my log posts arent showing. is this standard??

March 7, 2013 at 16:27:43
Specs: Windows 7 7600 build, 2.5 gig

THIS WAS REQUESTED. DONT WANT THEM TO THINK I AM RUDE/

I AM TRYING SANDBOXIE..ALONG WITH SPYBOT in browser.SO WHEN BUTTONS DONT WORK...ALONG WITH MASSIVE COMPUTER ISSUES...MAN, ITS (sorry for caps)...
Man, its getting frustrating.

This is my first trip to this site

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 03/07/2013 03:27:04 AM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 116140 files processed.

Processing the E:\ drive
Finished processing the E:\ drive. 77 files processed.

The C:\Users\ADMINI~1.000\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowMyMusic was set to 0! It was set back to 1!
* Start_TrackDocs was set to 0! It was set back to 1!

Program finished at: 03/07/2013 03:34:24 AM
Execution time: 0 hours(s), 7 minute(s), and 19 seconds(s)


See More: my log posts arent showing. is this standard??

Report •


#1
March 7, 2013 at 17:08:40

While I have the opportunity to have the input from some guys who know what they are doing, may I post a DDS log...just in case it gives some insight into the underlying issue?

Even certificates have been an issue. One person at a certificate seller (one of main ones...forget name at present) said that a cert giving full access {every box checked from secure server to code signing to hardware..Ive seen these... on FB PICTURES of all things ) can be triggered by one exe or DLL and loaded. I found a bogus MS hardware cert (expired 8 yrs ago or was fradulent) 7 wks ago in a Win..maybe Win 32 folder. I deleted it and the machine went BONKERS. Someone is getting in...I just dont know HOW.Its not through traditional methods..Ive spent too much time examining this. Its very clever, sophisticated, happened now 6 times (full wipe of drive) and happens IN ORDER...every time. That tells me its the same person, using the same technique.

Thanks for reading...I need the help badly. I'm being put out of business !

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by Administrator at 18:40:07 on 2013-03-07
#Option Extended Search is enabled.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Soft4Ever\looknstop\LnsSvcVista.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\tcpsvcs.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Users\Administrator.000\Desktop\TCPView\Tcpview.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Windows\System32\NOTEPAD.EXE
C:\Windows\System32\NOTEPAD.EXE
C:\Windows\System32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = about:blank
BHO: AutorunsDisabled - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\pandasecuritytb\pandasecurityDx.dll
TB: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\pandasecuritytb\pandasecurityDx.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [HijackThis startup scan] c:\users\administrator.000\downloads\HijackThis.exe /startupscan
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [Panda Security URL Filtering] "c:\programdata\panda security url filtering\Panda_URL_Filtering.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Look 'n' Stop] "c:\program files\soft4ever\looknstop\looknstop.exe" -auto
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.14.1 71.22.6.12 64.13.115.12
TCP: Interfaces\{7B3BC00F-54FE-4C67-9B73-9C43039E4F2E} : DHCPNameServer = 192.168.14.1 71.22.6.12 64.13.115.12
TCP: Interfaces\{9C19A051-FCFF-4DF9-9D81-219B915A6F19}\16474777966696 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{9C19A051-FCFF-4DF9-9D81-219B915A6F19}\16474777966696 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{9C19A051-FCFF-4DF9-9D81-219B915A6F19}\25572697D4F6F63756D27657563747 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{9C19A051-FCFF-4DF9-9D81-219B915A6F19}\25572697D4F6F63756D27657563747 : DHCPNameServer = 192.168.7.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: gopher - <Clsid value has no data>
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: tv - <Clsid value has no data>
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator.000\appdata\roaming\mozilla\firefox\profiles\hupxj7wx.default\
FF - prefs.js: browser.search.selectedEngine - blekko
FF - prefs.js: browser.startup.homepage - hxxp://pandasecurity.mystart.com/?source=5b97eeb3&tbp=homepage&toolbarid=pandasecuritytb&v=4_0&u=3B637DF763EBFB4BDCDC18512C20B921
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=5b97eeb3&tbp=url&toolbarid=pandasecuritytb&u=3B637DF763EBFB4BDCDC18512C20B921&q=
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
FF - ExtSQL: 2013-02-25 20:41; {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}; c:\users\administrator.000\appdata\roaming\mozilla\firefox\profiles\hupxj7wx.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
FF - ExtSQL: 2013-03-02 01:25; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2013-03-06 06:12; https-everywhere@eff.org; c:\users\administrator.000\appdata\roaming\mozilla\firefox\profiles\hupxj7wx.default\extensions\https-everywhere@eff.org
.
============= SERVICES / DRIVERS ===============
.
R? AdvancedSystemCareService;Advanced SystemCare Service
R? afw;Agnitum Firewall Driver
R? afwcore;afwcore
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? BIOSCHK;BIOSCHK
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? CXLMRDOPO;CXLMRDOPO
R? DrvAgent32;DrvAgent32
R? efavdrv;efavdrv
R? esihdrv;esihdrv
R? FOR;FOR
R? HXNHX;HXNHX
R? OADevice;OADriver
R? PORTMON;PORTMON
R? QXJDIX;QXJDIX
R? RTCore32;RTCore32
R? SDUpdateService;Spybot-S&D 2 Updating Service
R? TsUsbFlt;TsUsbFlt
R? UDT;UDT
R? usbrndis6;USB RNDIS6 Adapter
R? WatAdminSvc;Windows Activation Technologies Service
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswRvrt;aswRvrt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswVmm;aswVmm
S? avast! Antivirus;avast! Antivirus
S? lnsfw1;lnsfw1
S? lnssvcVista;Look 'n' Stop Service
S? netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit
S? SbieDrv;SbieDrv
S? SDScannerService;Spybot-S&D 2 Scanner Service
S? SDWSCService;Spybot-S&D 2 Security Center Service
.
=============== File Associations ===============
.
ShellExec: EXCEL.EXE: New="c:\program files\microsoft office\office14\EXCEL.EXE"
.
=============== Created Last 60 ================
.
2013-03-07 21:25:39 -------- d-----w- c:\users\administrator.000\appdata\local\Macromedia
2013-03-07 21:25:17 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-07 21:25:17 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-07 19:28:19 -------- d-----w- c:\program files\RightMark Memory Analyzer
2013-03-07 04:30:53 -------- d-----w- c:\programdata\DigiCert
2013-03-07 04:30:53 -------- d-----w- c:\program files\DigiCert
2013-03-07 03:57:50 -------- d-----w- c:\users\administrator.000\appdata\local\Vidalia
2013-03-07 03:55:43 -------- d-----w- c:\users\administrator.000\appdata\roaming\tor
2013-03-05 11:45:03 -------- d-----w- c:\windows\system32\catroot2
2013-03-04 21:47:05 -------- d-----w- c:\program files\Belarc
2013-03-04 11:52:22 -------- d-----w- C:\077a248479538910785897fa17ed373b
2013-03-03 12:35:42 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-03-03 12:35:28 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-03-03 11:31:08 -------- d-----r- C:\Sandbox
2013-03-03 11:29:09 -------- d-----w- c:\program files\Sandboxie
2013-03-03 09:51:56 -------- dc----w- c:\users\administrator.000\appdata\local\MigWiz
2013-03-02 22:56:51 -------- d-----w- c:\users\administrator.000\appdata\local\WindowsUpdate
2013-03-02 08:36:17 219136 ----a-w- c:\windows\system32\ncrypt.dll
2013-03-02 07:32:40 -------- d-----w- c:\users\administrator.000\appdata\local\Google
2013-03-02 07:25:37 163784 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-02 07:25:36 49320 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-02 07:17:23 -------- d-----w- c:\users\administrator.000\appdata\local\looknstop
2013-03-02 07:10:28 82176 ----a-w- c:\windows\system32\drivers\lnsfw1.sys
2013-03-02 07:10:28 59488 ----a-w- c:\windows\system32\drivers\lnsfw.sys
2013-03-02 07:10:28 36352 ----a-w- c:\windows\system32\fwapi.dll
2013-03-02 07:10:07 -------- d-----w- c:\program files\Soft4Ever
2013-03-02 05:49:27 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\ctor.dll
2013-03-02 05:49:27 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe
2013-03-02 05:49:27 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2013-03-02 05:49:27 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iscript.dll
2013-03-02 05:49:27 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iuser.dll
2013-03-02 05:49:26 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iKernel.dll
2013-03-02 05:49:23 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\setup.dll
2013-03-02 05:49:23 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iGdi.dll
2013-03-01 05:46:52 60728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-01 05:46:50 765808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-01 05:46:49 66408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-01 05:46:38 41664 ----a-w- c:\windows\avastSS.scr
2013-03-01 05:46:21 -------- d-----w- c:\program files\AVAST Software
2013-03-01 03:02:47 -------- d-----w- c:\users\administrator.000\appdata\roaming\AVG
2013-03-01 03:01:34 -------- d-----w- c:\programdata\AVG
2013-02-28 22:20:08 -------- d-----w- c:\users\administrator.000\appdata\local\Apps
2013-02-28 13:53:01 -------- d-s---r- C:\RavBin
2013-02-28 13:52:09 -------- d-----w- c:\program files\RAV
2013-02-28 13:14:23 -------- d-----w- c:\users\administrator.000\appdata\local\eSupport.com
2013-02-28 10:49:04 -------- d-----w- c:\users\administrator.000\appdata\local\Secunia PSI
2013-02-28 10:48:26 -------- d-----w- c:\program files\Secunia
2013-02-28 05:04:52 -------- d-----w- c:\program files\Rising
2013-02-27 07:34:27 -------- d-----w- c:\program files\NirSoft
2013-02-27 01:00:20 -------- d-----w- c:\users\administrator.000\appdata\roaming\OnlineArmor
2013-02-27 00:58:55 -------- d-----w- c:\program files\Online Armor
2013-02-26 19:47:44 -------- d-----w- c:\users\administrator.000\appdata\local\temp
2013-02-26 19:46:32 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-26 15:57:29 -------- d-----w- c:\windows\softwaredistribution.bak
2013-02-26 08:12:13 -------- d-----w- c:\users\administrator.000\appdata\local\ElevatedDiagnostics
2013-02-26 02:42:13 -------- d-----w- c:\users\administrator.000\appdata\local\panda4_0dn
2013-02-26 02:42:11 -------- d-----w- c:\users\administrator.000\appdata\roaming\Panda Security
2013-02-26 02:41:53 -------- d-----w- c:\programdata\Panda Security URL Filtering
2013-02-26 02:41:33 -------- d-----w- c:\program files\Toolbar Cleaner
2013-02-26 02:40:57 -------- d-----w- c:\program files\pandasecuritytb
2013-02-26 02:38:53 -------- d-----w- c:\programdata\Panda Security
2013-02-26 02:38:53 -------- d-----w- c:\program files\Panda Security
2013-02-26 02:20:20 -------- d-----w- c:\users\administrator.000\appdata\local\MFAData
2013-02-26 02:20:20 -------- d-----w- c:\users\administrator.000\appdata\local\Avg2013
2013-02-26 01:19:46 -------- d-----w- c:\users\administrator.000\appdata\local\Mozilla
2013-02-25 14:36:44 -------- d-----w- c:\users\administrator.000\appdata\roaming\SUPERAntiSpyware.com
2013-02-25 12:50:52 -------- d-----w- c:\users\administrator.000\appdata\roaming\Auslogics
2013-02-25 12:17:23 852 ----a-w- C:\temp386.bat
2013-02-25 12:17:05 1259 ----a-w- C:\temp918.bat
2013-02-24 12:59:40 -------- d-----w- c:\program files\Siber Systems
2013-02-24 12:08:32 -------- d-----w- c:\programdata\MFAData
2013-02-24 00:40:34 -------- d-----w- c:\users\administrator.000\appdata\roaming\Runscanner.net
2013-02-23 11:42:23 -------- d-----w- c:\users\administrator.000\appdata\roaming\Malwarebytes
2013-02-23 11:41:32 -------- d-----w- c:\users\administrator.000\appdata\local\Programs
2013-02-23 11:14:13 256000 ----a-w- c:\windows\PEV.exe
2013-02-22 22:38:08 -------- d-sh--w- c:\windows\Installer
2013-02-22 20:00:09 -------- d-----w- C:\TRANSFER PROCESS TO NEW INSTALL
2013-02-22 12:31:56 3829760 ----a-w- c:\windows\system32\igdumd32.dll
2013-02-22 12:31:55 5702656 ----a-w- c:\windows\system32\igfxress.dll
2013-02-22 12:31:55 4808192 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
2013-02-22 12:31:54 672792 ----a-w- c:\windows\system32\igfxcfg.exe
2013-02-22 12:31:54 199680 ----a-w- c:\windows\system32\igfxpph.dll
2013-02-22 12:31:54 173592 ----a-w- c:\windows\system32\hkcmd.exe
2013-02-22 12:31:54 150552 ----a-w- c:\windows\system32\igfxpers.exe
2013-02-22 12:31:54 141848 ----a-w- c:\windows\system32\igfxtray.exe
2013-02-21 08:08:52 -------- d-----w- c:\program files\Trend Micro
2013-02-20 06:23:30 -------- d-----w- c:\program files\Helge Klein
2013-02-19 07:07:51 -------- d-----w- c:\programdata\TinyWall
2013-02-19 07:07:51 -------- d-----w- c:\program files\TinyWall
2013-02-18 23:28:54 -------- d-----w- c:\program files\Safer Networking
2013-02-18 19:49:22 -------- d-----w- c:\program files\Auslogics
2013-02-18 12:05:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-02-16 12:04:15 -------- d-----w- c:\program files\IObit
2013-02-16 11:29:07 -------- d-----w- C:\Microsoft
2013-02-14 07:44:55 -------- d-----w- c:\program files\CCleaner
2013-02-13 04:20:46 828 ----a-w- C:\temp260.bat
2013-02-13 04:12:42 1152 ----a-w- C:\temp23.bat
2013-02-13 01:50:34 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{61b08379-a0aa-4d2c-812c-36e0b94b30c9}\mpengine.dll
2013-02-09 00:05:02 64392 ----a-w- c:\windows\system32\drivers\PROCMON23.SYS
2013-02-05 05:40:51 -------- d-----w- c:\program files\NirSoft Utilities
2013-02-05 05:33:31 -------- d-----w- c:\program files\Sysinternals Suite
2013-02-05 02:30:23 20104 ----a-w- c:\windows\system32\drivers\Dbgv.sys
2013-01-31 09:13:22 -------- d-----w- c:\program files\VideoLAN
2013-01-31 04:47:18 -------- d---a-w- c:\program files\Privacyware
2013-01-30 10:31:06 131344 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2013-01-29 10:46:28 -------- d-----w- c:\programdata\AVAST Software
2013-01-29 08:36:03 -------- d-----w- c:\program files\FreeFixer
2013-01-28 23:12:46 83096 ----a-w- c:\windows\system32\SSSensor.dll
2013-01-28 07:58:03 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2013-01-26 22:33:29 74703 ----a-w- c:\windows\system32\mfc45.dll
2013-01-26 22:33:20 -------- d-----w- c:\programdata\iolo
2013-01-26 21:32:30 -------- d-----w- c:\program files\DLLSuite
2013-01-22 21:56:38 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-22 21:54:45 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-21 03:59:11 -------- d-----w- C:\sa130d0v190
2013-01-15 05:49:22 -------- d-----w- C:\Softwrap
2013-01-15 05:49:22 -------- d-----w- C:\Fonts
2013-01-15 05:49:22 -------- d-----w- C:\Config
2013-01-14 20:11:12 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2013-01-14 02:35:47 -------- d-----w- c:\users\administrator.000\Pavark
2013-01-10 06:55:42 94208 ----a-w- c:\windows\system32\vbalIml6.ocx
2013-01-10 06:55:42 65536 ----a-w- c:\windows\system32\vbalProgBar6.ocx
2013-01-10 06:55:42 53248 ----a-w- c:\windows\system32\SSubTmr6.dll
2013-01-10 06:55:42 262144 ----a-w- c:\windows\system32\vbaListView6.ocx
2013-01-10 06:55:42 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx
2013-01-10 06:55:41 61440 ----a-w- c:\windows\system32\mkcHyperlink.ocx
2013-01-10 06:55:38 -------- d-----w- c:\program files\Registry Smoker
2013-01-10 06:20:00 89600 ----a-w- c:\windows\system32\GRID32.OCX
2013-01-10 06:20:00 205824 ----a-w- c:\windows\system32\CRESIZE5.OCX
2013-01-10 06:19:59 608448 ----a-w- c:\windows\system32\COMCTL32.OCX
2013-01-10 06:19:59 570128 ----a-w- c:\program files\common files\microsoft shared\dao\DAO350.dll
2013-01-10 06:19:59 24848 ----a-w- c:\windows\system32\MSJtEr35.dll
2013-01-10 06:19:59 143872 ----a-w- c:\windows\system32\unzip32.dll
2013-01-10 06:19:59 123664 ----a-w- c:\windows\system32\MSJInt35.dll
2013-01-10 06:19:59 115920 ----a-w- c:\windows\system32\MSINET.OCX
2013-01-07 05:15:15 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
.
==================== Find6M ====================
.
2013-02-24 23:09:39 14088 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS
2013-02-22 06:41:27 2853 ----a-w- c:\windows\_default.pif
2013-02-08 16:03:30 173832 ----a-w- c:\windows\system32\sqlitewrapper.dll
2013-01-04 02:43:35 3584 ----a-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 02:43:34 6144 ----a-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-04 02:43:34 4608 ----a-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 02:43:34 3072 ----a-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-04 02:24:29 2 --shatr- c:\windows\winstart.bat
2013-01-03 04:52:47 2853 ----a-w- c:\windows\system32\dosx.PIF
2012-12-14 04:52:00 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-12-10 09:09:21 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-12-10 09:09:21 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-12-08 08:38:37 66048 ----a-w- c:\windows\system32\icardie(2307).dll
2012-12-08 08:38:37 35840 ----a-w- c:\windows\system32\imgutil(2322).dll
2012-12-08 08:38:37 353584 ----a-w- c:\windows\system32\iedkcs32(2315).dll
2012-12-08 08:38:37 203776 ----a-w- c:\windows\system32\webcheck(2419).dll
2012-12-08 08:38:37 162304 ----a-w- c:\windows\system32\msrating(2375).dll
2012-12-08 08:38:37 161792 ----a-w- c:\windows\system32\msls31(2364).dll
2012-12-08 08:38:37 150528 ----a-w- c:\windows\system32\iexpress(2317).exe
2012-12-08 08:38:37 118784 ----a-w- c:\windows\system32\iepeers(2316).dll
2012-12-08 08:38:37 110592 ----a-w- c:\windows\system32\IEAdvpack(2314).dll
2012-12-08 08:36:01 801792 ----a-w- c:\windows\system32\FntCache.dll
2012-12-08 08:36:01 801792 ----a-w- c:\windows\system32\FntCache(2291).dll
2012-12-08 08:36:01 3181568 ----a-w- c:\windows\system32\mf.dll
2012-12-08 08:36:01 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-12-08 08:36:01 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-12-08 08:36:01 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-12-08 08:36:01 1495040 ----a-w- c:\windows\system32\ExplorerFrame(2272).dll
2012-12-08 08:36:01 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-11-20 00:06:02 505128 ----a-w- c:\windows\system32\msvcp71.dll
2012-11-20 00:06:02 353576 ----a-w- c:\windows\system32\msvcr71.dll
2012-11-08 17:29:12 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-10-18 17:57:28 2344960 ----a-w- c:\windows\system32\win32k.sys
2012-10-16 20:34:37 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-16 18:13:14 62664 ----a-w- c:\windows\system32\driverctrl.exe
2012-10-08 07:42:31 607744 ----a-w- c:\windows\system32\msfeeds(2361).dll
2012-09-28 16:32:56 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 16:32:56 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-09-25 21:55:17 78336 ----a-w- c:\windows\system32\synceng.dll
2012-09-14 18:30:38 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:30:38 2048 ----a-w- c:\windows\system32\tzres(2411).dll
.
============= FINISH: 18:41:12.13 ===============


Report •

#2
March 7, 2013 at 17:35:47

Thanks for above, I am still waiting on the Listparts results. I now know your are running a 32-bit comp.

Please download and run ListParts by Farbar (for 32-bit system):
http://download.bleepingcomputer.co...

Click on the Scan button.
The scan results will open in Notepad.
Post those contents in your next reply.



Report •

Related Solutions


Ask Question