Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Explorer has stopped working


  • Please log in to reply

#16
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt.
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

Advertisements


#17
therican

therican

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Ok here is the FRST log

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 10-04-2012 00:38:01
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-08-03] (Synaptics Incorporated)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16335392 2009-07-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [79872 2009-08-26] (Sony Electronics Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [317288 2009-05-26] (Sony Corporation)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKU\Zulainy\...\Run: [Google Update] "C:\Users\Zulainy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-05] (Google Inc.)
HKU\Zulainy\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [22465104 2012-02-07] (ooVoo LLC)
HKU\Zulainy\...\Run: [Facebook Update] "C:\Users\Zulainy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2012-03-14] (Facebook Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

==================== Services (Whitelisted) ======

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll" /prefetch:1 [135024 2012-02-03] (Symantec Corporation)
3 Roxio UPnP Renderer 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [313840 2009-06-26] (Sonic Solutions)
2 Roxio Upnp Server 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe" [362992 2009-06-26] (Sonic Solutions)
3 SampleCollector; "C:\Program Files\Sony\VAIO Care\collsvc.exe" "/service" "/counter=\Processor(_Total)\% Processor Time:5" "/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5" "/counter=\Network Interface(*)\Bytes Total/sec:5" "/directory=inteldata" [167424 2008-09-29] (Intel Corporation)
3 SOHCImp; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe" [120104 2009-07-27] (Sony Corporation)
3 SOHDBSvr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe" [70952 2009-07-27] (Sony Corporation)
3 SOHDms; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe" [427304 2009-07-27] (Sony Corporation)
3 SOHDs; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe" [75048 2009-07-27] (Sony Corporation)
3 SOHPlMgr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe" [91432 2009-07-27] (Sony Corporation)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [69632 2009-07-23] (Sony Corporation)
2 VAIO Event Service; "C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe" [204648 2009-07-01] (Sony Corporation)
2 VAIO Power Management; "C:\Program Files\Sony\VAIO Power Management\SPMService.exe" [411496 2009-08-22] (Sony Corporation)
2 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [642920 2009-07-22] (Sony Corporation)
3 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [468264 2009-06-26] (Sony Corporation)
3 VcmINSMgr; "C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe" [357672 2009-06-26] (Sony Corporation)
3 VcmXmlIfHelper; "C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe" [110888 2009-06-17] (Sony Corporation)
3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [313264 2009-07-23] (Sony Corporation)
2 VzCdbSvc; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [206336 2009-07-23] (Sony Corporation)
2 yksvc; C:\Windows\System32\yk62x64.dll [382976 2009-07-31] (Marvell)
2 IviRegMgr; "c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [x]

========================== Drivers (Whitelisted) =============

3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
1 BHDrvx64; C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [334384 2010-01-20] (Symantec Corporation)
1 ccHP; C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [561800 2012-02-03] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-03] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120224.002\IDSvia64.sys [488568 2012-01-26] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120224.002\ENG64.SYS [117880 2012-01-27] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120224.002\EX64.SYS [2048632 2012-01-27] (Symantec Corporation)
2 regi; C:\Windows\System32\Drivers\regi.sys [14112 2007-04-16] (InterVideo)
2 rimspci; C:\Windows\System32\DRIVERS\rimssne64.sys [91648 2009-07-31] (REDC)
2 risdsnpe; C:\Windows\System32\DRIVERS\risdsne64.sys [75776 2009-07-31] (REDC)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS [476720 2011-12-26] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NISx64\1008030.006\SRTSPX64.SYS [32304 2011-12-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1008030.006\SYMEFA64.SYS [402992 2011-12-26] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2012-01-26] (Symantec Corporation)
3 SYMFW; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMFW.SYS [120952 2011-09-21] (Symantec Corporation)
1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2011-12-26] (Symantec Corporation)
3 SYMNDISV; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [56952 2011-09-21] (Symantec Corporation)
1 SYMTDI; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS [279160 2011-09-21] (Symantec Corporation)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-09 11:44 - 2011-02-25 22:23 - 2870272 ____A (Microsoft Corporation) C:\Users\Zulainy\Downloads\explorer.exe
2012-04-06 20:30 - 2012-04-06 20:30 - 0104528 ____A C:\OTL.Txt
2012-04-06 18:56 - 2012-04-06 18:56 - 0000000 ____D C:\_OTL
2012-04-06 18:56 - 2011-07-12 18:55 - 2237440 ___RA (OldTimer Tools) C:\OTLPE.exe
2012-04-04 04:02 - 2012-04-04 04:02 - 0117856 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-04 03:59 - 2012-04-08 07:37 - 0000000 ____D C:\Users\Administrator\AppData\LocalLow
2012-04-04 03:59 - 2012-04-04 03:59 - 0000020 ___SH C:\Users\Administrator\ntuser.ini
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\Templates
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\Start Menu
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\PrintHood
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\NetHood
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\My Documents
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\Documents\My Videos
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\Documents\My Pictures
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\Documents\My Music
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\AppData\Local\Temporary Internet Files
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\AppData\Local\History
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 ____D C:\users\Administrator
2012-04-04 03:59 - 2012-01-28 18:42 - 0000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2012-04-04 03:59 - 2009-07-13 23:44 - 0000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2012-04-03 23:00 - 2012-04-03 23:00 - 0000000 ____D C:\Windows\CheckSur
2012-04-02 19:52 - 2012-04-02 19:52 - 0000000 ____A C:\find.txt
2012-04-02 19:36 - 2012-04-09 16:34 - 2732048 ____A C:\Windows\ntbtlog.txt
2012-03-19 05:53 - 2011-12-13 23:43 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-19 05:53 - 2011-12-13 23:16 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-19 05:53 - 2011-12-13 23:11 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-19 05:53 - 2011-12-13 23:04 - 1390080 ____A C:\Windows\System32\wininet.dll
2012-03-19 05:53 - 2011-12-13 23:04 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-19 05:53 - 2011-12-13 23:03 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-19 05:53 - 2011-12-13 23:03 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-19 05:53 - 2011-12-13 23:01 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-19 05:53 - 2011-12-13 23:00 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-19 05:53 - 2011-12-13 22:59 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-19 05:53 - 2011-12-13 22:57 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-19 05:53 - 2011-12-13 22:57 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-19 05:53 - 2011-12-13 22:53 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-19 05:53 - 2011-12-13 19:30 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-19 05:53 - 2011-12-13 19:10 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-19 05:53 - 2011-12-13 19:04 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-19 05:53 - 2011-12-13 18:57 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-19 05:53 - 2011-12-13 18:57 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-19 05:53 - 2011-12-13 18:56 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-19 05:53 - 2011-12-13 18:55 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-19 05:53 - 2011-12-13 18:54 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-19 05:53 - 2011-12-13 18:53 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-19 05:53 - 2011-12-13 18:52 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-19 05:53 - 2011-12-13 18:50 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-19 05:53 - 2011-12-13 18:50 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-19 05:53 - 2011-12-13 18:47 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-15 23:02 - 2012-03-15 23:02 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-15 23:02 - 2012-03-15 23:02 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-15 23:02 - 2012-03-15 23:02 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-15 23:02 - 2012-03-15 23:02 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-15 23:02 - 2012-03-15 23:02 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-15 23:02 - 2012-03-15 23:02 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-15 23:02 - 2012-03-15 23:02 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-15 23:02 - 2012-03-15 23:02 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-15 23:00 - 2012-03-15 23:03 - 0003445 ____A C:\Windows\IE9_main.log
2012-03-14 16:27 - 2012-04-07 15:02 - 0000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000UA.job
2012-03-14 16:27 - 2012-03-19 23:08 - 0000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000Core.job
2012-03-14 16:27 - 2012-03-14 16:27 - 0493520 ____A (Facebook Inc.) C:\Users\Zulainy\Downloads\FacebookVideoCallSetup_v1.2.203.0 (2).exe
2012-03-13 19:07 - 2011-11-19 07:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-13 19:07 - 2011-11-19 06:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-13 19:07 - 2011-11-19 06:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-13 16:56 - 2012-02-09 22:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 16:56 - 2012-02-09 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 16:56 - 2012-02-02 20:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 10:57 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 10:57 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 10:57 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 10:57 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 10:57 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 10:57 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 10:57 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe


============ 3 Months Modified Files and Folders =============

2012-04-10 00:38 - 2012-04-10 00:37 - 0000000 ____D C:\FRST
2012-04-09 16:34 - 2012-04-02 19:36 - 2732048 ____A C:\Windows\ntbtlog.txt
2012-04-09 16:34 - 2011-12-26 22:44 - 3195297792 __ASH C:\hiberfil.sys
2012-04-09 16:33 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-09 16:33 - 2009-07-13 20:51 - 0040184 ____A C:\Windows\setupact.log
2012-04-08 20:04 - 2011-12-26 21:37 - 1267560 ____A C:\Windows\WindowsUpdate.log
2012-04-08 20:03 - 2009-07-13 21:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-08 20:03 - 2009-07-13 20:45 - 0009888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-08 20:03 - 2009-07-13 20:45 - 0009888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-08 19:55 - 2009-08-18 12:40 - 0017050 ____A C:\Windows\PFRO.log
2012-04-08 07:37 - 2012-04-04 03:59 - 0000000 ____D C:\Users\Administrator\AppData\LocalLow
2012-04-07 15:02 - 2012-03-14 16:27 - 0000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000UA.job
2012-04-07 15:02 - 2012-02-05 15:03 - 0000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000UA.job
2012-04-06 20:30 - 2012-04-06 20:30 - 0104528 ____A C:\OTL.Txt
2012-04-06 18:56 - 2012-04-06 18:56 - 0000000 ____D C:\_OTL
2012-04-06 05:30 - 2011-12-27 05:46 - 0000000 ____D C:\users\Zulainy
2012-04-04 04:02 - 2012-04-04 04:02 - 0117856 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-04 03:59 - 2012-04-04 03:59 - 0000020 ___SH C:\Users\Administrator\ntuser.ini
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\Templates
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\Start Menu
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\PrintHood
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\NetHood
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\My Documents
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\Documents\My Videos
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\Documents\My Pictures
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\Documents\My Music
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\AppData\Local\Temporary Internet Files
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 __SHD C:\Users\Administrator\AppData\Local\History
2012-04-04 03:59 - 2012-04-04 03:59 - 0000000 ____D C:\users\Administrator
2012-04-03 23:20 - 2011-12-26 21:47 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-03 23:20 - 2011-12-26 21:47 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-03 23:15 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-04-03 23:00 - 2012-04-03 23:00 - 0000000 ____D C:\Windows\CheckSur
2012-04-03 17:14 - 2012-02-05 15:05 - 0002411 ____A C:\Users\Zulainy\Desktop\Google Chrome.lnk
2012-04-03 17:13 - 2012-02-05 15:03 - 0000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000Core.job
2012-04-03 12:57 - 2009-07-13 20:45 - 0450800 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-02 19:52 - 2012-04-02 19:52 - 0000000 ____A C:\find.txt
2012-03-19 23:08 - 2012-03-14 16:27 - 0000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-827019833-3775142540-3584143423-1000Core.job
2012-03-18 16:08 - 2011-09-14 20:00 - 0014741 ____A C:\Users\Zulainy\Documents\Doc5.docx
2012-03-16 13:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-15 23:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-15 23:03 - 2012-03-15 23:00 - 0003445 ____A C:\Windows\IE9_main.log
2012-03-15 23:02 - 2012-03-15 23:02 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-15 23:02 - 2012-03-15 23:02 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-15 23:02 - 2012-03-15 23:02 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-15 23:02 - 2012-03-15 23:02 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-15 23:02 - 2012-03-15 23:02 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-15 23:02 - 2012-03-15 23:02 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-15 23:02 - 2012-03-15 23:02 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-15 23:02 - 2012-03-15 23:02 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-15 23:02 - 2012-03-15 23:02 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-15 23:02 - 2012-03-15 23:02 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-15 23:02 - 2012-03-15 23:02 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-14 16:33 - 2011-12-27 05:48 - 0000174 ___SH C:\Users\Zulainy\Start Menu\Programs\Startup\desktop.ini
2012-03-14 16:33 - 2011-12-27 05:48 - 0000174 ___SH C:\Users\Zulainy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-03-14 16:33 - 2009-08-18 13:08 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-14 16:32 - 2012-02-22 08:26 - 0000000 ____D C:\Users\All Users\ArcSoft
2012-03-14 16:32 - 2012-02-22 08:26 - 0000000 ____D C:\ProgramData\ArcSoft
2012-03-14 16:27 - 2012-03-14 16:27 - 0493520 ____A (Facebook Inc.) C:\Users\Zulainy\Downloads\FacebookVideoCallSetup_v1.2.203.0 (2).exe
2012-03-14 16:27 - 2012-02-21 15:10 - 0000000 ____D C:\Users\Zulainy\AppData\Local\Facebook
2012-03-14 15:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-13 19:05 - 2012-02-17 07:24 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-11 18:56 - 2011-12-26 21:40 - 0000000 ____D C:\Program Files\Google
2012-03-11 18:56 - 2011-12-26 21:40 - 0000000 ____D C:\Program Files (x86)\Google
2012-03-11 15:49 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-03-10 18:25 - 2012-03-10 18:25 - 0000000 ____D C:\Users\Zulainy\AppData\Roaming\U3
2012-03-10 18:25 - 2012-02-05 18:00 - 0000400 ____A C:\Users\Zulainy\AppData\Roaming\wklnhst.dat
2012-03-10 18:24 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-03-06 16:49 - 2012-02-29 14:21 - 0000000 ____D C:\Users\Zulainy\AppData\Local\Microsoft Games
2012-03-06 14:46 - 2011-12-27 05:46 - 0000000 ____D C:\Users\Zulainy\AppData\LocalLow
2012-03-06 14:45 - 2012-01-26 06:58 - 0000000 ____D C:\Users\Zulainy\AppData\Local\Google
2012-03-06 14:45 - 2011-12-26 21:40 - 0000000 ____D C:\Users\All Users\Google
2012-03-06 14:45 - 2011-12-26 21:40 - 0000000 ____D C:\ProgramData\Google
2012-02-28 12:38 - 2012-02-28 12:38 - 0493520 ____A (Facebook Inc.) C:\Users\Zulainy\Downloads\FacebookVideoCallSetup_v1.2.203.0 (1).exe
2012-02-28 12:26 - 2012-02-28 12:26 - 0009200 ____A C:\Users\Zulainy\Downloads\315333_148000915286593_100002300564596_272790_1048641_n.jpg
2012-02-28 11:58 - 2011-12-27 05:46 - 0000000 ____D C:\Users\Zulainy\AppData\Local\VirtualStore
2012-02-25 16:38 - 2012-02-25 16:38 - 0000000 ____A C:\Windows\pcfriend.INI
2012-02-25 16:38 - 2012-02-25 16:37 - 0000000 ____D C:\Program Files\PCFriendly
2012-02-25 16:37 - 2012-02-25 16:37 - 0000770 ____A C:\Users\Public\Desktop\PCFriendly DVD.lnk
2012-02-25 14:53 - 2012-02-25 14:53 - 0000000 ____D C:\Users\Zulainy\Documents\InterVideo
2012-02-25 14:52 - 2012-02-25 14:52 - 0000000 ____D C:\Users\Zulainy\AppData\Roaming\InterVideo
2012-02-23 05:18 - 2012-02-29 11:29 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 08:27 - 2012-02-22 08:26 - 0000000 ____D C:\Users\Zulainy\AppData\Roaming\ArcSoft
2012-02-22 08:26 - 2012-02-22 08:26 - 0000000 ____D C:\Users\Zulainy\Documents\WebCam Media
2012-02-22 08:26 - 2012-02-22 08:26 - 0000000 ____D C:\Users\Zulainy\AppData\Local\ArcSoft
2012-02-21 15:54 - 2012-02-07 15:25 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-21 15:35 - 2012-02-21 15:27 - 0000000 ____D C:\Users\Zulainy\AppData\Roaming\ooVoo Details
2012-02-21 15:26 - 2012-02-21 15:26 - 0001857 ____A C:\Users\Public\Desktop\ooVoo.lnk
2012-02-21 15:26 - 2012-02-21 15:26 - 0000000 ____D C:\Users\Zulainy\AppData\Local\APN
2012-02-21 15:26 - 2012-02-21 15:26 - 0000000 ____D C:\Program Files (x86)\ooVoo
2012-02-17 07:34 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-02-17 07:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-02-17 07:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2012-02-17 07:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-02-17 07:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-02-17 07:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-02-17 07:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-02-17 07:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-02-17 07:34 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-02-17 07:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2012-02-17 07:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-02-17 07:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-02-17 07:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-02-17 07:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-02-17 07:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-02-17 07:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-02-17 07:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-02-17 07:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-02-17 07:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-02-17 07:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-02-17 07:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-02-17 07:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-02-17 07:34 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-02-17 07:33 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2012-02-17 07:33 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-02-17 07:33 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-02-17 07:33 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2012-02-17 07:33 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-02-17 07:33 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-02-17 07:33 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-02-17 07:33 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-02-17 07:18 - 2009-07-13 18:36 - 0175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-02-17 07:18 - 2009-07-13 18:36 - 0152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-02-17 07:08 - 2012-02-17 07:08 - 0000000 ____D C:\Windows\System32\SPReview
2012-02-17 07:06 - 2012-02-17 07:06 - 0000000 ____D C:\Windows\System32\EventProviders
2012-02-17 06:59 - 2011-12-26 21:40 - 0000000 ____D C:\Users\All Users\Partner
2012-02-17 06:59 - 2011-12-26 21:40 - 0000000 ____D C:\ProgramData\Partner
2012-02-17 06:34 - 2012-02-17 06:33 - 0000000 ____D C:\Users\Zulainy\AppData\Local\Adobe
2012-02-17 06:33 - 2012-01-28 16:11 - 0000000 ____D C:\Users\Zulainy\AppData\Roaming\Adobe
2012-02-17 05:54 - 2012-02-17 05:54 - 0290320 ____A C:\Windows\Minidump\021712-25662-01.dmp
2012-02-17 05:54 - 2012-01-08 11:25 - 380427927 ____A C:\Windows\MEMORY.DMP
2012-02-17 05:54 - 2012-01-08 11:25 - 0000000 ____D C:\Windows\Minidump
2012-02-16 22:38 - 2012-03-13 10:57 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 10:57 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 10:57 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 10:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-13 14:38 - 2012-02-13 14:38 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-02-09 22:36 - 2012-03-13 16:56 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 16:56 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-07 15:47 - 2012-02-06 04:50 - 2194432 ____A C:\Users\Zulainy\Documents\joseproyect6.wps
2012-02-07 15:27 - 2012-02-07 15:25 - 0000000 ____D C:\Users\All Users\HP Photo Creations
2012-02-07 15:27 - 2012-02-07 15:25 - 0000000 ____D C:\ProgramData\HP Photo Creations
2012-02-07 15:27 - 2012-02-07 15:23 - 0000000 ____D C:\Users\All Users\HP
2012-02-07 15:27 - 2012-02-07 15:23 - 0000000 ____D C:\ProgramData\HP
2012-02-07 15:26 - 2012-02-07 15:26 - 0000000 ____D C:\Program Files (x86)\MSN Toolbar
2012-02-07 15:26 - 2012-02-07 15:25 - 0000000 ____D C:\Program Files (x86)\Bing Bar Installer
2012-02-07 15:25 - 2012-02-07 15:25 - 0001097 ____A C:\Users\Public\Desktop\HP Photo Creations.lnk
2012-02-07 15:25 - 2012-02-07 15:25 - 0000000 ____D C:\Users\Zulainy\AppData\Roaming\Mozilla
2012-02-07 15:25 - 2012-02-07 15:25 - 0000000 ____D C:\Program Files (x86)\HP Photo Creations
2012-02-07 15:24 - 2012-02-07 15:24 - 0000000 ____D C:\Users\Zulainy\AppData\Roaming\HpUpdate
2012-02-07 15:24 - 2012-02-07 15:24 - 0000000 ____D C:\Program Files (x86)\Coupons
2012-02-07 15:24 - 2012-02-07 15:23 - 0000000 ____D C:\Program Files (x86)\HP
2012-02-07 15:23 - 2012-02-07 15:23 - 0002236 ____A C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk
2012-02-07 15:23 - 2012-02-07 15:23 - 0001231 ____A C:\Users\Public\Desktop\HP Deskjet 3050 J610 series Scan.lnk
2012-02-07 15:23 - 2012-02-07 15:23 - 0001194 ____A C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3050 J610 series.lnk
2012-02-07 15:21 - 2012-02-07 15:21 - 0000000 ____D C:\Program Files\HP
2012-02-07 15:20 - 2012-02-07 15:20 - 0000000 ____D C:\Users\Zulainy\AppData\Local\HP
2012-02-07 15:19 - 2012-02-07 15:16 - 0000000 ____D C:\Users\Zulainy\Documents\Fax
2012-02-07 15:16 - 2012-02-07 15:16 - 0000000 ___RD C:\Users\Zulainy\Documents\Scanned Documents
2012-02-07 14:43 - 2012-02-07 14:43 - 0000000 ____D C:\Users\Zulainy\AppData\Roaming\Sony Corporation
2012-02-06 05:04 - 2012-02-05 18:36 - 1971712 ____A C:\Users\Zulainy\Documents\joseproyect3.wps
2012-02-06 04:48 - 2012-02-05 18:39 - 0013222 ____A C:\Users\Zulainy\Documents\proyecto jose 4.docx
2012-02-06 04:22 - 2011-12-27 05:47 - 0117856 ____A C:\Users\Zulainy\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-05 18:57 - 2012-02-05 18:57 - 0098022 ____A C:\Users\Zulainy\Downloads\PROYECTO_JOSE_2.docx
2012-02-05 18:37 - 2012-02-05 18:03 - 0013186 ____A C:\Users\Zulainy\Documents\PROYECTO JOSE 2.docx
2012-02-05 18:00 - 2012-02-05 18:00 - 0000000 ____D C:\Users\Zulainy\AppData\Roaming\Template
2012-02-05 17:53 - 2012-02-04 15:45 - 0097918 ____A C:\Users\Zulainy\Documents\PROYECTO JOSE.docx
2012-02-05 15:03 - 2012-02-05 15:03 - 0000000 ____D C:\Users\Zulainy\AppData\Local\Apps\2.0
2012-02-05 15:03 - 2012-02-05 15:02 - 0000000 ____D C:\Users\Zulainy\AppData\Local\Deployment
2012-02-04 16:39 - 2011-12-30 13:16 - 0000000 ____D C:\Users\Zulainy\AppData\Local\Microsoft Help
2012-02-04 15:44 - 2011-09-14 19:59 - 0097567 ____A C:\Users\Zulainy\Documents\Componentes del Equipo Nacional de Puerto Rico.docx
2012-02-04 12:40 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2012-02-04 00:21 - 2011-12-26 22:41 - 0000000 ____D C:\Windows\System32\Drivers\NISx64
2012-02-04 00:04 - 2012-02-04 00:04 - 0000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-02-04 00:04 - 2012-01-28 19:09 - 0287250 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-02-04 00:04 - 2012-01-28 19:03 - 0295850 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-02-03 14:42 - 2011-12-26 22:41 - 0002480 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-02-02 20:34 - 2012-03-13 16:56 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-28 19:01 - 2012-01-28 19:01 - 0000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-01-28 18:52 - 2011-12-26 21:43 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-01-28 18:42 - 2012-04-04 03:59 - 0000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2012-01-28 18:42 - 2012-01-28 18:42 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-01-28 18:42 - 2012-01-28 18:42 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-01-28 18:27 - 2009-08-18 15:42 - 0000000 ____D C:\Users\All Users\Sony Corporation
2012-01-28 18:27 - 2009-08-18 15:42 - 0000000 ____D C:\ProgramData\Sony Corporation
2012-01-28 16:11 - 2012-01-28 16:11 - 0000000 ____D C:\Users\Zulainy\AppData\Roaming\Macromedia
2012-01-28 16:01 - 2012-01-28 16:01 - 0000000 ____D C:\Users\All Users\Symantec
2012-01-28 16:01 - 2012-01-28 16:01 - 0000000 ____D C:\ProgramData\Symantec
2012-01-26 06:58 - 2012-01-26 06:58 - 0000000 ____D C:\Users\Zulainy\AppData\Roaming\Google
2012-01-26 05:43 - 2012-01-26 05:43 - 0172592 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-01-26 05:43 - 2012-01-26 05:43 - 0007440 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-01-26 05:43 - 2012-01-26 05:43 - 0000855 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
2012-01-26 05:43 - 2012-01-26 05:43 - 0000000 ____D C:\Program Files\Symantec
2012-01-26 05:43 - 2012-01-26 05:43 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-01-26 05:43 - 2011-12-26 22:41 - 0000000 ____D C:\Users\All Users\Norton
2012-01-26 05:43 - 2011-12-26 22:41 - 0000000 ____D C:\ProgramData\Norton
2012-01-24 22:38 - 2012-03-13 10:57 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-13 10:57 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-13 10:57 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

========================= Known DLLs (Whitelisted) ============

[2012-03-19 05:53] - [2011-12-13 23:04] - 1390080 ____A () C:\Windows\System32\WININET.dll

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4063.03 MB
Available physical RAM: 3463.44 MB
Total Pagefile: 4061.18 MB
Available Pagefile: 3452.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:455.23 GB) (Free:406.08 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:10.43 GB) (Free:0.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Fixed) (Total:1.87 GB) (Free:1.83 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1912 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 10 GB 1024 KB
Partition 2 Primary 100 MB 10 GB
Partition 3 Primary 455 GB 10 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 10 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 455 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1911 MB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Partition 1911 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-03 17:21

======================= End Of Log ==========================
  • 0

#18
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Download the following file: Attached File  fixlist.txt   280bytes   28 downloads

Save it in the USB drive.
Insert the USB drive into the ailing computer. Run FRST as you did before, except that this time around click on the Fix button.
The tool will make a log on the flashdrive (Fixlog.txt) please post it it your reply.
  • 0

#19
therican

therican

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Here is the Fixlog

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-11 02:53:39 R:1
Running from G:\

==============================================

C:\Users\Zulainy\Downloads\explorer.exe moved successfully.
Could not find Replace: E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe E:\Windows\explorer.exe.
Could not find Replace: E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe E:\Windows\explorer.exe.

==== End of Fixlog ====
  • 0

#20
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Download the following file: Attached File  fixlist.txt   78bytes   30 downloads

Save it in the USB drive.
Insert the USB drive into the ailing computer. Run FRST as you did before, except that this time around click on the Fix button.
The tool will make a log on the flashdrive (Fixlog.txt). Please post it in your next reply.
  • 0

#21
therican

therican

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Here you go.

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-12 03:33:05 R:2
Running from G:\

==============================================

Could not find Replace: E:\Windows\SysWOW64\explorer.exe E:\Windows\explorer.exe.
Could not find Replace: E:\Windows\SysWOW64\explorer.exe E:\Windows\explorer.exe.

==== End of Fixlog ====
  • 0

#22
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Do you have your Windows 7 installation disc?
  • 0

#23
therican

therican

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Unfortunatly I do not.
  • 0

#24
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
If you can't find the file, my tutor will be attaching it soon.

  • Please save the attached zip file to your USB drive:
  • Boot up your infected computer from the OTLPE CD.
  • Transfer the zip file to the Reatago desktop.
  • Unzip the folder by right-clicking it then pressing Extract All.
  • Copy the explorer.exe file into the following folder: E:\Windows
.

Does Windows function properly in Normal Mode?
  • 0

#25
therican

therican

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I get an error when I try to copy it over.

Error Copying File or Folder

Cannot copy explorer: Access is denied.
Make sure the disk is not full or write-protected and that the file is not currently in use.
  • 0

Advertisements


#26
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

  • Boot up from the CD.
  • Open Windows Explorer and right-click on explorer.exe.
  • Click Properties and then click the Security tab.
  • Click Advanced, and then click the Owner tab.
  • Click Edit, and change the owner to your user account.
  • Click Apply then OK.
  • Repeat Steps 1-3.
  • Click Edit and then your user account.
  • Put a checkmark in the Full Control Box.
  • Click Apply then OK.

Step 2

  • Run OTLPE.
  • Copy the text in the code box below into the Custom scans and fixes box.
:Files
%SystemDrive%\Windows\explorer.exe|%SystemDrive%\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe /replace

:Commands 
[Reboot]
  • Let the program run unhindered and reboot your computer.
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in your next reply.

Try Normal Mode now after the fix and see if it works?


Things I want to see in your next reply

  • OTL Fix Log
  • Does Normal Mode work?

  • 0

#27
therican

therican

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
OK here is the fix log

========== FILES ==========
File %SystemDrive%\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe not found.
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 04152012_101951


Normal mode still not working.
  • 0

#28
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
It looks like the back-up file couldn't be found so we will try to get a copy of explorer.exe from a different location.


  • Run OTLPE.
  • Copy the text in the code box below into the Custom scans and fixes box.
:Files
%SystemDrive%\Windows\explorer.exe|%SystemDrive%\FRST\Quarantine\explorer.exe /replace

:Commands 
[Reboot]
  • Let the program run unhindered and reboot your computer.
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in your next reply.

Try Normal Mode now after the fix and see if it works?


Things I want to see in your next reply

  • OTL Fix Log
  • Does Normal Mode work?

  • 0

#29
therican

therican

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
OTL Fix Log

========== FILES ==========
File %SystemDrive%\FRST\Quarantine\explorer.exe not found.
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 04162012_040626


Normal mode still not working.
  • 0

#30
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Does Safe Mode act the same as Normal Mode (do you still get the explorer.exe pop ups; can you not run programs)?

It's still not transferring so we will do it manually now that you have took ownership of explorer.exe.
Repeat the steps in post #24 and let me know if it is successful?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP