Rick\Desktop\HiJackThis.lnk
[2011/08/10 20:36:45 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/10 19:57:04 | 004,168,557 | R--- | M] (Swearware) -- C:\Users\Rick\Desktop\commy.exe
[2011/08/08 03:33:10 | 000,446,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/08 03:31:21 | 000,546,487 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2011/08/08 03:31:21 | 000,126,652 | ---- | M] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2011/08/08 03:31:21 | 000,000,373 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2011/08/08 03:31:21 | 000,000,209 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2011/08/08 03:31:21 | 000,000,209 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2011/08/08 03:31:21 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2011/08/08 03:31:21 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2011/08/08 03:31:21 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2011/08/08 03:31:21 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2011/08/08 03:31:21 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2011/08/08 03:31:21 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2011/08/08 03:31:21 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2011/08/08 03:31:21 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2011/08/08 03:31:21 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2011/08/08 03:31:21 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2011/08/08 03:31:21 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2011/08/08 03:31:21 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2011/08/07 17:53:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/08/07 17:52:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/08/07 17:39:46 | 000,626,030 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/07 17:39:46 | 000,112,462 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/07 17:03:44 | 000,000,943 | ---- | M] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/07 16:34:28 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/08/07 16:34:27 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/08/07 16:33:57 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/08/07 16:33:56 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/07 16:33:54 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/08/07 16:33:52 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/08/07 16:33:52 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/08/07 16:33:49 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/07 16:33:49 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/08/07 16:33:49 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/08/07 16:33:46 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/08/07 16:33:46 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/07 16:33:46 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/08/07 16:33:46 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/08/07 16:33:45 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/08/07 16:33:45 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/08/07 16:33:45 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/08/07 16:33:45 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/08/07 16:33:44 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/07 16:33:44 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/08/07 16:33:43 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/08/07 16:33:43 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/07 16:33:41 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/08/07 16:33:41 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/08/07 16:33:41 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/08/07 16:33:40 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/08/07 16:33:39 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/07 16:33:39 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/08/07 16:33:34 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/07 16:33:34 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/08/07 16:33:34 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/08/07 16:33:33 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/08/07 16:33:33 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/08/07 16:33:33 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/08/07 16:33:32 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/07 16:33:32 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/08/07 16:33:31 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/08/07 16:33:30 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/07 16:33:30 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/08/07 16:33:30 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/08/07 16:33:30 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/07 16:33:29 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/08/07 16:29:07 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/08/07 16:29:04 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/08/07 16:29:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/08/07 16:29:00 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/08/07 16:29:00 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/08/07 16:28:58 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/08/07 16:28:52 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/08/07 16:28:34 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/08/07 16:28:34 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/08/07 16:28:29 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/08/07 16:28:27 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/08/07 16:28:26 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/08/07 16:28:26 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/08/07 16:28:25 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/08/07 16:28:25 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/08/07 16:28:24 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/08/07 16:28:23 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/08/07 16:28:21 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/08/07 16:28:21 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/08/07 16:28:19 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/08/07 16:28:17 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/08/07 16:23:04 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui
[2011/08/07 16:22:56 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/08/07 16:22:56 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/08/07 16:22:56 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/08/07 16:22:43 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/08/07 16:22:41 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/08/07 16:22:40 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/08/06 17:31:42 | 000,000,930 | ---- | M] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/08/06 17:31:42 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/25 07:44:39 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rick\Desktop\tdsskiller.exe
[2011/07/24 16:26:05 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Rick\Desktop\aswMBR.exe
[2011/07/20 07:47:57 | 071,874,960 | ---- | M] () -- C:\Users\Rick\Desktop\cureit.exe

========== Files Created - No Company Name ==========

[2011/08/16 07:29:01 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/08/07 17:53:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/08/07 17:52:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/08/07 17:03:44 | 000,000,943 | ---- | C] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/07 16:33:45 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/08/02 10:29:29 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011/08/02 10:29:27 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/08/02 10:29:27 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011/08/02 10:29:17 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011/08/02 10:29:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/08/02 10:29:12 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011/08/02 10:28:34 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/08/02 10:28:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/08/02 10:28:17 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011/08/02 10:28:16 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011/08/02 10:28:12 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/07/20 07:47:57 | 071,874,960 | ---- | C] () -- C:\Users\Rick\Desktop\cureit.exe
[2011/06/24 21:54:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/24 21:54:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/24 21:54:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/24 21:54:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/24 21:54:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/15 23:51:25 | 000,000,144 | ---- | C] () -- C:\ProgramData\~39706360r
[2011/05/15 23:51:24 | 000,000,120 | ---- | C] () -- C:\ProgramData\~39706360
[2011/05/15 23:46:14 | 000,000,344 | ---- | C] () -- C:\ProgramData\39706360
[2011/04/26 20:05:57 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/26 20:05:57 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/03/19 09:37:23 | 000,003,584 | ---- | C] () -- C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/10 23:00:28 | 000,000,000 | ---- | C] () -- C:\Users\Rick\AppData\Roaming\wklnhst.dat
[2011/02/26 13:38:27 | 000,000,149 | ---- | C] () -- C:\Windows\wininit.ini
[2010/12/21 16:59:21 | 000,001,356 | ---- | C] () -- C:\Users\Rick\AppData\Local\d3d9caps.dat
[2010/12/12 22:52:04 | 000,000,007 | ---- | C] () -- C:\Windows\System32\mkghj.dll
[2010/10/26 22:36:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/10/04 22:39:02 | 000,348,160 | ---- | C] () -- C:\Windows\System32\cdga.dll
[2009/08/29 12:51:57 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/08/16 23:53:33 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/02/22 12:40:05 | 000,077,824 | ---- | C] () -- C:\Windows\System32\HPZIDS01.dll
[2008/05/02 22:59:35 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2008/05/01 18:31:02 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/01/02 20:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 20:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 20:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 20:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/05/14 08:13:40 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/05/14 08:13:40 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/05/14 07:58:55 | 000,103,437 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/05/14 05:33:25 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/05/14 05:33:25 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/02/27 16:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,446,856 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,626,030 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,112,462 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 20:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 08:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/07/24 16:26:05 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Rick\Desktop\aswMBR.exe
[2011/05/24 21:37:22 | 000,459,752 | ---- | M] () -- C:\Users\Rick\Desktop\CAInstall.exe
[2011/08/10 19:57:04 | 004,168,557 | R--- | M] (Swearware) -- C:\Users\Rick\Desktop\commy.exe
[2011/07/20 07:47:57 | 071,874,960 | ---- | M] () -- C:\Users\Rick\Desktop\cureit.exe
[2010/10/23 10:09:24 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Rick\Desktop\jre-6u22-windows-i586.exe
[2010/10/23 18:45:43 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rick\Desktop\mbam-setup-1.46.exe
[2011/07/12 23:45:56 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rick\Desktop\mbam-setup-1.51.0.1200.exe
[2011/05/30 20:02:06 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
[2011/03/02 21:18:06 | 006,277,496 | ---- | M] (Microsoft Corporation) -- C:\Users\Rick\Desktop\Silverlight.exe
[2011/07/25 07:44:39 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rick\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2006/09/18 17:34:14 | 000,127,213 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\ega.cpi
[2006/11/02 03:29:16 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\stdole2.tlb

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2007/05/14 07:48:51 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2010/10/23 10:27:41 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/10/04 19:56:57 | 000,000,000 | ---D | M] -- C:\Program Files\AIM Toolbar
[2009/06/15 00:30:46 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2008/11/06 00:42:41 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/05/25 07:51:18 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/06/24 19:09:22 | 000,000,000 | ---D | M] -- C:\Program Files\CA
[2011/08/10 20:03:43 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/10/04 22:39:00 | 000,000,000 | ---D | M] -- C:\Program Files\Cucusoft
[2011/02/26 13:40:50 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2007/05/14 08:01:18 | 000,000,000 | ---D | M] -- C:\Program Files\earthlink totalaccess
[2010/12/12 00:38:36 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2007/05/14 08:26:33 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/12/21 21:08:01 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2007/05/14 08:16:50 | 000,000,000 | ---D | M] -- C:\Program Files\HPQ
[2011/06/01 07:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2007/05/14 07:12:09 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/08/07 16:39:02 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/05/25 08:13:34 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/05/25 08:15:44 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/10/23 10:12:47 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/08/29 12:43:51 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2011/08/06 17:31:42 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/18 15:00:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Digital Image 2006
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/12/17 16:04:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Location Finder
[2009/06/15 00:08:36 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft money 2006
[2011/08/07 16:12:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/06/22 20:22:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/09/27 12:07:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/09/27 12:03:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2011/03/08 08:15:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/04/18 14:46:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works Suite 2006
[2010/11/25 11:50:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2007/05/14 06:49:40 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola
[2011/08/02 10:50:53 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/09/27 12:07:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/11/05 00:34:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/05/14 08:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2007/05/14 08:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/01/02 11:59:08 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/05/14 08:15:12 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/11/27 11:58:09 | 000,000,000 | ---D | M] -- C:\Program Files\RealArcade
[2007/05/14 08:13:35 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/08/16 23:52:42 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2010/02/13 19:16:56 | 000,000,000 | ---D | M] -- C:\Program Files\Rhapsody
[2007/05/14 07:31:15 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/10/04 20:02:49 | 000,000,000 | ---D | M] -- C:\Program Files\Sallys Salon
[2008/11/29 14:05:01 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2007/05/14 06:55:48 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2008/05/02 23:00:18 | 000,000,000 | ---D | M] -- C:\Program Files\Tencent
[2009/04/18 22:41:37 | 000,000,000 | ---D | M] -- C:\Program Files\TERMINAL Studio
[2010/12/11 20:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/11/02 09:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2008/03/08 09:54:46 | 000,000,000 | ---D | M] -- C:\Program Files\Vongo
[2011/06/24 19:01:45 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2011/08/02 10:50:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2011/08/02 10:50:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2011/08/02 10:50:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2011/08/02 10:50:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/08/02 10:50:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/08/02 10:50:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/08/02 10:50:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2011/08/08 03:29:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2011/08/02 10:50:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2007/11/08 00:53:03 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/05/14 08:18:44 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/05/14 08:18:44 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/05/14 08:18:44 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/15 20:33:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/15 20:33:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/15 20:33:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: DISK.SYS >
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2009/04/10 23:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/10 23:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/10 23:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2007/02/12 10:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007/02/12 10:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\SwSetup\Robson\Winall\Driver64\IaStor.sys
[2007/02/12 10:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iaStor.sys
[2007/02/12 10:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SwSetup\Robson\Winall\Driver\iaStor.sys
[2007/02/12 10:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007/02/12 10:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009/04/10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-08 07:13:09

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/08/07 16:33:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/08/07 16:33:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/08/07 16:33:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/08/07 16:33:53 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/08/07 16:33:53 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/08/07 16:33:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/08/07 16:33:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/08/07 16:33:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/08/07 16:33:53 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/08/07 16:33:53 | 000,748,336 | ---- | M] (Microsoft Corporation)

< End of report >

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Dr Jay on Sat Aug 20, 2011 5:14 pm

No malware there...did you get ComboFix run?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Mon Aug 22, 2011 1:08 am

Here is a combofix log:

ComboFix 11-08-21.01 - Rick 08/21/2011 20:44:36.3.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1014.352 [GMT -4:00]
Running from: c:\users\Rick\Desktop\commy.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-22 to 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 00:50 . 2011-08-22 00:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-22 00:50 . 2011-08-22 00:50 -------- d-----w- c:\users\Matthew\AppData\Local\temp
2011-08-22 00:50 . 2011-08-22 00:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-22 00:50 . 2011-08-22 00:50 -------- d-----w- c:\users\Danni\AppData\Local\temp
2011-08-22 00:50 . 2011-08-22 00:50 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-08-22 00:40 . 2011-08-22 00:41 -------- d-----w- C:\commy32140c
2011-08-19 12:05 . 2011-08-19 12:05 -------- d-----w- C:\commy15236c
2011-08-11 00:11 . 2011-08-22 00:50 -------- d-----w- c:\users\Rick\AppData\Local\temp
2011-08-10 23:57 . 2011-08-11 00:11 -------- d-----w- C:\commy11848c
2011-08-10 23:56 . 2011-08-10 23:57 -------- d-----w- C:\commy26247c
2011-08-08 11:27 . 2011-08-08 11:41 -------- d-----w- C:\commy17934c
2011-08-08 11:27 . 2011-08-08 11:27 -------- d-----w- C:\commy3121c
2011-08-08 07:29 . 2011-08-08 07:29 -------- d-----w- c:\program files\Windows Portable Devices
2011-08-07 21:49 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-08-07 21:49 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-08-07 21:49 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-08-07 21:46 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-07 21:46 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-07 21:46 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-08-07 21:27 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-08-07 20:29 . 2011-08-07 20:29 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-08-07 20:29 . 2011-08-07 20:29 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-08-07 20:29 . 2011-08-07 20:29 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-08-07 20:29 . 2011-08-07 20:29 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-08-07 20:22 . 2011-08-07 20:22 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-08-07 20:22 . 2011-08-07 20:22 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-08-07 20:22 . 2011-08-07 20:22 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-08-07 20:22 . 2011-08-07 20:22 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-08-07 20:22 . 2011-08-07 20:22 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-08-07 20:22 . 2011-08-07 20:22 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-08-07 20:22 . 2011-08-07 20:22 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-08-06 21:02 . 2011-08-06 21:18 -------- d-----w- C:\commy20193c
2011-08-06 19:55 . 2011-08-06 20:11 -------- d-----w- C:\commy21913c
2011-08-06 19:55 . 2011-08-06 19:55 -------- d-----w- C:\commy27062c
2011-08-02 20:42 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-08-02 20:42 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-08-02 20:42 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-08-02 20:41 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-08-02 15:43 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-02 15:43 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-08-02 14:50 . 2011-08-02 14:50 -------- d-----w- c:\windows\system32\ca-ES
2011-08-02 14:50 . 2011-08-02 14:50 -------- d-----w- c:\windows\system32\eu-ES
2011-08-02 14:50 . 2011-08-02 14:50 -------- d-----w- c:\windows\system32\vi-VN
2011-08-02 14:47 . 2011-08-02 14:47 -------- d-----w- c:\windows\system32\SPReview
2011-08-02 14:30 . 2009-04-11 03:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2011-08-02 14:30 . 2009-04-11 03:27 57856 ----a-w- c:\windows\system32\compcln.exe
2011-08-02 13:53 . 2011-08-02 13:53 -------- d-----w- C:\symbols
2011-08-02 07:05 . 2011-08-02 07:05 -------- d-----w- C:\Temp
2011-07-31 23:30 . 2005-05-05 19:28 3180272 ----a-w- C:\WindowsXP-KB897574-x86-Symbols-ENU.exe
2011-07-31 23:30 . 2005-05-05 19:27 2838256 ----a-w- C:\WindowsXP-KB897574-x86-ENU.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 00:36 . 2011-06-07 11:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-07 20:23 . 2011-08-07 20:23 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-07-11 01:52 . 2011-01-13 04:08 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-06 23:52 . 2011-06-25 13:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 23:52 . 2010-10-23 22:46 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-02 13:34 . 2011-07-17 03:49 2043392 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-03 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-03 133656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2009-03-27 19:27 79368 ----a-w- c:\windows\System32\UmxWNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=UmxSbxExw.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-657123074-2168591063-2726947195-1004]
"EnableNotificationsRef"=dword:00000001
.
R0 KmxFw;KmxFw;c:\windows\System32\DRIVERS\kmxfw.sys [2010-09-24 107600]
R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2010-09-24 79864]
R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2010-09-24 61008]
R1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\DRIVERS\KmxFilter.sys [2010-09-24 58448]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2010-09-24 150608]
R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2010-09-24 61008]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [x]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [x]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [x]
R3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2010-09-24 244304]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 11:19]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-08-21 20:54:16
ComboFix-quarantined-files.txt 2011-08-22 00:54
ComboFix2.txt 2011-08-11 00:11
ComboFix3.txt 2011-08-08 11:41
ComboFix4.txt 2011-08-06 21:18
ComboFix5.txt 2011-08-22 00:41
.
Pre-Run: 104,735,166,464 bytes free
Post-Run: 104,745,197,568 bytes free
.
- - End Of File - - 83547DC94C3FDD6FF849F8266A75AB7A

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Dr Jay on Mon Aug 22, 2011 8:39 pm

Please download aswMBR from [You must be registered and logged in to see this link.]


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are [You must be registered and logged in to see this link.]


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Mon Aug 22, 2011 11:37 pm

Thanks, this is the log:

aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-08-22 19:27:19
-----------------------------
19:27:19.302 OS Version: Windows 6.0.6002 Service Pack 2
19:27:19.302 Number of processors: 2 586 0xF0D
19:27:19.302 ComputerName: DANNI-PC UserName: Rick
19:27:32.978 Initialize success
19:29:20.491 AVAST engine defs: 11082201
19:29:41.116 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:29:41.119 Disk 0 Vendor: FUJITSU_ 891F Size: 152627MB BusType: 3
19:29:41.134 Disk 0 MBR read successfully
19:29:41.137 Disk 0 MBR scan
19:29:41.185 Disk 0 unknown MBR code
19:29:41.191 Disk 0 scanning sectors +312576705
19:29:41.260 Disk 0 scanning C:\Windows\system32\drivers
19:29:54.430 Service scanning
19:29:56.131 Modules scanning
19:30:04.332 Disk 0 trace - called modules:
19:30:04.346
19:30:06.848 AVAST engine scan C:\Windows
19:30:10.917 AVAST engine scan C:\Windows\system32
19:32:44.000 AVAST engine scan C:\Windows\system32\drivers
19:32:58.698 AVAST engine scan C:\Users\Rick
19:36:10.974 Disk 0 MBR has been saved successfully to "C:\Users\Rick\Desktop\MBR.dat"
19:36:10.983 The log file has been saved successfully to "C:\Users\Rick\Desktop\aswMBR.txt"



Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Dr Jay on Tue Aug 23, 2011 11:19 am

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Tue Aug 23, 2011 11:37 pm

It says found non-standard or infected MBR and gave me the options to (i) dump the MBR of a physical disc to file, (ii) restore the MBR of a physical disc with a standard boot code or (iii) exit. Not sure what to choose....

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Wed Aug 24, 2011 12:26 am

Ran an aswMBR for the heck of it and got the following log:

aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-08-23 19:39:48
-----------------------------
19:39:48.396 OS Version: Windows 6.0.6002 Service Pack 2
19:39:48.396 Number of processors: 2 586 0xF0D
19:39:48.396 ComputerName: DANNI-PC UserName: Rick
19:39:57.507 Initialize success
19:40:06.913 AVAST engine defs: 11082201
19:40:37.770 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:40:37.786 Disk 0 Vendor: FUJITSU_ 891F Size: 152627MB BusType: 3
19:40:37.801 Disk 0 MBR read successfully
19:40:37.801 Disk 0 MBR scan
19:40:37.817 Disk 0 unknown MBR code
19:40:37.817 Disk 0 scanning sectors +312576705
19:40:37.895 Disk 0 scanning C:\Windows\system32\drivers
19:40:50.484 Service scanning
19:40:52.122 Modules scanning
19:40:57.582 Disk 0 trace - called modules:
19:40:57.598 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
19:40:57.598 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85314210]
19:40:57.613 3 CLASSPNP.SYS[865b28b3] -> nt!IofCallDriver -> [0x84e448c8]
19:40:58.113 5 acpi.sys[8649d6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84900030]
19:40:58.971 AVAST engine scan C:\Windows
19:41:02.574 AVAST engine scan C:\Windows\system32
19:43:19.012 AVAST engine scan C:\Windows\system32\drivers
19:43:31.851 AVAST engine scan C:\Users\Rick
19:51:20.365 AVAST engine scan C:\ProgramData
19:53:15.681 Scan finished successfully
20:22:54.127 Disk 0 MBR has been saved successfully to "C:\Users\Rick\Desktop\MBR.dat"
20:22:54.143 The log file has been saved successfully to "C:\Users\Rick\Desktop\aswMBR.txt"



Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Dr Jay on Wed Aug 24, 2011 1:49 am

Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Enter 'Y' and then press Enter.
  • When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes followed by a list of operating systems as shown below:
    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive:
  • Please select your version of Windows from the list and enter the corresponding number and then press Enter.
  • When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
  • Left-click on the title bar (where program name and path is written).
  • From the menu chose Edit -> Select All.
  • Press the Enter key to copy selected text.
  • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  • If your computer does not restart on its own, please restart it manually.

Important Note: The Master Boot Record contains the Partition Table for the hard disk and a a little executable code for the boot start. While fixing the [You must be registered and logged in to see this link.] is generally safe, there is a small risk of damaging the MBR, which may cause the computer to not boot up or it may corrupt a partition.

The following are signs of a damaged MBR:
  • Invalid Partition Table
  • Missing Operating System
  • Error loading operating system


If it is the worst case scenario, and your computer cannot boot, please take note of the following:

Please have your Windows CD available, which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the [You must be registered and logged in to see this link.] before proceeding with the above fix. Then, if any problems occur, the links below explain how to use and repair the MBR:

If you do not have a Windows CD available, please let me know. You will need access to a computer that can burn CDs.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Wed Aug 24, 2011 3:14 am

I was able to reboot but still only in safe mode. Here is the log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6500 Notebook PC
Logical Drives Mask: 0x0000005c

Kernel Drivers (total 122):
0x82208000 \SystemRoot\system32\ntkrnlpa.exe
0x825C2000 \SystemRoot\system32\hal.dll
0x80602000 \SystemRoot\system32\kdcom.dll
0x80609000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80679000 \SystemRoot\system32\PSHED.dll
0x8068A000 \SystemRoot\system32\BOOTVID.dll
0x80692000 \SystemRoot\system32\CLFS.SYS
0x806D3000 \SystemRoot\system32\CI.dll
0x8640C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x86488000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x86495000 \SystemRoot\system32\drivers\acpi.sys
0x864DB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x864E4000 \SystemRoot\system32\drivers\msisadrv.sys
0x864EC000 \SystemRoot\system32\drivers\pci.sys
0x86513000 \SystemRoot\System32\drivers\partmgr.sys
0x86522000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x86525000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8652F000 \SystemRoot\system32\drivers\volmgr.sys
0x8653E000 \SystemRoot\System32\drivers\volmgrx.sys
0x86588000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8658F000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8659D000 \SystemRoot\System32\drivers\mountmgr.sys
0x86602000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x866C0000 \SystemRoot\system32\drivers\atapi.sys
0x866C8000 \SystemRoot\system32\drivers\ataport.SYS
0x866E6000 \SystemRoot\system32\drivers\fltmgr.sys
0x86718000 \SystemRoot\system32\drivers\fileinfo.sys
0x86728000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x86755000 \SystemRoot\System32\DRIVERS\msrpc.sys
0x86780000 \SystemRoot\System32\DRIVERS\NETIO.SYS
0x86803000 \SystemRoot\System32\DRIVERS\NDIS.SYS
0x86919000 \SystemRoot\System32\DRIVERS\fwpkclnt.sys
0x86934000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8693D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x86A01000 \SystemRoot\System32\drivers\tcpip.sys
0x86AEB000 \SystemRoot\System32\Drivers\Ntfs.sys
0x869AE000 \SystemRoot\system32\drivers\volsnap.sys
0x869EF000 \SystemRoot\System32\Drivers\mup.sys
0x867BB000 \SystemRoot\System32\drivers\ecache.sys
0x867E2000 \SystemRoot\system32\drivers\disk.sys
0x865AD000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x867F3000 \SystemRoot\system32\drivers\crcdisk.sys
0x89CC6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x89CD1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x89CDA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x89CE3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x89CEE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x89D2C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x89D3B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A003000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8A22A000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8A241000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8A251000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8A25F000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8A26E000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8A282000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8A2D3000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x8A2D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8A2E6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8A2ED000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A300000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A30B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8A336000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8A338000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A343000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A35B000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8A361000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A390000 \SystemRoot\system32\DRIVERS\storport.sys
0x8A3D1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8A3DC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8A3F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x89DC8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x89DEB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x865CE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x865E2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x86744000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8A3FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x807B3000 \SystemRoot\system32\DRIVERS\ks.sys
0x8690E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x807DD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A60A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8A63F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8A648000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8A659000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8A662000 \SystemRoot\System32\Drivers\Null.SYS
0x8A669000 \SystemRoot\System32\Drivers\Beep.SYS
0x8A670000 \SystemRoot\System32\drivers\vga.sys
0x8A67C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8A69D000 \SystemRoot\System32\drivers\watchdog.sys
0x8A6A9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8A6B1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8A6BC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8A6CA000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8A6D3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8A6E9000 \SystemRoot\system32\DRIVERS\smb.sys
0x8A6FD000 \SystemRoot\system32\drivers\afd.sys
0x8A745000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8A777000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8A79F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8A7AD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8A7E9000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B604000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B61B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8B632000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B63F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x81650000 \SystemRoot\System32\win32k.sys
0x8B6FD000 \SystemRoot\System32\drivers\Dxapi.sys
0x81860000 \SystemRoot\System32\drivers\dxg.sys
0x81890000 \SystemRoot\System32\TSDDD.dll
0x81910000 \SystemRoot\System32\framebuf.dll
0x8B707000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8B731000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8B73B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8B754000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8B769000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8B788000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8B7C1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8B7D9000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x89C15000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8B7EF000 \??\C:\Users\Rick\AppData\Local\Temp\aswMBR.sys
0x89C3D000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x77520000 \Windows\System32\ntdll.dll

Processes (total 27):
0 System Idle Process
4 System
388 C:\Windows\System32\smss.exe
448 csrss.exe
484 csrss.exe
492 C:\Windows\System32\wininit.exe
536 C:\Windows\System32\winlogon.exe
564 C:\Windows\System32\services.exe
580 C:\Windows\System32\lsass.exe
588 C:\Windows\System32\lsm.exe
724 C:\Windows\System32\svchost.exe
780 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1164 C:\Windows\explorer.exe
1264 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\svchost.exe
1404 C:\Windows\System32\svchost.exe
1520 C:\Windows\System32\svchost.exe
1488 C:\Program Files\Amazon\MP3 Downloader\AmazonMP3Downloader.exe
400 C:\Program Files\Internet Explorer\iexplore.exe
1892 C:\Program Files\Internet Explorer\iexplore.exe
1492 C:\Program Files\iTunes\iTunes.exe
312 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
1852 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
1204 C:\Users\Rick\AppData\Local\temp\Temporary Internet Files\Content.IE5\07IUWLVA\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000023`311b9000 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: FUJITSUMHW2160BHPL, Rev: 891F
PhysicalDrive1 Model Number: WD10EAVS External, Rev: 1.65

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC
931 GB \\.\PhysicalDrive1 RE: Western Digital MBR code detected
SHA1: CCCF1B32EE08ECFB66B30883CFF6110F69219FEA


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Dr Jay on Fri Aug 26, 2011 12:31 am

Now, please re-run MBRCheck and post a new log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Fri Aug 26, 2011 12:57 am

okay, here it is:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6500 Notebook PC
Logical Drives Mask: 0x0000005c

Kernel Drivers (total 121):
0x8224E000 \SystemRoot\system32\ntkrnlpa.exe
0x8221B000 \SystemRoot\system32\hal.dll
0x80609000 \SystemRoot\system32\kdcom.dll
0x80610000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80680000 \SystemRoot\system32\PSHED.dll
0x80691000 \SystemRoot\system32\BOOTVID.dll
0x80699000 \SystemRoot\system32\CLFS.SYS
0x806DA000 \SystemRoot\system32\CI.dll
0x8640C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x86488000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x86495000 \SystemRoot\system32\drivers\acpi.sys
0x864DB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x864E4000 \SystemRoot\system32\drivers\msisadrv.sys
0x864EC000 \SystemRoot\system32\drivers\pci.sys
0x86513000 \SystemRoot\System32\drivers\partmgr.sys
0x86522000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x86525000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8652F000 \SystemRoot\system32\drivers\volmgr.sys
0x8653E000 \SystemRoot\System32\drivers\volmgrx.sys
0x86588000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8658F000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8659D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8660C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x866CA000 \SystemRoot\system32\drivers\atapi.sys
0x866D2000 \SystemRoot\system32\drivers\ataport.SYS
0x866F0000 \SystemRoot\system32\drivers\fltmgr.sys
0x86722000 \SystemRoot\system32\drivers\fileinfo.sys
0x86732000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8675F000 \SystemRoot\System32\DRIVERS\msrpc.sys
0x8678A000 \SystemRoot\System32\DRIVERS\NETIO.SYS
0x86801000 \SystemRoot\System32\DRIVERS\NDIS.SYS
0x86917000 \SystemRoot\System32\DRIVERS\fwpkclnt.sys
0x86932000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8693B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x86A07000 \SystemRoot\System32\drivers\tcpip.sys
0x86C05000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86D15000 \SystemRoot\system32\drivers\volsnap.sys
0x86D56000 \SystemRoot\System32\Drivers\mup.sys
0x86D65000 \SystemRoot\System32\drivers\ecache.sys
0x86D8C000 \SystemRoot\system32\drivers\disk.sys
0x86D9D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x86DBE000 \SystemRoot\system32\drivers\crcdisk.sys
0x86DD4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x86DDF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x86DE8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x86DF1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x86BAF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x86BED000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A40B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A805000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8AA2C000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8AA43000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8AA53000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8AA61000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8AA70000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8AA84000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8AAD5000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x8AAD8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8AAE8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8AAEF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8AB02000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AB0D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8AB38000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8AB3A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AB45000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AB5D000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8AB63000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8AB92000 \SystemRoot\system32\DRIVERS\storport.sys
0x8ABD3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8ABDE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8ABF5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A498000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A4BB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A4CA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A4DE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8A4F3000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8A800000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A503000 \SystemRoot\system32\DRIVERS\ks.sys
0x8A52D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A537000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A544000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8A579000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8A582000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8A593000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8A59C000 \SystemRoot\System32\Drivers\Null.SYS
0x8A5A3000 \SystemRoot\System32\Drivers\Beep.SYS
0x8A5AA000 \SystemRoot\System32\drivers\vga.sys
0x8A5B6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8A5D7000 \SystemRoot\System32\drivers\watchdog.sys
0x8A5E3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8A5EB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x869AC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8A5F6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x869BA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x869D0000 \SystemRoot\system32\DRIVERS\smb.sys
0x865AD000 \SystemRoot\system32\drivers\afd.sys
0x867C5000 \SystemRoot\System32\DRIVERS\netbt.sys
0x869E4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x86741000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x807BA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8BC06000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8BC42000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8BC4C000 \SystemRoot\System32\Drivers\dfsc.sys
0x8BC63000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8BC70000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x818F0000 \SystemRoot\System32\win32k.sys
0x8BD2E000 \SystemRoot\System32\drivers\Dxapi.sys
0x81B00000 \SystemRoot\System32\drivers\dxg.sys
0x81B30000 \SystemRoot\System32\TSDDD.dll
0x81BB0000 \SystemRoot\System32\framebuf.dll
0x8BD38000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8BD62000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8BD6C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8BD85000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8BD9A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8BDB9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x86AF1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x86B09000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x86B1F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x86B34000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77310000 \Windows\System32\ntdll.dll

Processes (total 26):
0 System Idle Process
4 System
388 C:\Windows\System32\smss.exe
448 csrss.exe
484 csrss.exe
492 C:\Windows\System32\wininit.exe
528 C:\Windows\System32\winlogon.exe
564 C:\Windows\System32\services.exe
580 C:\Windows\System32\lsass.exe
588 C:\Windows\System32\lsm.exe
728 C:\Windows\System32\svchost.exe
784 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1212 C:\Windows\explorer.exe
1260 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\svchost.exe
1392 C:\Windows\System32\svchost.exe
1496 C:\Windows\System32\svchost.exe
1620 C:\Program Files\iTunes\iTunes.exe
1128 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
1528 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
3328 C:\Program Files\Internet Explorer\iexplore.exe
2328 C:\Program Files\Internet Explorer\iexplore.exe
2628 C:\Users\Rick\AppData\Local\temp\Temporary Internet Files\Content.IE5\FYYYHMJU\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000023`311b9000 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: FUJITSUMHW2160BHPL, Rev: 891F
PhysicalDrive1 Model Number: WD10EAVS External, Rev: 1.65

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC
931 GB \\.\PhysicalDrive1 RE: Western Digital MBR code detected
SHA1: CCCF1B32EE08ECFB66B30883CFF6110F69219FEA


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Dr Jay on Fri Aug 26, 2011 12:22 pm

Please download Stealth MBR Rootkit Detector by GMER from [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click mbr.exe to start the program.
  • When done scanning, it will save a log on the Desktop called mbr.log.
  • Please post the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Fri Aug 26, 2011 11:02 pm

Is it supposed to be as short as this?

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [You must be registered and logged in to see this link.]
Windows 6.0.6002 Disk: FUJITSU_ rev.891F -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Dr Jay on Sat Aug 27, 2011 10:28 pm

Yes, looks good. How is your computer running?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Sun Aug 28, 2011 2:55 pm

unfortunately I still got a blue screen shut down after booting up in normal mode.

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Dr Jay on Sun Aug 28, 2011 11:45 pm

So right away in Normal Mode...BSOD??


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Mon Aug 29, 2011 12:09 am

The computer loaded up and I opened explorer. I got BSOD within 5 seconds. Sometimes it happens without opening any specific program. Others as soon as I open something.

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Dr Jay on Wed Aug 31, 2011 10:24 am

Upload Dump Files:
Please go to C:\Windows\Minidump and zip up the contents of the folder. Then upload/attach the .zip file with your next post.
Left click on the first minidump file.
Hold down the "Shift" key and left click on the last minidump file.
Right click on the blue highlighted area and select "Send to"
Select "Compressed (zipped) folder" and note where the folder is saved.
Upload that .zip file with your next post.

If you have issues with "Access Denied" errors, try copying the files to your desktop and zipping them up from there. If it still won't let you zip them up, post back for further advice.

If you don't have anything in that folder, please check in C:\Windows for a file named MEMORY.DMP. If you find it, zip it up and upload it to a free file hosting service . I recommend Windows Live SkyDrive - [You must be registered and logged in to see this link.] or another free, file-hosting service. Then post the link to it in your topic so that we can download it.

Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file): [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Thu Sep 01, 2011 2:06 am

okay, I think this should work:

[You must be registered and logged in to see this link.]

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Thu Sep 01, 2011 2:10 am

I think this is the same thing but I logged on this time:

[You must be registered and logged in to see this link.]

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Dr Jay on Sat Sep 03, 2011 11:40 am

Please follow this tutorial on using MEMTEST

[You must be registered and logged in to see this link.]

Let me know how it works.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Tue Sep 06, 2011 1:44 am

Thanks. I was able to run the memtest86 and let it run 9 passes. It showed no errors and I stopped it. The computer still "blue screened" when it restarted.

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Dr Jay on Wed Sep 07, 2011 11:19 am

Do you remember the bugcheck code?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Wed Sep 07, 2011 11:55 am

the only thing I wrote down was "slot 0: 512 MB DDR2-333-Qimonda 64T64020HDL35B" It then repeated it for "slot 1". Not sure if that's what you're referring to.

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Dr Jay on Thu Sep 08, 2011 11:35 am

The code on the blue screen...


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Fri Sep 09, 2011 11:55 am

Happens quick before it closes. This is what I was able to pick up: DriverIRQL not less than equal. There was also the code DX000000D1 followed by some others in parentheticals that I wasn't able to catch.

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Dr Jay on Sat Sep 10, 2011 12:19 pm

Please run hard drive tests....

[You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Sat Sep 17, 2011 11:21 pm

I've been trying but I just don't think I'm technologically sophisticated enough to complete this....

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Dr Jay on Sun Sep 18, 2011 7:17 pm

To Run the SFC /SCANNOW Command in Windows 7
1. Open an [You must be registered and logged in to see this link.]

2. To Scan and Repair System Files
NOTE: Scans the integrity of all protected system files and repairs the system files if needed.
A) In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
NOTE: This may take some time to finish.



B) Go to step 4.

3. To Only Verify if the System Files are Corrupted
NOTE: Scans and only verifies the integrity of all proteced system files only.
A) In the elevated command prompt, type sfc /verifyonly and press Enter.

4. When the scan is complete, hopefully you will see all is ok like the screenshot below.
NOTE: If not, then you can attempt to run a [You must be registered and logged in to see this link.] using a restore point dated before the bad file occured to fix it. You may need to repeat doing a System Restore until you find a older restore point that may work.



5. When done, close the elevated command prompt.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Mon Sep 19, 2011 11:20 pm

Thanks. It found no integrity issues.

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Dr Jay on Tue Sep 20, 2011 4:08 pm

Download, install, and run [You must be registered and logged in to see this link.].
Click on Take snapshot in the left pane.
New pop-up window will open.
Click on Save snapshot, and save the file as snap (.xml extension will be added automatically) to know location.

Zip the file, and attach it to your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Wed Sep 21, 2011 12:21 am

Hi, I hope this is correct:

[You must be registered and logged in to see this link.]

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Dr Jay on Fri Sep 23, 2011 1:40 pm

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




On the General tab, make sure all of the boxes are checked.




On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.



Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to [You must be registered and logged in to see this link.] If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Sat Sep 24, 2011 1:45 pm

Great. Here is the link:

[You must be registered and logged in to see this link.]

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Dr Jay on Mon Sep 26, 2011 2:07 pm

Jotti File Submission:
  • Please go to [You must be registered and logged in to see this link.]

  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\Windows\System32\mkghj.dll


  • Click on the submit button

  • Please post the results (URL) in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Mon Sep 26, 2011 11:55 pm

Don't see a URL - it says 0 of 20 found malware.

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Dr Jay on Wed Sep 28, 2011 1:49 pm

Okay good...tell me all of the problems currently...


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Heroes on Fri Sep 30, 2011 11:54 am

It worked normally this morning but I'm affraid to reboot. I'm a bit sceptical and will check back in in a day or two - I've been fooled into this false sense of satisfaction before... :-). Is there a free virus program that you suggest?

Heroes
Intermediate
Intermediate

Posts Posts : 99
Joined Joined : 2009-10-03
OS OS : XP
Points Points : 27567
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Thought I had it licked....

Post by Dr Jay on Sat Oct 01, 2011 12:02 am

Antivirus?

Right now, Avast is my friendly free AV: [You must be registered and logged in to see this link.]

If you get commonly infected, it is recommended to get a premium antivirus program...

For the antivirus program I most recommend is Kaspersky Antivirus. It yields the highest results in antivirus testing groups, and is one of the most trusted. Its antivirus product is well worth its cost. If you would like to know more, please click on the Kaspersky logo in my signature and it will take you to the appropriate product choice page so you can understand all of the different products.

While I would rather see you interested in Kaspersky Internet Security, the antivirus program will suffice enough. Both programs are well maintained and well above average for any security program. We're truly lucky Kaspersky exists as one of the best, because it beats most other products by miles.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum