We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Malware ? or and Ideas
debitcardmayhem
Posts: 13,421 Forumite
in Techie Stuff
Hi guys, got a problem with a friend's pc, Windows 7 Home SP1, keeps coming up with
COMCTL32.dll cannot be loaded , also MSVC90.dll. I am semi convinced that it is Malware related.
Cannot run Malwarebytes, DDS, TDSKiller. Ran RKILL see below, Ran Hitman PRO, and Kaspersky rescue, nothing found. Also ran FRST see below. Tried SFC /scannow cannot get past System Repair is Running, or WRP cannot start the repair. I am thinking that the best course is Factory Reset , but just asking for any last ideas.
Cheers DCM
Grrr cannot post logs
COMCTL32.dll cannot be loaded , also MSVC90.dll. I am semi convinced that it is Malware related.
Cannot run Malwarebytes, DDS, TDSKiller. Ran RKILL see below, Ran Hitman PRO, and Kaspersky rescue, nothing found. Also ran FRST see below. Tried SFC /scannow cannot get past System Repair is Running, or WRP cannot start the repair. I am thinking that the best course is Factory Reset , but just asking for any last ideas.
Cheers DCM
Grrr cannot post logs
4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy
CEC Email energyclub@moneysavingexpert.com
CEC Email energyclub@moneysavingexpert.com
0
Comments
-
Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 09/06/2013 04:31:05 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\Dave\Desktop\rkill\rkill-09-06-2013-04-31-15.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity:
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 https://www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 https://www.aconti.net #[Dialer.Aconti]
127.0.0.1 ads.active.com
20 out of 14860 HOSTS entries shown.
Please review HOSTS file for further entries.
Program finished at: 09/06/2013 04:31:59 PM
Execution time: 0 hours(s), 0 minute(s), and 53 seconds(s)4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy
CEC Email energyclub@moneysavingexpert.com0 -
Hitman
HitmanPro 3.7.7.205 www.hitmanpro.com Computer name . . . . : DAVE-TOSH Windows . . . . . . . : 6.1.1.7601.X64/1 Safe Mode Boot . . . : MINIMAL User name . . . . . . : Dave-TOSH\Dave UAC . . . . . . . . . : Disabled License . . . . . . . : Free Scan date . . . . . . : 2013-09-07 12:16:33 Scan mode . . . . . . : Normal Scan duration . . . . : 4m 41s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : No connection Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 1,968,396 Files scanned . . . . : 23,196 Remnants scanned . . : 586,530 files / 1,358,670 keys
4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy
CEC Email energyclub@moneysavingexpert.com0 -
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2013
Ran by SYSTEM on MININT-66ERKKE on 07-09-2013 12:39:36
Running from C:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Windows\TosVolRegulator_x64.exe [47928 2009-09-04] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35160 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon [x]
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1794856 2009-05-29] (Synaptics Incorporated)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [ConexantAudioPatch] - C:\Program Files\ConexantAudioPatch\Audioreset.exe [284472 2009-09-02] ()
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM-x32\...\Run: [TUSBSleepChargeSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Services (Whitelisted) =================
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 sprtsvc_O2DA; C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe [206120 2010-04-23] (SupportSoft, Inc.)
S2 SupportSoft Remote Control Client; C:\Program Files (x86)\Common Files\supportsoft\bin\consrcclient.exe [2080272 2012-11-05] (SupportSoft, Inc.)
S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [383408 2010-04-23] (SupportSoft, Inc.)
S2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S2 tgsrvc_O2DA; C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe [185640 2010-04-23] (SupportSoft, Inc.)
S2 tgsrvc_o2las; C:\Program Files (x86)\O2LAS\bin\tgsrvc.exe [213008 2012-11-05] (SupportSoft, Inc.)
S2 WMCoreService; C:\Program Files (x86)\TOSHIBA\Mobile Broadband Device\WMCore\mini_WMCore.exe [577064 2010-11-02] (Ericsson AB)
==================== Drivers (Whitelisted) ====================
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2011-01-19] (Devguru Co., Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 mfeavfk01; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-07 03:16 - 2013-09-07 03:21 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-07 03:07 - 2013-09-07 03:07 - 00005026 _____ C:\Windows\PFRO.log
2013-09-07 02:44 - 2013-09-07 03:01 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-06 07:31 - 2013-09-07 03:25 - 00006258 _____ C:\Users\Dave\Desktop\Rkill.txt
2013-09-06 07:31 - 2013-09-06 07:31 - 00000000 ____D C:\Users\Dave\Desktop\rkill
2013-09-06 06:46 - 2013-09-06 06:46 - 00000012 _____ C:\Users\Public\Documents\Problems.txt
2013-09-06 05:25 - 2013-09-06 05:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Dave\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-09-04 01:12 - 2013-09-04 01:15 - 00000180 _____ C:\Windows\SynInst.log
2013-09-03 04:28 - 2013-09-03 04:28 - 00347424 _____ (Microsoft Corporation) C:\Users\Dave\Downloads\MicrosoftFixit.wu.RNP.139301641987181264.1.2.Run.exe
2013-09-03 04:17 - 2013-09-07 03:33 - 00146111 _____ C:\Windows\WindowsUpdate.log
2013-09-03 02:34 - 2013-09-07 03:33 - 00002242 _____ C:\Windows\setupact.log
2013-09-03 02:34 - 2013-09-03 02:34 - 00000000 _____ C:\Windows\setuperr.log
2013-09-02 09:24 - 2013-09-02 09:24 - 00422784 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-02 04:03 - 2013-09-02 04:03 - 00110872 _____ C:\Users\Dave\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-02 03:49 - 2013-09-02 03:49 - 00006340 _____ C:\Users\Public\Documents\cc_20130902_124911.reg
2013-08-31 13:05 - 2013-08-31 13:06 - 04454952 _____ (Piriform Ltd) C:\Users\Dave\Downloads\ccsetup405.exe
2013-08-30 10:46 - 2013-08-30 10:47 - 52438016 _____ C:\Users\Dave\Downloads\calibre-1.1.0.msi
2013-08-27 03:42 - 2013-08-28 02:47 - 00000000 ____D C:\Users\Dave\Downloads\Malwarebytes' Anti-Malware
2013-08-27 03:41 - 2013-08-28 02:44 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Dave\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-21 02:23 - 2013-08-21 02:24 - 00000000 ____D C:\Users\Dave\AppData\Roaming\vlc
2013-08-21 02:04 - 2013-08-21 02:05 - 23135202 _____ C:\Users\Dave\Downloads\vlc-2.0.8-win64.exe
2013-08-20 03:08 - 2013-08-30 11:45 - 00000000 ____D C:\Users\Dave\AppData\Local\calibre-cache
2013-08-17 03:05 - 2013-08-17 03:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-17 03:05 - 2013-08-17 03:06 - 00000000 ____D C:\Program Files\iTunes
2013-08-17 03:05 - 2013-08-17 03:05 - 00000000 ____D C:\Program Files\iPod
2013-08-14 04:43 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-14 04:43 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-14 04:43 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-14 04:43 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-14 04:43 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-14 04:43 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-14 04:43 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-14 04:43 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-14 04:43 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-14 04:43 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-14 04:43 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-14 04:43 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-14 04:43 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-14 04:43 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 04:43 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 04:43 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 04:43 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 04:43 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 04:43 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 04:43 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 04:43 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 04:43 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 04:43 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 04:43 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 04:43 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 04:43 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-14 04:43 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 04:42 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-14 04:42 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-14 04:42 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 04:42 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 02:44 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-14 02:44 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt44.dll
2013-08-14 02:44 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-14 02:44 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-14 02:44 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 02:44 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt44.dll
2013-08-14 02:44 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 02:44 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 02:43 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-14 02:43 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 02:42 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-14 02:42 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 02:42 - 2013-07-08 22:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-14 02:42 - 2013-07-08 21:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-14 02:42 - 2013-07-08 21:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-08-14 02:42 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-14 02:42 - 2013-07-08 21:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 02:42 - 2013-07-08 21:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 02:42 - 2013-07-08 20:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 02:42 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 02:42 - 2013-07-08 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow44.dll
2013-08-14 02:42 - 2013-07-08 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 02:42 - 2013-07-08 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 02:42 - 2013-07-08 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 02:42 - 2013-07-08 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 02:42 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-14 02:42 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-13 08:04 - 2013-08-13 08:04 - 00000000 ____D C:\Users\Dave\Calibre Library
2013-08-13 07:28 - 2013-08-13 07:28 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-08-13 07:27 - 2013-08-13 07:27 - 00000000 ____D C:\Users\Dave\Documents\samsung
2013-08-13 07:13 - 2013-08-30 12:35 - 00000000 ____D C:\Users\Dave\Books 15-07-2013
2013-08-13 07:09 - 2013-08-13 07:09 - 00000000 ____D C:\Users\Dave\Book Stuff
2013-08-12 07:22 - 2013-08-12 07:46 - 03843072 _____ (Piriform Ltd) C:\Users\Dave\Downloads\rcsetup148.exe
2013-08-12 07:21 - 2013-08-12 07:21 - 00000000 ____D C:\ProgramData\Auslogics
2013-08-12 07:19 - 2013-08-12 07:46 - 05299088 _____ (Auslogics Labs Pty Ltd ) C:\Users\Dave\Downloads\disk-defrag-setup.exe
2013-08-12 06:25 - 2013-06-20 16:07 - 00203672 _____ (DEVGURU Co., LTD.(https://www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2013-08-12 06:25 - 2013-06-20 16:07 - 00103448 _____ (DEVGURU Co., LTD.(https://www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2013-08-10 04:37 - 2013-06-14 10:56 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2013-08-10 04:32 - 2013-08-10 04:34 - 69599992 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Dave\Downloads\KiesSetup.exe
2013-08-09 03:21 - 2013-08-09 03:21 - 00000000 ____D C:\Program Files\SAMSUNG
2013-08-09 03:18 - 2013-08-09 03:19 - 24140121 _____ C:\Users\Dave\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.zip4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy
CEC Email energyclub@moneysavingexpert.com0 -
==================== One Month Created Files and Folders ========
2013-09-07 03:16 - 2013-09-07 03:21 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-07 03:07 - 2013-09-07 03:07 - 00005026 _____ C:\Windows\PFRO.log
2013-09-07 02:44 - 2013-09-07 03:01 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-06 07:31 - 2013-09-07 03:25 - 00006258 _____ C:\Users\Dave\Desktop\Rkill.txt
2013-09-06 07:31 - 2013-09-06 07:31 - 00000000 ____D C:\Users\Dave\Desktop\rkill
2013-09-06 06:46 - 2013-09-06 06:46 - 00000012 _____ C:\Users\Public\Documents\Problems.txt
2013-09-06 05:25 - 2013-09-06 05:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Dave\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-09-04 01:12 - 2013-09-04 01:15 - 00000180 _____ C:\Windows\SynInst.log
2013-09-03 04:28 - 2013-09-03 04:28 - 00347424 _____ (Microsoft Corporation) C:\Users\Dave\Downloads\MicrosoftFixit.wu.RNP.139301641987181264.1.2.Run.exe
2013-09-03 04:17 - 2013-09-07 03:33 - 00146111 _____ C:\Windows\WindowsUpdate.log
2013-09-03 02:34 - 2013-09-07 03:33 - 00002242 _____ C:\Windows\setupact.log
2013-09-03 02:34 - 2013-09-03 02:34 - 00000000 _____ C:\Windows\setuperr.log
2013-09-02 09:24 - 2013-09-02 09:24 - 00422784 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-02 04:03 - 2013-09-02 04:03 - 00110872 _____ C:\Users\Dave\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-02 03:49 - 2013-09-02 03:49 - 00006340 _____ C:\Users\Public\Documents\cc_20130902_124911.reg
2013-08-31 13:05 - 2013-08-31 13:06 - 04454952 _____ (Piriform Ltd) C:\Users\Dave\Downloads\ccsetup405.exe
2013-08-30 10:46 - 2013-08-30 10:47 - 52438016 _____ C:\Users\Dave\Downloads\calibre-1.1.0.msi
2013-08-27 03:42 - 2013-08-28 02:47 - 00000000 ____D C:\Users\Dave\Downloads\Malwarebytes' Anti-Malware
2013-08-27 03:41 - 2013-08-28 02:44 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Dave\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-21 02:23 - 2013-08-21 02:24 - 00000000 ____D C:\Users\Dave\AppData\Roaming\vlc
2013-08-21 02:04 - 2013-08-21 02:05 - 23135202 _____ C:\Users\Dave\Downloads\vlc-2.0.8-win64.exe
2013-08-20 03:08 - 2013-08-30 11:45 - 00000000 ____D C:\Users\Dave\AppData\Local\calibre-cache
2013-08-17 03:05 - 2013-08-17 03:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-17 03:05 - 2013-08-17 03:06 - 00000000 ____D C:\Program Files\iTunes
2013-08-17 03:05 - 2013-08-17 03:05 - 00000000 ____D C:\Program Files\iPod
2013-08-14 04:43 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-14 04:43 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-14 04:43 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-14 04:43 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-14 04:43 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-14 04:43 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-14 04:43 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-14 04:43 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-14 04:43 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-14 04:43 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-14 04:43 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-14 04:43 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-14 04:43 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-14 04:43 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 04:43 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 04:43 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 04:43 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 04:43 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 04:43 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 04:43 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 04:43 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 04:43 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 04:43 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 04:43 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 04:43 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 04:43 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-14 04:43 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 04:42 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-14 04:42 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-14 04:42 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 04:42 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 02:44 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-14 02:44 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt44.dll
2013-08-14 02:44 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-14 02:44 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-14 02:44 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 02:44 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt44.dll
2013-08-14 02:44 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 02:44 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 02:43 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-14 02:43 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 02:42 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-14 02:42 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 02:42 - 2013-07-08 22:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-14 02:42 - 2013-07-08 21:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-14 02:42 - 2013-07-08 21:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-08-14 02:42 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-14 02:42 - 2013-07-08 21:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 02:42 - 2013-07-08 21:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 02:42 - 2013-07-08 20:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 02:42 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 02:42 - 2013-07-08 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow44.dll
2013-08-14 02:42 - 2013-07-08 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 02:42 - 2013-07-08 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 02:42 - 2013-07-08 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 02:42 - 2013-07-08 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 02:42 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-14 02:42 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-13 08:04 - 2013-08-13 08:04 - 00000000 ____D C:\Users\Dave\Calibre Library
2013-08-13 07:28 - 2013-08-13 07:28 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-08-13 07:27 - 2013-08-13 07:27 - 00000000 ____D C:\Users\Dave\Documents\samsung
2013-08-13 07:13 - 2013-08-30 12:35 - 00000000 ____D C:\Users\Dave\Books 15-07-2013
2013-08-13 07:09 - 2013-08-13 07:09 - 00000000 ____D C:\Users\Dave\Book Stuff
2013-08-12 07:22 - 2013-08-12 07:46 - 03843072 _____ (Piriform Ltd) C:\Users\Dave\Downloads\rcsetup148.exe
2013-08-12 07:21 - 2013-08-12 07:21 - 00000000 ____D C:\ProgramData\Auslogics
2013-08-12 07:19 - 2013-08-12 07:46 - 05299088 _____ (Auslogics Labs Pty Ltd ) C:\Users\Dave\Downloads\disk-defrag-setup.exe
2013-08-12 06:25 - 2013-06-20 16:07 - 00203672 _____ (DEVGURU Co., LTD.(https://www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2013-08-12 06:25 - 2013-06-20 16:07 - 00103448 _____ (DEVGURU Co., LTD.(https://www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2013-08-10 04:37 - 2013-06-14 10:56 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2013-08-10 04:32 - 2013-08-10 04:34 - 69599992 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Dave\Downloads\KiesSetup.exe
2013-08-09 03:21 - 2013-08-09 03:21 - 00000000 ____D C:\Program Files\SAMSUNG
2013-08-09 03:18 - 2013-08-09 03:19 - 24140121 _____ C:\Users\Dave\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.zip
==================== One Month Modified Files and Folders =======
2013-09-07 03:33 - 2013-09-03 04:17 - 00146111 _____ C:\Windows\WindowsUpdate.log
2013-09-07 03:33 - 2013-09-03 02:34 - 00002242 _____ C:\Windows\setupact.log
2013-09-07 03:33 - 2009-07-13 20:45 - 00016304 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-07 03:33 - 2009-07-13 20:45 - 00016304 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-07 03:30 - 2010-12-11 23:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-07 03:30 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-07 03:26 - 2009-07-13 21:13 - 00730512 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-07 03:25 - 2013-09-06 07:31 - 00006258 _____ C:\Users\Dave\Desktop\Rkill.txt
2013-09-07 03:21 - 2013-09-07 03:16 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-07 03:07 - 2013-09-07 03:07 - 00005026 _____ C:\Windows\PFRO.log
2013-09-07 03:07 - 2012-11-11 05:32 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-09-07 03:06 - 2010-12-11 23:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-07 03:01 - 2013-09-07 02:44 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-07 02:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-09-06 07:31 - 2013-09-06 07:31 - 00000000 ____D C:\Users\Dave\Desktop\rkill
2013-09-06 06:46 - 2013-09-06 06:46 - 00000012 _____ C:\Users\Public\Documents\Problems.txt
2013-09-06 05:45 - 2009-09-18 11:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-06 05:25 - 2013-09-06 05:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Dave\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-09-04 01:15 - 2013-09-04 01:12 - 00000180 _____ C:\Windows\SynInst.log
2013-09-03 04:28 - 2013-09-03 04:28 - 00347424 _____ (Microsoft Corporation) C:\Users\Dave\Downloads\MicrosoftFixit.wu.RNP.139301641987181264.1.2.Run.exe
2013-09-03 04:09 - 2010-12-23 09:17 - 00000000 ____D C:\Windows\WindowsMobile
2013-09-03 04:02 - 2009-09-18 11:23 - 00000000 ____D C:\Works
2013-09-03 02:34 - 2013-09-03 02:34 - 00000000 _____ C:\Windows\setuperr.log
2013-09-02 14:26 - 2011-03-22 01:22 - 00000000 ____D C:\Users\Dave\Documents\Outlook Files
2013-09-02 14:15 - 2010-12-11 11:02 - 00007598 _____ C:\Users\Dave\AppData\Local\Resmon.ResmonCfg
2013-09-02 13:18 - 2010-12-11 13:33 - 00000000 ___RD C:\Users\Dave\Desktop\Clutter
2013-09-02 10:55 - 2010-12-11 13:44 - 00000000 ____D C:\Program Files\Defraggler
2013-09-02 10:42 - 2012-03-24 09:24 - 00000093 _____ C:\Windows\ParrotFlashWiz.INI
2013-09-02 09:24 - 2013-09-02 09:24 - 00422784 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-02 04:03 - 2013-09-02 04:03 - 00110872 _____ C:\Users\Dave\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-02 03:49 - 2013-09-02 03:49 - 00006340 _____ C:\Users\Public\Documents\cc_20130902_124911.reg
2013-09-02 03:47 - 2010-12-11 23:42 - 00000000 ____D C:\Program Files\CCleaner
2013-09-01 08:40 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-09-01 02:27 - 2012-10-26 00:30 - 00000000 ____D C:\Program Files\Recuva
2013-08-31 14:38 - 2012-11-11 05:19 - 00000000 ____D C:\ProgramData\McAfee
2013-08-31 13:06 - 2013-08-31 13:05 - 04454952 _____ (Piriform Ltd) C:\Users\Dave\Downloads\ccsetup405.exe
2013-08-30 12:35 - 2013-08-13 07:13 - 00000000 ____D C:\Users\Dave\Books 15-07-2013
2013-08-30 11:45 - 2013-08-20 03:08 - 00000000 ____D C:\Users\Dave\AppData\Local\calibre-cache
2013-08-30 11:16 - 2010-12-11 04:48 - 00000000 ____D C:\users\Dave
2013-08-30 10:50 - 2010-12-22 02:59 - 00000000 ____D C:\Program Files (x86)\Calibre2
2013-08-30 10:47 - 2013-08-30 10:46 - 52438016 _____ C:\Users\Dave\Downloads\calibre-1.1.0.msi
2013-08-30 10:38 - 2011-07-19 01:58 - 00000000 ____D C:\Program Files\Speccy
2013-08-29 11:45 - 2010-12-29 07:48 - 00000000 ____D C:\Windows\Minidump
2013-08-28 02:47 - 2013-08-27 03:42 - 00000000 ____D C:\Users\Dave\Downloads\Malwarebytes' Anti-Malware
2013-08-28 02:44 - 2013-08-27 03:41 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Dave\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-23 08:14 - 2010-12-11 05:11 - 00000000 ____D C:\Users\Dave\AppData\Local\Google
2013-08-22 08:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-08-21 02:24 - 2013-08-21 02:23 - 00000000 ____D C:\Users\Dave\AppData\Roaming\vlc
2013-08-21 02:05 - 2013-08-21 02:04 - 23135202 _____ C:\Users\Dave\Downloads\vlc-2.0.8-win64.exe
2013-08-18 00:26 - 2012-08-25 06:25 - 00000000 ____D C:\Users\Dave\Documents\Manuals
2013-08-17 20:34 - 2009-09-18 19:50 - 00000000 ____D C:\Windows\Panther
2013-08-17 03:06 - 2013-08-17 03:05 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-17 03:06 - 2013-08-17 03:05 - 00000000 ____D C:\Program Files\iTunes
2013-08-17 03:06 - 2011-07-22 12:08 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-17 03:05 - 2013-08-17 03:05 - 00000000 ____D C:\Program Files\iPod
2013-08-14 04:30 - 2013-07-21 07:48 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 04:19 - 2010-12-11 05:51 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-13 08:04 - 2013-08-13 08:04 - 00000000 ____D C:\Users\Dave\Calibre Library
2013-08-13 07:28 - 2013-08-13 07:28 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-08-13 07:27 - 2013-08-13 07:27 - 00000000 ____D C:\Users\Dave\Documents\samsung
2013-08-13 07:09 - 2013-08-13 07:09 - 00000000 ____D C:\Users\Dave\Book Stuff
2013-08-12 07:46 - 2013-08-12 07:22 - 03843072 _____ (Piriform Ltd) C:\Users\Dave\Downloads\rcsetup148.exe
2013-08-12 07:46 - 2013-08-12 07:19 - 05299088 _____ (Auslogics Labs Pty Ltd ) C:\Users\Dave\Downloads\disk-defrag-setup.exe
2013-08-12 07:21 - 2013-08-12 07:21 - 00000000 ____D C:\ProgramData\Auslogics
2013-08-12 07:20 - 2013-06-26 06:58 - 00000000 ____D C:\Program Files (x86)\Auslogics
2013-08-10 04:42 - 2012-09-02 12:04 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Samsung
2013-08-10 04:42 - 2012-09-02 12:04 - 00000000 ____D C:\Users\Dave\AppData\Local\Samsung
2013-08-10 04:41 - 2012-09-02 11:49 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-08-10 04:37 - 2012-09-02 11:49 - 00000000 ____D C:\ProgramData\Samsung
2013-08-10 04:37 - 2009-09-18 11:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-10 04:34 - 2013-08-10 04:32 - 69599992 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Dave\Downloads\KiesSetup.exe
2013-08-10 04:34 - 2012-09-02 11:34 - 00000000 ____D C:\Users\Dave\AppData\Local\Downloaded Installations
2013-08-09 03:21 - 2013-08-09 03:21 - 00000000 ____D C:\Program Files\SAMSUNG
2013-08-09 03:19 - 2013-08-09 03:18 - 24140121 _____ C:\Users\Dave\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.zip
Files to move or delete:
====================
C:\Users\Dave\AppData\Local\Temp\FlashLock v2.31.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User44.dll => MD5 is legit
C:\Windows\SysWOW64\User44.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 3931.53 MB
Available physical RAM: 3292.71 MB
Total Pagefile: 3929.68 MB
Available Pagefile: 3286.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:116.21 GB) (Free:67.23 GB) NTFS
Drive e: (Data) (Fixed) (Total:116.28 GB) (Free:109.78 GB) NTFS
Drive f: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (XBOOT) (Removable) (Total:0.94 GB) (Free:0.28 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Removable) (Total:1.86 GB) (Free:1.51 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: C81A4271)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=116 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 7C12D902)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)
========================================================
Disk: 2 (Size: 964 MB) (Disk ID: 20AC7DDA)
No partition Table on disk 2.
LastRegBack: 2013-08-06 06:25
==================== End Of Log ============================4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy
CEC Email energyclub@moneysavingexpert.com0 -
Nothing jumping out there. Is COMCTL32.dll in place and registered?0
-
Yeah System32 and SysWOW64 tried registering again. I am leaning more towards reset , one question before I do , If I use a W7-HP-SP1 64 iso to re-install, can he use his oem key to activate it ? or is it better to use the recovery partition if it works to recreate his box ?, which of course means endless updating. I would prefer using the ISO I have so he doesn't get all the Toshiba bloatware too.Nothing jumping out there. Is COMCTL32.dll in place and registered?4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy
CEC Email energyclub@moneysavingexpert.com0 -
Weirder I got hold of the m/c attempted to copy the dll from the iso using the repair option. Still the same , tried to regsvr it says does not exist in syswow...tried in safe mode to copy file in use .. There is something weird going on . Tried takeown no probs then did a icacls and grant full rights to administrator dll fine but it failed on config\systemprofile\My documents\music\* !!!!!! is that about. I am convinced it is a nasty but the question is what?4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy
CEC Email energyclub@moneysavingexpert.com0 -
I don't think it's malware. The FRST scan is quite comprehensive and was done from the RE, so anything able to hide would show. Likewise Kaspersky never detected anything.
What happens when you attempt to run mbam, DDS, TDSSKiller etc?
Have you tried to run mbam using chameleon?0 -
they say either comctl32 not running ordo nothing either in normal or safe mode and have tried chameleon an it does the kill bit but nothing runs after that, i dunno really am a bit flummoxed.I don't think it's malware. The FRST scan is quite comprehensive and was done from the RE, so anything able to hide would show. Likewise Kaspersky never detected anything.
What happens when you attempt to run mbam, DDS, TDSSKiller etc?
Have you tried to run mbam using chameleon?4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy
CEC Email energyclub@moneysavingexpert.com0 -
I'd just restore/reinstall - Whichever way you're happiest doing it.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.1K Reduce Debt & Boost Income
- 455K Spending & Discounts
- 246.6K Work, Benefits & Business
- 602.9K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards