goodlajd
2010-11-03, 23:52
Hi,
I have just been asked tonight to try and repair a friend's laptop that won't boot into normal Windows (Vista 32-bit) due to a BSOD 0x0000008E code. Before this she says it had a popup from Antivirus2010 and the internet re-directed to some other websites - I wasn't there when this happened. I have had a quick look and I can boot into Safe Mode only (with networking). I have tried running Malwarebytes Anti-malware, Spybot, and Panda Total Scan online scanner. There seems to be no Java installed. Spybot keeps finding fakebill.courtcologne and it says it's removed once I click "Fix", but when I reboot and re-scan it's still there. I'm not sure what my friend has done already to try and fix their laptop before they gave it to me, but I have never come across anything like this before. Also, when I make any changes in Safe Mode, when I reboot, none of the changes have been saved. I have run DDS (I can only run it in Safe Mode) and have attached the necessary file and log. I hope somebody will be able to help me.
Thanks in advance.
DDS (Ver_10-11-03.01) - NTFSx86 NETWORK
Run by Louise at 22:35:52.74 on 03/11/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.2038.1618 [GMT 0:00]
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Louise\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page =
uStart Page = hxxp://www.google.co.uk/
uSearch Bar =
uWindow Title = Internet Explorer provided by Dell
mSearch Page = ${URL_SEARCHPAGE}
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [<NO NAME>]
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
============= SERVICES / DRIVERS ===============
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-12 243024]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-12 216400]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-12 29584]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-21 308136]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-3-11 517448]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-15 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
=============== Created Last 30 ================
2010-11-03 23:44:58 -------- d-----w- C:\found.002
2010-11-03 21:31:32 -------- d-----w- C:\Rustbfix
2010-11-03 20:02:11 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-11-03 20:02:10 -------- d-----w- c:\program files\Panda Security
2010-11-03 19:25:26 -------- d-----w- c:\program files\ESET
2010-11-03 19:25:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-03 19:25:25 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-11-03 19:17:08 -------- d-----w- c:\users\louise\appdata\local\temp
2010-11-03 19:16:26 -------- d-sh--w- C:\$RECYCLE.BIN
2010-11-03 18:59:03 155648 ----a-w- c:\windows\system32\igfxres.dll
2010-11-03 13:56:17 -------- d-----w- c:\users\louise\tdsskiller
2010-11-03 13:55:40 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2010-11-03 10:00:54 -------- d-----w- c:\windows\pss
2010-11-02 23:56:44 98816 ----a-w- c:\windows\sed.exe
2010-11-02 23:56:44 88064 ----a-w- c:\windows\MBR.exe
2010-11-02 23:56:44 256512 ----a-w- c:\windows\PEV.exe
2010-11-02 23:56:44 161792 ----a-w- c:\windows\SWREG.exe
2010-11-02 20:31:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-02 20:31:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-02 20:31:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-01 08:57:25 -------- d-----w- c:\users\louise\appdata\roaming\Okifmo
2010-11-01 08:57:25 -------- d-----w- c:\users\louise\appdata\roaming\Niyz
2010-10-14 02:07:07 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-14 02:02:21 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 18:39:13 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 18:39:13 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 18:38:04 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 18:37:08 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-13 18:37:06 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 18:35:58 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 18:35:58 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 18:35:58 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 18:35:57 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-13 18:35:57 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 18:35:01 274432 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 18:34:25 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-13 18:34:25 1315840 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 18:33:15 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 18:20:43 866816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 18:19:22 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-09 20:01:46 -------- d-----w- c:\progra~2\FileCure
==================== Find3M ====================
2010-10-24 18:44:58 258827216 ----a-w- c:\windows\DUMP6d14.tmp
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-17 13:32:33 126464 ----a-w- c:\windows\system32\spoolsv.exe
============= FINISH: 22:37:44.06 ===============
I have just been asked tonight to try and repair a friend's laptop that won't boot into normal Windows (Vista 32-bit) due to a BSOD 0x0000008E code. Before this she says it had a popup from Antivirus2010 and the internet re-directed to some other websites - I wasn't there when this happened. I have had a quick look and I can boot into Safe Mode only (with networking). I have tried running Malwarebytes Anti-malware, Spybot, and Panda Total Scan online scanner. There seems to be no Java installed. Spybot keeps finding fakebill.courtcologne and it says it's removed once I click "Fix", but when I reboot and re-scan it's still there. I'm not sure what my friend has done already to try and fix their laptop before they gave it to me, but I have never come across anything like this before. Also, when I make any changes in Safe Mode, when I reboot, none of the changes have been saved. I have run DDS (I can only run it in Safe Mode) and have attached the necessary file and log. I hope somebody will be able to help me.
Thanks in advance.
DDS (Ver_10-11-03.01) - NTFSx86 NETWORK
Run by Louise at 22:35:52.74 on 03/11/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.2038.1618 [GMT 0:00]
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Louise\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page =
uStart Page = hxxp://www.google.co.uk/
uSearch Bar =
uWindow Title = Internet Explorer provided by Dell
mSearch Page = ${URL_SEARCHPAGE}
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [<NO NAME>]
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
============= SERVICES / DRIVERS ===============
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-12 243024]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-12 216400]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-12 29584]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-21 308136]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-3-11 517448]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-15 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
=============== Created Last 30 ================
2010-11-03 23:44:58 -------- d-----w- C:\found.002
2010-11-03 21:31:32 -------- d-----w- C:\Rustbfix
2010-11-03 20:02:11 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-11-03 20:02:10 -------- d-----w- c:\program files\Panda Security
2010-11-03 19:25:26 -------- d-----w- c:\program files\ESET
2010-11-03 19:25:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-03 19:25:25 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-11-03 19:17:08 -------- d-----w- c:\users\louise\appdata\local\temp
2010-11-03 19:16:26 -------- d-sh--w- C:\$RECYCLE.BIN
2010-11-03 18:59:03 155648 ----a-w- c:\windows\system32\igfxres.dll
2010-11-03 13:56:17 -------- d-----w- c:\users\louise\tdsskiller
2010-11-03 13:55:40 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2010-11-03 10:00:54 -------- d-----w- c:\windows\pss
2010-11-02 23:56:44 98816 ----a-w- c:\windows\sed.exe
2010-11-02 23:56:44 88064 ----a-w- c:\windows\MBR.exe
2010-11-02 23:56:44 256512 ----a-w- c:\windows\PEV.exe
2010-11-02 23:56:44 161792 ----a-w- c:\windows\SWREG.exe
2010-11-02 20:31:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-02 20:31:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-02 20:31:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-01 08:57:25 -------- d-----w- c:\users\louise\appdata\roaming\Okifmo
2010-11-01 08:57:25 -------- d-----w- c:\users\louise\appdata\roaming\Niyz
2010-10-14 02:07:07 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-14 02:02:21 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 18:39:13 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 18:39:13 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 18:38:04 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 18:37:08 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-13 18:37:06 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 18:35:58 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 18:35:58 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 18:35:58 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 18:35:57 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-13 18:35:57 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 18:35:01 274432 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 18:34:25 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-13 18:34:25 1315840 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 18:33:15 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 18:20:43 866816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 18:19:22 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-09 20:01:46 -------- d-----w- c:\progra~2\FileCure
==================== Find3M ====================
2010-10-24 18:44:58 258827216 ----a-w- c:\windows\DUMP6d14.tmp
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-17 13:32:33 126464 ----a-w- c:\windows\system32\spoolsv.exe
============= FINISH: 22:37:44.06 ===============