also @ TechSpot: Oculus Rift secures $16 million in Series A round of funding

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Win 7 Trojan:DOS/Alureon.A

Discussion in 'Virus and Malware Removal' started by No1Herd, Nov 4, 2012.

Post New Reply

Page 2 of 4

Broni Malware Annihilator Posts: 40,051 +187
Download RogueKiller on the desktop

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
Broni, Nov 5, 2012

#21
No1Herd Newcomer, in training Posts: 45

Sorry, again a no go. I tried both regular boot and safe mode.

No1Herd, Nov 5, 2012

#22
Broni Malware Annihilator Posts: 40,051 +187
OK. Let's go back to FRST...

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Restart normally and see how it goes.
Attached Files:
- fixlist.txt
  
  File size:
  
  22 bytes
  
  Views:
  
  5
Broni, Nov 5, 2012

#23
No1Herd Newcomer, in training Posts: 45

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2012
Ran by SYSTEM at 2012-11-05 23:37:30 Run:2
Running from F:\stuff
==============================================

========= bootrec /FixMbr =========
ÿþT h e o p e r a t I o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========

==== End of Fixlog ====

No1Herd, Nov 5, 2012

#24
No1Herd Newcomer, in training Posts: 45

Tdsskiller and roguekiller still not working

No1Herd, Nov 5, 2012

#25

Broni Malware Annihilator Posts: 40,051 +187

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

Broni, Nov 6, 2012

#26

No1Herd Newcomer, in training Posts: 45

Still will not run. I had the task manager open and noticed it did show in the processes but then disappeared. It still will not fully open the program.

No1Herd, Nov 6, 2012

#27
Broni Malware Annihilator Posts: 40,051 +187

Please post fresh FRST log.

Broni, Nov 6, 2012

#28
No1Herd Newcomer, in training Posts: 45

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012 (ATTENTION: FRST version is 7 days old)
Ran by SYSTEM at 06-11-2012 19:06:55
Running from F:\stuff
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKU\Administrator\...\Run: [AdobeBridge] [x]
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
==================== Services (Whitelisted) ===================
4 Autodesk Licensing Service; "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe" [79360 2011-06-08] (Autodesk)
4 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
4 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
4 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] ()
4 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152720 2012-05-29] (Lavasoft Limited)
4 McAfeeEngineService; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe" [20792 2010-03-25] (McAfee, Inc.)
4 McAfeeFramework; "C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [103744 2009-08-25] (McAfee, Inc.)
4 McShield; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe" [180968 2010-03-25] (McAfee, Inc.)
4 McTaskManager; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe" [66880 2010-03-25] (McAfee, Inc.)
2 mfevtp; C:\Windows\system32\mfevtps.exe [79504 2010-03-25] (McAfee, Inc.)
4 mi-raysat_3dsMax2009_64; "C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe" [65536 2008-03-09] ()
2 MsDtsServer100; "C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe" [210784 2011-04-23] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [61916000 2011-04-23] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
4 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm)
2 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -I MSSQLSERVER [428384 2011-04-23] (Microsoft Corporation)
2 vpnagent; "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe" [475088 2011-09-09] (Cisco Systems, Inc.)
==================== Drivers (Whitelisted) =====================
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2012-03-24] ()
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2011-11-03] (Lavasoft AB)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [97576 2010-03-25] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [120096 2010-03-25] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [469400 2010-03-25] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [78896 2010-03-25] (McAfee, Inc.)
1 mfetdik; C:\Windows\System32\Drivers\mfetdik.sys [84424 2010-03-25] (McAfee, Inc.)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
1 MpKsl1d91fe20; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77852585-2F4E-4A8E-AC28-1C735A12EAA5}\MpKsl1d91fe20.sys [35664 2012-11-05] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2012-11-05 19:07 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-11-05 17:59 - 2012-11-05 21:25 - 00000000 ____D C:\Stuff
2012-11-04 20:59 - 2012-11-04 21:00 - 00003615 ____A C:\Users\Administrator\Desktop\FRST.txt
2012-11-04 13:54 - 2012-11-04 06:24 - 01459963 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2012-11-04 13:35 - 2012-11-04 13:35 - 00687724 ____A (Swearware) C:\Users\Administrator\Desktop\dds.com
2012-11-04 13:35 - 2012-11-04 13:34 - 00302592 ____A C:\Users\Administrator\Desktop\r6yt3c6g.exe
2012-11-04 13:10 - 2012-11-04 13:09 - 00430592 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
2012-11-04 13:03 - 2012-11-04 13:01 - 04996943 ____A (Swearware) C:\Users\Administrator\Desktop\Commy.exe
2012-11-04 12:29 - 2012-11-04 12:56 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2012-11-04 12:02 - 2012-11-04 12:02 - 00000000 ____D C:\FRST
2012-11-03 13:48 - 2012-11-03 13:48 - 00000000 ____D C:\Windows\pss
2012-11-03 13:40 - 2012-11-04 13:44 - 00002198 ____A C:\Windows\epplauncher.mif
2012-11-03 13:40 - 2012-11-03 13:40 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-11-03 13:40 - 2012-11-03 13:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-11-03 13:39 - 2012-11-03 13:40 - 00000000 ____D C:\d2f0698d88b3cc6c3cb9a2
2012-11-03 12:37 - 2012-11-03 12:37 - 543703852 ____A C:\Windows\MEMORY.DMP
2012-11-03 12:37 - 2012-11-03 12:37 - 00280640 ____A C:\Windows\Minidump\110312-27502-01.dmp
2012-11-02 17:55 - 2012-11-02 17:55 - 00280640 ____A C:\Windows\Minidump\110212-39671-01.dmp
2012-11-01 15:22 - 2012-11-01 15:22 - 00280640 ____A C:\Windows\Minidump\110112-33087-01.dmp
2012-10-18 18:11 - 2012-10-18 18:15 - 00000000 ____D C:\Program Files (x86)\e-Sword
2012-10-18 18:11 - 2012-10-18 18:12 - 00000000 ____D C:\Users\Administrator\Documents\e-Sword
2012-10-18 18:11 - 2012-10-18 18:11 - 00001945 ____A C:\Users\Public\Desktop\e-Sword.lnk
2012-10-18 17:58 - 2012-10-18 18:09 - 53158717 ____A (Rick Meyers) C:\Users\Administrator\Downloads\setup1010.exe
2012-10-09 16:31 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-09 16:31 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-09 16:31 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-09 16:31 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-09 16:31 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-09 16:31 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-09 16:31 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-09 16:31 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-09 16:31 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-09 16:31 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-09 16:31 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-09 16:31 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-09 16:31 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-09 16:30 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-09 16:30 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-09 16:30 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-09 16:30 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-09 16:30 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-09 16:30 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-09 16:30 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-09 16:30 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-09 16:30 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-09 16:30 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-09 16:30 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-09 16:29 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-09 16:29 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-09 16:29 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-09 16:29 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-09 16:29 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-09 16:29 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-09 08:48 - 2012-10-09 08:48 - 00000000 ____D C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144 (1)
2012-10-09 08:42 - 2012-10-09 08:42 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144 (1).zip
2012-10-08 19:10 - 2012-10-08 19:10 - 00136510 ____A C:\Users\Administrator\Downloads\ak2loader (5).zip
2012-10-08 19:10 - 2012-10-08 19:10 - 00000000 ____D C:\Users\Administrator\Downloads\ak2loader (5)
2012-10-08 18:54 - 2012-10-08 18:55 - 00000000 ____D C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144
2012-10-08 17:38 - 2012-10-08 17:38 - 05303059 ____A C:\Users\Administrator\Downloads\AKAIO.1.9.0.zip
2012-10-08 17:33 - 2012-10-08 17:33 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144.zip

==================== 3 Months Modified Files ==================
2012-11-06 04:00 - 2011-02-08 08:38 - 01856161 ____A C:\Windows\WindowsUpdate.log
2012-11-05 21:50 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-05 21:50 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-05 21:46 - 2009-07-13 21:13 - 00877772 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-05 21:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-05 21:41 - 2009-07-13 20:51 - 00055964 ____A C:\Windows\setupact.log
2012-11-05 21:40 - 2012-03-24 16:44 - 00021249 ____A C:\aaw7boot.log
2012-11-04 21:00 - 2012-11-04 20:59 - 00003615 ____A C:\Users\Administrator\Desktop\FRST.txt
2012-11-04 13:44 - 2012-11-03 13:40 - 00002198 ____A C:\Windows\epplauncher.mif
2012-11-04 13:35 - 2012-11-04 13:35 - 00687724 ____A (Swearware) C:\Users\Administrator\Desktop\dds.com
2012-11-04 13:34 - 2012-11-04 13:35 - 00302592 ____A C:\Users\Administrator\Desktop\r6yt3c6g.exe
2012-11-04 13:09 - 2012-11-04 13:10 - 00430592 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
2012-11-04 13:01 - 2012-11-04 13:03 - 04996943 ____A (Swearware) C:\Users\Administrator\Desktop\Commy.exe
2012-11-04 12:56 - 2012-11-04 12:29 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2012-11-04 06:24 - 2012-11-04 13:54 - 01459963 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2012-11-03 13:42 - 2011-02-08 11:01 - 00209208 ____A C:\Windows\PFRO.log
2012-11-03 12:37 - 2012-11-03 12:37 - 543703852 ____A C:\Windows\MEMORY.DMP
2012-11-03 12:37 - 2012-11-03 12:37 - 00280640 ____A C:\Windows\Minidump\110312-27502-01.dmp
2012-11-02 17:55 - 2012-11-02 17:55 - 00280640 ____A C:\Windows\Minidump\110212-39671-01.dmp
2012-11-01 15:22 - 2012-11-01 15:22 - 00280640 ____A C:\Windows\Minidump\110112-33087-01.dmp
2012-10-31 18:31 - 2011-02-08 10:25 - 00093064 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-31 17:29 - 2009-07-13 20:45 - 04931480 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-20 06:52 - 2012-03-27 06:51 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-10-20 06:52 - 2012-03-27 06:51 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-10-18 18:11 - 2012-10-18 18:11 - 00001945 ____A C:\Users\Public\Desktop\e-Sword.lnk
2012-10-18 18:09 - 2012-10-18 17:58 - 53158717 ____A (Rick Meyers) C:\Users\Administrator\Downloads\setup1010.exe
2012-10-10 23:04 - 2011-02-08 12:59 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-09 08:42 - 2012-10-09 08:42 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144 (1).zip
2012-10-08 19:10 - 2012-10-08 19:10 - 00136510 ____A C:\Users\Administrator\Downloads\ak2loader (5).zip
2012-10-08 17:38 - 2012-10-08 17:38 - 05303059 ____A C:\Users\Administrator\Downloads\AKAIO.1.9.0.zip
2012-10-08 17:33 - 2012-10-08 17:33 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144.zip
2012-09-14 13:41 - 2012-03-24 07:00 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-09-14 11:19 - 2012-10-09 16:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-09 16:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-04 20:07 - 2012-09-04 20:07 - 00000755 ____A C:\Users\Administrator\Documents\appleuids.txt
2012-09-04 20:07 - 2012-09-04 20:05 - 93221790 ____A C:\Users\Administrator\Downloads\Rxdzz.txt
2012-09-04 19:30 - 2012-09-04 19:30 - 00010828 ____A C:\Users\Administrator\Documents\NFL.xlsx
2012-08-31 10:19 - 2012-10-09 16:30 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 18:03 - 2012-08-30 18:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 18:03 - 2012-08-30 18:03 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-30 10:03 - 2012-10-09 16:30 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:12 - 2012-10-09 16:30 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:12 - 2012-10-09 16:30 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-24 11:43 - 2012-08-24 11:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-08-24 10:05 - 2012-10-09 16:30 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 08:57 - 2012-10-09 16:30 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 03:15 - 2012-10-02 04:56 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-10-02 04:56 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-10-02 04:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-10-02 04:57 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-10-02 04:57 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-10-02 04:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-10-02 04:57 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-10-02 04:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-10-02 04:57 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-10-02 04:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-10-02 04:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-10-02 04:57 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-10-02 04:57 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-10-02 04:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-10-02 04:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-10-02 04:57 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-10-02 04:56 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-10-02 04:56 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-10-02 04:57 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-10-02 04:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-10-02 04:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-10-02 04:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-10-02 04:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-10-02 04:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-10-02 04:57 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-10-02 04:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-10-02 04:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-10-02 04:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-10-02 04:57 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-10-02 04:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-10-02 04:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-10-02 04:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 10:12 - 2012-09-12 04:13 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-12 04:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-12 04:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 04:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 13:01 - 2012-09-27 12:38 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-20 10:48 - 2012-10-09 16:31 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 10:48 - 2012-10-09 16:31 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 10:48 - 2012-10-09 16:31 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 10:48 - 2012-10-09 16:31 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 10:48 - 2012-10-09 16:31 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 10:48 - 2012-10-09 16:31 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 10:48 - 2012-10-09 16:31 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 10:46 - 2012-10-09 16:31 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 10:38 - 2012-10-09 16:31 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 09:40 - 2012-10-09 16:31 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 09:38 - 2012-10-09 16:31 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 09:37 - 2012-10-09 16:31 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 09:37 - 2012-10-09 16:31 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 09:37 - 2012-10-09 16:31 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 07:38 - 2012-10-09 16:31 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 07:38 - 2012-10-09 16:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 07:33 - 2012-10-09 16:30 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 16:30 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-10 16:56 - 2012-10-09 16:30 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:56 - 2012-10-09 16:30 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
TDL4: custom:26000022 <===== ATTENTION!
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-10-31 20:11:10
Restore point made on: 2012-11-02 18:14:46
Restore point made on: 2012-11-03 12:27:20
Restore point made on: 2012-11-03 13:56:29
Restore point made on: 2012-11-04 14:38:10
Restore point made on: 2012-11-04 14:39:31
Restore point made on: 2012-11-04 14:40:00
Restore point made on: 2012-11-04 14:40:36
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 8117.84 MB
Available physical RAM: 7249.5 MB
Total Pagefile: 8116.04 MB
Available Pagefile: 7245.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:218.2 GB) (Free:28.81 GB) NTFS
2 Drive e: (WIN7SP1ULTX64) (CDROM) (Total:3.49 GB) (Free:0 GB) UDF
3 Drive f: (4 GB) (Removable) (Total:3.72 GB) (Free:1.78 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:14.65 GB) (Free:14.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 3820 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 218 GB 14 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 14 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 218 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3816 MB 4032 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F 4 GB FAT32 Removable 3816 MB Healthy
=========================================================
Last Boot: 2012-11-05 20:00
==================== End Of Log =============================

No1Herd, Nov 6, 2012

#29
Broni Malware Annihilator Posts: 40,051 +187
Perform this from safe mode.

Run rKill first (instructions toward the end).

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
Broni, Nov 6, 2012

#30
No1Herd Newcomer, in training Posts: 45

Again rkill is a no go. It brings up a black dos box but no text just a blinking cursor for around 12-13 seconds. then it closes and looking at processes it seems to not be running. I tried both rkill and iexplore but same result with each.

No1Herd, Nov 6, 2012

#31
Broni Malware Annihilator Posts: 40,051 +187

See if Combofix will run.

Broni, Nov 6, 2012

#32
No1Herd Newcomer, in training Posts: 45

Still not working any way I try

No1Herd, Nov 6, 2012

#33
Broni Malware Annihilator Posts: 40,051 +187
Please click HERE to download Kaspersky Virus Removal Tool.

Double click on the file you just downloaded and let it install.

It will install to your desktop (be patient; it may take a while).

Accept license agreement and click "Start" button.

Click on Settings button

In Scan scope leave pre-checked items as they're and also checkmark My Computer

In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection

Click on Automatic Scan tab and then click on Start scanning button.

Before it is done it may prompt for action regardless of the setting so choose delete if prompted.

When the scan is done NO log will be produced.

Click on Report button then on Automatic Scan report tab.

Right click anywhere within right pane, click Select All then right click again and click Copy.

This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.

You can save this on the desktop.

Post the contents of the document in your next reply.
Broni, Nov 6, 2012

#34
No1Herd Newcomer, in training Posts: 45

Grrg still not working will not install. It shows in the processes for a few seconds then goes away. Without installing.

No1Herd, Nov 6, 2012

#35
Broni Malware Annihilator Posts: 40,051 +187
Download Kaspersky Rescue Disk 10
Burn downloaded .iso file to CD. How to: http://www.petri.co.il/how_to_write_iso_files_to_cd.htm

Boot from Kaspersky Rescue Disk 10. How to boot from CD: http://www.hiren.info/pages/bios-boot-cdrom

A loading wizard will start (you will see the menu to select the required language). See screenshots here: http://support.kaspersky.com/viruses/rescuedisk/main?qid=208286086
If you do not press any key in 10 seconds, the computer boots from hard drive automatically.
Select the required interface language using the arrow-keys on your keyboard.
Press the Enter key on the keyboard.
In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode
Click Enter.
Click 'A' to accept the agreement.
Select operating system from dropdown menu.
In Objects Scan tab checkmark:

Disk boot sectors

Hidden startup objects

C:

Click My Update Center tab and update if any available
Go back to other tab and click Start Object Scan.
NOTE. Be patient. It will take a while.

When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.

On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.

On the upper right hand corner of the Detailed report window, click on the Save button.

After clicking Detailed Report and 'SAVE', a browse window opens.

Double-click on the \

Click 'Disks'.

All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.

Click on the Save button.

The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.

Post the content of the file for my review.
Broni, Nov 6, 2012

#36
No1Herd Newcomer, in training Posts: 45

OK I ran the KasperskyRescue disk and it found pihar.c and attempted to repair it. Now the computer errors when trying to reboot. Following is the Kaspersky report and the next post is the FARBAR scan in hoping that helps you.

Objects Scan: completed 1 minute ago (events: 940, objects: 2054147, time: 08:53:20)
11/7/12 8:44 AM Task completed
11/6/12 11:50 PM Task started
11/7/12 2:32 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/6/12 11:51 PM Untreated: Rootkit.Boot.Pihar.c /dev/sda Postponed
11/7/12 8:44 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/7/12 8:44 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
11/6/12 11:51 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
11/7/12 2:22 AM Processing error /mnt/MountedDevices/PD-3C367962-00000003AC000000/Users/Administrator/Documents/101/Sure Target 2/.DS_Store Read error
11/7/12 12:22 AM Processing error /mnt/MountedDevices/PD-3C367962-00000003AC000000/Users/Administrator/Documents/101/Sure Target 2/.DS_Store Read error
11/7/12 12:10 AM Processing error /mnt/MountedDevices/PD-3C367962-00000003AC000000/Users/Administrator/Documents/101/Sure Target 2/.DS_Store Read error
11/7/12 2:22 AM Processing error /mnt/MountedDevices/PD-3C367962-00000003AC000000/Users/Administrator/Documents/101/Sure Target 2/Graphics/Black BG.pdf Read error
11/7/12 12:22 AM Processing error /mnt/MountedDevices/PD-3C367962-00000003AC000000/Users/Administrator/Documents/101/Sure Target 2/Graphics/Black BG.pdf Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error

No1Herd, Nov 7, 2012

#37
No1Herd Newcomer, in training Posts: 45

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012 (ATTENTION: FRST version is 8 days old)
Ran by SYSTEM at 07-11-2012 18:20:48
Running from F:\stuff
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKU\Administrator\...\Run: [AdobeBridge] [x]
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
==================== Services (Whitelisted) ===================
4 Autodesk Licensing Service; "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe" [79360 2011-06-08] (Autodesk)
4 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
4 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
4 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] ()
4 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152720 2012-05-29] (Lavasoft Limited)
4 McAfeeEngineService; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe" [20792 2010-03-25] (McAfee, Inc.)
4 McAfeeFramework; "C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [103744 2009-08-25] (McAfee, Inc.)
4 McShield; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe" [180968 2010-03-25] (McAfee, Inc.)
4 McTaskManager; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe" [66880 2010-03-25] (McAfee, Inc.)
2 mfevtp; C:\Windows\system32\mfevtps.exe [79504 2010-03-25] (McAfee, Inc.)
4 mi-raysat_3dsMax2009_64; "C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe" [65536 2008-03-09] ()
2 MsDtsServer100; "C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe" [210784 2011-04-23] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [61916000 2011-04-23] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
4 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm)
2 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -I MSSQLSERVER [428384 2011-04-23] (Microsoft Corporation)
2 vpnagent; "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe" [475088 2011-09-09] (Cisco Systems, Inc.)
==================== Drivers (Whitelisted) =====================
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2012-03-24] ()
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2011-11-03] (Lavasoft AB)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [97576 2010-03-25] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [120096 2010-03-25] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [469400 2010-03-25] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [78896 2010-03-25] (McAfee, Inc.)
1 mfetdik; C:\Windows\System32\Drivers\mfetdik.sys [84424 2010-03-25] (McAfee, Inc.)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2012-11-07 00:43 - 2012-11-07 00:43 - 00153091 ____A C:\KasperskyRescueDisk10
2012-11-05 19:07 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-11-05 17:59 - 2012-11-06 19:40 - 00000000 ____D C:\Stuff
2012-11-04 20:59 - 2012-11-04 21:00 - 00003615 ____A C:\Users\Administrator\Desktop\FRST.txt
2012-11-04 13:54 - 2012-11-04 06:24 - 01459963 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2012-11-04 13:35 - 2012-11-04 13:35 - 00687724 ____A (Swearware) C:\Users\Administrator\Desktop\dds.com
2012-11-04 13:35 - 2012-11-04 13:34 - 00302592 ____A C:\Users\Administrator\Desktop\r6yt3c6g.exe
2012-11-04 13:10 - 2012-11-04 13:09 - 00430592 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
2012-11-04 13:03 - 2012-11-04 13:01 - 04996943 ____A (Swearware) C:\Users\Administrator\Desktop\Commy.exe
2012-11-04 12:29 - 2012-11-04 12:56 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2012-11-04 12:02 - 2012-11-04 12:02 - 00000000 ____D C:\FRST
2012-11-03 13:48 - 2012-11-03 13:48 - 00000000 ____D C:\Windows\pss
2012-11-03 13:40 - 2012-11-04 13:44 - 00002198 ____A C:\Windows\epplauncher.mif
2012-11-03 13:40 - 2012-11-03 13:40 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-11-03 13:40 - 2012-11-03 13:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-11-03 13:39 - 2012-11-03 13:40 - 00000000 ____D C:\d2f0698d88b3cc6c3cb9a2
2012-11-03 12:37 - 2012-11-03 12:37 - 543703852 ____A C:\Windows\MEMORY.DMP
2012-11-03 12:37 - 2012-11-03 12:37 - 00280640 ____A C:\Windows\Minidump\110312-27502-01.dmp
2012-11-02 17:55 - 2012-11-02 17:55 - 00280640 ____A C:\Windows\Minidump\110212-39671-01.dmp
2012-11-01 15:22 - 2012-11-01 15:22 - 00280640 ____A C:\Windows\Minidump\110112-33087-01.dmp
2012-10-18 18:11 - 2012-10-18 18:15 - 00000000 ____D C:\Program Files (x86)\e-Sword
2012-10-18 18:11 - 2012-10-18 18:12 - 00000000 ____D C:\Users\Administrator\Documents\e-Sword
2012-10-18 18:11 - 2012-10-18 18:11 - 00001945 ____A C:\Users\Public\Desktop\e-Sword.lnk
2012-10-18 17:58 - 2012-10-18 18:09 - 53158717 ____A (Rick Meyers) C:\Users\Administrator\Downloads\setup1010.exe
2012-10-09 16:31 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-09 16:31 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-09 16:31 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-09 16:31 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-09 16:31 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-09 16:31 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-09 16:31 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-09 16:31 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-09 16:31 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-09 16:31 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-09 16:31 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-09 16:31 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-09 16:31 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-09 16:31 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-09 16:30 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-09 16:30 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-09 16:30 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-09 16:30 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-09 16:30 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-09 16:30 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-09 16:30 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-09 16:30 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-09 16:30 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 16:30 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-09 16:30 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-09 16:30 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-09 16:29 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-09 16:29 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-09 16:29 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-09 16:29 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-09 16:29 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-09 16:29 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-09 08:48 - 2012-10-09 08:48 - 00000000 ____D C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144 (1)
2012-10-09 08:42 - 2012-10-09 08:42 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144 (1).zip
2012-10-08 19:10 - 2012-10-08 19:10 - 00136510 ____A C:\Users\Administrator\Downloads\ak2loader (5).zip
2012-10-08 19:10 - 2012-10-08 19:10 - 00000000 ____D C:\Users\Administrator\Downloads\ak2loader (5)
2012-10-08 18:54 - 2012-10-08 18:55 - 00000000 ____D C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144
2012-10-08 17:38 - 2012-10-08 17:38 - 05303059 ____A C:\Users\Administrator\Downloads\AKAIO.1.9.0.zip
2012-10-08 17:33 - 2012-10-08 17:33 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144.zip

==================== 3 Months Modified Files ==================
2012-11-07 00:45 - 2012-11-07 00:45 - 00153266 ____A C:\KasperskyRescueDisk10.txt
2012-11-07 00:43 - 2012-11-07 00:43 - 00153091 ____A C:\KasperskyRescueDisk10
2012-11-06 20:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-06 20:41 - 2009-07-13 20:51 - 00056132 ____A C:\Windows\setupact.log
2012-11-06 20:40 - 2012-03-24 16:44 - 00022369 ____A C:\aaw7boot.log
2012-11-06 20:03 - 2011-02-08 08:38 - 02012347 ____A C:\Windows\WindowsUpdate.log
2012-11-06 19:48 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-06 19:48 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-06 19:43 - 2009-07-13 21:13 - 00877772 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-04 21:00 - 2012-11-04 20:59 - 00003615 ____A C:\Users\Administrator\Desktop\FRST.txt
2012-11-04 13:44 - 2012-11-03 13:40 - 00002198 ____A C:\Windows\epplauncher.mif
2012-11-04 13:35 - 2012-11-04 13:35 - 00687724 ____A (Swearware) C:\Users\Administrator\Desktop\dds.com
2012-11-04 13:34 - 2012-11-04 13:35 - 00302592 ____A C:\Users\Administrator\Desktop\r6yt3c6g.exe
2012-11-04 13:09 - 2012-11-04 13:10 - 00430592 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
2012-11-04 13:01 - 2012-11-04 13:03 - 04996943 ____A (Swearware) C:\Users\Administrator\Desktop\Commy.exe
2012-11-04 12:56 - 2012-11-04 12:29 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2012-11-04 06:24 - 2012-11-04 13:54 - 01459963 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2012-11-03 13:42 - 2011-02-08 11:01 - 00209208 ____A C:\Windows\PFRO.log
2012-11-03 12:37 - 2012-11-03 12:37 - 543703852 ____A C:\Windows\MEMORY.DMP
2012-11-03 12:37 - 2012-11-03 12:37 - 00280640 ____A C:\Windows\Minidump\110312-27502-01.dmp
2012-11-02 17:55 - 2012-11-02 17:55 - 00280640 ____A C:\Windows\Minidump\110212-39671-01.dmp
2012-11-01 15:22 - 2012-11-01 15:22 - 00280640 ____A C:\Windows\Minidump\110112-33087-01.dmp
2012-10-31 18:31 - 2011-02-08 10:25 - 00093064 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-31 17:29 - 2009-07-13 20:45 - 04931480 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-20 06:52 - 2012-03-27 06:51 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-10-20 06:52 - 2012-03-27 06:51 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-10-18 18:11 - 2012-10-18 18:11 - 00001945 ____A C:\Users\Public\Desktop\e-Sword.lnk
2012-10-18 18:09 - 2012-10-18 17:58 - 53158717 ____A (Rick Meyers) C:\Users\Administrator\Downloads\setup1010.exe
2012-10-10 23:04 - 2011-02-08 12:59 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-09 08:42 - 2012-10-09 08:42 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144 (1).zip
2012-10-08 19:10 - 2012-10-08 19:10 - 00136510 ____A C:\Users\Administrator\Downloads\ak2loader (5).zip
2012-10-08 17:38 - 2012-10-08 17:38 - 05303059 ____A C:\Users\Administrator\Downloads\AKAIO.1.9.0.zip
2012-10-08 17:33 - 2012-10-08 17:33 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144.zip
2012-09-14 13:41 - 2012-03-24 07:00 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-09-14 11:19 - 2012-10-09 16:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-09 16:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-04 20:07 - 2012-09-04 20:07 - 00000755 ____A C:\Users\Administrator\Documents\appleuids.txt
2012-09-04 20:07 - 2012-09-04 20:05 - 93221790 ____A C:\Users\Administrator\Downloads\Rxdzz.txt
2012-09-04 19:30 - 2012-09-04 19:30 - 00010828 ____A C:\Users\Administrator\Documents\NFL.xlsx
2012-08-31 10:19 - 2012-10-09 16:30 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 18:03 - 2012-08-30 18:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 18:03 - 2012-08-30 18:03 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-30 10:03 - 2012-10-09 16:30 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:12 - 2012-10-09 16:30 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:12 - 2012-10-09 16:30 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-24 11:43 - 2012-08-24 11:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-08-24 10:05 - 2012-10-09 16:30 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 08:57 - 2012-10-09 16:30 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 03:15 - 2012-10-02 04:56 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-10-02 04:56 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-10-02 04:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-10-02 04:57 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-10-02 04:57 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-10-02 04:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-10-02 04:57 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-10-02 04:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-10-02 04:57 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-10-02 04:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-10-02 04:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-10-02 04:57 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-10-02 04:57 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-10-02 04:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-10-02 04:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-10-02 04:57 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-10-02 04:56 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-10-02 04:56 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-10-02 04:57 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-10-02 04:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-10-02 04:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-10-02 04:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-10-02 04:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-10-02 04:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-10-02 04:57 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-10-02 04:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-10-02 04:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-10-02 04:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-10-02 04:57 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-10-02 04:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-10-02 04:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-10-02 04:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 10:12 - 2012-09-12 04:13 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-12 04:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-12 04:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 04:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 13:01 - 2012-09-27 12:38 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-20 10:48 - 2012-10-09 16:31 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 10:48 - 2012-10-09 16:31 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 10:48 - 2012-10-09 16:31 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 10:48 - 2012-10-09 16:31 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 10:48 - 2012-10-09 16:31 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 10:48 - 2012-10-09 16:31 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 10:48 - 2012-10-09 16:31 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 10:46 - 2012-10-09 16:31 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 10:38 - 2012-10-09 16:31 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 09:40 - 2012-10-09 16:31 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 09:38 - 2012-10-09 16:31 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 09:37 - 2012-10-09 16:31 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 09:37 - 2012-10-09 16:31 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 09:37 - 2012-10-09 16:31 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 07:38 - 2012-10-09 16:31 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 07:38 - 2012-10-09 16:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 07:33 - 2012-10-09 16:30 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 16:30 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-10 16:56 - 2012-10-09 16:30 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:56 - 2012-10-09 16:30 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
TDL4: custom:26000022 <===== ATTENTION!
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-10-31 20:11:10
Restore point made on: 2012-11-02 18:14:46
Restore point made on: 2012-11-03 12:27:20
Restore point made on: 2012-11-03 13:56:29
Restore point made on: 2012-11-04 14:38:10
Restore point made on: 2012-11-04 14:39:31
Restore point made on: 2012-11-04 14:40:00
Restore point made on: 2012-11-04 14:40:36
Restore point made on: 2012-11-06 19:52:26
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 8117.84 MB
Available physical RAM: 7241.79 MB
Total Pagefile: 8116.04 MB
Available Pagefile: 7238.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:218.2 GB) (Free:28.46 GB) NTFS
2 Drive e: (WIN7SP1ULTX64) (CDROM) (Total:3.49 GB) (Free:0 GB) UDF
3 Drive f: (4 GB) (Removable) (Total:3.72 GB) (Free:1.64 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:14.65 GB) (Free:14.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 3820 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 218 GB 14 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 14 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 218 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3816 MB 4032 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F 4 GB FAT32 Removable 3816 MB Healthy
=========================================================
Last Boot: 2012-11-05 20:00
==================== End Of Log =============================

No1Herd, Nov 7, 2012

#38
Broni Malware Annihilator Posts: 40,051 +187
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.
Attached Files:
- fixlist.txt
  
  File size:
  
  63 bytes
  
  Views:
  
  2
Broni, Nov 7, 2012

#39
No1Herd Newcomer, in training Posts: 45

OK yes it booted normally and exe's seem to work

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2012
Ran by SYSTEM at 2012-11-07 21:08:46 Run:3
Running from F:\stuff
==============================================
C:\Windows\svchost.exe moved successfully.
The operation completed successfully.
The operation completed successfully.
==== End of Fixlog ====

No1Herd, Nov 7, 2012

#40

Page 2 of 4

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.