Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

can't run malware removal software [Solved]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You can run WAIO from a USB just select the portable version in the download list. Antivirus programmes need specific permissions in the registry to run, if this has been changed then they are unable to do that. Once WAIO has run we will uninstall all the various tools and then try and install the AV of your choice
  • 0

Advertisements


#17
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
Ok, I installed and ran Windows Repair, twice. Both times the results were the same, windows security essentials scans, protects for a few minutes and shuts down, with access denied if started again. Mawarebytes runs for a blink and quits.
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you download a new copy of FRST and run that please

Farbar Recovery Scan Tool
  • 0

#19
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
I hope this is what you're asking for..............


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-05-2013 04 (ATTENTION: FRST version is 7 days old)
Ran by SYSTEM on 02-06-2013 22:27:55
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [x]
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [196608 2008-07-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3563520 2008-11-20] (Dell Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe [814144 2008-06-09] (DigitalPersona, Inc.)
HKLM\...\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 [446635 2008-06-03] (Creative Technology Ltd.)
HKLM\...\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" [132392 2008-01-14] (CyberLink Corp.)
HKLM\...\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m [1762032 2009-04-09] ()
HKLM\...\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2008-10-04] (SupportSoft, Inc.)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [442433 2008-07-17] (IDT, Inc.)
HKLM\...\Run: [OA001Cfg.exe] OA001Cfg.exe [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]
HKU\al\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-20] (Microsoft Corporation)
HKU\al\...\Policies\system: [LogonHoursAction] 2
HKU\al\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\al\...\Policies\system: [DisableCMD] 0
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Dell Remote Access.lnk
ShortcutTarget: Dell Remote Access.lnk -> c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe (Macrovision Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

========================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [73728 2008-07-17] (Andrea Electronics Corporation)
S2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1668344 2008-10-16] (AuthenTec, Inc.)
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)
S3 GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [164600 2008-07-04] (WildTangent, Inc.)
S2 hnmsvc; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [820464 2008-09-30] (Dell Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe [221239 2008-07-17] (IDT, Inc.)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-11-20] (Dell Inc.)
S3 msiserver; %systemroot%\system32\msiexec /V [x]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) ====================

S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-20] (Broadcom Corporation)
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [106624 2008-02-18] (Option N.V.)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [59648 2008-02-08] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [62496 2010-03-08] (ITE Tech. Inc. )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-06-01] (Malwarebytes Corporation)
S3 MotDev; C:\Windows\System32\DRIVERS\motodrv.sys [42112 2007-05-04] (Motorola Inc)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
S3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
S2 Packet; C:\Windows\System32\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems)
S0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2008-07-11] (Printing Communications Assoc., Inc. (PCAUSA))
S1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [101112 2012-05-25] (GFI Software)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [26760 2008-04-17] ()
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [x]
S1 SASDIFSV; \??\C:\Users\al\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
S1 SASKUTIL; \??\C:\Users\al\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-01 17:14 - 2013-06-02 17:47 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-06-01 17:07 - 2013-06-01 17:07 - 00000207 ____A C:\Windows\tweaking.com-regbackup-MIRTA-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-06-01 17:06 - 2013-06-01 17:06 - 00000000 ____D C:\RegBackup
2013-06-01 16:55 - 2013-06-01 18:01 - 00001954 ____A C:\Users\al\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-06-01 16:55 - 2013-06-01 16:55 - 00000000 ____D C:\Program Files\Tweaking.com
2013-05-31 14:30 - 2013-05-31 14:30 - 00000000 ____D C:\FRST
2013-05-22 11:14 - 2013-05-22 11:14 - 00000000 ____D C:\Users\al\AppData\Local\Adobe
2013-05-22 11:01 - 2013-05-27 13:11 - 00000258 _RASH C:\ProgramData\ntuser.pol
2013-05-20 19:39 - 2013-05-20 18:36 - 00602112 ____A C:\Users\al\Desktop\OTL.exe
2013-05-20 19:34 - 2013-05-20 19:34 - 00000795 ____A C:\Windows\setupact.log
2013-05-20 19:34 - 2013-05-20 19:34 - 00000000 ____A C:\Windows\setuperr.log
2013-05-19 16:15 - 2013-05-19 17:33 - 276914810 ____A C:\Windows\MEMORY.DMP
2013-05-19 16:15 - 2013-05-19 16:15 - 00146584 ____A C:\Windows\Minidump\Mini051913-01.dmp
2013-05-19 15:51 - 2013-05-19 15:51 - 00000000 ____A C:\Windows\System32\SBRC.dat
2013-05-19 15:51 - 2012-05-25 10:14 - 00101112 ____A (GFI Software) C:\Windows\System32\Drivers\SBREDrv.sys
2013-05-19 15:51 - 2012-05-25 10:14 - 00042864 ____A (GFI Software) C:\Windows\System32\sbbd.exe
2013-05-19 15:49 - 2013-05-19 15:46 - 131231744 ____A C:\Users\al\Desktop\VIPRERescue17900.exe
2013-05-19 15:47 - 2013-05-19 17:08 - 00000000 ____D C:\VIPRERESCUE
2013-05-19 15:40 - 2013-05-19 15:46 - 131231744 ____A C:\Users\al\Downloads\VIPRERescue17900.exe
2013-05-19 14:10 - 2013-05-22 11:00 - 00001808 ____A C:\Users\al\Desktop\Rkill.txt
2013-05-19 14:08 - 2013-05-19 14:08 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-05-18 19:51 - 2013-05-18 19:51 - 00000005 ____A C:\Users\al\AppData\Roaming\mbam.context.scan
2013-05-18 19:42 - 2013-05-18 19:42 - 04358472 ____A (FoxthSoft ) C:\Users\al\Downloads\WiseFixer.exe
2013-05-18 19:39 - 2013-05-18 19:39 - 00000818 ____A C:\Users\Public\Desktop\WiseFixer.lnk
2013-05-18 19:39 - 2013-05-18 19:39 - 00000000 ____D C:\Program Files\WiseFixer
2013-05-18 19:34 - 2013-05-18 19:34 - 00000000 ____D C:\Users\al\AppData\Local\Stardock_Corporation
2013-05-18 19:33 - 2013-05-18 19:33 - 00001083 ____A C:\Users\al\Desktop\RKreport[5]_H_05182013_02d2233.txt
2013-05-18 19:33 - 2013-05-18 19:33 - 00001012 ____A C:\Users\al\Desktop\RKreport[7]_DN_05182013_02d2233.txt
2013-05-18 19:33 - 2013-05-18 19:33 - 00000976 ____A C:\Users\al\Desktop\RKreport[6]_PR_05182013_02d2233.txt
2013-05-18 19:30 - 2013-05-18 19:30 - 00001838 ____A C:\Users\al\Desktop\RKreport[4]_S_05182013_02d2230.txt
2013-05-18 19:29 - 2013-05-18 19:29 - 00000874 ____A C:\Users\al\Desktop\RKreport[3]_H_05182013_02d2229.txt
2013-05-18 19:20 - 2013-05-18 19:20 - 00000938 ____A C:\Users\Public\Desktop\Removal Tool.lnk
2013-05-18 19:20 - 2013-05-18 19:20 - 00000000 ____D C:\Users\al\AppData\Roaming\9-lab
2013-05-18 19:19 - 2013-06-01 17:41 - 00000000 ____D C:\Program Files\9-lab
2013-05-18 19:19 - 2013-05-18 19:19 - 00000000 ____D C:\ProgramData\9-lab
2013-05-18 19:04 - 2013-05-02 07:28 - 00238872 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-18 18:54 - 2013-05-18 18:54 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-18 18:27 - 2013-05-18 18:27 - 00002222 ____A C:\Users\al\Desktop\RKreport[2]_D_05182013_02d2127.txt
2013-05-18 18:22 - 2013-05-18 18:22 - 00002153 ____A C:\Users\al\Desktop\RKreport[1]_S_05182013_02d2122.txt
2013-05-18 18:19 - 2013-05-18 18:26 - 00000000 ____D C:\Users\al\Desktop\RK_Quarantine
2013-05-18 18:11 - 2013-06-02 17:51 - 00001292 ____A C:\Windows\PFRO.log
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\Users\al\AppData\Roaming\SUPERAntiSpyware.com
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-05-17 16:22 - 2013-05-17 16:22 - 00000000 ____D C:\Program Files\Panda Security
2013-05-17 16:22 - 2009-06-30 07:37 - 00028552 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\pavboot.sys
2013-05-17 15:20 - 2013-05-17 15:20 - 00000036 ____A C:\Users\al\AppData\Local\housecall.guid.cache
2013-05-17 15:20 - 2012-07-26 18:02 - 00257928 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2013-05-17 15:12 - 2013-05-17 18:13 - 20214408 ____A (Microsoft Corporation) C:\Users\al\Downloads\Windows-KB890830-V4.20.exe
2013-05-17 14:40 - 2013-05-17 14:40 - 00000000 __SHD C:\Windows\Minidump\Minidump
2013-05-17 14:25 - 2013-05-17 14:25 - 00000806 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-05-17 14:25 - 2013-05-17 14:25 - 00000000 ____D C:\Program Files\CCleaner
2013-05-17 14:02 - 2013-05-17 14:02 - 00001000 ____A C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-05-17 14:02 - 2013-05-17 14:02 - 00000000 ____D C:\Users\al\AppData\Roaming\Systweak
2013-05-17 14:02 - 2013-05-17 14:02 - 00000000 ____D C:\ProgramData\Systweak
2013-05-17 14:02 - 2013-05-17 14:02 - 00000000 ____D C:\Program Files\Advanced System Protector
2013-05-17 14:02 - 2012-07-25 09:03 - 00017136 ____A C:\Windows\System32\sasnative32.exe
2013-05-17 13:58 - 2013-05-17 13:58 - 05544472 ____A C:\Users\al\Downloads\aspsetup.zip
2013-05-17 13:40 - 2013-05-17 13:40 - 00000000 ____D C:\Users\al\AppData\Roaming\Malwarebytes
2013-05-17 13:39 - 2013-05-19 14:21 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-17 12:29 - 2009-08-04 00:02 - 00754688 ____A (Microsoft Corporation) C:\Windows\System32\webservices.dll
2013-05-17 12:26 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-17 12:26 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-17 12:18 - 2013-05-17 12:18 - 00000000 ____D C:\Windows\System32\x64
2013-05-17 12:18 - 2013-05-17 12:18 - 00000000 ____D C:\Intel
2013-05-17 12:18 - 2011-02-11 16:26 - 00948760 ____A (Intel Corporation) C:\Windows\System32\igxpun.exe
2013-05-17 12:18 - 2006-11-02 12:21 - 00319456 ____A (Microsoft Corporation) C:\Windows\System32\difxapi.dll
2013-05-17 12:14 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-17 12:14 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-17 12:14 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-17 12:14 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-17 12:14 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-17 12:14 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-17 12:14 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-17 12:14 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-17 12:14 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-17 12:14 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-17 12:14 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-17 12:14 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-17 12:14 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-17 12:14 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-17 12:13 - 2012-07-25 18:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-05-17 12:13 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-05-17 12:13 - 2012-06-02 06:34 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-05-17 12:12 - 2012-07-25 19:39 - 00526952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-05-17 12:12 - 2012-07-25 19:39 - 00047720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-05-17 12:12 - 2012-07-25 19:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-05-17 12:12 - 2012-07-25 19:20 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-05-17 12:12 - 2012-07-25 19:20 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-05-17 12:12 - 2012-07-25 19:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-05-17 12:12 - 2012-07-25 19:20 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-05-17 12:12 - 2012-07-25 18:33 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-05-17 12:12 - 2012-07-25 18:32 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-05-17 12:12 - 2009-07-14 04:12 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\winusb.dll
2013-05-17 12:11 - 2012-12-16 05:12 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-05-17 12:11 - 2012-12-16 02:50 - 00293376 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-05-17 12:05 - 2013-03-11 05:25 - 03603816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-05-17 12:05 - 2013-03-11 05:25 - 03551080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-17 12:05 - 2013-03-08 19:45 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-05-17 12:05 - 2013-03-08 17:28 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-05-17 12:05 - 2012-09-25 08:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-05-17 12:05 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-17 12:05 - 2012-05-11 07:57 - 00623616 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-05-17 12:04 - 2013-04-15 06:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-17 12:04 - 2013-04-13 02:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-17 12:04 - 2013-03-03 11:07 - 01082232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-05-17 12:04 - 2012-11-21 19:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-05-17 12:04 - 2012-11-19 20:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-05-17 12:04 - 2012-11-12 17:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-05-17 12:04 - 2012-11-07 19:48 - 01314816 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2013-05-17 12:04 - 2012-11-02 02:18 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-05-17 12:04 - 2012-11-02 00:26 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe
2013-05-17 12:04 - 2012-09-28 08:11 - 00892928 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-05-17 12:04 - 2012-08-24 07:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-05-17 12:04 - 2012-08-21 03:47 - 00224640 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2013-05-17 12:04 - 2012-06-29 08:01 - 00467968 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2013-05-17 12:04 - 2012-06-01 16:02 - 00985088 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-05-17 12:04 - 2012-06-01 16:02 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-05-17 12:04 - 2012-06-01 16:02 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-05-17 12:04 - 2012-03-20 15:28 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2013-05-17 12:03 - 2013-04-08 17:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-17 12:03 - 2013-03-07 19:53 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-05-17 12:03 - 2013-03-07 19:52 - 02067968 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-05-17 12:03 - 2013-01-04 03:28 - 00914792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-05-17 12:03 - 2013-01-03 17:55 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-05-17 12:03 - 2012-11-02 02:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-05-17 12:03 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-05-17 12:03 - 2012-06-04 07:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-05-17 12:03 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-17 12:03 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2013-05-17 12:03 - 2012-03-01 06:46 - 00219648 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-17 12:03 - 2012-03-01 06:46 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-17 12:03 - 2012-02-29 06:08 - 01172480 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-17 12:03 - 2012-02-29 05:44 - 00683008 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-17 12:03 - 2012-02-29 05:41 - 01069056 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-17 12:00 - 2013-02-11 17:57 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-05-17 11:58 - 2013-05-17 11:58 - 00866592 ____A C:\Users\al\Downloads\Norton_Removal_Tool.exe
2013-05-17 11:34 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-05-17 11:34 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-05-17 11:34 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2013-05-17 11:34 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-05-17 11:33 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-05-17 11:33 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2013-05-17 11:33 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-05-17 11:33 - 2012-06-02 12:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-05-17 11:33 - 2012-06-02 12:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-05-17 11:28 - 2013-05-18 18:55 - 00001945 ____A C:\Windows\epplauncher.mif
2013-05-17 11:26 - 2010-04-05 12:00 - 00221568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-05-17 11:21 - 2013-05-22 11:14 - 00000000 ____D C:\Users\al\AppData\Roaming\Adobe
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\Users\al\AppData\Roaming\Sierra Wireless
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\Users\al\AppData\Roaming\Macromedia
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\ProgramData\AT&T
2013-05-17 11:02 - 2013-05-17 11:03 - 00000000 ____D C:\Users\al\AppData\Roaming\Mozilla
2013-05-17 11:02 - 2013-05-17 11:02 - 00000848 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\Users\al\AppData\Local\Mozilla
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\ProgramData\Mozilla
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders ========

2013-06-02 19:18 - 2009-02-13 01:55 - 01068039 ____A C:\Windows\WindowsUpdate.log
2013-06-02 19:18 - 2006-11-02 05:01 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-02 19:18 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-02 19:18 - 2006-11-02 04:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-02 19:18 - 2006-11-02 04:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-02 19:17 - 2009-02-19 20:11 - 00000418 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{6E089A2A-66CE-4A41-BFFB-D872C818F8F0}.job
2013-06-02 19:16 - 2010-03-01 04:45 - 00000416 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{C9D9016D-C806-464D-B001-C53DFCA59238}.job
2013-06-02 17:52 - 2012-01-06 23:53 - 00066368 ____A C:\Users\al\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-02 17:52 - 2006-11-02 04:47 - 00280720 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-02 17:51 - 2013-05-18 18:11 - 00001292 ____A C:\Windows\PFRO.log
2013-06-02 17:51 - 2009-10-23 14:24 - 00000000 ____A C:\Windows\win32k.sys
2013-06-02 17:47 - 2013-06-01 17:14 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-06-02 17:44 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-01 18:01 - 2013-06-01 16:55 - 00001954 ____A C:\Users\al\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-06-01 17:50 - 2009-09-30 19:09 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-06-01 17:41 - 2013-05-18 19:19 - 00000000 ____D C:\Program Files\9-lab
2013-06-01 17:07 - 2013-06-01 17:07 - 00000207 ____A C:\Windows\tweaking.com-regbackup-MIRTA-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-06-01 17:06 - 2013-06-01 17:06 - 00000000 ____D C:\RegBackup
2013-06-01 16:55 - 2013-06-01 16:55 - 00000000 ____D C:\Program Files\Tweaking.com
2013-05-31 14:30 - 2013-05-31 14:30 - 00000000 ____D C:\FRST
2013-05-27 13:11 - 2013-05-22 11:01 - 00000258 _RASH C:\ProgramData\ntuser.pol
2013-05-24 16:41 - 2006-11-02 02:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-22 11:14 - 2013-05-22 11:14 - 00000000 ____D C:\Users\al\AppData\Local\Adobe
2013-05-22 11:14 - 2013-05-17 11:21 - 00000000 ____D C:\Users\al\AppData\Roaming\Adobe
2013-05-22 11:00 - 2013-05-19 14:10 - 00001808 ____A C:\Users\al\Desktop\Rkill.txt
2013-05-20 19:34 - 2013-05-20 19:34 - 00000795 ____A C:\Windows\setupact.log
2013-05-20 19:34 - 2013-05-20 19:34 - 00000000 ____A C:\Windows\setuperr.log
2013-05-20 18:36 - 2013-05-20 19:39 - 00602112 ____A C:\Users\al\Desktop\OTL.exe
2013-05-19 17:33 - 2013-05-19 16:15 - 276914810 ____A C:\Windows\MEMORY.DMP
2013-05-19 17:08 - 2013-05-19 15:47 - 00000000 ____D C:\VIPRERESCUE
2013-05-19 16:15 - 2013-05-19 16:15 - 00146584 ____A C:\Windows\Minidump\Mini051913-01.dmp
2013-05-19 16:15 - 2009-06-10 17:29 - 00000000 ____D C:\Windows\Minidump
2013-05-19 15:51 - 2013-05-19 15:51 - 00000000 ____A C:\Windows\System32\SBRC.dat
2013-05-19 15:46 - 2013-05-19 15:49 - 131231744 ____A C:\Users\al\Desktop\VIPRERescue17900.exe
2013-05-19 15:46 - 2013-05-19 15:40 - 131231744 ____A C:\Users\al\Downloads\VIPRERescue17900.exe
2013-05-19 14:21 - 2013-05-17 13:39 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-19 14:21 - 2009-09-30 19:09 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-19 14:08 - 2013-05-19 14:08 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-05-19 14:05 - 2012-07-18 23:03 - 00000000 ____D C:\Users\al\AppData\Local\CrashDumps
2013-05-18 19:51 - 2013-05-18 19:51 - 00000005 ____A C:\Users\al\AppData\Roaming\mbam.context.scan
2013-05-18 19:42 - 2013-05-18 19:42 - 04358472 ____A (FoxthSoft ) C:\Users\al\Downloads\WiseFixer.exe
2013-05-18 19:39 - 2013-05-18 19:39 - 00000818 ____A C:\Users\Public\Desktop\WiseFixer.lnk
2013-05-18 19:39 - 2013-05-18 19:39 - 00000000 ____D C:\Program Files\WiseFixer
2013-05-18 19:34 - 2013-05-18 19:34 - 00000000 ____D C:\Users\al\AppData\Local\Stardock_Corporation
2013-05-18 19:33 - 2013-05-18 19:33 - 00001083 ____A C:\Users\al\Desktop\RKreport[5]_H_05182013_02d2233.txt
2013-05-18 19:33 - 2013-05-18 19:33 - 00001012 ____A C:\Users\al\Desktop\RKreport[7]_DN_05182013_02d2233.txt
2013-05-18 19:33 - 2013-05-18 19:33 - 00000976 ____A C:\Users\al\Desktop\RKreport[6]_PR_05182013_02d2233.txt
2013-05-18 19:30 - 2013-05-18 19:30 - 00001838 ____A C:\Users\al\Desktop\RKreport[4]_S_05182013_02d2230.txt
2013-05-18 19:29 - 2013-05-18 19:29 - 00000874 ____A C:\Users\al\Desktop\RKreport[3]_H_05182013_02d2229.txt
2013-05-18 19:28 - 2012-01-06 23:53 - 00000000 ____D C:\Users\al\AppData\Local\VirtualStore
2013-05-18 19:20 - 2013-05-18 19:20 - 00000938 ____A C:\Users\Public\Desktop\Removal Tool.lnk
2013-05-18 19:20 - 2013-05-18 19:20 - 00000000 ____D C:\Users\al\AppData\Roaming\9-lab
2013-05-18 19:19 - 2013-05-18 19:19 - 00000000 ____D C:\ProgramData\9-lab
2013-05-18 18:55 - 2013-05-17 11:28 - 00001945 ____A C:\Windows\epplauncher.mif
2013-05-18 18:54 - 2013-05-18 18:54 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-18 18:27 - 2013-05-18 18:27 - 00002222 ____A C:\Users\al\Desktop\RKreport[2]_D_05182013_02d2127.txt
2013-05-18 18:26 - 2013-05-18 18:19 - 00000000 ____D C:\Users\al\Desktop\RK_Quarantine
2013-05-18 18:22 - 2013-05-18 18:22 - 00002153 ____A C:\Users\al\Desktop\RKreport[1]_S_05182013_02d2122.txt
2013-05-17 18:13 - 2013-05-17 15:12 - 20214408 ____A (Microsoft Corporation) C:\Users\al\Downloads\Windows-KB890830-V4.20.exe
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\Users\al\AppData\Roaming\SUPERAntiSpyware.com
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-05-17 16:22 - 2013-05-17 16:22 - 00000000 ____D C:\Program Files\Panda Security
2013-05-17 15:20 - 2013-05-17 15:20 - 00000036 ____A C:\Users\al\AppData\Local\housecall.guid.cache
2013-05-17 14:40 - 2013-05-17 14:40 - 00000000 __SHD C:\Windows\Minidump\Minidump
2013-05-17 14:35 - 2008-02-03 15:07 - 00000000 ____D C:\Windows\Panther
2013-05-17 14:25 - 2013-05-17 14:25 - 00000806 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-05-17 14:25 - 2013-05-17 14:25 - 00000000 ____D C:\Program Files\CCleaner
2013-05-17 14:02 - 2013-05-17 14:02 - 00001000 ____A C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-05-17 14:02 - 2013-05-17 14:02 - 00000000 ____D C:\Users\al\AppData\Roaming\Systweak
2013-05-17 14:02 - 2013-05-17 14:02 - 00000000 ____D C:\ProgramData\Systweak
2013-05-17 14:02 - 2013-05-17 14:02 - 00000000 ____D C:\Program Files\Advanced System Protector
2013-05-17 14:02 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2013-05-17 13:58 - 2013-05-17 13:58 - 05544472 ____A C:\Users\al\Downloads\aspsetup.zip
2013-05-17 13:45 - 2009-02-13 08:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-17 13:44 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2013-05-17 13:44 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-05-17 13:40 - 2013-05-17 13:40 - 00000000 ____D C:\Users\al\AppData\Roaming\Malwarebytes
2013-05-17 12:25 - 2012-01-06 23:53 - 00000000 ____D C:\users\al
2013-05-17 12:21 - 2009-02-13 08:23 - 00000000 ____D C:\Program Files\Microsoft Works
2013-05-17 12:18 - 2013-05-17 12:18 - 00000000 ____D C:\Windows\System32\x64
2013-05-17 12:18 - 2013-05-17 12:18 - 00000000 ____D C:\Intel
2013-05-17 11:58 - 2013-05-17 11:58 - 00866592 ____A C:\Users\al\Downloads\Norton_Removal_Tool.exe
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\Users\al\AppData\Roaming\Sierra Wireless
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\Users\al\AppData\Roaming\Macromedia
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\ProgramData\AT&T
2013-05-17 11:14 - 2010-08-17 15:26 - 00000000 ____D C:\ProgramData\Norton
2013-05-17 11:03 - 2013-05-17 11:02 - 00000000 ____D C:\Users\al\AppData\Roaming\Mozilla
2013-05-17 11:02 - 2013-05-17 11:02 - 00000848 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\Users\al\AppData\Local\Mozilla
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\ProgramData\Mozilla
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-17 10:07 - 2012-04-24 21:25 - 00000000 ____D C:\Users\al\AppData\Local\Google
2013-05-05 11:25 - 2013-05-17 12:26 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 11:12 - 2013-05-17 12:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-17 11:33:37
Restore point made on: 2013-05-17 12:11:54
Restore point made on: 2013-05-17 14:24:11
Restore point made on: 2013-05-17 18:05:09
Restore point made on: 2013-05-18 18:16:36
Restore point made on: 2013-05-18 19:54:31
Restore point made on: 2013-05-19 14:07:33
Restore point made on: 2013-05-20 19:37:35
Restore point made on: 2013-05-20 20:14:52
Restore point made on: 2013-05-22 10:20:33
Restore point made on: 2013-05-22 12:18:42
Restore point made on: 2013-05-22 19:42:13
Restore point made on: 2013-05-24 17:23:44
Restore point made on: 2013-05-24 20:12:20
Restore point made on: 2013-05-25 10:34:53
Restore point made on: 2013-05-25 20:11:39
Restore point made on: 2013-05-27 13:04:50
Restore point made on: 2013-05-27 13:11:26
Restore point made on: 2013-05-27 20:02:47
Restore point made on: 2013-05-28 10:36:40
Restore point made on: 2013-05-31 11:39:25
Restore point made on: 2013-05-31 21:50:22
Restore point made on: 2013-06-01 12:27:38
Restore point made on: 2013-06-01 17:06:34
Restore point made on: 2013-06-01 17:43:55
Restore point made on: 2013-06-01 18:08:08
Restore point made on: 2013-06-02 17:26:00

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3030.25 MB
Available physical RAM: 2594.65 MB
Total Pagefile: 2815.5 MB
Available Pagefile: 2645.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.12 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:158.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.53 GB) NTFS
Drive f: (2007.11.03_2329) (Removable) (Total:3.73 GB) (Free:3.55 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: C6A974F8)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=218 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 01A6D3BB)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)


Last Boot: 2013-06-02 17:58

==================== End Of Log ============================
  • 0

#20
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
sorry,here's with the updated frst.........................



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-06-2013 03
Ran by SYSTEM on 02-06-2013 22:54:43
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [x]
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [196608 2008-07-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3563520 2008-11-20] (Dell Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe [814144 2008-06-09] (DigitalPersona, Inc.)
HKLM\...\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 [446635 2008-06-03] (Creative Technology Ltd.)
HKLM\...\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" [132392 2008-01-14] (CyberLink Corp.)
HKLM\...\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m [1762032 2009-04-09] ()
HKLM\...\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2008-10-04] (SupportSoft, Inc.)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [442433 2008-07-17] (IDT, Inc.)
HKLM\...\Run: [OA001Cfg.exe] OA001Cfg.exe [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]
HKU\al\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-20] (Microsoft Corporation)
HKU\al\...\Policies\system: [LogonHoursAction] 2
HKU\al\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\al\...\Policies\system: [DisableCMD] 0
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Dell Remote Access.lnk
ShortcutTarget: Dell Remote Access.lnk -> c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe (Macrovision Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

========================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [73728 2008-07-17] (Andrea Electronics Corporation)
S2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1668344 2008-10-16] (AuthenTec, Inc.)
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)
S3 GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [164600 2008-07-04] (WildTangent, Inc.)
S2 hnmsvc; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [820464 2008-09-30] (Dell Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe [221239 2008-07-17] (IDT, Inc.)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-11-20] (Dell Inc.)
S3 msiserver; %systemroot%\system32\msiexec /V [x]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) ====================

S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-20] (Broadcom Corporation)
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [106624 2008-02-18] (Option N.V.)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [59648 2008-02-08] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [62496 2010-03-08] (ITE Tech. Inc. )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-06-01] (Malwarebytes Corporation)
S3 MotDev; C:\Windows\System32\DRIVERS\motodrv.sys [42112 2007-05-04] (Motorola Inc)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
S3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
S2 Packet; C:\Windows\System32\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems)
S0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2008-07-11] (Printing Communications Assoc., Inc. (PCAUSA))
S1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [101112 2012-05-25] (GFI Software)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [26760 2008-04-17] ()
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [x]
S1 SASDIFSV; \??\C:\Users\al\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
S1 SASKUTIL; \??\C:\Users\al\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-01 17:14 - 2013-06-02 17:47 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-06-01 17:07 - 2013-06-01 17:07 - 00000207 ____A C:\Windows\tweaking.com-regbackup-MIRTA-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-06-01 17:06 - 2013-06-01 17:06 - 00000000 ____D C:\RegBackup
2013-06-01 16:55 - 2013-06-01 18:01 - 00001954 ____A C:\Users\al\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-06-01 16:55 - 2013-06-01 16:55 - 00000000 ____D C:\Program Files\Tweaking.com
2013-05-31 14:30 - 2013-05-31 14:30 - 00000000 ____D C:\FRST
2013-05-22 11:14 - 2013-05-22 11:14 - 00000000 ____D C:\Users\al\AppData\Local\Adobe
2013-05-22 11:01 - 2013-05-27 13:11 - 00000258 _RASH C:\ProgramData\ntuser.pol
2013-05-20 19:39 - 2013-05-20 18:36 - 00602112 ____A C:\Users\al\Desktop\OTL.exe
2013-05-20 19:34 - 2013-05-20 19:34 - 00000795 ____A C:\Windows\setupact.log
2013-05-20 19:34 - 2013-05-20 19:34 - 00000000 ____A C:\Windows\setuperr.log
2013-05-19 16:15 - 2013-05-19 17:33 - 276914810 ____A C:\Windows\MEMORY.DMP
2013-05-19 16:15 - 2013-05-19 16:15 - 00146584 ____A C:\Windows\Minidump\Mini051913-01.dmp
2013-05-19 15:51 - 2013-05-19 15:51 - 00000000 ____A C:\Windows\System32\SBRC.dat
2013-05-19 15:51 - 2012-05-25 10:14 - 00101112 ____A (GFI Software) C:\Windows\System32\Drivers\SBREDrv.sys
2013-05-19 15:51 - 2012-05-25 10:14 - 00042864 ____A (GFI Software) C:\Windows\System32\sbbd.exe
2013-05-19 15:49 - 2013-05-19 15:46 - 131231744 ____A C:\Users\al\Desktop\VIPRERescue17900.exe
2013-05-19 15:47 - 2013-05-19 17:08 - 00000000 ____D C:\VIPRERESCUE
2013-05-19 15:40 - 2013-05-19 15:46 - 131231744 ____A C:\Users\al\Downloads\VIPRERescue17900.exe
2013-05-19 14:10 - 2013-05-22 11:00 - 00001808 ____A C:\Users\al\Desktop\Rkill.txt
2013-05-19 14:08 - 2013-05-19 14:08 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-05-18 19:51 - 2013-05-18 19:51 - 00000005 ____A C:\Users\al\AppData\Roaming\mbam.context.scan
2013-05-18 19:42 - 2013-05-18 19:42 - 04358472 ____A (FoxthSoft ) C:\Users\al\Downloads\WiseFixer.exe
2013-05-18 19:39 - 2013-05-18 19:39 - 00000818 ____A C:\Users\Public\Desktop\WiseFixer.lnk
2013-05-18 19:39 - 2013-05-18 19:39 - 00000000 ____D C:\Program Files\WiseFixer
2013-05-18 19:34 - 2013-05-18 19:34 - 00000000 ____D C:\Users\al\AppData\Local\Stardock_Corporation
2013-05-18 19:33 - 2013-05-18 19:33 - 00001083 ____A C:\Users\al\Desktop\RKreport[5]_H_05182013_02d2233.txt
2013-05-18 19:33 - 2013-05-18 19:33 - 00001012 ____A C:\Users\al\Desktop\RKreport[7]_DN_05182013_02d2233.txt
2013-05-18 19:33 - 2013-05-18 19:33 - 00000976 ____A C:\Users\al\Desktop\RKreport[6]_PR_05182013_02d2233.txt
2013-05-18 19:30 - 2013-05-18 19:30 - 00001838 ____A C:\Users\al\Desktop\RKreport[4]_S_05182013_02d2230.txt
2013-05-18 19:29 - 2013-05-18 19:29 - 00000874 ____A C:\Users\al\Desktop\RKreport[3]_H_05182013_02d2229.txt
2013-05-18 19:20 - 2013-05-18 19:20 - 00000938 ____A C:\Users\Public\Desktop\Removal Tool.lnk
2013-05-18 19:20 - 2013-05-18 19:20 - 00000000 ____D C:\Users\al\AppData\Roaming\9-lab
2013-05-18 19:19 - 2013-06-01 17:41 - 00000000 ____D C:\Program Files\9-lab
2013-05-18 19:19 - 2013-05-18 19:19 - 00000000 ____D C:\ProgramData\9-lab
2013-05-18 19:04 - 2013-05-02 07:28 - 00238872 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-18 18:54 - 2013-05-18 18:54 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-18 18:27 - 2013-05-18 18:27 - 00002222 ____A C:\Users\al\Desktop\RKreport[2]_D_05182013_02d2127.txt
2013-05-18 18:22 - 2013-05-18 18:22 - 00002153 ____A C:\Users\al\Desktop\RKreport[1]_S_05182013_02d2122.txt
2013-05-18 18:19 - 2013-05-18 18:26 - 00000000 ____D C:\Users\al\Desktop\RK_Quarantine
2013-05-18 18:11 - 2013-06-02 17:51 - 00001292 ____A C:\Windows\PFRO.log
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\Users\al\AppData\Roaming\SUPERAntiSpyware.com
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-05-17 16:22 - 2013-05-17 16:22 - 00000000 ____D C:\Program Files\Panda Security
2013-05-17 16:22 - 2009-06-30 07:37 - 00028552 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\pavboot.sys
2013-05-17 15:20 - 2013-05-17 15:20 - 00000036 ____A C:\Users\al\AppData\Local\housecall.guid.cache
2013-05-17 15:20 - 2012-07-26 18:02 - 00257928 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2013-05-17 15:12 - 2013-05-17 18:13 - 20214408 ____A (Microsoft Corporation) C:\Users\al\Downloads\Windows-KB890830-V4.20.exe
2013-05-17 14:40 - 2013-05-17 14:40 - 00000000 __SHD C:\Windows\Minidump\Minidump
2013-05-17 14:25 - 2013-05-17 14:25 - 00000806 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-05-17 14:25 - 2013-05-17 14:25 - 00000000 ____D C:\Program Files\CCleaner
2013-05-17 14:02 - 2013-05-17 14:02 - 00001000 ____A C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-05-17 14:02 - 2013-05-17 14:02 - 00000000 ____D C:\Users\al\AppData\Roaming\Systweak
2013-05-17 14:02 - 2013-05-17 14:02 - 00000000 ____D C:\ProgramData\Systweak
2013-05-17 14:02 - 2013-05-17 14:02 - 00000000 ____D C:\Program Files\Advanced System Protector
2013-05-17 14:02 - 2012-07-25 09:03 - 00017136 ____A C:\Windows\System32\sasnative32.exe
2013-05-17 13:58 - 2013-05-17 13:58 - 05544472 ____A C:\Users\al\Downloads\aspsetup.zip
2013-05-17 13:40 - 2013-05-17 13:40 - 00000000 ____D C:\Users\al\AppData\Roaming\Malwarebytes
2013-05-17 13:39 - 2013-05-19 14:21 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-17 12:29 - 2009-08-04 00:02 - 00754688 ____A (Microsoft Corporation) C:\Windows\System32\webservices.dll
2013-05-17 12:26 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-17 12:26 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-17 12:18 - 2013-05-17 12:18 - 00000000 ____D C:\Windows\System32\x64
2013-05-17 12:18 - 2013-05-17 12:18 - 00000000 ____D C:\Intel
2013-05-17 12:18 - 2011-02-11 16:26 - 00948760 ____A (Intel Corporation) C:\Windows\System32\igxpun.exe
2013-05-17 12:18 - 2006-11-02 12:21 - 00319456 ____A (Microsoft Corporation) C:\Windows\System32\difxapi.dll
2013-05-17 12:14 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-17 12:14 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-17 12:14 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-17 12:14 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-17 12:14 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-17 12:14 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-17 12:14 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-17 12:14 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-17 12:14 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-17 12:14 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-17 12:14 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-17 12:14 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-17 12:14 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-17 12:14 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-17 12:13 - 2012-07-25 18:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-05-17 12:13 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-05-17 12:13 - 2012-06-02 06:34 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-05-17 12:12 - 2012-07-25 19:39 - 00526952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-05-17 12:12 - 2012-07-25 19:39 - 00047720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-05-17 12:12 - 2012-07-25 19:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-05-17 12:12 - 2012-07-25 19:20 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-05-17 12:12 - 2012-07-25 19:20 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-05-17 12:12 - 2012-07-25 19:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-05-17 12:12 - 2012-07-25 19:20 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-05-17 12:12 - 2012-07-25 18:33 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-05-17 12:12 - 2012-07-25 18:32 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-05-17 12:12 - 2009-07-14 04:12 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\winusb.dll
2013-05-17 12:11 - 2012-12-16 05:12 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-05-17 12:11 - 2012-12-16 02:50 - 00293376 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-05-17 12:05 - 2013-03-11 05:25 - 03603816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-05-17 12:05 - 2013-03-11 05:25 - 03551080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-17 12:05 - 2013-03-08 19:45 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-05-17 12:05 - 2013-03-08 17:28 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-05-17 12:05 - 2012-09-25 08:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-05-17 12:05 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-17 12:05 - 2012-05-11 07:57 - 00623616 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-05-17 12:04 - 2013-04-15 06:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-17 12:04 - 2013-04-13 02:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-17 12:04 - 2013-03-03 11:07 - 01082232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-05-17 12:04 - 2012-11-21 19:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-05-17 12:04 - 2012-11-19 20:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-05-17 12:04 - 2012-11-12 17:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-05-17 12:04 - 2012-11-07 19:48 - 01314816 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2013-05-17 12:04 - 2012-11-02 02:18 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-05-17 12:04 - 2012-11-02 00:26 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe
2013-05-17 12:04 - 2012-09-28 08:11 - 00892928 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-05-17 12:04 - 2012-08-24 07:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-05-17 12:04 - 2012-08-21 03:47 - 00224640 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2013-05-17 12:04 - 2012-06-29 08:01 - 00467968 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2013-05-17 12:04 - 2012-06-01 16:02 - 00985088 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-05-17 12:04 - 2012-06-01 16:02 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-05-17 12:04 - 2012-06-01 16:02 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-05-17 12:04 - 2012-03-20 15:28 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2013-05-17 12:03 - 2013-04-08 17:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-17 12:03 - 2013-03-07 19:53 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-05-17 12:03 - 2013-03-07 19:52 - 02067968 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-05-17 12:03 - 2013-01-04 03:28 - 00914792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-05-17 12:03 - 2013-01-03 17:55 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-05-17 12:03 - 2012-11-02 02:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-05-17 12:03 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-05-17 12:03 - 2012-06-04 07:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-05-17 12:03 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-17 12:03 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2013-05-17 12:03 - 2012-03-01 06:46 - 00219648 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-17 12:03 - 2012-03-01 06:46 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-17 12:03 - 2012-02-29 06:08 - 01172480 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-17 12:03 - 2012-02-29 05:44 - 00683008 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-17 12:03 - 2012-02-29 05:41 - 01069056 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-17 12:00 - 2013-02-11 17:57 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-05-17 11:58 - 2013-05-17 11:58 - 00866592 ____A C:\Users\al\Downloads\Norton_Removal_Tool.exe
2013-05-17 11:34 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-05-17 11:34 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-05-17 11:34 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2013-05-17 11:34 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-05-17 11:33 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-05-17 11:33 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2013-05-17 11:33 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-05-17 11:33 - 2012-06-02 12:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-05-17 11:33 - 2012-06-02 12:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-05-17 11:28 - 2013-05-18 18:55 - 00001945 ____A C:\Windows\epplauncher.mif
2013-05-17 11:26 - 2010-04-05 12:00 - 00221568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-05-17 11:21 - 2013-05-22 11:14 - 00000000 ____D C:\Users\al\AppData\Roaming\Adobe
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\Users\al\AppData\Roaming\Sierra Wireless
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\Users\al\AppData\Roaming\Macromedia
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\ProgramData\AT&T
2013-05-17 11:02 - 2013-05-17 11:03 - 00000000 ____D C:\Users\al\AppData\Roaming\Mozilla
2013-05-17 11:02 - 2013-05-17 11:02 - 00000848 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\Users\al\AppData\Local\Mozilla
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\ProgramData\Mozilla
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders ========

2013-06-02 19:50 - 2009-02-13 01:55 - 01073807 ____A C:\Windows\WindowsUpdate.log
2013-06-02 19:50 - 2006-11-02 05:01 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-02 19:50 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-02 19:50 - 2006-11-02 04:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-02 19:50 - 2006-11-02 04:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-02 19:49 - 2010-03-01 04:45 - 00000416 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{C9D9016D-C806-464D-B001-C53DFCA59238}.job
2013-06-02 19:48 - 2009-02-19 20:11 - 00000418 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{6E089A2A-66CE-4A41-BFFB-D872C818F8F0}.job
2013-06-02 19:45 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-02 19:30 - 2009-10-23 14:24 - 00000000 ____A C:\Windows\win32k.sys
2013-06-02 17:52 - 2012-01-06 23:53 - 00066368 ____A C:\Users\al\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-02 17:52 - 2006-11-02 04:47 - 00280720 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-02 17:51 - 2013-05-18 18:11 - 00001292 ____A C:\Windows\PFRO.log
2013-06-02 17:47 - 2013-06-01 17:14 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-06-01 18:01 - 2013-06-01 16:55 - 00001954 ____A C:\Users\al\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-06-01 17:50 - 2009-09-30 19:09 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-06-01 17:41 - 2013-05-18 19:19 - 00000000 ____D C:\Program Files\9-lab
2013-06-01 17:07 - 2013-06-01 17:07 - 00000207 ____A C:\Windows\tweaking.com-regbackup-MIRTA-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-06-01 17:06 - 2013-06-01 17:06 - 00000000 ____D C:\RegBackup
2013-06-01 16:55 - 2013-06-01 16:55 - 00000000 ____D C:\Program Files\Tweaking.com
2013-05-31 14:30 - 2013-05-31 14:30 - 00000000 ____D C:\FRST
2013-05-27 13:11 - 2013-05-22 11:01 - 00000258 _RASH C:\ProgramData\ntuser.pol
2013-05-24 16:41 - 2006-11-02 02:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-22 11:14 - 2013-05-22 11:14 - 00000000 ____D C:\Users\al\AppData\Local\Adobe
2013-05-22 11:14 - 2013-05-17 11:21 - 00000000 ____D C:\Users\al\AppData\Roaming\Adobe
2013-05-22 11:00 - 2013-05-19 14:10 - 00001808 ____A C:\Users\al\Desktop\Rkill.txt
2013-05-20 19:34 - 2013-05-20 19:34 - 00000795 ____A C:\Windows\setupact.log
2013-05-20 19:34 - 2013-05-20 19:34 - 00000000 ____A C:\Windows\setuperr.log
2013-05-20 18:36 - 2013-05-20 19:39 - 00602112 ____A C:\Users\al\Desktop\OTL.exe
2013-05-19 17:33 - 2013-05-19 16:15 - 276914810 ____A C:\Windows\MEMORY.DMP
2013-05-19 17:08 - 2013-05-19 15:47 - 00000000 ____D C:\VIPRERESCUE
2013-05-19 16:15 - 2013-05-19 16:15 - 00146584 ____A C:\Windows\Minidump\Mini051913-01.dmp
2013-05-19 16:15 - 2009-06-10 17:29 - 00000000 ____D C:\Windows\Minidump
2013-05-19 15:51 - 2013-05-19 15:51 - 00000000 ____A C:\Windows\System32\SBRC.dat
2013-05-19 15:46 - 2013-05-19 15:49 - 131231744 ____A C:\Users\al\Desktop\VIPRERescue17900.exe
2013-05-19 15:46 - 2013-05-19 15:40 - 131231744 ____A C:\Users\al\Downloads\VIPRERescue17900.exe
2013-05-19 14:21 - 2013-05-17 13:39 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-19 14:21 - 2009-09-30 19:09 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-19 14:08 - 2013-05-19 14:08 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-05-19 14:05 - 2012-07-18 23:03 - 00000000 ____D C:\Users\al\AppData\Local\CrashDumps
2013-05-18 19:51 - 2013-05-18 19:51 - 00000005 ____A C:\Users\al\AppData\Roaming\mbam.context.scan
2013-05-18 19:42 - 2013-05-18 19:42 - 04358472 ____A (FoxthSoft ) C:\Users\al\Downloads\WiseFixer.exe
2013-05-18 19:39 - 2013-05-18 19:39 - 00000818 ____A C:\Users\Public\Desktop\WiseFixer.lnk
2013-05-18 19:39 - 2013-05-18 19:39 - 00000000 ____D C:\Program Files\WiseFixer
2013-05-18 19:34 - 2013-05-18 19:34 - 00000000 ____D C:\Users\al\AppData\Local\Stardock_Corporation
2013-05-18 19:33 - 2013-05-18 19:33 - 00001083 ____A C:\Users\al\Desktop\RKreport[5]_H_05182013_02d2233.txt
2013-05-18 19:33 - 2013-05-18 19:33 - 00001012 ____A C:\Users\al\Desktop\RKreport[7]_DN_05182013_02d2233.txt
2013-05-18 19:33 - 2013-05-18 19:33 - 00000976 ____A C:\Users\al\Desktop\RKreport[6]_PR_05182013_02d2233.txt
2013-05-18 19:30 - 2013-05-18 19:30 - 00001838 ____A C:\Users\al\Desktop\RKreport[4]_S_05182013_02d2230.txt
2013-05-18 19:29 - 2013-05-18 19:29 - 00000874 ____A C:\Users\al\Desktop\RKreport[3]_H_05182013_02d2229.txt
2013-05-18 19:28 - 2012-01-06 23:53 - 00000000 ____D C:\Users\al\AppData\Local\VirtualStore
2013-05-18 19:20 - 2013-05-18 19:20 - 00000938 ____A C:\Users\Public\Desktop\Removal Tool.lnk
2013-05-18 19:20 - 2013-05-18 19:20 - 00000000 ____D C:\Users\al\AppData\Roaming\9-lab
2013-05-18 19:19 - 2013-05-18 19:19 - 00000000 ____D C:\ProgramData\9-lab
2013-05-18 18:55 - 2013-05-17 11:28 - 00001945 ____A C:\Windows\epplauncher.mif
2013-05-18 18:54 - 2013-05-18 18:54 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-18 18:27 - 2013-05-18 18:27 - 00002222 ____A C:\Users\al\Desktop\RKreport[2]_D_05182013_02d2127.txt
2013-05-18 18:26 - 2013-05-18 18:19 - 00000000 ____D C:\Users\al\Desktop\RK_Quarantine
2013-05-18 18:22 - 2013-05-18 18:22 - 00002153 ____A C:\Users\al\Desktop\RKreport[1]_S_05182013_02d2122.txt
2013-05-17 18:13 - 2013-05-17 15:12 - 20214408 ____A (Microsoft Corporation) C:\Users\al\Downloads\Windows-KB890830-V4.20.exe
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\Users\al\AppData\Roaming\SUPERAntiSpyware.com
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-05-17 16:22 - 2013-05-17 16:22 - 00000000 ____D C:\Program Files\Panda Security
2013-05-17 15:20 - 2013-05-17 15:20 - 00000036 ____A C:\Users\al\AppData\Local\housecall.guid.cache
2013-05-17 14:40 - 2013-05-17 14:40 - 00000000 __SHD C:\Windows\Minidump\Minidump
2013-05-17 14:35 - 2008-02-03 15:07 - 00000000 ____D C:\Windows\Panther
2013-05-17 14:25 - 2013-05-17 14:25 - 00000806 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-05-17 14:25 - 2013-05-17 14:25 - 00000000 ____D C:\Program Files\CCleaner
2013-05-17 14:02 - 2013-05-17 14:02 - 00001000 ____A C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-05-17 14:02 - 2013-05-17 14:02 - 00000000 ____D C:\Users\al\AppData\Roaming\Systweak
2013-05-17 14:02 - 2013-05-17 14:02 - 00000000 ____D C:\ProgramData\Systweak
2013-05-17 14:02 - 2013-05-17 14:02 - 00000000 ____D C:\Program Files\Advanced System Protector
2013-05-17 14:02 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2013-05-17 13:58 - 2013-05-17 13:58 - 05544472 ____A C:\Users\al\Downloads\aspsetup.zip
2013-05-17 13:45 - 2009-02-13 08:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-17 13:44 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2013-05-17 13:44 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-05-17 13:40 - 2013-05-17 13:40 - 00000000 ____D C:\Users\al\AppData\Roaming\Malwarebytes
2013-05-17 12:25 - 2012-01-06 23:53 - 00000000 ____D C:\users\al
2013-05-17 12:21 - 2009-02-13 08:23 - 00000000 ____D C:\Program Files\Microsoft Works
2013-05-17 12:18 - 2013-05-17 12:18 - 00000000 ____D C:\Windows\System32\x64
2013-05-17 12:18 - 2013-05-17 12:18 - 00000000 ____D C:\Intel
2013-05-17 11:58 - 2013-05-17 11:58 - 00866592 ____A C:\Users\al\Downloads\Norton_Removal_Tool.exe
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\Users\al\AppData\Roaming\Sierra Wireless
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\Users\al\AppData\Roaming\Macromedia
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\ProgramData\AT&T
2013-05-17 11:14 - 2010-08-17 15:26 - 00000000 ____D C:\ProgramData\Norton
2013-05-17 11:03 - 2013-05-17 11:02 - 00000000 ____D C:\Users\al\AppData\Roaming\Mozilla
2013-05-17 11:02 - 2013-05-17 11:02 - 00000848 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\Users\al\AppData\Local\Mozilla
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\ProgramData\Mozilla
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-17 10:07 - 2012-04-24 21:25 - 00000000 ____D C:\Users\al\AppData\Local\Google
2013-05-05 11:25 - 2013-05-17 12:26 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 11:12 - 2013-05-17 12:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-17 11:33:37
Restore point made on: 2013-05-17 12:11:54
Restore point made on: 2013-05-17 14:24:11
Restore point made on: 2013-05-17 18:05:09
Restore point made on: 2013-05-18 18:16:36
Restore point made on: 2013-05-18 19:54:31
Restore point made on: 2013-05-19 14:07:33
Restore point made on: 2013-05-20 19:37:35
Restore point made on: 2013-05-20 20:14:52
Restore point made on: 2013-05-22 10:20:33
Restore point made on: 2013-05-22 12:18:42
Restore point made on: 2013-05-22 19:42:13
Restore point made on: 2013-05-24 17:23:44
Restore point made on: 2013-05-24 20:12:20
Restore point made on: 2013-05-25 10:34:53
Restore point made on: 2013-05-25 20:11:39
Restore point made on: 2013-05-27 13:04:50
Restore point made on: 2013-05-27 13:11:26
Restore point made on: 2013-05-27 20:02:47
Restore point made on: 2013-05-28 10:36:40
Restore point made on: 2013-05-31 11:39:25
Restore point made on: 2013-05-31 21:50:22
Restore point made on: 2013-06-01 12:27:38
Restore point made on: 2013-06-01 17:06:34
Restore point made on: 2013-06-01 17:43:55
Restore point made on: 2013-06-01 18:08:08
Restore point made on: 2013-06-02 17:26:00

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3030.25 MB
Available physical RAM: 2594.46 MB
Total Pagefile: 2815.5 MB
Available Pagefile: 2646.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.12 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:158.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.53 GB) NTFS
Drive f: (2007.11.03_2329) (Removable) (Total:3.73 GB) (Free:3.55 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: C6A974F8)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=218 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 01A6D3BB)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)


Last Boot: 2013-06-02 19:45

==================== End Of Log ============================

Edited by rigs, 02 June 2013 - 10:00 PM.

  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you uninstall these programmes please Advanced System Protector and 9-lab
Then download and run the Panda uninstaller from here

Reboot and then retry an OTL scan please
  • 0

#22
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
ok, did everything and went well. Until I ran the OTL. It scanned for a few minutes and shut down. I tried to run it again but blocked me stating that I don't have permission.

once again, thank you for your patience............
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try with a different OTL.. Download the following one by right clicking the link and selecting save as.... It will come down as a screensaver, double click to run

Download OTL to your Desktop
  • 0

#24
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
well, I ran OTL.scr through the desktop & usb and got the same results, as the other OTL. OTL scans for a bit and shuts down. I'm telling you. I hope you have more patience than me.............:)

thank you
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK never say give up is my motto :)

Lets use OTL outside of windows and see why it is not working. This will give us more data than FRST

Download Peazip to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly

Posted Image

Download the following files to the desktop .. Right click the links and select save as...then select desktop

Rufus

OTLPE_standard

Right click OTLPE on your desktop and select ..Open as archive

Posted Image


Select OTLPE standard

Posted Image

Click Extract, ensure that desktop is selected

Posted Image

Insert the USB stick Then run Rufus
Posted Image
Select the ISO file on the desktop via the ISO icon.

Press Start Burn
Posted Image

Once the USB has burnt then

  • Reboot your system using the boot USB you just created.
    Note : If you do not know how to set your computer to boot from USB follow the steps here
  • As the Programme needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Drag and drop this attached scan.txt into the Custom scans and fixes box
    [attachment=64938:scan.txt]
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

Advertisements


#26
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
ok, Everything is fine until I run the OTLPE. It says "Select the Windows folder of the infected drive if it asks for a location" so, that should be "c:\" right? or is it another folder within the c drive?

thank you
  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Select C:\windows
  • 0

#28
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
finally, here's the OTL log and the only thing is, that OTL did not ask me to load the remote registry. so, I hope all the info you need is here........




OTL logfile created on: 6/8/2013 8:11:29 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 157.68 Gb Free Space | 72.27% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.53 Gb Free Space | 58.23% Space Free | Partition Type: NTFS
Drive X: | 3.73 Gb Total Space | 3.40 Gb Free Space | 90.97% Space Free | Partition Type: NTFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (WinDefend)
SRV - [2013/05/11 18:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] () [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/10/21 17:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 19:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2009/02/13 12:29:55 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/10/16 15:58:30 | 001,668,344 | ---- | M] (AuthenTec, Inc.) [Auto] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/10/04 15:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/30 12:03:14 | 000,820,464 | ---- | M] (Dell Inc.) [Auto] -- C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/07/17 06:23:02 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\stacsv.exe -- (STacSV)
SRV - [2008/07/17 06:22:56 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\AEstSrv.exe -- (AESTFilters)
SRV - [2008/07/04 19:17:48 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/06/09 14:47:36 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System] -- -- (SASKUTIL)
DRV - File not found [Kernel | System] -- -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand] -- -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2013/06/05 22:07:58 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/05/25 14:14:24 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/03/08 11:02:58 | 000,062,496 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2009/03/08 18:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 08:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/11/21 07:06:30 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/11/20 06:19:34 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/10/16 18:53:28 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/07/17 08:00:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/07/17 06:23:06 | 000,379,904 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/07/11 13:30:06 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/07/03 04:58:26 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/03 04:58:24 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/07/03 04:58:22 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/17 14:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/05/29 07:03:34 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/04/17 15:30:08 | 000,026,760 | R--- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/02/18 17:14:38 | 000,106,624 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2008/02/08 13:00:22 | 000,059,648 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/05/04 18:04:04 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/03/30 13:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\al_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\al_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009/02/13 12:22:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\firefoxext [2009/02/13 12:22:38 | 000,000,000 | ---D | M]

[2013/05/17 15:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\al\AppData\Roaming\Mozilla\Extensions
[2013/05/17 15:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/17 15:02:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --

O1 HOSTS File: ([2013/05/18 23:33:26 | 000,000,724 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OA001Cfg.exe] C:\Windows\OA001Cfg.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] File not found
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O7 - HKU\al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\al_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/06/05 23:32:56 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/06/05 22:29:23 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Roaming\PeaZip
[2013/06/05 22:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
[2013/06/05 22:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\PeaZip
[2013/06/05 22:06:45 | 098,077,435 | ---- | C] (Igor Pavlov) -- C:\Users\al\Desktop\OTLPEStd.exe
[2013/06/05 22:06:11 | 007,723,546 | ---- | C] (Giorgio Tani ) -- C:\Users\al\Desktop\peazip-4.7.3.WINDOWS.exe
[2013/06/03 20:16:25 | 000,000,000 | ---D | C] -- C:\SMCLpav
[2013/06/01 21:14:10 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/06/01 21:06:46 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/06/01 20:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/06/01 20:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/05/31 18:30:25 | 000,000,000 | ---D | C] -- C:\FRST
[2013/05/22 15:14:23 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Local\Adobe
[2013/05/19 19:51:24 | 000,101,112 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2013/05/19 19:51:24 | 000,042,864 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/05/19 19:47:05 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2013/05/19 18:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/05/18 23:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiseFixer
[2013/05/18 23:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\WiseFixer
[2013/05/18 23:34:49 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Local\Stardock_Corporation
[2013/05/18 23:20:03 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Roaming\9-lab
[2013/05/18 23:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
[2013/05/18 23:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\9-lab
[2013/05/18 23:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\9-lab
[2013/05/18 23:04:30 | 000,238,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/05/18 22:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/05/18 22:19:50 | 000,000,000 | ---D | C] -- C:\Users\al\Desktop\RK_Quarantine
[2013/05/17 21:17:06 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Roaming\SUPERAntiSpyware.com
[2013/05/17 21:17:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/05/17 20:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2013/05/17 19:20:11 | 000,257,928 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2013/05/17 18:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/05/17 18:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/05/17 18:02:34 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Roaming\Systweak
[2013/05/17 17:40:04 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Roaming\Malwarebytes
[2013/05/17 16:29:03 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2013/05/17 16:26:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/17 16:18:42 | 000,000,000 | ---D | C] -- C:\Intel
[2013/05/17 16:18:34 | 000,948,760 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpun.exe
[2013/05/17 16:18:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2013/05/17 16:18:32 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2013/05/17 16:14:09 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/05/17 16:14:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/17 16:14:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/17 16:14:08 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/05/17 16:14:08 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/17 16:14:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/17 16:14:07 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/17 16:14:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/17 16:14:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/17 16:13:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2013/05/17 16:12:58 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2013/05/17 16:12:57 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2013/05/17 16:12:55 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2013/05/17 16:12:55 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2013/05/17 16:12:55 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2013/05/17 16:11:59 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/05/17 16:11:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/05/17 16:05:15 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2013/05/17 16:05:02 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2013/05/17 16:05:00 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/05/17 16:05:00 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/05/17 16:05:00 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/05/17 16:04:59 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2013/05/17 16:04:59 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2013/05/17 16:04:53 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/17 16:04:19 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/05/17 16:04:06 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013/05/17 16:04:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/05/17 16:03:56 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/05/17 16:03:55 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/05/17 16:03:55 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/05/17 16:03:55 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/05/17 16:03:55 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/05/17 16:03:52 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/05/17 16:03:37 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/05/17 16:00:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/05/17 15:34:18 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2013/05/17 15:34:17 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2013/05/17 15:33:54 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2013/05/17 15:33:54 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2013/05/17 15:33:54 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2013/05/17 15:33:41 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2013/05/17 15:33:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013/05/17 15:26:24 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2013/05/17 15:21:50 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Roaming\Macromedia
[2013/05/17 15:21:49 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Roaming\Adobe
[2013/05/17 15:21:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AT&T
[2013/05/17 15:21:19 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Roaming\Sierra Wireless
[2013/05/17 15:02:51 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Roaming\Mozilla
[2013/05/17 15:02:51 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Local\Mozilla
[2013/05/17 15:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/05/17 15:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/05/17 15:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/02/11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2013/06/07 15:20:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/07 15:19:59 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/07 15:19:59 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/07 15:19:51 | 000,000,000 | ---- | M] () -- C:\Windows\win32k.sys
[2013/06/07 15:19:49 | 3178,086,400 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/05 23:49:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C9D9016D-C806-464D-B001-C53DFCA59238}.job
[2013/06/05 23:48:38 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/06/05 23:47:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6E089A2A-66CE-4A41-BFFB-D872C818F8F0}.job
[2013/06/05 22:28:30 | 000,000,778 | ---- | M] () -- C:\Users\al\Desktop\PeaZip.lnk
[2013/06/05 22:28:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
[2013/06/05 22:07:58 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/06/05 22:04:46 | 000,002,463 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
[2013/06/05 16:15:37 | 098,077,435 | ---- | M] (Igor Pavlov) -- C:\Users\al\Desktop\OTLPEStd.exe
[2013/06/05 16:13:29 | 007,723,546 | ---- | M] (Giorgio Tani ) -- C:\Users\al\Desktop\peazip-4.7.3.WINDOWS.exe
[2013/06/04 16:05:50 | 000,602,112 | ---- | M] () -- C:\Users\al\Desktop\OTL.scr
[2013/06/03 18:25:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
[2013/06/02 21:52:10 | 000,280,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/02 21:47:51 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/06/01 22:01:35 | 000,001,954 | ---- | M] () -- C:\Users\al\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/06/01 21:07:22 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-MIRTA-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
[2013/06/01 20:55:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/05/24 20:41:06 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/24 20:41:06 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/20 22:36:10 | 000,602,112 | ---- | M] () -- C:\Users\al\Desktop\OTL.exe
[2013/05/19 21:33:55 | 276,914,810 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/19 19:51:26 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2013/05/19 19:46:16 | 131,231,744 | ---- | M] () -- C:\Users\al\Desktop\VIPRERescue17900.exe
[2013/05/19 18:21:42 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/19 18:21:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/18 23:51:26 | 000,000,005 | ---- | M] () -- C:\Users\al\AppData\Roaming\mbam.context.scan
[2013/05/18 23:46:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiseFixer
[2013/05/18 23:39:33 | 000,000,842 | ---- | M] () -- C:\Users\al\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WiseFixer.lnk
[2013/05/18 23:39:33 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\WiseFixer.lnk
[2013/05/18 22:55:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/05/18 22:54:43 | 000,001,828 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/05/17 19:20:04 | 000,000,036 | ---- | M] () -- C:\Users\al\AppData\Local\housecall.guid.cache
[2013/05/17 18:25:49 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/05/17 18:25:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/05/17 16:21:18 | 000,001,018 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2013/05/17 16:21:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2013/05/17 16:16:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/05/17 15:02:43 | 000,000,872 | ---- | M] () -- C:\Users\al\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/05/17 15:02:43 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/17 15:02:42 | 000,000,860 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2013/06/05 22:31:21 | 297,922,560 | ---- | C] () -- C:\Users\al\Desktop\OTLPE_New_Std.iso
[2013/06/05 22:28:30 | 000,000,778 | ---- | C] () -- C:\Users\al\Desktop\PeaZip.lnk
[2013/06/04 22:08:29 | 000,602,112 | ---- | C] () -- C:\Users\al\Desktop\OTL.scr
[2013/06/01 21:07:22 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-MIRTA-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
[2013/06/01 20:55:18 | 000,001,954 | ---- | C] () -- C:\Users\al\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/05/22 15:01:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/05/20 23:39:52 | 000,602,112 | ---- | C] () -- C:\Users\al\Desktop\OTL.exe
[2013/05/19 21:33:56 | 3178,086,400 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/19 20:15:25 | 276,914,810 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/19 19:51:26 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2013/05/19 19:49:30 | 131,231,744 | ---- | C] () -- C:\Users\al\Desktop\VIPRERescue17900.exe
[2013/05/18 23:51:26 | 000,000,005 | ---- | C] () -- C:\Users\al\AppData\Roaming\mbam.context.scan
[2013/05/18 23:39:33 | 000,000,842 | ---- | C] () -- C:\Users\al\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WiseFixer.lnk
[2013/05/18 23:39:33 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\WiseFixer.lnk
[2013/05/18 22:54:43 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/05/17 19:20:04 | 000,000,036 | ---- | C] () -- C:\Users\al\AppData\Local\housecall.guid.cache
[2013/05/17 18:25:49 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/05/17 17:39:49 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/17 16:13:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/05/17 16:13:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/05/17 15:28:16 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/05/17 15:02:43 | 000,000,872 | ---- | C] () -- C:\Users\al\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/05/17 15:02:42 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/17 15:02:42 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/19 03:41:31 | 000,006,080 | ---- | C] () -- C:\Users\al\AppData\Local\d3d9caps.dat
[2011/02/11 20:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 20:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 20:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 19:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2009/10/23 18:24:03 | 000,000,000 | ---- | C] () -- C:\Windows\win32k.sys
[2009/10/01 20:33:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/01 20:33:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/13 13:50:24 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/02/13 13:50:24 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/02/13 13:50:21 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/02/13 13:46:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/13 12:25:58 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/02/13 12:15:45 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/02/13 12:15:44 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/04/17 15:30:08 | 000,026,760 | R--- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2008/02/03 19:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,280,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:43:04 | 000,061,952 | ---- | C] () -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2013/05/18 23:20:03 | 000,000,000 | ---D | M] -- C:\Users\al\AppData\Roaming\9-lab
[2012/03/19 03:41:35 | 000,000,000 | ---D | M] -- C:\Users\al\AppData\Roaming\DigitalPersona
[2013/06/05 22:34:07 | 000,000,000 | ---D | M] -- C:\Users\al\AppData\Roaming\PeaZip
[2013/05/17 15:21:19 | 000,000,000 | ---D | M] -- C:\Users\al\AppData\Roaming\Sierra Wireless
[2013/06/03 18:23:43 | 000,000,000 | ---D | M] -- C:\Users\al\AppData\Roaming\Systweak
[2013/05/18 23:19:54 | 000,000,000 | ---D | M] -- C:\ProgramData\9-lab
[2009/02/19 23:56:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2013/05/17 15:21:20 | 000,000,000 | ---D | M] -- C:\ProgramData\AT&T
[2009/02/19 23:56:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/02/19 23:56:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/02/19 23:56:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/02/13 12:37:30 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor
[2009/02/13 12:37:30 | 000,000,000 | ---D | M] -- C:\ProgramData\PCDr
[2009/02/13 12:36:39 | 000,000,000 | ---D | M] -- C:\ProgramData\SingleClick Systems
[2009/02/19 23:56:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/02/13 12:37:35 | 000,000,000 | ---D | M] -- C:\ProgramData\SupportSoft
[2013/06/07 15:20:25 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009/02/19 23:56:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/02/13 12:29:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2009/08/03 23:30:55 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2009/07/30 01:51:40 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2013/06/07 15:20:20 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/06/05 23:47:59 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6E089A2A-66CE-4A41-BFFB-D872C818F8F0}.job
[2013/06/05 23:49:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C9D9016D-C806-464D-B001-C53DFCA59238}.job

========== Purity Check ==========



========== Custom Scans ==========


< BASESERVICES >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\AppData\Local\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\Local Settings\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Documents and Settings\al\Local Settings\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\AppData\Local\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Application Data\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2013/05/19 18:11:40 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- C:\Users\al\Local Settings\Temporary Internet Files\Content.IE5\U43HCCD1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Still seeing no reason why you cannot install any AV's

Can you access safe mode ?

If so then when you download combofix rename it to Gotcha

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#30
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
ok, ran combofix in safe mode. it scanned, rebooted and this log came up..
hopefully, I did it correctly............



ComboFix 13-06-08.02 - al 06/10/2013 20:58:52.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3030.2381 [GMT -5:00]
Running from: c:\users\al\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\CSUninstall
c:\program files\Common Files\CSUninstall\Uninstall.lnk
c:\programdata\Microsoft\Windows\Start Menu\CS
c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe
.
Infected copy of c:\windows\system32\cngaudit.dll was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
.
.
((((((((((((((((((((((((( Files Created from 2013-05-11 to 2013-06-11 )))))))))))))))))))))))))))))))
.
.
2013-06-11 02:02 . 2013-06-11 02:04 -------- d-----w- c:\users\al\AppData\Local\temp
2013-06-11 02:02 . 2013-06-11 02:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-11 01:31 . 2013-06-11 01:55 -------- d-----w- C:\Gotcha
2013-06-06 02:29 . 2013-06-06 02:34 -------- d-----w- c:\users\al\AppData\Roaming\PeaZip
2013-06-06 02:28 . 2013-06-06 02:28 -------- d-----w- c:\program files\PeaZip
2013-06-04 00:16 . 2013-06-04 00:17 -------- d-----w- C:\SMCLpav
2013-06-02 01:35 . 2013-06-02 01:34 724464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3AD2A3FB-FDA3-49D6-B056-0A7150BBE5F0}\gapaengine.dll
2013-06-02 01:35 . 2013-05-19 03:04 706640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-02 01:34 . 2013-05-13 04:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2694701F-ED77-4B75-B3FE-A12EF918E239}\mpengine.dll
2013-06-02 01:14 . 2013-06-03 01:47 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-06-02 01:06 . 2013-06-02 01:06 -------- d-----w- C:\RegBackup
2013-06-02 00:55 . 2013-06-02 00:55 -------- d-----w- c:\program files\Tweaking.com
2013-05-31 22:30 . 2013-05-31 22:30 -------- d-----w- C:\FRST
2013-05-22 19:14 . 2013-05-22 19:14 -------- d-----w- c:\users\al\AppData\Local\Adobe
2013-05-19 23:51 . 2012-05-25 18:14 42864 ----a-w- c:\windows\system32\sbbd.exe
2013-05-19 23:51 . 2012-05-25 18:14 101112 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2013-05-19 23:47 . 2013-05-20 01:08 -------- d-----w- C:\VIPRERESCUE
2013-05-19 22:08 . 2013-05-19 22:08 -------- d-----w- c:\program files\Microsoft.NET
2013-05-19 03:39 . 2013-05-19 03:39 -------- d-----w- c:\program files\WiseFixer
2013-05-19 03:34 . 2013-05-19 03:34 -------- d-----w- c:\users\al\AppData\Local\Stardock_Corporation
2013-05-19 03:20 . 2013-05-19 03:20 -------- d-----w- c:\users\al\AppData\Roaming\9-lab
2013-05-19 03:19 . 2013-05-19 03:19 -------- d-----w- c:\programdata\9-lab
2013-05-19 03:19 . 2013-06-02 01:41 -------- d-----w- c:\program files\9-lab
2013-05-19 03:04 . 2013-05-13 04:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-19 03:04 . 2013-05-02 15:28 238872 ----a-w- c:\windows\system32\MpSigStub.exe
2013-05-19 02:54 . 2013-05-19 02:54 -------- d-----w- c:\program files\Microsoft Security Client
2013-05-18 01:17 . 2013-05-18 01:17 -------- d-----w- c:\users\al\AppData\Roaming\SUPERAntiSpyware.com
2013-05-18 01:17 . 2013-05-18 01:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-05-18 00:22 . 2013-05-18 00:22 -------- d-----w- c:\program files\Panda Security
2013-05-17 23:20 . 2012-07-27 02:02 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-05-17 22:25 . 2013-05-17 22:25 -------- d-----w- c:\program files\CCleaner
2013-05-17 22:02 . 2013-06-03 22:23 -------- d-----w- c:\users\al\AppData\Roaming\Systweak
2013-05-17 21:40 . 2013-05-17 21:40 -------- d-----w- c:\users\al\AppData\Roaming\Malwarebytes
2013-05-17 20:29 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2013-05-17 20:26 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-17 20:18 . 2013-05-17 20:18 -------- d-----w- C:\Intel
2013-05-17 20:18 . 2013-05-17 20:18 -------- d-----w- c:\windows\system32\x64
2013-05-17 20:18 . 2011-02-12 00:26 948760 ----a-w- c:\windows\system32\igxpun.exe
2013-05-17 20:18 . 2006-11-02 20:21 319456 ----a-w- c:\windows\system32\difxapi.dll
2013-05-17 20:13 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-05-17 20:12 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-05-17 20:12 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-05-17 20:12 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2013-05-17 20:12 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-05-17 20:12 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-05-17 20:12 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-05-17 20:12 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-05-17 20:12 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-05-17 20:12 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-05-17 20:12 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-05-17 20:11 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-05-17 20:11 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-05-17 20:05 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2013-05-17 20:05 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2013-05-17 20:05 . 2013-03-11 13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-17 20:05 . 2013-03-11 13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-17 20:05 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-05-17 20:05 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe
2013-05-17 20:03 . 2013-01-04 11:28 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-17 20:00 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-05-17 19:34 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-05-17 19:34 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-05-17 19:34 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-05-17 19:34 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-05-17 19:33 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-05-17 19:33 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-05-17 19:33 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-05-17 19:33 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-05-17 19:33 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-05-17 19:26 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2013-05-17 19:21 . 2013-05-17 19:21 -------- d-----w- c:\programdata\AT&T
2013-05-17 19:21 . 2013-05-17 19:21 -------- d-----w- c:\users\al\AppData\Roaming\Sierra Wireless
2013-05-17 19:02 . 2013-05-17 19:02 -------- d-----w- c:\users\al\AppData\Local\Mozilla
2013-05-17 19:02 . 2013-05-17 19:02 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-06 02:07 . 2009-10-01 03:09 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-04-04 19:50 . 2009-10-01 03:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-20 3563520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-06-09 814144]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-04-09 1762032]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-17 442433]
"OA001Cfg.exe"="OA001Cfg.exe" [2008-10-27 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
c:\users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - [N/A]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-13 16:29 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [2008-07-17 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-11 c:\windows\Tasks\User_Feed_Synchronization-{6E089A2A-66CE-4A41-BFFB-D872C818F8F0}.job
- c:\windows\system32\msfeedssync.exe [2012-03-24 08:01]
.
2013-06-11 c:\windows\Tasks\User_Feed_Synchronization-{C9D9016D-C806-464D-B001-C53DFCA59238}.job
- c:\windows\system32\msfeedssync.exe [2012-03-24 08:01]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\al\AppData\Roaming\Mozilla\Firefox\Profiles\19eabpzx.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - ExtSQL: !HIDDEN! 2009-02-13 10:22; [email protected]; c:\program files\DigitalPersona\Bin\FirefoxExt
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-{900C2AB5-3F37-4F84-B58C-893FA5F42D7D}_is1 - f:\wisefixer\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-10 21:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(660)
c:\windows\system32\DPPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(5788)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fingerprint Sensor\AtService.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Microsoft\BingBar\BBSvc.EXE
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\windows\System32\WUDFHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wermgr.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2013-06-10 21:09:30 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-11 02:08
.
Pre-Run: 172,258,041,856 bytes free
Post-Run: 169,287,786,496 bytes free
.
- - End Of File - - 5F5C107C0E665AD9DCD995FE88C627A7
CDB4DE4BBD714F152979DA2DCBEF57EB
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP