Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Startup Repair loop ci.dll corrupt


  • This topic is locked This topic is locked
6 replies to this topic

#1 iffer23

iffer23

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 28 August 2011 - 07:37 PM

Forgive me if I'm going about this wrong, but I found a post with a similar problem, so I'm following that lead and pasting my log from the Farbar's Recovery Scan Tool. Windows 7 computer suddenly rebooted into Startup Repair loop and can't repair any issues. Seems to indicate corrupt ci.dll file. Here's the log. Thank you so much for any help you can provide.

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.1
Ran by SYSTEM at 2011-08-28 17:02:34
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436224 2010-11-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms [206064 2009-05-05] (SupportSoft, Inc.)
HKLM-x32\...\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe" [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [GoToMyPC] "C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe" -logon [258856 2008-09-30] (Citrix Online, a division of Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKU\Jan\...\Run: [EPSON NX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCA.EXE /FU "C:\Windows\TEMP\E_S6E.tmp" /EF "HKCU" [126 2010-12-06] ()
HKU\Jan\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-12-12] (Google Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2010-12-06] (Dell)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

2 GoToMyPC; "C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe" -service [258856 2008-09-30] (Citrix Online, a division of Citrix Systems, Inc.)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-03-03] (Intel Corporation)
3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [954368 2009-11-05] (Atheros Communications, Inc.)
2 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [322120 2003-06-20] (Microsoft Corporation)
2 sprtsvc_DellComms; "C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe" /service /P DellComms [206064 2009-05-05] (SupportSoft, Inc.)
2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [278528 2009-11-27] ()
3 AdobeActiveFileMonitor8.0; c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1827328 2009-11-10] (Atheros Communications, Inc.)
1 JSWPSLWF; C:\Windows\System32\DRIVERS\jswpslwfx.sys [26624 2008-05-15] (Atheros Communications, Inc.)
0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [25312 2007-01-19] (Windows ® Codename Longhorn DDK provider)

========================== NetSvcs ========================

============ One Month Created Files and Folders ==============

2011-08-19 14:36 - 2011-08-19 14:36 - 2267893 ____A C:\Users\Jan\Desktop\img012.jpg
2011-08-10 21:31 - 2011-07-22 02:34 - 9322496 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-08-10 21:31 - 2011-07-22 01:38 - 5989376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-08-10 21:31 - 2011-07-22 00:35 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-08-10 21:31 - 2011-07-21 23:56 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-08-10 21:31 - 2011-07-16 00:26 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2011-08-10 21:31 - 2011-07-16 00:26 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2011-08-10 21:31 - 2011-07-16 00:26 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-08-10 21:31 - 2011-07-16 00:26 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2011-08-10 21:31 - 2011-07-16 00:24 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2011-08-10 21:31 - 2011-07-16 00:21 - 1162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2011-08-10 21:31 - 2011-07-16 00:21 - 0422400 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2011-08-10 21:31 - 2011-07-16 00:17 - 0338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2011-08-10 21:31 - 2011-07-16 00:04 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 21:31 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:36 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2011-08-10 21:31 - 2011-07-15 23:31 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2011-08-10 21:31 - 2011-07-15 23:30 - 1048576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2011-08-10 21:31 - 2011-07-15 23:30 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2011-08-10 21:31 - 2011-07-15 23:30 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 21:26 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2011-08-10 21:31 - 2011-07-15 21:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2011-08-10 21:31 - 2011-07-15 21:21 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 21:21 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 21:21 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 21:31 - 2011-07-15 21:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-10 21:31 - 2011-07-08 21:44 - 0287744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-08-10 21:31 - 2011-06-23 00:29 - 5507968 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-08-10 21:31 - 2011-06-22 23:38 - 3957120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-08-10 21:31 - 2011-06-22 23:38 - 3902336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2011-08-10 21:31 - 2011-06-21 01:27 - 1896832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-08-10 21:31 - 2011-06-21 01:20 - 1499648 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-08-10 21:31 - 2011-06-21 01:20 - 1197056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-08-10 21:31 - 2011-06-21 01:20 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-08-10 21:31 - 2011-06-21 01:20 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-08-10 21:31 - 2011-06-21 01:20 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-08-10 21:31 - 2011-06-21 01:20 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-08-10 21:31 - 2011-06-21 01:20 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-08-10 21:31 - 2011-06-21 01:20 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-08-10 21:31 - 2011-06-21 01:19 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-08-10 21:31 - 2011-06-21 01:19 - 12371456 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-08-10 21:31 - 2011-06-21 01:19 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-08-10 21:31 - 2011-06-21 01:19 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-08-10 21:31 - 2011-06-21 01:19 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-08-10 21:31 - 2011-06-21 01:19 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-08-10 21:31 - 2011-06-21 01:17 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-08-10 21:31 - 2011-06-21 00:36 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-08-10 21:31 - 2011-06-21 00:36 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-08-10 21:31 - 2011-06-21 00:36 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-08-10 21:31 - 2011-06-21 00:35 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-08-10 21:31 - 2011-06-21 00:35 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-08-10 21:31 - 2011-06-21 00:35 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-08-10 21:31 - 2011-06-21 00:35 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-08-10 21:31 - 2011-06-21 00:35 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-08-10 21:31 - 2011-06-21 00:34 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-08-10 21:31 - 2011-06-21 00:34 - 10989568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-08-10 21:31 - 2011-06-21 00:34 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-08-10 21:31 - 2011-06-21 00:34 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-08-10 21:31 - 2011-06-21 00:34 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-08-10 21:31 - 2011-06-21 00:34 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-08-10 21:31 - 2011-06-21 00:32 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-08-10 21:31 - 2011-06-21 00:05 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-08-10 21:31 - 2011-06-20 23:26 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-08-10 21:31 - 2011-06-16 00:31 - 0199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2011-08-10 21:31 - 2011-06-15 23:35 - 0180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2011-08-10 21:31 - 2011-06-15 04:58 - 0212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2011-08-10 21:31 - 2011-06-15 04:58 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2011-08-10 21:31 - 2011-06-15 04:58 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2011-08-10 21:31 - 2011-06-15 04:58 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2011-08-10 21:31 - 2011-06-15 04:04 - 0319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2011-08-10 21:31 - 2011-06-15 04:04 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2011-08-10 21:31 - 2011-06-15 04:04 - 0122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2011-08-10 21:31 - 2011-06-15 04:04 - 0086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2011-08-10 21:31 - 2011-06-15 04:04 - 0081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll


============ 3 Months Modified Files and Folders =============

2011-08-28 17:02 - 2011-08-28 17:02 - 0000000 ____D C:\FRST
2011-08-27 18:58 - 2010-12-06 14:48 - 0000000 ____D C:\Users\Jan\Application Data\Adobe
2011-08-27 18:58 - 2010-12-06 14:48 - 0000000 ____D C:\Users\Jan\AppData\Roaming\Adobe
2011-08-27 18:58 - 2010-12-06 13:22 - 0000000 ____D C:\users\Jan
2011-08-27 18:58 - 2010-05-05 03:26 - 0000000 ____D C:\dell
2011-08-27 18:58 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\registration
2011-08-20 12:24 - 2010-12-06 14:07 - 2515158016 ____A C:\Users\Jan\My Documents\Outlook.pst
2011-08-20 12:24 - 2010-12-06 14:07 - 2515158016 ____A C:\Users\Jan\Documents\Outlook.pst
2011-08-20 06:39 - 2010-05-05 01:15 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{2b012a9e-580d-11df-86b7-b8ac6fd7f57d}.TMContainer00000000000000000002.regtrans-ms
2011-08-20 06:39 - 2010-05-05 01:15 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{2b012a9e-580d-11df-86b7-b8ac6fd7f57d}.TM.blf
2011-08-20 06:29 - 2009-07-14 00:10 - 1308193 ____A C:\Windows\WindowsUpdate.log
2011-08-20 05:50 - 2010-12-12 15:35 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-08-20 00:21 - 2010-12-06 14:06 - 739525632 ____A C:\Users\Jan\My Documents\archive.pst
2011-08-20 00:21 - 2010-12-06 14:06 - 739525632 ____A C:\Users\Jan\Documents\archive.pst
2011-08-19 20:50 - 2010-12-12 15:35 - 0000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-08-19 14:36 - 2011-08-19 14:36 - 2267893 ____A C:\Users\Jan\Desktop\img012.jpg
2011-08-19 11:37 - 2011-07-19 19:18 - 0032256 ____A C:\Users\Jan\Desktop\janbest.doc
2011-08-19 09:52 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-08-19 09:52 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-08-17 18:25 - 2011-07-05 11:29 - 0027674 ____A C:\Users\Jan\Desktop\MASTERPHONE LIST WCG.pdf
2011-08-16 08:57 - 2010-12-06 14:12 - 0746438 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-08-16 06:30 - 2009-07-14 00:13 - 0733692 ____A C:\Windows\System32\PerfStringBackup.INI
2011-08-16 06:25 - 2010-05-05 00:56 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2011-08-16 06:24 - 2010-12-23 16:44 - 0000619 ____A C:\Windows\System32\gotomon.log
2011-08-16 06:24 - 2010-12-06 13:22 - 0000000 ____D C:\Users\Jan\Local Settings\SoftThinks
2011-08-16 06:24 - 2010-12-06 13:22 - 0000000 ____D C:\Users\Jan\Local Settings\Application Data\SoftThinks
2011-08-16 06:24 - 2010-12-06 13:22 - 0000000 ____D C:\Users\Jan\AppData\Local\SoftThinks
2011-08-16 06:24 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-08-16 06:23 - 2010-05-05 02:45 - 3193688064 __ASH C:\hiberfil.sys
2011-08-16 06:23 - 2010-05-05 02:45 - 1022676 ____A C:\Windows\PFRO.log
2011-08-16 06:23 - 2009-07-13 23:51 - 0039409 ____A C:\Windows\setupact.log
2011-08-16 06:22 - 2011-03-21 12:33 - 1882240 ___AH C:\Users\Jan\Local Settings\IconCache.db
2011-08-16 06:22 - 2011-03-21 12:33 - 1882240 ___AH C:\Users\Jan\Local Settings\Application Data\IconCache.db
2011-08-16 06:22 - 2011-03-21 12:33 - 1882240 ___AH C:\Users\Jan\AppData\Local\IconCache.db
2011-08-16 06:05 - 2010-12-06 15:01 - 54065608 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-08-16 06:05 - 2009-07-13 21:34 - 0000531 ____A C:\Windows\win.ini
2011-08-09 06:35 - 2010-05-05 01:15 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{2b012a9e-580d-11df-86b7-b8ac6fd7f57d}.TMContainer00000000000000000001.regtrans-ms
2011-07-28 09:19 - 2010-12-12 15:35 - 0000000 ____D C:\Users\Jan\Local Settings\Google
2011-07-28 09:19 - 2010-12-12 15:35 - 0000000 ____D C:\Users\Jan\Local Settings\Application Data\Google
2011-07-28 09:19 - 2010-12-12 15:35 - 0000000 ____D C:\Users\Jan\AppData\Local\Google
2011-07-27 22:56 - 2011-07-27 22:56 - 0038981 ____A C:\Users\Jan\Desktop\MASTERPHONE LIST.pdf
2011-07-27 15:58 - 2011-07-27 15:58 - 0437851 ____A C:\Users\Jan\Desktop\923 Pepper Road Subdivision.pdf
2011-07-22 02:34 - 2011-08-10 21:31 - 9322496 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-07-22 01:38 - 2011-08-10 21:31 - 5989376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-07-22 00:35 - 2011-08-10 21:31 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-07-21 23:56 - 2011-08-10 21:31 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-07-19 18:14 - 2011-07-19 18:14 - 0000000 ____D C:\Program Files (x86)\MSECache
2011-07-19 18:14 - 2010-05-05 01:06 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2011-07-19 06:19 - 2009-07-13 23:45 - 0419848 ____A C:\Windows\System32\FNTCACHE.DAT
2011-07-17 11:31 - 2011-05-17 11:30 - 0000000 ____D C:\Users\Jan\Local Settings\ElevatedDiagnostics
2011-07-17 11:31 - 2011-05-17 11:30 - 0000000 ____D C:\Users\Jan\Local Settings\Application Data\ElevatedDiagnostics
2011-07-17 11:31 - 2011-05-17 11:30 - 0000000 ____D C:\Users\Jan\AppData\Local\ElevatedDiagnostics
2011-07-17 11:31 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\NDF
2011-07-16 00:26 - 2011-08-10 21:31 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2011-07-16 00:26 - 2011-08-10 21:31 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2011-07-16 00:26 - 2011-08-10 21:31 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-07-16 00:26 - 2011-08-10 21:31 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2011-07-16 00:24 - 2011-08-10 21:31 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2011-07-16 00:21 - 2011-08-10 21:31 - 1162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2011-07-16 00:21 - 2011-08-10 21:31 - 0422400 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2011-07-16 00:17 - 2011-08-10 21:31 - 0338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2011-07-16 00:04 - 2011-08-10 21:31 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2011-07-15 23:36 - 2011-08-10 21:31 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2011-07-15 23:31 - 2011-08-10 21:31 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2011-07-15 23:30 - 2011-08-10 21:31 - 1048576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2011-07-15 23:30 - 2011-08-10 21:31 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2011-07-15 23:30 - 2011-08-10 21:31 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-15 21:26 - 2011-08-10 21:31 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2011-07-15 21:26 - 2011-08-10 21:31 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2011-07-15 21:21 - 2011-08-10 21:31 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-15 21:21 - 2011-08-10 21:31 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-15 21:21 - 2011-08-10 21:31 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-15 21:21 - 2011-08-10 21:31 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-10 22:51 - 2011-07-10 22:51 - 0160473 ____A C:\Users\Jan\Desktop\photo.jpg
2011-07-10 11:48 - 2011-07-10 11:48 - 0170496 ____A C:\Users\Jan\Desktop\It's cold today.msg
2011-07-08 21:44 - 2011-08-10 21:31 - 0287744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-07-05 16:12 - 2011-07-05 16:12 - 0015360 ____A C:\Users\Jan\Desktop\Sebastopol Hires usernames.xls
2011-06-24 16:36 - 2011-06-24 16:35 - 0002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2011-06-24 16:36 - 2011-06-24 16:35 - 0002016 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2011-06-24 16:35 - 2011-06-24 16:35 - 0000000 ____D C:\Program Files (x86)\SHARP
2011-06-24 16:35 - 2011-06-24 16:33 - 0000000 ____D C:\Windows\SysWOW64\SCDRV
2011-06-24 16:35 - 2010-05-05 00:53 - 0000000 ____D C:\Users\All Users\Application Data\Adobe
2011-06-24 16:35 - 2010-05-05 00:53 - 0000000 ____D C:\Users\All Users\Adobe
2011-06-24 16:35 - 2010-05-05 00:53 - 0000000 ____D C:\ProgramData\Adobe
2011-06-24 16:33 - 2010-05-05 00:51 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-06-24 15:45 - 2010-05-05 01:02 - 0000000 ____D C:\Users\All Users\Skype
2011-06-24 15:45 - 2010-05-05 01:02 - 0000000 ____D C:\Users\All Users\Application Data\Skype
2011-06-24 15:45 - 2010-05-05 01:02 - 0000000 ____D C:\ProgramData\Skype
2011-06-23 00:29 - 2011-08-10 21:31 - 5507968 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-06-22 23:38 - 2011-08-10 21:31 - 3957120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-06-22 23:38 - 2011-08-10 21:31 - 3902336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2011-06-21 06:20 - 2010-05-05 01:01 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-06-21 01:27 - 2011-08-10 21:31 - 1896832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-06-21 01:20 - 2011-08-10 21:31 - 1499648 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-06-21 01:20 - 2011-08-10 21:31 - 1197056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-06-21 01:20 - 2011-08-10 21:31 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-06-21 01:20 - 2011-08-10 21:31 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-06-21 01:20 - 2011-08-10 21:31 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-06-21 01:20 - 2011-08-10 21:31 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-06-21 01:20 - 2011-08-10 21:31 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-06-21 01:20 - 2011-08-10 21:31 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-06-21 01:19 - 2011-08-10 21:31 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-06-21 01:19 - 2011-08-10 21:31 - 12371456 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-06-21 01:19 - 2011-08-10 21:31 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-06-21 01:19 - 2011-08-10 21:31 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-06-21 01:19 - 2011-08-10 21:31 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-06-21 01:19 - 2011-08-10 21:31 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-06-21 01:17 - 2011-08-10 21:31 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-06-21 00:36 - 2011-08-10 21:31 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-06-21 00:36 - 2011-08-10 21:31 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-06-21 00:36 - 2011-08-10 21:31 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-06-21 00:35 - 2011-08-10 21:31 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-06-21 00:35 - 2011-08-10 21:31 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-06-21 00:35 - 2011-08-10 21:31 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-06-21 00:35 - 2011-08-10 21:31 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-06-21 00:35 - 2011-08-10 21:31 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-06-21 00:34 - 2011-08-10 21:31 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-06-21 00:34 - 2011-08-10 21:31 - 10989568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-06-21 00:34 - 2011-08-10 21:31 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-06-21 00:34 - 2011-08-10 21:31 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-06-21 00:34 - 2011-08-10 21:31 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-06-21 00:34 - 2011-08-10 21:31 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-06-21 00:32 - 2011-08-10 21:31 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-06-21 00:05 - 2011-08-10 21:31 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-06-20 23:26 - 2011-08-10 21:31 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-06-16 00:31 - 2011-08-10 21:31 - 0199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2011-06-15 23:35 - 2011-08-10 21:31 - 0180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2011-06-15 04:58 - 2011-08-10 21:31 - 0212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2011-06-15 04:58 - 2011-08-10 21:31 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2011-06-15 04:58 - 2011-08-10 21:31 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2011-06-15 04:58 - 2011-08-10 21:31 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2011-06-15 04:04 - 2011-08-10 21:31 - 0319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2011-06-15 04:04 - 2011-08-10 21:31 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2011-06-15 04:04 - 2011-08-10 21:31 - 0122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2011-06-15 04:04 - 2011-08-10 21:31 - 0086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2011-06-15 04:04 - 2011-08-10 21:31 - 0081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2011-06-13 12:05 - 2011-06-13 12:05 - 0000000 ____D C:\Users\Jan\Application Data\Macrovision
2011-06-13 12:05 - 2011-06-13 12:05 - 0000000 ____D C:\Users\Jan\AppData\Roaming\Macrovision
2011-06-10 21:56 - 2011-07-13 02:54 - 3134464 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-06-10 14:25 - 2011-06-10 14:25 - 0030631 ____A C:\Users\Jan\Desktop\jf.815Pepper Rd Plot.pdf

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4060.98 MB
Available physical RAM: 3489.49 MB
Total Pagefile: 4059.13 MB
Available Pagefile: 3479.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:453.69 GB) (Free:409.58 GB) NTFS
7 Drive i: (RECOVERY) (Fixed) (Total:12.03 GB) (Free:5.47 GB) NTFS
8 Drive j: () (Removable) (Total:3.72 GB) (Free:2.57 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==========================================================

Last Boot: 2011-08-13 02:32

======================= End Of Log ==========================

Attached Files

  • Attached File  FRST.txt   40.83KB   0 downloads


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:14 PM

Posted 29 August 2011 - 01:00 PM

Hello iffer23,

Welcome to Bleeping Computer.:)

Please give me a summary of the steps you have already taken.

Seems to indicate corrupt ci.dll file

Is this the error startup repair is giving you or it is your own idea?

#3 iffer23

iffer23
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 29 August 2011 - 05:31 PM

Hello iffer23,

Welcome to Bleeping Computer.:)

Please give me a summary of the steps you have already taken.

Seems to indicate corrupt ci.dll file

Is this the error startup repair is giving you or it is your own idea?


Thank you for replying. The only steps taken were running Startup Repair multiple times - sometimes it wouldn't find any problem, sometimes it would seem to indicate that it had repaired the problem, but most of the time it would state that it could not fix the problem. I also tried System Restore to a restore point two days prior. The following is the error information I got from Startup Repair one of the times. I can't say for sure that it was the same information every time.

ProblemEventName StartupRepairOffline
Signature 01: 6.1.7600.16385
Signature 02: 6.1.7600.16385
Signature 03: unknown
Signature 04: 21200674
Signature 05: AutoFailover
Signature 06: 2
Signature 07: CorruptFile
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

Boot Critical File: C:\ci.dll is corrupt
File Repair: Failed 0x2
System Restore: Completed Successfully
System Files Integrity Check and Repair: Failed Error Code 0x490

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:14 PM

Posted 29 August 2011 - 05:42 PM

Thanks for your detailed feedback. :thumbup2:

Please no need to quote my whole post.:)

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
cmd: bootrec /FixMbr
Control: 
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart the computer, let it boot normally and tell me how it went.

#5 iffer23

iffer23
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 29 August 2011 - 11:34 PM

Thank you ever so much! You are wonderful. :) After "fix", computer booted up normally. Installed and ran MalwareBytes which found and removed c:\Users\Jan\AppData\Local\Temp\8C6A.tmp (Rootkit.TDSS) and c:\Users\Jan\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace). Installed and ran Spybot which only found a few tracking cookies. Updated the antivirus that came with it, Microsoft Essentials, and then noticed in the program's History that the following had been marked as "allowed" tonight (without notifying me) - Backdoor: Win32/Cycbot.B. I'm not sure how to get it removed now. Did a search in the directory it was located in though and also found (and was able to remove) Trojan Downloader Win32/Karagany.A. Tried searching the same directory with Avast but found nothing.

Below is the Log from FRST. I've shut things down for the night until I have time to run further scans tomorrow, but what do you suggest?

BTW, I have to add for my own sake, since it's a bit embarrassing how riddled with viruses and such it seems to be, this is a family member's computer - not mine! :)


Fix result of Farbars's Recovery Tool (FRST written by farbar version 2.2.1)
Ran by SYSTEM at 2011-08-29 19:52:53 R:1
Running from J:\

==============================================


========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


=========== Control: ===========

The operation completed successfully.

==== End of Control: ====

==== End of Fixlog ====

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:14 PM

Posted 30 August 2011 - 02:58 AM

Great. :thumbsup:

Seems after booting you are doing thing on your own.:)

Please let me know if you have any specific question before I close the topic.

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:14 PM

Posted 04 September 2011 - 09:33 AM

This thread will now be closed since the issue seems to be resolved.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users