Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer doesnt boot after trying to remove google redirect virus


  • This topic is locked This topic is locked
76 replies to this topic

#1 pavithrasan

pavithrasan

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 29 July 2011 - 02:27 PM

Hello,
I have a Dell inspiron 1545 with Windows 7 and my laptop was infected with google redirect virus. So used an other machine to find a solution. Initially ran tdskiller,malwarebytes and search came clean though the problem still persisted. So I downloaded and ran Hitman pro v3.5 for 64 byte and it detected rootkit and instructed to reboot to remove the infection . When i tried to reboot, I got a blue screen and has never been able to boot eversince.

Tried automatic repair, tried to restore to earlier points, tried logging in safe mode,last known good configuration.But none of the steps seems to work .I am still not able to login my laptop. It keeps coming to the startup repair screen only. I am not using an other machine to do any searching.Please guide me how I can proceed.Looks like other people have similar issues,but all threads have been closed even before the issue has been resolved.So I totally rely on your guidance.Any help is appreciated.Thank you so much.

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:06 AM

Posted 01 August 2011 - 04:54 PM

Hi pavithrasan,

Welcome to Virus, Trojan, Spyware, and Malware Removal Logs forum.

Please tell me if the issue is resolved or you still need assistance.

#3 pavithrasan

pavithrasan
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 01 August 2011 - 06:08 PM

Hello,
Sorry I posted the same issue in an other forum and am following their instructions so far. The problem is not resolved yet.We are working on it. Is it ok if i follow up with you if the issue cant be resolved by them.Thanks.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:06 AM

Posted 01 August 2011 - 09:00 PM

Thanks for letting me know.

We can close the topic and you may always open a topic when you are done there without a result. But I might not be able to take the topic if the system is changed beyond repair options. So I think you should remain with the helper helping you to the end.

Success.:)

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:06 AM

Posted 02 August 2011 - 02:37 PM

This thread will now be closed since the issue is being attended at another forum.

If you should have the same or a new issue, please start a new topic.

Every one else also should start a new topic.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:06 AM

Posted 03 August 2011 - 02:52 PM

The topic is reopened. Please tell me if you are there and ready for the next move.

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:06 AM

Posted 03 August 2011 - 04:04 PM

Now that you are ready we are going to try a different thing.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#8 pavithrasan

pavithrasan
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 03 August 2011 - 04:10 PM

After trying a system restore to a previous restore point on my laptop,for some reason, the only recovery tools that appear now under 'Advanced recovery options' are startup repair and Dell datasafe restore and emergency backup.It doesnt list the command prompt option at all.I dont know why. Is there a way to get around this and access the command prompt?

#9 pavithrasan

pavithrasan
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 03 August 2011 - 04:21 PM

Also at this point,I will be happy if i can get my laptop back working .I dont have an entire backup with me but still have a copy of all my important data saved in a disc.So even if i lose my data in the process,it is okay as long as i can get my computer working.Thanks.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:06 AM

Posted 03 August 2011 - 04:25 PM

You have a Windows recovery CD, could you use that instead?

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:06 AM

Posted 03 August 2011 - 04:32 PM

To enter System Recovery Options by using Windows installation disc or your recovery CD:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select the Command Prompt and follow the rest.[/list]

#12 pavithrasan

pavithrasan
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 03 August 2011 - 04:35 PM

Am able to access command prompt using recovery cd.Will post the log in a bit.

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:06 AM

Posted 03 August 2011 - 04:36 PM

:thumbup2:

#14 pavithrasan

pavithrasan
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 03 August 2011 - 04:43 PM

Contents of frst.txt

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.0
Ran by SYSTEM at 2011-08-05 18:37:41
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-06-29] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [385560 2009-06-29] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365080 2009-06-29] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436224 2010-11-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-18] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot [198160 2009-12-14] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [x]
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-06-07] (Apple Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2010-10-19] (Dell)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

==================== Services (Whitelisted) ======

2 AppHostSvc; C:\Windows\system32\inetsrv\apphostsvc.dll [65536 2009-07-13] (Microsoft Corporation)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe [42840 2009-06-10] (Microsoft Corporation)
3 EapHost; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [349184 2011-01-25] (Microsoft Corporation)
3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.)
2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.)
2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.)
2 IAANTMON; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840 2009-06-04] (Intel Corporation)
2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15360 2009-07-13] (Microsoft Corporation)
4 msvsmon80; "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon80 [4476096 2005-09-22] (Microsoft Corporation)
2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard)
4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator [116560 2009-06-10] (Microsoft Corporation)
2 NetPipeActivator; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [116560 2009-06-10] (Microsoft Corporation)
2 NetTcpActivator; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [116560 2009-06-10] (Microsoft Corporation)
2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
2 W3SVC; C:\Windows\system32\svchost.exe -k iissvcs [27136 2009-07-13] (Microsoft Corporation)
3 WAS; C:\Windows\system32\inetsrv\iisw3adm.dll [451072 2009-07-13] (Microsoft Corporation)
2 wltrysvc; "C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe" [3417088 2009-07-16] (Dell Inc.)
3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
2 MSSQL$SQLEXPRESS; "c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
2 SQLBrowser; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]

========================== Drivers (Whitelisted) =============

3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [225328 2009-02-05] (Alps Electric Co., Ltd.)
3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [22520 2009-07-16] (Broadcom Corporation)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [x]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\adpahci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\adpu320.sys ==> MD5 is legit
C:\Windows\System32\drivers\afd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\System32\Drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\amdsata.sys EC7EBAB00A4D8448BAB68D1E49B4BEB9
C:\Windows\System32\Drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys DB27766102C7BF7E95140A2AA81D042E
C:\Windows\System32\DRIVERS\Apfiltr.sys 1412E9A88FE1F7E35CE6058A2EF03664
C:\Windows\System32\drivers\appid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\arc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\Drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\drivers\BCM42RLY.sys E001DD475A7C27EBE5A0DB45C11BAD71
C:\Windows\System32\DRIVERS\bcmwl664.sys 37394D3553E220FB732C21E217E1BD8B
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CtClsFlt.sys ED5CF92396A62F4C15110DCDB5E854D9
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys B42ED0320C6E41102FDE0005154849BB
C:\Windows\System32\DRIVERS\Dot4Prt.sys 85135AD27E79B689335C08167D917CDE
C:\Windows\System32\DRIVERS\dot4usb.sys FD05A02B0370BC3000F402E543CA5814
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys AE87BA80D0EC3B57126ED2CDC15B24ED
C:\Windows\System32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\System32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStorV.sys B75E45C564E944A2657167D197AB29DA
C:\Windows\System32\DRIVERS\igdkmd64.sys BABD5F9B2BCC82CE556A0BAF1AE208A7
C:\Windows\System32\Drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\System32\Drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys 6DEF98F8541E1B5DCEB2C822A11F7323
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\System32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LSI_FC.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LSI_SAS.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LSI_SAS2.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LSI_SCSI.sys ==> MD5 is legit
C:\Windows\System32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys E6BA8E5A4A871899E23D64573EF58EE9
C:\Windows\System32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpNWMon.sys 98B09A4F2C462441030B83A80A3F6FB3
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 3713E8452B88D3E0BE095E06B6FBC776
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 378E0E0DFEA67D98AE6EA53ADBBD76BC
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\Drivers\nvraid.sys A4D9C9A608A97F59307C2F2600EDC6A4
C:\Windows\System32\Drivers\nvstor.sys 6C1D5F70E7A6A3FD1C90D840EDC048B9
C:\Windows\System32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pciide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 4712CC14E720ECCCC0AA16949D18AAF1
C:\Windows\System32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 4A25DC970C58104602ED274DACAFD784
C:\Windows\System32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffp_sd.sys 178298F767FE638C9FEDCBDEF58BB5E4
C:\Windows\System32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SiSRaid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
C:\Windows\System32\Drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys 02E784FA49032F84964DB90A3ED81890
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys EAB6C35E62B1B0DB0D1B48B671D3A117
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys 54D4B48D443E7228BF64CF7CDC3118AC
C:\Windows\System32\DRIVERS\usbccgp.sys 7B6A127C93EE590E4D79A5F2A76FE46F
C:\Windows\System32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 92969BA5AC44E229C55A332864F79677
C:\Windows\System32\DRIVERS\usbhub.sys E7DF1CFD28CA86B35EF5ADD0735CEEF3
C:\Windows\System32\drivers\usbohci.sys F1BB1E55F1E7A65C5839CCC7B36D773E
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys AAA2513C8AED8B54B189FD0C6B1634C0
C:\Windows\System32\drivers\USBSTOR.SYS F39983647BC1F3E6100778DDFE9DCE29
C:\Windows\System32\DRIVERS\usbuhci.sys BC3070350A491D84B518D7CCA9ABD36F
C:\Windows\System32\Drivers\usbvideo.sys 7CB8C573C6E4A2714402CC0A36EAB4FE
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys 2B1A3DAE2B4E70DBBA822B7A03FBD4A3
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys ==> MD5 is legit
C:\Windows\System32\Drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys B14EF15BD757FA488F9C970EEE9C0D35
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\yk62x64.sys 64F88AF327AA74E03658AE32B48CCB8B

========================== NetSvcs ========================

============ One Month Created Files and Folders ==============

2011-08-05 18:37 - 2011-08-05 18:38 - 0000000 ____D C:\FRST
2011-08-01 17:53 - 2009-07-13 17:38 - 0383562 ____A C:\bootmgr
2011-07-31 23:46 - 2011-08-04 14:28 - 0161464 ____A C:\OTL.Txt
2011-07-29 05:05 - 2011-07-30 10:03 - 0000000 ____D C:\Emergency
2011-07-27 09:10 - 2011-08-03 18:39 - 0000000 ____D C:\Users\pavithra\Documents\tdsskiller[1]
2011-07-26 13:28 - 2011-07-01 05:54 - 49089992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2011-07-26 13:11 - 2011-08-03 18:39 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-07-26 13:11 - 2011-08-03 18:39 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-07-14 13:32 - 2011-08-03 18:40 - 0000000 ____D C:\Windows\System32\EventProviders
2011-07-13 16:43 - 2011-07-13 16:43 - 0404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-07-13 13:23 - 2011-08-03 18:37 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-07-13 13:22 - 2011-08-03 18:38 - 0000000 ____D C:\Program Files\iTunes
2011-07-13 13:22 - 2011-08-03 18:38 - 0000000 ____D C:\Program Files\iPod
2011-07-13 13:22 - 2011-08-03 18:38 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-07-13 04:22 - 2011-06-10 18:56 - 3134464 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-07-13 04:22 - 2011-06-01 22:45 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2011-07-13 04:22 - 2011-06-01 22:45 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2011-07-13 04:22 - 2011-06-01 22:45 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2011-07-13 04:22 - 2011-06-01 22:44 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-07-13 04:22 - 2011-06-01 22:42 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2011-07-13 04:22 - 2011-06-01 22:39 - 0422400 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2011-07-13 04:22 - 2011-06-01 22:35 - 0338944 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2011-07-13 04:22 - 2011-06-01 22:23 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 22:23 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:59 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2011-07-13 04:22 - 2011-06-01 21:56 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2011-07-13 04:22 - 2011-06-01 21:54 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2011-07-13 04:22 - 2011-06-01 21:54 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 21:45 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 19:51 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2011-07-13 04:22 - 2011-06-01 19:50 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2011-07-13 04:22 - 2011-06-01 19:45 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 19:45 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 19:45 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 04:22 - 2011-06-01 19:45 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 04:22 - 2011-05-13 23:36 - 1162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2011-07-13 04:22 - 2011-05-13 22:32 - 0837120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

============ 3 Months Modified Files and Folders =============

2011-08-05 18:38 - 2011-08-05 18:37 - 0000000 ____D C:\FRST
2011-08-04 14:28 - 2011-07-31 23:46 - 0161464 ____A C:\OTL.Txt
2011-08-03 18:47 - 2009-12-06 11:47 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2011-08-03 18:45 - 2009-07-13 23:45 - 0000000 ____D C:\Windows\ShellNew
2011-08-03 18:45 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2011-08-03 18:45 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\en
2011-08-03 18:45 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\en
2011-08-03 18:45 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\0409
2011-08-03 18:45 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\twain_32
2011-08-03 18:45 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2011-08-03 18:45 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\addins
2011-08-03 18:45 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-08-03 18:45 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2011-08-03 18:45 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2011-08-03 18:45 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2011-08-03 18:45 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2011-08-03 18:45 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2011-08-03 18:45 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-TW
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-HK
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-CN
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\uk-UA
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\tr-TR
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\th-TH
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sv-SE
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sl-SI
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sk-SK
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ro-RO
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ras
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-PT
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-BR
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pl-PL
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nl-NL
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nb-NO
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lv-LV
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lt-LT
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ko-KR
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ja-JP
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\it-IT
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\inetsrv
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\icsxml
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hu-HU
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hr-HR
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\he-IL
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fr-FR
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fi-FI
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\et-EE
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\el-GR
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\de-DE
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\bg-BG
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ar-SA
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-TW
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-HK
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-CN
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\uk-UA
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\tr-TR
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\th-TH
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sv-SE
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sr-Latn-CS
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sl-SI
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sk-SK
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ro-RO
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ras
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-PT
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-BR
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pl-PL
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nl-NL
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nb-NO
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lv-LV
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lt-LT
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ko-KR
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\it-IT
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\inetsrv
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\icsxml
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ias
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hu-HU
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hr-HR
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\he-IL
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fr-FR
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fi-FI
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\et-EE
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\el-GR
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\bg-BG
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ar-SA
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\L2Schemas
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Cursors
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2011-08-03 18:45 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Services
2011-08-03 18:40 - 2011-07-14 13:32 - 0000000 ____D C:\Windows\System32\EventProviders
2011-08-03 18:40 - 2011-06-08 20:19 - 0000000 ____D C:\Windows\Symbols
2011-08-03 18:40 - 2011-06-08 20:17 - 0000000 ____D C:\Windows\System32\1033
2011-08-03 18:40 - 2011-06-08 14:13 - 0000000 ____D C:\Windows\SysWOW64\1033
2011-08-03 18:40 - 2010-11-09 13:51 - 0000000 ____D C:\Windows\System32\BestPractices
2011-08-03 18:40 - 2010-09-21 19:58 - 0000000 ____D C:\Windows\SysWOW64\spool
2011-08-03 18:40 - 2010-07-21 18:04 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2011-08-03 18:40 - 2010-05-22 09:40 - 0000000 ____D C:\Windows\Minidump
2011-08-03 18:40 - 2010-04-25 17:03 - 0000000 ____D C:\Windows\SysWOW64\Iosubsys
2011-08-03 18:40 - 2009-12-06 13:30 - 0000000 ____D C:\Windows\SysWOW64\x64
2011-08-03 18:40 - 2009-12-06 13:30 - 0000000 ____D C:\Windows\System32\SRSLabs
2011-08-03 18:40 - 2009-12-06 13:12 - 0000000 ____D C:\Windows\System32\oem
2011-08-03 18:40 - 2009-12-06 11:37 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2011-08-03 18:40 - 2009-12-06 00:56 - 0000000 ____D C:\Windows\SMINST
2011-08-03 18:40 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2011-08-03 18:40 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2011-08-03 18:40 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2011-08-03 18:40 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\winrm
2011-08-03 18:40 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\WCN
2011-08-03 18:40 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\slmgr
2011-08-03 18:40 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2011-08-03 18:40 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2011-08-03 18:40 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\restore
2011-08-03 18:40 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Offline Web Pages
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NetworkList
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\IME
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2011-08-03 18:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Microsoft.NET
2011-08-03 18:39 - 2011-07-27 09:10 - 0000000 ____D C:\Users\pavithra\Documents\tdsskiller[1]
2011-08-03 18:39 - 2011-07-26 13:11 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-08-03 18:39 - 2011-07-26 13:11 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-08-03 18:39 - 2011-06-16 06:08 - 0000000 ____D C:\Users\pavithra\AppData\Roaming\uTorrent
2011-08-03 18:39 - 2011-06-15 09:38 - 0000000 ____D C:\Users\pavithra\AppData\Roaming\Canneverbe Limited
2011-08-03 18:39 - 2011-06-11 14:55 - 0000000 ____D C:\Windows\en
2011-08-03 18:39 - 2011-06-11 14:53 - 0000000 ____D C:\Program Files\Windows Live
2011-08-03 18:39 - 2011-06-11 13:20 - 0000000 ____D C:\Program Files\Microsoft Security Client
2011-08-03 18:39 - 2011-06-08 20:32 - 0000000 ____D C:\Program Files\Microsoft Visual Studio 8
2011-08-03 18:39 - 2011-05-06 12:46 - 0000000 ____D C:\Program Files\Microsoft SQL Server
2011-08-03 18:39 - 2011-05-06 12:30 - 0000000 ____D C:\Users\pavithra\Documents\Visual Studio 2005
2011-08-03 18:39 - 2011-05-06 12:30 - 0000000 ____D C:\Users\pavithra\AppData\Local\Microsoft Help
2011-08-03 18:39 - 2011-04-23 12:56 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-08-03 18:39 - 2011-04-23 12:56 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-08-03 18:39 - 2010-11-28 18:50 - 0000000 ___RD C:\Users\pavithra\Documents\Scanned Documents
2011-08-03 18:39 - 2010-11-28 18:50 - 0000000 ____D C:\Users\pavithra\Documents\Fax
2011-08-03 18:39 - 2010-11-09 13:53 - 0000000 ____D C:\users\Classic .NET AppPool
2011-08-03 18:39 - 2010-09-27 18:46 - 0000000 ____D C:\Users\pavithra\AppData\Roaming\Creative
2011-08-03 18:39 - 2010-09-21 19:58 - 0000000 ____D C:\Users\All Users\HP Product Assistant
2011-08-03 18:39 - 2010-09-21 19:58 - 0000000 ____D C:\ProgramData\HP Product Assistant
2011-08-03 18:39 - 2010-09-21 19:54 - 0000000 ____D C:\Users\All Users\HP
2011-08-03 18:39 - 2010-09-21 19:54 - 0000000 ____D C:\ProgramData\HP
2011-08-03 18:39 - 2010-06-12 17:31 - 0000000 ____D C:\Users\pavithra\AppData\Local\PowerDVD DX
2011-08-03 18:39 - 2010-02-08 20:25 - 0000000 ____D C:\Users\pavithra\AppData\Local\Google
2011-08-03 18:39 - 2010-01-06 10:31 - 0000000 ____D C:\Users\pavithra\AppData\Roaming\Absolute
2011-08-03 18:39 - 2010-01-03 09:51 - 0000000 ____D C:\Users\All Users\Apple Computer
2011-08-03 18:39 - 2010-01-03 09:51 - 0000000 ____D C:\ProgramData\Apple Computer
2011-08-03 18:39 - 2010-01-03 09:49 - 0000000 ____D C:\Users\All Users\Apple
2011-08-03 18:39 - 2010-01-03 09:49 - 0000000 ____D C:\ProgramData\Apple
2011-08-03 18:39 - 2009-12-26 21:10 - 0000000 ____D C:\Users\pavithra\Documents\Santhosh
2011-08-03 18:39 - 2009-12-19 07:23 - 0000000 ____D C:\Users\pavithra\AppData\Local\Microsoft Games
2011-08-03 18:39 - 2009-12-14 17:47 - 0000000 ____D C:\Users\pavithra\AppData\Roaming\Real
2011-08-03 18:39 - 2009-12-14 17:47 - 0000000 ____D C:\Users\All Users\Real
2011-08-03 18:39 - 2009-12-14 17:47 - 0000000 ____D C:\ProgramData\Real
2011-08-03 18:39 - 2009-12-12 12:01 - 0000000 ____D C:\Users\pavithra\AppData\Local\Yahoo
2011-08-03 18:39 - 2009-12-12 12:00 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2011-08-03 18:39 - 2009-12-12 12:00 - 0000000 ____D C:\ProgramData\Yahoo! Companion
2011-08-03 18:39 - 2009-12-12 11:59 - 0000000 ____D C:\Users\pavithra\AppData\Roaming\Yahoo!
2011-08-03 18:39 - 2009-12-12 11:59 - 0000000 ____D C:\Users\All Users\Yahoo!
2011-08-03 18:39 - 2009-12-12 11:59 - 0000000 ____D C:\ProgramData\Yahoo!
2011-08-03 18:39 - 2009-12-12 11:55 - 0000000 ____D C:\Users\pavithra\AppData\Roaming\Roxio
2011-08-03 18:39 - 2009-12-12 11:55 - 0000000 ____D C:\Users\pavithra\AppData\Roaming\Macromedia
2011-08-03 18:39 - 2009-12-12 11:55 - 0000000 ____D C:\Users\pavithra\AppData\Roaming\Adobe
2011-08-03 18:39 - 2009-12-12 11:55 - 0000000 ____D C:\Users\pavithra\AppData\Local\Stardock_Corporation
2011-08-03 18:39 - 2009-12-12 11:54 - 0000000 ____D C:\Users\pavithra\AppData\Local\SupportSoft
2011-08-03 18:39 - 2009-12-12 11:53 - 0000000 ____D C:\Users\pavithra\AppData\Local\VirtualStore
2011-08-03 18:39 - 2009-12-12 11:50 - 0000000 ____D C:\Users\pavithra\AppData\LocalLow
2011-08-03 18:39 - 2009-12-12 11:50 - 0000000 ____D C:\users\pavithra
2011-08-03 18:39 - 2009-12-06 11:50 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-08-03 18:39 - 2009-12-06 11:50 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-08-03 18:39 - 2009-12-06 11:42 - 0000000 ____D C:\Users\All Users\WildTangent
2011-08-03 18:39 - 2009-12-06 11:42 - 0000000 ____D C:\ProgramData\WildTangent
2011-08-03 18:39 - 2009-12-06 11:40 - 0000000 ____D C:\Users\All Users\Adobe
2011-08-03 18:39 - 2009-12-06 11:40 - 0000000 ____D C:\ProgramData\Adobe
2011-08-03 18:39 - 2009-12-06 11:39 - 0000000 ____D C:\Users\All Users\Dell
2011-08-03 18:39 - 2009-12-06 11:39 - 0000000 ____D C:\ProgramData\Dell
2011-08-03 18:39 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2011-08-03 18:39 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2011-08-03 18:39 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2011-08-03 18:39 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2011-08-03 18:39 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2011-08-03 18:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2011-08-03 18:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2011-08-03 18:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2011-08-03 18:39 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2011-08-03 18:38 - 2011-07-13 13:22 - 0000000 ____D C:\Program Files\iTunes
2011-08-03 18:38 - 2011-07-13 13:22 - 0000000 ____D C:\Program Files\iPod
2011-08-03 18:38 - 2011-07-13 13:22 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-08-03 18:38 - 2011-06-16 06:09 - 0000000 ____D C:\Program Files (x86)\uTorrent
2011-08-03 18:38 - 2011-06-15 09:31 - 0000000 ____D C:\Program Files\CDBurnerXP
2011-08-03 18:38 - 2011-06-11 14:52 - 0000000 ____D C:\Program Files (x86)\MSN Toolbar
2011-08-03 18:38 - 2011-06-11 13:20 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2011-08-03 18:38 - 2011-06-08 20:32 - 0000000 ____D C:\Program Files (x86)\Microsoft Device Emulator
2011-08-03 18:38 - 2011-06-08 20:19 - 0000000 ____D C:\Program Files (x86)\HTML Help Workshop
2011-08-03 18:38 - 2011-05-06 12:46 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2011-08-03 18:38 - 2011-05-06 12:30 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2011-08-03 18:38 - 2011-04-23 12:51 - 0000000 ____D C:\Program Files\Bonjour
2011-08-03 18:38 - 2011-04-23 11:34 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-08-03 18:38 - 2010-12-03 17:55 - 0000000 ____D C:\Program Files (x86)\Xvid
2011-08-03 18:38 - 2010-09-21 19:56 - 0000000 ____D C:\Program Files (x86)\HP
2011-08-03 18:38 - 2010-06-01 18:30 - 0000000 ____D C:\Program Files (x86)\NZCSM
2011-08-03 18:38 - 2010-04-25 16:59 - 0000000 ____D C:\Program Files (x86)\Sony
2011-08-03 18:38 - 2010-02-08 20:24 - 0000000 ____D C:\Program Files (x86)\Google
2011-08-03 18:38 - 2010-01-03 09:50 - 0000000 ____D C:\Program Files\Common Files\Apple
2011-08-03 18:38 - 2009-12-14 17:47 - 0000000 ____D C:\Program Files (x86)\Real
2011-08-03 18:38 - 2009-12-12 11:58 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2011-08-03 18:38 - 2009-12-06 13:31 - 0000000 ____D C:\Program Files\IDT
2011-08-03 18:38 - 2009-12-06 13:19 - 0000000 ____D C:\Program Files\DellTPad
2011-08-03 18:38 - 2009-12-06 11:56 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-08-03 18:38 - 2009-12-06 11:54 - 0000000 ____D C:\Program Files (x86)\Windows Live
2011-08-03 18:38 - 2009-12-06 11:51 - 0000000 ____D C:\Program Files (x86)\Microsoft.NET
2011-08-03 18:38 - 2009-12-06 11:41 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2011-08-03 18:38 - 2009-12-06 11:41 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2011-08-03 18:38 - 2009-12-06 11:41 - 0000000 ____D C:\Program Files (x86)\LFLInstall
2011-08-03 18:38 - 2009-12-06 11:41 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Online
2011-08-03 18:38 - 2009-12-06 11:39 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-08-03 18:38 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2011-08-03 18:38 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-08-03 18:38 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2011-08-03 18:37 - 2011-07-13 13:23 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-08-03 18:37 - 2011-06-11 14:51 - 0000000 ____D C:\Program Files (x86)\Bing Bar Installer
2011-08-03 18:37 - 2011-06-10 19:43 - 0000000 ____D C:\f87aa4ec1e36326375
2011-08-03 18:37 - 2011-06-10 19:31 - 0000000 ____D C:\af782694dea74a80f99876582e25a740
2011-08-03 18:37 - 2011-06-08 20:19 - 0000000 ____D C:\Program Files (x86)\CE Remote Tools
2011-08-03 18:37 - 2011-04-23 12:51 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-08-03 18:37 - 2010-11-09 13:51 - 0000000 ____D C:\inetpub
2011-08-03 18:37 - 2010-01-04 10:09 - 0000000 ____D C:\pavi backup
2011-08-03 18:37 - 2009-12-12 11:53 - 0000000 __SHD C:\$RECYCLE.BIN
2011-08-03 18:37 - 2009-12-06 13:04 - 0000000 ____D C:\dell
2011-08-03 18:37 - 2009-12-06 12:02 - 0000000 ____D C:\Program Files (x86)\McAfee.com
2011-08-03 18:37 - 2009-12-06 11:56 - 0000000 ____D C:\Program Files (x86)\Creative Live! Cam
2011-08-03 18:37 - 2009-12-06 11:41 - 0000000 ____D C:\Program Files (x86)\Citrix
2011-08-03 18:36 - 2009-12-06 12:02 - 0000000 ____D C:\Program Files\Common Files\McAfee
2011-08-03 18:36 - 2009-07-13 23:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2011-08-03 18:36 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2011-08-03 18:32 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2011-08-03 18:15 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2011-08-03 18:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2011-08-03 18:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2011-08-03 18:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2011-08-03 18:14 - 2009-12-06 13:30 - 0000000 ____D C:\Windows\SysWOW64\Lang
2011-08-03 18:12 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2011-08-03 18:06 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2011-08-03 18:05 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2011-08-03 18:05 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\ServiceProfiles
2011-08-03 18:05 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2011-08-03 17:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2011-08-03 17:53 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2011-08-03 17:52 - 2009-12-06 12:00 - 0000000 ____D C:\Users\All Users\Uninstall
2011-08-03 17:52 - 2009-12-06 12:00 - 0000000 ____D C:\ProgramData\Uninstall
2011-08-03 17:52 - 2009-12-06 11:49 - 0000000 ____D C:\Users\All Users\SupportSoft
2011-08-03 17:52 - 2009-12-06 11:49 - 0000000 ____D C:\ProgramData\SupportSoft
2011-08-03 17:51 - 2009-12-06 12:02 - 0000000 ____D C:\Users\All Users\McAfee
2011-08-03 17:51 - 2009-12-06 12:02 - 0000000 ____D C:\ProgramData\McAfee
2011-08-03 17:51 - 2009-12-06 12:00 - 0000000 ____D C:\Users\All Users\Macrovision
2011-08-03 17:51 - 2009-12-06 12:00 - 0000000 ____D C:\ProgramData\Macrovision
2011-08-03 17:51 - 2009-12-06 11:50 - 0000000 ____D C:\Program Files\Microsoft Office
2011-08-03 17:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2011-08-03 17:50 - 2009-12-06 11:38 - 0000000 ____D C:\Program Files\Dell
2011-08-03 17:50 - 2009-12-06 11:37 - 0000000 ____D C:\Program Files\Java
2011-08-03 17:50 - 2009-12-06 11:37 - 0000000 ____D C:\Program Files\Dell Inc
2011-08-03 17:50 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2011-08-03 17:49 - 2009-12-06 11:42 - 0000000 ____D C:\Program Files (x86)\WildTangent
2011-08-03 17:48 - 2009-12-06 12:00 - 0000000 ____D C:\Program Files (x86)\Roxio
2011-08-03 17:48 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2011-08-03 17:46 - 2011-06-11 14:54 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-08-03 17:46 - 2009-12-06 11:41 - 0000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-08-03 17:46 - 2009-12-06 11:37 - 0000000 ____D C:\Program Files (x86)\Java
2011-08-03 17:45 - 2009-12-06 11:39 - 0000000 ____D C:\Program Files (x86)\Intel
2011-08-03 17:44 - 2009-12-06 11:56 - 0000000 ____D C:\Program Files (x86)\Dell Webcam
2011-08-03 17:44 - 2009-12-06 11:52 - 0000000 ____D C:\Program Files (x86)\DELL
2011-08-03 17:44 - 2009-12-06 11:52 - 0000000 ____D C:\Program Files (x86)\CyberLink
2011-08-03 17:44 - 2009-12-06 11:49 - 0000000 ____D C:\Program Files (x86)\Dell Support Center
2011-08-03 17:43 - 2009-12-06 11:57 - 0000000 ____D C:\Program Files (x86)\Creative
2011-08-03 17:42 - 2009-12-06 11:39 - 0000000 ____D C:\Program Files (x86)\Cisco
2011-08-03 17:41 - 2011-04-18 06:26 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-08-03 17:40 - 2009-12-06 11:49 - 0000000 __RHD C:\MSOCache
2011-07-30 10:03 - 2011-07-29 05:05 - 0000000 ____D C:\Emergency
2011-07-29 08:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\LogFiles
2011-07-27 12:55 - 2009-07-13 21:10 - 1381775 ____A C:\Windows\WindowsUpdate.log
2011-07-27 12:53 - 2009-07-13 20:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-07-27 12:53 - 2009-07-13 20:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-07-27 12:44 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-07-27 12:44 - 2009-07-13 20:51 - 0085650 ____A C:\Windows\setupact.log
2011-07-27 09:05 - 2009-12-06 13:28 - 0508524 ____A C:\Windows\PFRO.log
2011-07-14 13:22 - 2009-07-13 20:45 - 0343632 ____A C:\Windows\System32\FNTCACHE.DAT
2011-07-14 06:10 - 2010-04-07 05:02 - 50867144 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-07-13 16:43 - 2011-07-13 16:43 - 0404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-07-02 18:28 - 2009-07-13 21:13 - 1206084 ____A C:\Windows\System32\PerfStringBackup.INI
2011-07-01 05:54 - 2011-07-26 13:28 - 49089992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2011-06-11 14:51 - 2009-12-06 11:55 - 0031802 ____A C:\Windows\DirectX.log
2011-06-11 14:32 - 2010-11-09 13:52 - 1206508 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-06-11 13:27 - 2011-06-11 13:27 - 0002154 ____A C:\Windows\epplauncher.mif
2011-06-10 18:56 - 2011-07-13 04:22 - 3134464 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-06-08 20:29 - 2011-05-06 12:41 - 0000172 ____A C:\Windows\ODBC.INI
2011-06-07 19:27 - 2011-06-07 19:27 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2011-06-01 22:45 - 2011-07-13 04:22 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2011-06-01 22:45 - 2011-07-13 04:22 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2011-06-01 22:45 - 2011-07-13 04:22 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2011-06-01 22:44 - 2011-07-13 04:22 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-06-01 22:42 - 2011-07-13 04:22 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2011-06-01 22:39 - 2011-07-13 04:22 - 0422400 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2011-06-01 22:35 - 2011-07-13 04:22 - 0338944 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2011-06-01 22:23 - 2011-07-13 04:22 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2011-06-01 22:23 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2011-06-01 21:59 - 2011-07-13 04:22 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2011-06-01 21:56 - 2011-07-13 04:22 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2011-06-01 21:54 - 2011-07-13 04:22 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2011-06-01 21:54 - 2011-07-13 04:22 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-06-01 21:45 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-06-01 19:51 - 2011-07-13 04:22 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2011-06-01 19:50 - 2011-07-13 04:22 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2011-06-01 19:45 - 2011-07-13 04:22 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-06-01 19:45 - 2011-07-13 04:22 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-01 19:45 - 2011-07-13 04:22 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-01 19:45 - 2011-07-13 04:22 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-05-29 04:37 - 2009-07-13 21:08 - 0032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-05-27 21:22 - 2011-06-16 13:33 - 9316352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-05-27 20:38 - 2011-06-16 13:33 - 5984256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-05-27 19:25 - 2011-06-16 13:32 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-05-27 19:00 - 2011-06-16 13:32 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-05-24 03:21 - 2011-06-29 00:56 - 0404992 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2011-05-24 02:34 - 2011-06-29 00:56 - 0145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2011-05-24 02:34 - 2011-06-29 00:56 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2011-05-24 02:34 - 2011-06-29 00:56 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2011-05-24 02:32 - 2011-06-29 00:56 - 0252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2011-05-13 23:36 - 2011-07-13 04:22 - 1162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2011-05-13 22:32 - 2011-07-13 04:22 - 0837120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2011-05-12 12:28 - 2010-11-09 13:51 - 0089102 ____A C:\Windows\iis7.log
2011-05-12 08:07 - 2009-12-12 11:53 - 0000073 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log
2011-05-05 05:54 - 2011-05-05 05:54 - 0277096 ____A C:\Windows\Minidump\050511-23836-01.dmp
2011-05-05 05:54 - 2010-05-22 09:40 - 319999051 ____A C:\Windows\MEMORY.DMP

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3032.36 MB
Available physical RAM: 2467.35 MB
Total Pagefile: 3030.51 MB
Available Pagefile: 2455.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:183.35 GB) NTFS
2 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
4 Drive g: (Transcend) (Removable) (Total:1.87 GB) (Free:1.16 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.57 GB) NTFS

==========================================================

Last Boot: 2009-12-06 13:28

======================= End Of Log ==========================

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:06 AM

Posted 03 August 2011 - 05:03 PM

Let's try this and see if the fix can be applied.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
cmd: bootrec /FixMbr
Control:
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

If the fix could be applied you should be able to boot normally.

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users