Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

In Need of FRST64 Script to get a Zero access victim in BSOD error 0x7B Booting


  • This topic is locked This topic is locked
2 replies to this topic

#1 dott

dott

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 03 November 2012 - 10:24 PM

I have a computer that shutdown on me and upon restarting it gave me the BSOD with stop code 0x0000007B. I followed a thread on this forum that sounded like the same issue I had that was fixed with the FRST64.exe tool. Can someone look at the log and provide a fixlist script I need for this system?

Thanks in advance!

[de]Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012
Ran by SYSTEM at 03-11-2012 22:27:22
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [626552 2012-03-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-06] (IDT, Inc.)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7078424 2012-05-08] (Dell Inc.)
HKLM\...\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [1694016 2012-02-29] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless [4756240 2012-03-29] (Intel® Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [112408 2011-09-21] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [NcpBudgetGui] "C:\Program Files (x86)\NCP\SecureClient\NcpBudgetGui.exe" -start [976384 2011-12-02] (NCP engineering GmbH)
HKLM-x32\...\Run: [NcpPopup] "C:\Program Files (x86)\NCP\SecureClient\ncppopup.exe" noerrmsg [1007184 2011-11-07] (NCP engineering GmbH)
HKLM-x32\...\Run: [NcpRsuGui] "C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe" -gui [883792 2011-08-22] (NCP engineering GmbH)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Daniel\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (No File)
Startup: C:\Users\Classic .NET AppPool\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Daniel\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\DefaultAppPool\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Dev_onIIS\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)

==================== Services (Whitelisted) ===================

3 AltosHL7_GFO; "C:\Users\Daniel\Documents\Visual Studio 2010\Projects\HL7\bin\Debug\AltosHL7_GFO.exe" [75264 2012-04-30] ()
3 AltosHL7_S2O; "C:\altos\bin\AltosHL7_S2O.exe" [89600 2012-04-20] ()
3 ANTS Memory Profiler 7 Service; "C:\Program Files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe" [143288 2012-07-18] (Red Gate Software Ltd.)
3 ANTS Performance Profiler 7 Service; "C:\Program Files\Red Gate\ANTS Performance Profiler 7\RedGate.Profiler.IISService.exe" [194512 2012-07-18] (Red Gate Software Ltd.)
2 DFEPService; "C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe" [2279960 2012-05-08] (Dell Inc.)
3 fussvc; "C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe" [139776 2012-07-25] (Microsoft Corporation)
2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
2 MsDtsServer100; "C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe" [220112 2012-08-23] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [58389968 2012-08-23] (Microsoft Corporation)
2 ncpclcfg; C:\Program Files (x86)\NCP\SecureClient\ncpclcfg.exe [139344 2011-07-27] (NCP engineering GmbH)
2 ncprwsnt; C:\Program Files (x86)\NCP\SecureClient\ncprwsnt.exe [1592912 2012-01-09] (NCP Engineering GmbH)
2 NcpSec; C:\Program Files (x86)\NCP\SecureClient\NCPSEC.EXE [119808 2011-04-21] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
2 ReportServer; "C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [2084712 2011-09-22] (Microsoft Corporation)
2 rwsrsu; C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe [883792 2011-08-22] (NCP engineering GmbH)
3 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER [440784 2012-08-23] (Microsoft Corporation)
2 tcsd_win32.exe; "C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1633280 2011-02-17] ()
3 Te.Service; "C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe" [126976 2012-07-25] (Microsoft Corporation)
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)
2 ZeroConfigService; "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" [2669840 2012-03-29] (Intel® Corporation)
3 MSSQLFDLauncher; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10.MSSQLSERVER [x]
2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Config" [x]

==================== Drivers (Whitelisted) =====================

3 HBtnKey; C:\Windows\System32\Drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [102416 2012-01-16] (NCP Engineering GmbH)
3 ncplelhp; C:\Windows\System32\Drivers\ncplelhp.sys [102416 2012-01-16] (NCP Engineering GmbH)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
3 PTDUBus; C:\Windows\System32\Drivers\PTDUBus.sys [70672 2009-08-12] (DEVGURU Co., LTD.)
3 PTDUMdm; C:\Windows\System32\Drivers\PTDUMdm.sys [173456 2009-08-12] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTDUVsp; C:\Windows\System32\Drivers\PTDUVsp.sys [173456 2009-08-12] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTDUWFLT; C:\Windows\System32\Drivers\PTDUWFLT.sys [12688 2009-08-12] (DEVGURU Co., LTD.)
3 PTDUWWAN; C:\Windows\System32\Drivers\PTDUWWAN.sys [141840 2009-08-12] (DEVGURU Co., LTD.)
3 SMSIVZAM5X64; \??\C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [43032 2009-05-25] (Smith Micro Inc.)
3 VSPerfDrv110; \??\C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [x]
3 btwavdt; C:\Windows\System32\DRIVERS\btwavdt.sys [x]
3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [x]
3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [x]
0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-02 04:49 - 2012-11-02 17:18 - 00000000 ____D C:\Program Files (x86)\Real
2012-11-02 04:49 - 2012-11-02 04:50 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Real
2012-11-02 04:47 - 2012-11-02 04:50 - 00000000 ____D C:\Users\All Users\Real
2012-11-02 04:22 - 2012-11-02 04:22 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B9953E77-B1E2-49B1-A22F-8206A5EDFC3F}
2012-11-01 04:06 - 2012-11-01 04:06 - 00000000 ____D C:\Users\Daniel\AppData\Local\{E5A2EA23-332A-4513-BE98-77D9B141A0A9}
2012-10-31 06:45 - 2012-10-31 06:45 - 00000000 ____D C:\Users\Daniel\AppData\Local\{6A9A72FE-D9B6-42D0-A954-6BBC360EC80F}
2012-10-28 06:15 - 2012-10-28 06:15 - 00000000 ____D C:\Users\Daniel\AppData\Local\{E90C69FA-9F58-45B0-8357-E3F207E6A193}
2012-10-27 13:02 - 2012-10-27 13:02 - 00000000 ____D C:\Users\Daniel\AppData\Local\{C4F67BE0-2518-4696-ACA4-417871C095D5}
2012-10-26 05:04 - 2012-10-26 05:04 - 00000000 ____D C:\Users\Daniel\AppData\Local\{2390A1BB-8024-4AC2-A6F9-110D5A718CD8}
2012-10-24 15:42 - 2012-10-24 15:42 - 00000000 ____D C:\Users\Daniel\AppData\Local\{45599C3F-196D-4DB6-924B-7D809E3B713B}
2012-10-24 03:41 - 2012-10-24 03:42 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B34E3787-DE8F-4A44-A89E-A681BE6E2DEC}
2012-10-23 15:11 - 2012-10-23 15:11 - 00000000 ____D C:\Users\Daniel\AppData\Local\{BAAD1AE3-6C58-4D13-BF0F-4054F4707C35}
2012-10-23 03:11 - 2012-10-23 03:11 - 00000000 ____D C:\Users\Daniel\AppData\Local\{612694E7-746E-417D-852C-66B8EAA094F7}
2012-10-22 04:29 - 2012-10-22 04:30 - 00000000 ____D C:\Users\Daniel\AppData\Local\{92FAF0F3-5EC2-4D94-AA19-D21DF305CAB5}
2012-10-18 12:19 - 2012-10-18 12:19 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
2012-10-18 12:19 - 2012-09-24 19:16 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-10-18 12:19 - 2012-09-24 19:08 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-10-18 12:19 - 2012-09-24 19:07 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-10-12 08:21 - 2012-11-02 23:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-10 03:50 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 03:50 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-10 03:50 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-10 03:50 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-10 03:50 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-10 03:50 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-10 03:50 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 03:50 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-10 03:50 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-10 03:50 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-10 03:50 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-10 03:50 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-10 03:50 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-10 03:50 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-10 03:50 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-10 03:50 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-10 03:50 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-10 03:50 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-10 03:50 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-10 03:50 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-10 03:50 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-10 03:50 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-10 03:50 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 03:50 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-10 03:50 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-10 03:50 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-10 03:50 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 03:50 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 03:50 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-10 03:50 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-10 03:50 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-10 03:50 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll


==================== 3 Months Modified Files ==================

2012-11-02 07:27 - 2012-03-06 07:20 - 00002054 ___AH C:\Users\Daniel\Documents\Default.rdp
2012-10-29 05:05 - 2012-02-16 15:53 - 01781754 ____A C:\Windows\WindowsUpdate.log
2012-10-25 09:12 - 2009-07-13 20:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-25 09:12 - 2009-07-13 20:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-25 09:09 - 2009-07-13 21:13 - 01037642 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-25 09:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-25 09:04 - 2009-07-13 20:51 - 00068491 ____A C:\Windows\setupact.log
2012-10-18 12:19 - 2012-10-18 12:19 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
2012-10-10 04:11 - 2012-02-23 16:40 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-09 13:31 - 2012-04-17 13:15 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-09 13:31 - 2012-02-16 14:03 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-01 23:02 - 2012-02-26 07:58 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-25 04:52 - 2012-09-25 04:52 - 00000448 _RASH C:\Users\All Users\ntuser.pol
2012-09-24 19:16 - 2012-10-18 12:19 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-24 19:08 - 2012-10-18 12:19 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-24 19:07 - 2012-10-18 12:19 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-19 16:16 - 2012-02-24 06:20 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2012-09-19 16:16 - 2012-02-16 14:17 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-09-19 07:57 - 2012-09-19 07:57 - 00015443 ____A C:\Users\Daniel\Downloads\invite.ics
2012-09-15 08:42 - 2009-07-13 20:45 - 00267992 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-14 11:19 - 2012-10-10 03:50 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-10 03:50 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-10 04:58 - 2012-02-23 16:01 - 00058768 ____A C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-10 04:52 - 2012-02-25 15:07 - 00058768 ____A C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-10 04:52 - 2012-02-25 15:07 - 00058768 ____A C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-10 04:33 - 2010-11-20 19:47 - 00412648 ____A C:\Windows\PFRO.log
2012-09-09 10:06 - 2011-02-10 06:54 - 01033692 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-05 05:04 - 2012-09-05 05:04 - 00003373 ____A C:\WirelessDiagLog.csv
2012-08-31 10:19 - 2012-10-10 03:50 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-31 05:03 - 2012-03-06 14:38 - 00007629 ____A C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
2012-08-31 04:30 - 2009-07-13 21:08 - 00024378 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-30 18:03 - 2012-08-30 18:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 18:03 - 2011-04-27 12:25 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-30 15:34 - 2012-02-16 14:21 - 00046062 ____A C:\Windows\DPINST.LOG
2012-08-30 15:29 - 2012-08-30 15:29 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_cvusbdrv_01009.Wdf
2012-08-30 10:03 - 2012-10-10 03:50 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:12 - 2012-10-10 03:50 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:12 - 2012-10-10 03:50 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-28 08:22 - 2012-05-21 15:39 - 00033280 __ASH C:\Users\Daniel\Thumbs.db
2012-08-24 10:05 - 2012-10-10 03:50 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 08:57 - 2012-10-10 03:50 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 03:15 - 2012-09-24 23:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-09-24 23:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-09-24 23:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-24 23:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-24 23:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-09-24 23:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-09-24 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-24 23:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-24 23:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-24 23:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-24 23:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-24 23:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-24 23:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-24 23:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-24 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-24 23:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-24 23:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-24 23:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-24 23:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-24 23:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-24 23:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-24 23:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-24 23:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-24 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-24 23:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-24 23:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-24 23:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-24 23:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-24 23:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-09-24 23:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-09-24 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-24 23:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-23 11:36 - 2012-02-25 09:20 - 00001275 ____A C:\Windows\System32\Drivers\etc\hosts - vpn - for dist
2012-08-22 10:12 - 2012-09-15 09:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-15 09:11 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-15 09:11 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-15 09:11 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 13:01 - 2012-09-26 04:51 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-20 10:48 - 2012-10-10 03:50 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 10:48 - 2012-10-10 03:50 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 10:48 - 2012-10-10 03:50 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 10:48 - 2012-10-10 03:50 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 10:48 - 2012-10-10 03:50 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 10:48 - 2012-10-10 03:50 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 10:48 - 2012-10-10 03:50 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 10:46 - 2012-10-10 03:50 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 10:38 - 2012-10-10 03:50 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 10:38 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 09:40 - 2012-10-10 03:50 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 09:38 - 2012-10-10 03:50 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 09:37 - 2012-10-10 03:50 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 09:37 - 2012-10-10 03:50 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 09:37 - 2012-10-10 03:50 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 09:32 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 07:38 - 2012-10-10 03:50 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 07:38 - 2012-10-10 03:50 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 07:33 - 2012-10-10 03:50 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 07:33 - 2012-10-10 03:50 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 07:33 - 2012-10-10 03:50 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 07:33 - 2012-10-10 03:50 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-10 16:56 - 2012-10-10 03:50 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:56 - 2012-10-10 03:50 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-18 04:30:41
Restore point made on: 2012-10-18 12:18:46
Restore point made on: 2012-10-22 04:06:42
Restore point made on: 2012-10-25 09:16:29
Restore point made on: 2012-10-29 05:05:31
Restore point made on: 2012-11-02 04:33:29

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8148.9 MB
Available physical RAM: 7255.25 MB
Total Pagefile: 8147.1 MB
Available Pagefile: 7274.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:697.86 GB) (Free:595.48 GB) NTFS
2 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.17 GB) (Free:0 GB) UDF
3 Drive f: () (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 1024 KB
Disk 1 Online 983 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 752 MB 40 MB
Partition 3 Primary 697 GB 792 MB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 752 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 697 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 982 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 982 MB Healthy

=========================================================

Last Boot: 2012-10-26 08:55

==================== End Of Log =============================[/code]

Edited by gringo_pr, 04 November 2012 - 04:58 AM.


BC AdBot (Login to Remove)

 


#2 dott

dott
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 05 November 2012 - 12:32 PM

I ended up doing a restore from a system image that fixed me up. Thanks anyway!

#3 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:07 AM

Posted 07 November 2012 - 03:55 AM

Welcome to BleepingComputer :)

Thanks for letting us know about your resolved issue.

__


This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Everyone else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users