Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

StartUp Repair malware


  • This topic is locked This topic is locked
7 replies to this topic

#1 kes77kfc

kes77kfc

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 09 September 2011 - 01:20 PM

Hello,
I was on my laptop last night and an antiviral pop up kept opening, I kept blocking it then my computer shut itself down. When I restarted, it took me directly to the StartUp Repair screen and it just keeps running, occasionally it will finish but tell me no repairs can be made. Won't start it safe mode, won't let me do a system restore, everything just takes me back to the same StartUp Repair screen.
I downloaded the Farbars's Recovery Tool and I will post the log below. Any Advice?
Thanks,
Kathryn

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.1
Ran by SYSTEM at 2011-09-09 06:14:04
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-13] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-07-29] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-07-29] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-07-29] (Intel Corporation)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1484856 2011-01-17] (McAfee, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot [3926528 2010-08-23] (Dell, Inc.)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background [623960 2009-07-02] (Research In Motion Limited)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [236016 2009-04-11] (Sonic Solutions)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-03-07] (Apple Inc.)
HKU\Josh\...\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [206112 2008-10-24] (Macrovision Corporation)
HKU\Josh\...\Run: [WorkForce 630(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Windows\TEMP\E_SB9EC.tmp" /EF "HKCU" [158 2011-04-03] ()
HKU\Josh\...\Run: [EPSON WorkForce 630 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Windows\TEMP\E_SF030.tmp" /EF "HKCU" [132 2011-04-19] ()
HKU\Josh\...\Run: [conhost] C:\Users\Josh\AppData\Roaming\Microsoft\conhost.exe [x]
HKU\Josh\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-21] (Google Inc.)
HKU\Josh\...\Winlogon: [Shell] explorer.exe,C:\Users\Josh\AppData\Roaming\dwm.exe
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2011-02-21] (Dell)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

==================== Services (Whitelisted) ======

2 dsNcService; C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe [615792 2010-02-18] (Juniper Networks)
2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [166400 2009-09-14] (SEIKO EPSON CORPORATION)
2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [128512 2009-09-14] (SEIKO EPSON CORPORATION)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [73728 2004-10-22] (Macrovision Corporation)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [509416 2010-10-07] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200056 2010-10-13] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [245352 2010-10-13] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [149032 2010-10-13] (McAfee, Inc.)
3 Roxio UPnP Renderer 9; "C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe" [88560 2007-12-07] (Sonic Solutions)
2 Roxio Upnp Server 9; "C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe" [362992 2007-12-07] (Sonic Solutions)
2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [313840 2009-04-11] (Sonic Solutions)
3 RoxMediaDB9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe" [1108464 2009-04-11] (Sonic Solutions)
2 RoxWatch9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe" [170480 2009-04-11] (Sonic Solutions)

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62800 2010-10-13] (McAfee, Inc.)
3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [32768 2010-02-18] (Juniper Networks)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121248 2010-10-13] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190136 2010-10-13] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441328 2010-10-13] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [529128 2010-10-13] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75032 2010-10-13] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94864 2010-10-13] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283360 2010-10-13] (McAfee, Inc.)
3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
3 ROOTMODEM; C:\Windows\System32\Drivers\RootMdm.sys [11264 2009-07-13] (Microsoft Corporation)
3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-09-08 21:24 - 2011-09-08 21:24 - 0000000 ____D C:\Users\All Users\hJ21101MhNoI21101
2011-09-08 21:24 - 2011-09-08 21:24 - 0000000 ____D C:\Users\All Users\Application Data\hJ21101MhNoI21101
2011-09-08 21:24 - 2011-09-08 21:24 - 0000000 ____D C:\ProgramData\hJ21101MhNoI21101
2011-09-07 16:59 - 2011-09-07 17:02 - 0026624 ____A C:\Users\Josh\My Documents\SOAP note #1.doc
2011-09-07 16:59 - 2011-09-07 17:02 - 0026624 ____A C:\Users\Josh\Documents\SOAP note #1.doc
2011-09-07 16:59 - 2011-09-07 16:59 - 0004096 ___AH C:\Users\Josh\Local Settings\keyfile3.drm
2011-09-07 16:59 - 2011-09-07 16:59 - 0004096 ___AH C:\Users\Josh\Local Settings\Application Data\keyfile3.drm
2011-09-07 16:59 - 2011-09-07 16:59 - 0004096 ___AH C:\Users\Josh\AppData\Local\keyfile3.drm
2011-09-06 21:04 - 2011-09-06 21:06 - 0027136 ____A C:\Users\Josh\My Documents\7015 Lindsley damage list.doc
2011-09-06 21:04 - 2011-09-06 21:06 - 0027136 ____A C:\Users\Josh\Documents\7015 Lindsley damage list.doc
2011-09-03 20:45 - 2011-09-08 23:32 - 0000000 ____D C:\Program Files (x86)\Veetle
2011-08-29 15:29 - 2011-09-05 10:51 - 0027136 ____A C:\Users\Josh\My Documents\PHARM correlate #1.doc
2011-08-29 15:29 - 2011-09-05 10:51 - 0027136 ____A C:\Users\Josh\Documents\PHARM correlate #1.doc
2011-08-29 08:30 - 2011-09-08 10:07 - 0139776 ____A C:\Users\Josh\My Documents\DERM.doc
2011-08-29 08:30 - 2011-09-08 10:07 - 0139776 ____A C:\Users\Josh\Documents\DERM.doc
2011-08-25 14:08 - 2011-08-25 20:24 - 0024064 ____A C:\Users\Josh\My Documents\BDay List.doc
2011-08-25 14:08 - 2011-08-25 20:24 - 0024064 ____A C:\Users\Josh\Documents\BDay List.doc
2011-08-22 06:17 - 2011-08-22 15:15 - 0000000 ____D C:\Users\Josh\Application Data\Google
2011-08-22 06:17 - 2011-08-22 15:15 - 0000000 ____D C:\Users\Josh\AppData\Roaming\Google
2011-08-21 18:36 - 2011-08-21 18:37 - 0000000 ____D C:\Users\All Users\Google
2011-08-21 18:36 - 2011-08-21 18:37 - 0000000 ____D C:\Users\All Users\Application Data\Google
2011-08-21 18:36 - 2011-08-21 18:37 - 0000000 ____D C:\ProgramData\Google
2011-08-21 18:36 - 2011-08-21 18:36 - 0000000 ____D C:\Program Files\Google
2011-08-19 10:50 - 2011-08-21 16:54 - 0015872 ____A C:\Users\Josh\My Documents\fantasy football 4.xls
2011-08-19 10:50 - 2011-08-21 16:54 - 0015872 ____A C:\Users\Josh\Documents\fantasy football 4.xls
2011-08-19 10:50 - 2011-08-19 11:21 - 0017408 ____A C:\Users\Josh\My Documents\fantasy football 2.xls
2011-08-19 10:50 - 2011-08-19 11:21 - 0017408 ____A C:\Users\Josh\Documents\fantasy football 2.xls
2011-08-19 10:50 - 2011-08-19 11:21 - 0016896 ____A C:\Users\Josh\My Documents\fantasy football 3.xls
2011-08-19 10:50 - 2011-08-19 11:21 - 0016896 ____A C:\Users\Josh\Documents\fantasy football 3.xls
2011-08-19 10:50 - 2011-08-19 10:50 - 0013824 ____A C:\Users\Josh\My Documents\budget.xls
2011-08-19 10:50 - 2011-08-19 10:50 - 0013824 ____A C:\Users\Josh\Documents\budget.xls
2011-08-19 10:33 - 2011-08-25 10:30 - 0019456 ____A C:\Users\Josh\My Documents\Fantasy Football.xls
2011-08-19 10:33 - 2011-08-25 10:30 - 0019456 ____A C:\Users\Josh\Documents\Fantasy Football.xls
2011-08-18 10:00 - 2011-08-19 10:27 - 0019968 ____A C:\Users\Josh\My Documents\Fantasy Football.doc
2011-08-18 10:00 - 2011-08-19 10:27 - 0019968 ____A C:\Users\Josh\Documents\Fantasy Football.doc
2011-08-15 20:33 - 2011-08-15 20:36 - 14999114 ____A C:\Users\Josh\Downloads\SavingCharts.wmv
2011-08-15 20:33 - 2011-08-15 20:35 - 9300632 ____A C:\Users\Josh\Downloads\UsingExam.wmv
2011-08-15 20:32 - 2011-08-15 20:33 - 6132926 ____A C:\Users\Josh\Downloads\LoggingIn.wmv
2011-08-15 20:27 - 2011-08-15 20:28 - 13685936 ____A (Mozilla) C:\Users\Josh\Downloads\Firefox Setup 5.0.1.exe
2011-08-10 19:39 - 2011-07-16 00:26 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2011-08-10 19:39 - 2011-07-16 00:26 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2011-08-10 19:39 - 2011-07-16 00:26 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-08-10 19:39 - 2011-07-16 00:26 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2011-08-10 19:39 - 2011-07-16 00:24 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2011-08-10 19:39 - 2011-07-16 00:21 - 1162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2011-08-10 19:39 - 2011-07-16 00:21 - 0422400 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2011-08-10 19:39 - 2011-07-16 00:17 - 0338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2011-08-10 19:39 - 2011-07-16 00:04 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 19:39 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:36 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2011-08-10 19:39 - 2011-07-15 23:31 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2011-08-10 19:39 - 2011-07-15 23:30 - 1048576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2011-08-10 19:39 - 2011-07-15 23:30 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2011-08-10 19:39 - 2011-07-15 23:30 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 21:26 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2011-08-10 19:39 - 2011-07-15 21:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2011-08-10 19:39 - 2011-07-15 21:21 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 21:21 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 21:21 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 19:39 - 2011-07-15 21:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-10 19:39 - 2011-07-08 21:44 - 0287744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-08-10 19:39 - 2011-06-21 01:27 - 1896832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-08-10 19:39 - 2011-06-16 00:31 - 0199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2011-08-10 19:39 - 2011-06-15 23:35 - 0180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2011-08-10 19:39 - 2011-06-15 04:58 - 0212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2011-08-10 19:39 - 2011-06-15 04:58 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2011-08-10 19:39 - 2011-06-15 04:58 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2011-08-10 19:39 - 2011-06-15 04:58 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2011-08-10 19:39 - 2011-06-15 04:04 - 0319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2011-08-10 19:39 - 2011-06-15 04:04 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2011-08-10 19:39 - 2011-06-15 04:04 - 0122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2011-08-10 19:39 - 2011-06-15 04:04 - 0086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2011-08-10 19:39 - 2011-06-15 04:04 - 0081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2011-08-10 19:38 - 2011-07-22 02:34 - 9322496 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-08-10 19:38 - 2011-07-22 01:38 - 5989376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-08-10 19:38 - 2011-07-22 00:35 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-08-10 19:38 - 2011-07-21 23:56 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-08-10 19:38 - 2011-06-21 01:20 - 1499648 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-08-10 19:38 - 2011-06-21 01:20 - 1197056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-08-10 19:38 - 2011-06-21 01:20 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-08-10 19:38 - 2011-06-21 01:20 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-08-10 19:38 - 2011-06-21 01:20 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-08-10 19:38 - 2011-06-21 01:20 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-08-10 19:38 - 2011-06-21 01:20 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-08-10 19:38 - 2011-06-21 01:20 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-08-10 19:38 - 2011-06-21 01:19 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-08-10 19:38 - 2011-06-21 01:19 - 12371456 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-08-10 19:38 - 2011-06-21 01:19 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-08-10 19:38 - 2011-06-21 01:19 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-08-10 19:38 - 2011-06-21 01:19 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-08-10 19:38 - 2011-06-21 01:19 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-08-10 19:38 - 2011-06-21 01:17 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-08-10 19:38 - 2011-06-21 00:36 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-08-10 19:38 - 2011-06-21 00:36 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-08-10 19:38 - 2011-06-21 00:36 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-08-10 19:38 - 2011-06-21 00:35 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-08-10 19:38 - 2011-06-21 00:35 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-08-10 19:38 - 2011-06-21 00:35 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-08-10 19:38 - 2011-06-21 00:35 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-08-10 19:38 - 2011-06-21 00:35 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-08-10 19:38 - 2011-06-21 00:34 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-08-10 19:38 - 2011-06-21 00:34 - 10989568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-08-10 19:38 - 2011-06-21 00:34 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-08-10 19:38 - 2011-06-21 00:34 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-08-10 19:38 - 2011-06-21 00:34 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-08-10 19:38 - 2011-06-21 00:34 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-08-10 19:38 - 2011-06-21 00:32 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-08-10 19:38 - 2011-06-21 00:05 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-08-10 19:38 - 2011-06-20 23:26 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-08-10 19:37 - 2011-06-23 00:31 - 5474688 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-08-10 19:37 - 2011-06-22 23:32 - 3967872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-08-10 19:37 - 2011-06-22 23:32 - 3911552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe


============ 3 Months Modified Files and Folders =============

2011-09-09 06:14 - 2011-09-09 06:13 - 0000000 ____D C:\FRST
2011-09-08 23:32 - 2011-09-03 20:45 - 0000000 ____D C:\Program Files (x86)\Veetle
2011-09-08 23:32 - 2011-05-25 20:54 - 0000000 ____D C:\Users\Josh\Application Data\Juniper Networks
2011-09-08 23:32 - 2011-05-25 20:54 - 0000000 ____D C:\Users\Josh\AppData\Roaming\Juniper Networks
2011-09-08 23:32 - 2011-05-24 16:52 - 0000000 ____D C:\Program Files\Dell Support Center
2011-09-08 23:32 - 2011-02-19 19:31 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-09-08 23:32 - 2011-02-18 16:09 - 0000000 ____D C:\users\Josh
2011-09-08 23:32 - 2010-11-18 14:20 - 0000000 ____D C:\Program Files (x86)\Windows Live
2011-09-08 23:32 - 2009-07-14 00:37 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2011-09-08 23:32 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\servicing
2011-09-08 23:32 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\registration
2011-09-08 23:31 - 2011-03-07 14:00 - 0000000 ____D C:\Users\All Users\PCDr
2011-09-08 23:31 - 2011-03-07 14:00 - 0000000 ____D C:\Users\All Users\Application Data\PCDr
2011-09-08 23:31 - 2011-03-07 14:00 - 0000000 ____D C:\ProgramData\PCDr
2011-09-08 23:31 - 2011-03-01 19:32 - 0000000 ____D C:\Users\Josh\Application Data\SoftGrid Client
2011-09-08 23:31 - 2011-03-01 19:32 - 0000000 ____D C:\Users\Josh\AppData\Roaming\SoftGrid Client
2011-09-08 23:31 - 2010-11-18 14:36 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2011-09-08 21:24 - 2011-09-08 21:24 - 0000000 ____D C:\Users\All Users\hJ21101MhNoI21101
2011-09-08 21:24 - 2011-09-08 21:24 - 0000000 ____D C:\Users\All Users\Application Data\hJ21101MhNoI21101
2011-09-08 21:24 - 2011-09-08 21:24 - 0000000 ____D C:\ProgramData\hJ21101MhNoI21101
2011-09-08 21:17 - 2011-06-29 21:56 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{7f92be89-a2c4-11e0-b60c-f04da2571871}.TMContainer00000000000000000001.regtrans-ms
2011-09-08 21:17 - 2011-06-29 21:56 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{7f92be89-a2c4-11e0-b60c-f04da2571871}.TM.blf
2011-09-08 10:07 - 2011-08-29 08:30 - 0139776 ____A C:\Users\Josh\My Documents\DERM.doc
2011-09-08 10:07 - 2011-08-29 08:30 - 0139776 ____A C:\Users\Josh\Documents\DERM.doc
2011-09-07 17:02 - 2011-09-07 16:59 - 0026624 ____A C:\Users\Josh\My Documents\SOAP note #1.doc
2011-09-07 17:02 - 2011-09-07 16:59 - 0026624 ____A C:\Users\Josh\Documents\SOAP note #1.doc
2011-09-07 16:59 - 2011-09-07 16:59 - 0004096 ___AH C:\Users\Josh\Local Settings\keyfile3.drm
2011-09-07 16:59 - 2011-09-07 16:59 - 0004096 ___AH C:\Users\Josh\Local Settings\Application Data\keyfile3.drm
2011-09-07 16:59 - 2011-09-07 16:59 - 0004096 ___AH C:\Users\Josh\AppData\Local\keyfile3.drm
2011-09-06 21:06 - 2011-09-06 21:04 - 0027136 ____A C:\Users\Josh\My Documents\7015 Lindsley damage list.doc
2011-09-06 21:06 - 2011-09-06 21:04 - 0027136 ____A C:\Users\Josh\Documents\7015 Lindsley damage list.doc
2011-09-05 10:51 - 2011-08-29 15:29 - 0027136 ____A C:\Users\Josh\My Documents\PHARM correlate #1.doc
2011-09-05 10:51 - 2011-08-29 15:29 - 0027136 ____A C:\Users\Josh\Documents\PHARM correlate #1.doc
2011-08-29 14:13 - 2011-02-18 16:09 - 0000000 ____D C:\Users\Josh\Local Settings\SoftThinks
2011-08-29 14:13 - 2011-02-18 16:09 - 0000000 ____D C:\Users\Josh\Local Settings\Application Data\SoftThinks
2011-08-29 14:13 - 2011-02-18 16:09 - 0000000 ____D C:\Users\Josh\AppData\Local\SoftThinks
2011-08-29 14:12 - 2010-11-18 16:04 - 3061202944 __ASH C:\hiberfil.sys
2011-08-25 20:24 - 2011-08-25 14:08 - 0024064 ____A C:\Users\Josh\My Documents\BDay List.doc
2011-08-25 20:24 - 2011-08-25 14:08 - 0024064 ____A C:\Users\Josh\Documents\BDay List.doc
2011-08-25 10:30 - 2011-08-19 10:33 - 0019456 ____A C:\Users\Josh\My Documents\Fantasy Football.xls
2011-08-25 10:30 - 2011-08-19 10:33 - 0019456 ____A C:\Users\Josh\Documents\Fantasy Football.xls
2011-08-25 07:54 - 2011-04-05 18:43 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-08-25 07:54 - 2009-07-14 00:10 - 1438662 ____A C:\Windows\WindowsUpdate.log
2011-08-24 21:10 - 2011-04-05 18:44 - 0000000 ____D C:\Users\Josh\Application Data\Skype
2011-08-24 21:10 - 2011-04-05 18:44 - 0000000 ____D C:\Users\Josh\AppData\Roaming\Skype
2011-08-24 17:01 - 2011-05-24 16:53 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2011-08-24 16:52 - 2011-04-05 18:43 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-08-24 16:50 - 2009-07-14 00:13 - 0727246 ____A C:\Windows\System32\PerfStringBackup.INI
2011-08-23 21:46 - 2009-07-13 23:51 - 0034248 ____A C:\Windows\setupact.log
2011-08-22 18:43 - 2009-07-13 21:34 - 0000824 ____A C:\Windows\System32\Drivers\etc\hosts
2011-08-22 15:15 - 2011-08-22 06:17 - 0000000 ____D C:\Users\Josh\Application Data\Google
2011-08-22 15:15 - 2011-08-22 06:17 - 0000000 ____D C:\Users\Josh\AppData\Roaming\Google
2011-08-22 06:17 - 2011-04-05 18:43 - 0000000 ____D C:\Users\Josh\Local Settings\Google
2011-08-22 06:17 - 2011-04-05 18:43 - 0000000 ____D C:\Users\Josh\Local Settings\Application Data\Google
2011-08-22 06:17 - 2011-04-05 18:43 - 0000000 ____D C:\Users\Josh\AppData\Local\Google
2011-08-21 18:37 - 2011-08-21 18:36 - 0000000 ____D C:\Users\All Users\Google
2011-08-21 18:37 - 2011-08-21 18:36 - 0000000 ____D C:\Users\All Users\Application Data\Google
2011-08-21 18:37 - 2011-08-21 18:36 - 0000000 ____D C:\ProgramData\Google
2011-08-21 18:36 - 2011-08-21 18:36 - 0000000 ____D C:\Program Files\Google
2011-08-21 18:36 - 2011-04-05 18:43 - 0000000 ___RD C:\Program Files (x86)\Skype
2011-08-21 18:36 - 2011-04-05 18:43 - 0000000 ____D C:\Program Files (x86)\Google
2011-08-21 18:35 - 2011-04-05 18:43 - 0000000 ____D C:\Users\All Users\Skype
2011-08-21 18:35 - 2011-04-05 18:43 - 0000000 ____D C:\Users\All Users\Application Data\Skype
2011-08-21 18:35 - 2011-04-05 18:43 - 0000000 ____D C:\ProgramData\Skype
2011-08-21 17:40 - 2011-04-05 18:45 - 0000000 ____D C:\Users\Josh\Application Data\skypePM
2011-08-21 17:40 - 2011-04-05 18:45 - 0000000 ____D C:\Users\Josh\AppData\Roaming\skypePM
2011-08-21 16:54 - 2011-08-19 10:50 - 0015872 ____A C:\Users\Josh\My Documents\fantasy football 4.xls
2011-08-21 16:54 - 2011-08-19 10:50 - 0015872 ____A C:\Users\Josh\Documents\fantasy football 4.xls
2011-08-21 09:56 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-08-21 09:56 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-08-19 11:21 - 2011-08-19 10:50 - 0017408 ____A C:\Users\Josh\My Documents\fantasy football 2.xls
2011-08-19 11:21 - 2011-08-19 10:50 - 0017408 ____A C:\Users\Josh\Documents\fantasy football 2.xls
2011-08-19 11:21 - 2011-08-19 10:50 - 0016896 ____A C:\Users\Josh\My Documents\fantasy football 3.xls
2011-08-19 11:21 - 2011-08-19 10:50 - 0016896 ____A C:\Users\Josh\Documents\fantasy football 3.xls
2011-08-19 10:50 - 2011-08-19 10:50 - 0013824 ____A C:\Users\Josh\My Documents\budget.xls
2011-08-19 10:50 - 2011-08-19 10:50 - 0013824 ____A C:\Users\Josh\Documents\budget.xls
2011-08-19 10:27 - 2011-08-18 10:00 - 0019968 ____A C:\Users\Josh\My Documents\Fantasy Football.doc
2011-08-19 10:27 - 2011-08-18 10:00 - 0019968 ____A C:\Users\Josh\Documents\Fantasy Football.doc
2011-08-19 08:57 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-08-19 08:53 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\NDF
2011-08-19 07:01 - 2011-02-19 22:22 - 0005478 ____A C:\IdleTrackingStream.txt
2011-08-15 20:36 - 2011-08-15 20:33 - 14999114 ____A C:\Users\Josh\Downloads\SavingCharts.wmv
2011-08-15 20:35 - 2011-08-15 20:33 - 9300632 ____A C:\Users\Josh\Downloads\UsingExam.wmv
2011-08-15 20:33 - 2011-08-15 20:32 - 6132926 ____A C:\Users\Josh\Downloads\LoggingIn.wmv
2011-08-15 20:28 - 2011-08-15 20:27 - 13685936 ____A (Mozilla) C:\Users\Josh\Downloads\Firefox Setup 5.0.1.exe
2011-08-14 08:02 - 2011-07-20 06:42 - 0000000 ____D C:\Users\Josh\Tracing
2011-08-14 07:33 - 2011-03-30 15:43 - 54065608 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-08-14 07:20 - 2011-05-24 16:53 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2011-08-08 08:09 - 2011-08-07 16:46 - 0104960 ____A C:\Users\Josh\My Documents\physio exam 3.doc
2011-08-08 08:09 - 2011-08-07 16:46 - 0104960 ____A C:\Users\Josh\Documents\physio exam 3.doc
2011-07-29 16:18 - 2011-07-29 16:18 - 0000000 ___AH C:\Users\Josh\Local Settings\BITFA4F.tmp
2011-07-29 16:18 - 2011-07-29 16:18 - 0000000 ___AH C:\Users\Josh\Local Settings\Application Data\BITFA4F.tmp
2011-07-29 16:18 - 2011-07-29 16:18 - 0000000 ___AH C:\Users\Josh\AppData\Local\BITFA4F.tmp
2011-07-29 16:18 - 2011-07-29 16:18 - 0000000 ____A C:\Users\Josh\Local Settings\Application Data\{AB76B7EB-F2EE-4950-AF02-5C91FC404420}
2011-07-29 16:18 - 2011-07-29 16:18 - 0000000 ____A C:\Users\Josh\Local Settings\{AB76B7EB-F2EE-4950-AF02-5C91FC404420}
2011-07-29 16:18 - 2011-07-29 16:18 - 0000000 ____A C:\Users\Josh\AppData\Local\{AB76B7EB-F2EE-4950-AF02-5C91FC404420}
2011-07-24 21:04 - 2011-07-24 20:16 - 23522816 ____A C:\Users\Josh\Downloads\Cranial Nerves 2011 Students.ppt
2011-07-24 17:39 - 2011-07-24 17:39 - 2454307 ____A C:\Users\Josh\Downloads\vestibular7.JPG
2011-07-24 17:39 - 2011-07-24 17:38 - 2354571 ____A C:\Users\Josh\Downloads\vestibular4.JPG
2011-07-24 17:38 - 2011-07-24 17:38 - 2399043 ____A C:\Users\Josh\Downloads\vestibular6.JPG
2011-07-24 17:37 - 2011-07-24 17:37 - 2440474 ____A C:\Users\Josh\Downloads\vestibular5.JPG
2011-07-24 17:37 - 2011-07-24 17:36 - 2226313 ____A C:\Users\Josh\Downloads\vestibular3.JPG
2011-07-24 17:36 - 2011-07-24 17:36 - 2391425 ____A C:\Users\Josh\Downloads\vestibular2.JPG
2011-07-22 02:34 - 2011-08-10 19:38 - 9322496 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-07-22 01:38 - 2011-08-10 19:38 - 5989376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-07-22 00:35 - 2011-08-10 19:38 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-07-21 23:56 - 2011-08-10 19:38 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-07-16 00:26 - 2011-08-10 19:39 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2011-07-16 00:26 - 2011-08-10 19:39 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2011-07-16 00:26 - 2011-08-10 19:39 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-07-16 00:26 - 2011-08-10 19:39 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2011-07-16 00:24 - 2011-08-10 19:39 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2011-07-16 00:21 - 2011-08-10 19:39 - 1162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2011-07-16 00:21 - 2011-08-10 19:39 - 0422400 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2011-07-16 00:17 - 2011-08-10 19:39 - 0338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2011-07-16 00:04 - 2011-08-10 19:39 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 00:04 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2011-07-15 23:36 - 2011-08-10 19:39 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2011-07-15 23:31 - 2011-08-10 19:39 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2011-07-15 23:30 - 2011-08-10 19:39 - 1048576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2011-07-15 23:30 - 2011-08-10 19:39 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2011-07-15 23:30 - 2011-08-10 19:39 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-15 23:19 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-15 21:26 - 2011-08-10 19:39 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2011-07-15 21:26 - 2011-08-10 19:39 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2011-07-15 21:21 - 2011-08-10 19:39 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-15 21:21 - 2011-08-10 19:39 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-15 21:21 - 2011-08-10 19:39 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-15 21:21 - 2011-08-10 19:39 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 03:26 - 2009-07-13 23:45 - 0401880 ____A C:\Windows\System32\FNTCACHE.DAT
2011-07-13 03:09 - 2011-07-13 03:09 - 0000206 ____A C:\Windows\System32\MRT.INI
2011-07-12 22:57 - 2011-07-04 19:08 - 0040680 ____A C:\Users\Josh\Application Data\9BAA.DF5
2011-07-12 22:57 - 2011-07-04 19:08 - 0040680 ____A C:\Users\Josh\AppData\Roaming\9BAA.DF5
2011-07-12 20:44 - 2011-04-02 08:42 - 0000000 ____D C:\Users\Josh\Local Settings\ElevatedDiagnostics
2011-07-12 20:44 - 2011-04-02 08:42 - 0000000 ____D C:\Users\Josh\Local Settings\Application Data\ElevatedDiagnostics
2011-07-12 20:44 - 2011-04-02 08:42 - 0000000 ____D C:\Users\Josh\AppData\Local\ElevatedDiagnostics
2011-07-08 21:44 - 2011-08-10 19:39 - 0287744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-06-29 22:28 - 2011-06-29 21:56 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{7f92be89-a2c4-11e0-b60c-f04da2571871}.TMContainer00000000000000000002.regtrans-ms
2011-06-29 21:54 - 2011-06-29 21:54 - 1048576 __ASH C:\Windows\System32\config\COMPONENTS{33e73a61-f34c-11df-8024-f04da2571871}.TxR.2.regtrans-ms
2011-06-29 21:54 - 2011-06-29 21:54 - 1048576 __ASH C:\Windows\System32\config\COMPONENTS{33e73a61-f34c-11df-8024-f04da2571871}.TxR.1.regtrans-ms
2011-06-29 21:54 - 2011-06-29 21:54 - 1048576 __ASH C:\Windows\System32\config\COMPONENTS{33e73a61-f34c-11df-8024-f04da2571871}.TxR.0.regtrans-ms
2011-06-29 21:54 - 2011-06-29 21:54 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{33e73a61-f34c-11df-8024-f04da2571871}.TxR.blf
2011-06-29 05:33 - 2010-11-18 14:46 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{33e73a62-f34c-11df-8024-f04da2571871}.TMContainer00000000000000000002.regtrans-ms
2011-06-29 05:33 - 2010-11-18 14:46 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{33e73a62-f34c-11df-8024-f04da2571871}.TM.blf
2011-06-23 00:31 - 2011-08-10 19:37 - 5474688 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-06-22 23:32 - 2011-08-10 19:37 - 3967872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-06-22 23:32 - 2011-08-10 19:37 - 3911552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2011-06-22 11:57 - 2011-06-22 11:53 - 0025088 ____A C:\Users\Josh\My Documents\parking ticket appeal.doc
2011-06-22 11:57 - 2011-06-22 11:53 - 0025088 ____A C:\Users\Josh\Documents\parking ticket appeal.doc
2011-06-21 08:10 - 2010-11-18 14:24 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-06-21 08:09 - 2010-11-18 14:46 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{33e73a62-f34c-11df-8024-f04da2571871}.TMContainer00000000000000000001.regtrans-ms
2011-06-21 01:27 - 2011-08-10 19:39 - 1896832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-06-21 01:20 - 2011-08-10 19:38 - 1499648 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-06-21 01:20 - 2011-08-10 19:38 - 1197056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-06-21 01:20 - 2011-08-10 19:38 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-06-21 01:20 - 2011-08-10 19:38 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-06-21 01:20 - 2011-08-10 19:38 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-06-21 01:20 - 2011-08-10 19:38 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-06-21 01:20 - 2011-08-10 19:38 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-06-21 01:20 - 2011-08-10 19:38 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-06-21 01:19 - 2011-08-10 19:38 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-06-21 01:19 - 2011-08-10 19:38 - 12371456 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-06-21 01:19 - 2011-08-10 19:38 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-06-21 01:19 - 2011-08-10 19:38 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-06-21 01:19 - 2011-08-10 19:38 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-06-21 01:19 - 2011-08-10 19:38 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-06-21 01:17 - 2011-08-10 19:38 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-06-21 00:36 - 2011-08-10 19:38 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-06-21 00:36 - 2011-08-10 19:38 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-06-21 00:36 - 2011-08-10 19:38 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-06-21 00:35 - 2011-08-10 19:38 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-06-21 00:35 - 2011-08-10 19:38 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-06-21 00:35 - 2011-08-10 19:38 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-06-21 00:35 - 2011-08-10 19:38 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-06-21 00:35 - 2011-08-10 19:38 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-06-21 00:34 - 2011-08-10 19:38 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-06-21 00:34 - 2011-08-10 19:38 - 10989568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-06-21 00:34 - 2011-08-10 19:38 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-06-21 00:34 - 2011-08-10 19:38 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-06-21 00:34 - 2011-08-10 19:38 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-06-21 00:34 - 2011-08-10 19:38 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-06-21 00:32 - 2011-08-10 19:38 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-06-21 00:05 - 2011-08-10 19:38 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-06-20 23:26 - 2011-08-10 19:38 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-06-16 00:31 - 2011-08-10 19:39 - 0199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2011-06-15 23:35 - 2011-08-10 19:39 - 0180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2011-06-15 04:58 - 2011-08-10 19:39 - 0212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2011-06-15 04:58 - 2011-08-10 19:39 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2011-06-15 04:58 - 2011-08-10 19:39 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2011-06-15 04:58 - 2011-08-10 19:39 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2011-06-15 04:04 - 2011-08-10 19:39 - 0319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2011-06-15 04:04 - 2011-08-10 19:39 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2011-06-15 04:04 - 2011-08-10 19:39 - 0122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2011-06-15 04:04 - 2011-08-10 19:39 - 0086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2011-06-15 04:04 - 2011-08-10 19:39 - 0081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3892.51 MB
Available physical RAM: 3326.68 MB
Total Pagefile: 3890.66 MB
Available Pagefile: 3312.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Dri

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:25 PM

Posted 09 September 2011 - 04:15 PM

Hi kes77kfc,

Welcome to Bleeping Computer. I'll be assisting you.

======================= Partitions =========================

1 Dri

The log is not complete. Please post this part of the log to the end please.

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:25 PM

Posted 10 September 2011 - 05:14 PM

Just to let you know, as I already let you know via PM, I'm not available from Monday. So if you need my assistance you need to post your reply.

#4 kes77kfc

kes77kfc
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 12 September 2011 - 08:35 PM

I'm so sorry, this computer thing happened at the worst time, I was out of town all weekend and just now catching up on things to do. I know you are no longer available but I will go a head and complete the log now and you can get to it whenever you return. So sorry for being out of touch, I really do appreciate how helpful you have been.



======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:373.15 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.53 GB) NTFS
4 Drive f: () (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==========================================================

Last Boot: 2011-08-16 08:46

======================= End Of Log ==========================

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:25 PM

Posted 15 September 2011 - 11:42 AM

No worries and thanks for waiting.:)

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2011-09-08 21:24 - 2011-09-08 21:24 - 0000000 ____D C:\Users\All Users\hJ21101MhNoI21101
2011-09-08 21:24 - 2011-09-08 21:24 - 0000000 ____D C:\Users\All Users\Application Data\hJ21101MhNoI21101
2011-09-08 21:24 - 2011-09-08 21:24 - 0000000 ____D C:\ProgramData\hJ21101MhNoI21101
cmd: bootrec /FixMbr
Control: 
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart the computer, let it boot normally and tell me how it went.

#6 kes77kfc

kes77kfc
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 17 September 2011 - 11:00 PM

so far so good, I cant thank you enough, interestingly the fix log says file not found, but it restarted normally. here is the log

Fix result of Farbars's Recovery Tool (FRST written by farbar version 2.2.1)
Ran by SYSTEM at 2011-09-18 00:39:37 R:1
Running from E:\

==============================================

C:\Users\All Users\hJ21101MhNoI21101 not found.
C:\Users\All Users\Application Data\hJ21101MhNoI21101 not found.
C:\ProgramData\hJ21101MhNoI21101 not found.

========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


=========== Control: ===========

The operation completed successfully.

==== End of Control: ====

==== End of Fixlog ====

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:25 PM

Posted 18 September 2011 - 07:46 AM

Great. :thumbup2:

It was a case of MBR infection and that is taken care of. Let's check for other things.

Please download Malwarebytes' Anti-Malware from one of these locations:
malwarebytes.org
majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:25 PM

Posted 25 September 2011 - 03:33 PM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you. If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users