Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

No Boot After Malware Removal [Solved]


  • This topic is locked This topic is locked

#1
oze

oze

    Member

  • Member
  • PipPip
  • 44 posts
Looks like my infected topic now belongs in this forum. In that topic is included the OTL log that I generated before I removed two types of malware, resulting in the no-boot state in which I find my desktop now. For the sake of brevity, I am not going to re-enter what I have done/found; I can do so here if that is preferred, but high-level details are in the above-linked malware topic. Attached is FRST log, which I have generated. Thanks to Ron for steering me to this forum, and thanks in advance for any upcoming help!


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2013 01
Ran by SYSTEM on 27-07-2013 23:20:01
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\RunDLL32.exe [45568 2009-07-13] (Microsoft Corporation)
HKLM\...\Run: [RunDLLEntry_EptMon] - C:\Windows\system32\RunDLL32.exe [45568 2009-07-13] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/w...9b490a12c856971 [x]
HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
HKLM-x32\...\Winlogon: [Userinit] userinit.exe, [x]
HKLM-x32\...\Winlogon: [Shell] explorer.exe [x ] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [x]
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-11] (cyberlink)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [EEventManager] - C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LifeCam] - "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [x]
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2835443 2012-02-01] ()
HKLM-x32\...\Run: [Info Center] - C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [26264 2012-01-31] (PC Pitstop LLC)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]
HKLM-x32\...\Run: [PC MaticRT] - C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe [1105672 2013-01-02] (PC Pitstop LLC)
HKU\Administrator\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Administrator\...\Run: [StartUp This] - C:\Program Files (x86)\Laplink\PCmover\LaunchSt.exe [251256 2010-06-16] (Laplink Software, Inc.)
HKU\Administrator\...\Run: [Epson Stylus NX510(Network) (Copy 1)] - C:\Windows\SysWOW64\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE /FU "C:\WINDOWS\TEMP\E_S4F.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Administrator\...\Run: [Download Nitro] - C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe [3597520 2011-06-30] (PC Pitstop, LLC)
HKU\Administrator\...\Run: [EPSON NX510 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_SEFD9.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Administrator\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKU\Administrator\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [x]
HKU\Administrator\...\RunOnce: [avg_spchecker] - "C:\Program Files (x86)\AVG\AVG9\Notification\SPChecker1.exe" /start [x]
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [x]
HKU\Default\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files (x86)\Common Files\Ahead\Lib\NMFirstStart.exe [x]
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [x]
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files (x86)\Common Files\Ahead\Lib\NMFirstStart.exe [x]
HKU\Oze\...\Run: [EPSON NX510 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_SB4EE.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Oze\...\Run: [Download Nitro] - C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe [3597520 2011-06-30] (PC Pitstop, LLC)
HKU\Oze\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation)
HKU\Oze\...\Run: [Dxtory Update Checker 2.0] - C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\Oze\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-12-19] (AMD)
Startup: C:\Users\Oze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Caller ID.lnk
ShortcutTarget: Caller ID.lnk -> C:\Program Files (x86)\Caller ID\Caller ID.exe ()
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - No File
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - No File
SSODL-x32: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - No File

==================== Services (Whitelisted) =================

S2 AudioSrv; C:\Windows\SysWow64\Audiosrv.dll [42496 2008-04-13] (Microsoft Corporation)
S2 BITS; C:\Windows\SysWow64\qmgr.dll [409088 2008-04-13] (Microsoft Corporation)
S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
S2 LanmanServer; C:\Windows\SysWow64\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)
S2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86216 2013-02-02] (PC Pitstop LLC)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-15] ()
S2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2012-12-15] ()
S3 RasAuto; C:\Windows\SysWow64\rasauto.dll [88576 2008-04-13] (Microsoft Corporation)
S3 RasMan; C:\Windows\SysWow64\rasmans.dll [186368 2008-04-13] (Microsoft Corporation)
S2 Schedule; C:\Windows\SysWow64\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation)
S3 TermService; C:\Windows\SysWow64\termsrv.dll [295424 2008-04-13] (Microsoft Corporation)
S2 wuauserv; C:\Windows\SysWow64\wuaueng.dll [1929952 2009-08-06] (Microsoft Corporation)
S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [x]
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [x]
S2 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S3 ALG; %SystemRoot%\System32\alg.exe [x]
S2 AMD External Events Utility; %SystemRoot%\system32\atiesrxx.exe [x]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [x]
S3 clr_optimization_v2.0.50727_32; %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
S3 clr_optimization_v2.0.50727_64; %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [x]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [x]
S2 cvhsvc; "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [x]
S3 ehSched; %systemroot%\ehome\ehsched.exe [x]
S2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [x]
S2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [x]
S3 Fax; %systemroot%\system32\fxssvc.exe [x]
S2 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [x]
S2 GoToAssist; "C:\Program Files (x86)\Citrix\GoToAssist\822\g2aservice.exe" Start=service [x]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [x]
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [x]
S2 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [x]
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [x]
S3 MSDTC; %SystemRoot%\System32\msdtc.exe [x]
S2 msiserver; %systemroot%\system32\msiexec.exe /V [x]
S2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [x]
S2 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [x]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [x]
S2 PCPitstop Realtime; C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe [x]
S2 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [x]
S2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [x]
S2 sftlist; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [x]
S2 sftvsa; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [x]
S3 SNMPTRAP; %SystemRoot%\System32\snmptrap.exe [x]
S2 sppsvc; %SystemRoot%\system32\sppsvc.exe [x]
S2 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService [x]
S2 UI0Detect; %SystemRoot%\system32\UI0Detect.exe [x]
S2 vds; %SystemRoot%\System32\vds.exe [x]
S2 VSS; %systemroot%\system32\vssvc.exe [x]
S2 WatAdminSvc; %SystemRoot%\system32\Wat\WatAdminSvc.exe [x]
S2 wbengine; "%systemroot%\system32\wbengine.exe" [x]
S2 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [x]
S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [x]
S2 wmiApSrv; %systemroot%\system32\wbem\WmiApSrv.exe [x]
S3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [x]
S3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [x]
S2 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security)
S1 mbmiodrvr; C:\Windows\syswow64\mbmiodrvr.sys [4608 2004-04-10] ([email protected])
S1 mbmiodrvr; C:\Windows\syswow64\mbmiodrvr.sys [4608 2004-04-10] ([email protected])
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [7408 2009-03-23] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 dfg; System32\DRIVERS\dfg.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 FTD2XX; System32\Drivers\FTD2XX.sys [x]
S1 fwdrv; \SystemRoot\system32\drivers\fwdrv.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x]
S0 PxHelp20; System32\DRIVERS\PxHelp20.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-27 23:19 - 2013-07-27 23:19 - 00000000 ____D C:\FRST
2013-07-26 13:11 - 2013-07-26 13:11 - 00000000 _____ C:\Windows\SysWOW64\SBRC.dat
2013-07-26 11:30 - 2013-07-26 11:30 - 00000030 _____ C:\Users\Oze\AppData\Roaming\mbam.context.scan
2013-07-26 09:16 - 2013-07-26 09:16 - 21840856 _____ (Mozilla) C:\Users\Oze\Downloads\Firefox_Setup [1].exe
2013-07-25 19:00 - 2013-07-25 19:00 - 00002036 _____ C:\Users\Oze\Desktop\PC Matic (2).lnk
2013-07-25 18:35 - 2012-10-24 12:39 - 00082872 _____ (GFI Software) C:\Windows\System32\Drivers\sbapifs.sys
2013-07-25 18:09 - 2013-07-25 18:09 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Oze\Downloads\pcmatic-setup-0002.exe
2013-07-25 16:58 - 2013-07-25 16:58 - 00000000 ____D C:\Users\Oze\AppData\Local\VS Revo Group
2013-07-25 16:58 - 2013-07-25 16:58 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-07-25 16:58 - 2013-07-25 16:58 - 00000000 ____D C:\Program Files\VS Revo Group
2013-07-25 16:58 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
2013-07-25 16:33 - 2013-07-26 12:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-25 16:33 - 2013-07-26 12:38 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-25 16:33 - 2013-07-25 16:33 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-25 16:33 - 2013-07-25 16:33 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-25 16:16 - 2013-07-26 13:01 - 00000003 _____ C:\Users\Oze\AppData\Local\dafccegc28.nls
2013-07-23 04:17 - 2013-07-26 13:26 - 00000003 _____ C:\ProgramData\dafccegc28.nls
2013-07-22 20:32 - 2013-07-22 20:33 - 00000000 ____D C:\Users\Oze\AppData\Local\Smartbar
2013-07-22 20:32 - 2013-07-22 20:32 - 00000000 ____D C:\Users\Oze\Documents\My Cheat Tables
2013-07-22 20:32 - 2013-07-22 20:32 - 00000000 ____D C:\Users\Oze\AppData\Roaming\OpenCandy
2013-07-22 20:32 - 2013-07-22 20:32 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3
2013-07-22 19:56 - 2013-07-26 13:05 - 00512221 _____ C:\Users\Oze\AppData\Local\dfl28z32.dll
2013-07-20 13:58 - 2013-07-20 13:58 - 00123323 _____ C:\Users\Oze\Desktop\Zune_chat..xps
2013-07-20 09:06 - 2013-07-20 09:06 - 00000889 _____ C:\Users\Public\Desktop\Zune.lnk
2013-07-20 09:06 - 2013-07-20 09:06 - 00000889 _____ C:\ProgramData\Desktop\Zune.lnk
2013-07-17 19:28 - 2013-07-17 19:28 - 00227070 _____ C:\Users\Oze\Downloads\League of Legends Modifier 1.00 IP plus RP Adder.rar
2013-07-16 15:05 - 2013-07-16 15:07 - 00000000 ____D C:\Users\Oze\AppData\Roaming\.technic
2013-07-11 14:52 - 2013-07-25 19:01 - 00002119 _____ C:\Users\Oze\Desktop\vba.ini
2013-07-11 02:05 - 2013-06-11 18:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 02:05 - 2013-06-11 18:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 02:05 - 2013-06-11 18:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 02:05 - 2013-06-11 18:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 02:05 - 2013-06-11 18:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 02:05 - 2013-06-11 18:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 02:05 - 2013-06-11 18:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 02:05 - 2013-06-11 18:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 02:05 - 2013-06-11 18:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 02:05 - 2013-06-11 18:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-11 02:05 - 2013-06-06 22:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-11 02:05 - 2013-06-06 21:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 02:04 - 2013-06-11 18:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 02:04 - 2013-06-11 18:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 02:04 - 2013-06-11 18:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 02:04 - 2013-06-11 18:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 02:04 - 2013-06-11 18:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-11 02:04 - 2013-06-11 18:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 02:04 - 2013-06-11 18:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-11 02:04 - 2013-06-11 18:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-11 01:07 - 2013-06-04 22:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-11 01:07 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-11 01:07 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 01:07 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 01:07 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 01:07 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 01:07 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-08 22:07 - 2013-07-08 22:07 - 00108968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-08 22:07 - 2013-07-08 22:07 - 00000000 ____D C:\Program Files\Java
2013-07-07 18:54 - 2013-07-07 18:54 - 00587906 _____ C:\Users\Oze\Desktop\azh_dell.xps
2013-07-07 17:37 - 2013-07-26 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-07 16:43 - 2013-07-26 18:10 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

==================== One Month Modified Files and Folders =======

2013-07-27 23:19 - 2013-07-27 23:19 - 00000000 ____D C:\FRST
2013-07-26 18:23 - 2011-09-18 00:05 - 00000000 ____D C:\I386
2013-07-26 18:22 - 2013-05-22 10:04 - 00000000 ____D C:\Program Files\My Dell
2013-07-26 18:22 - 2012-11-11 09:07 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-26 18:22 - 2012-11-08 13:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-26 18:22 - 2012-03-24 21:23 - 00000000 ____D C:\GameCQ
2013-07-26 18:22 - 2012-01-04 14:31 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2013-07-26 18:22 - 2011-10-31 20:29 - 00000000 ____D C:\Program Files\CCleaner
2013-07-26 18:22 - 2011-09-27 22:27 - 00000000 ____D C:\Program Files\Zune
2013-07-26 18:22 - 2011-09-18 06:33 - 00000000 ____D C:\Users\Oze\Desktop\Malware
2013-07-26 18:22 - 2011-09-18 06:32 - 00000000 ___RD C:\Users\Oze\Desktop\TOOLS
2013-07-26 18:22 - 2011-09-18 06:14 - 00000000 ___RD C:\Users\Oze\Desktop\Games
2013-07-26 18:22 - 2011-09-17 19:01 - 00000000 ____D C:\Drive_F
2013-07-26 18:22 - 2011-09-14 16:40 - 00000000 ____D C:\Program Files\Dell Support Center
2013-07-26 18:22 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-26 18:22 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-26 18:22 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-26 18:22 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-26 18:22 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-07-26 18:21 - 2011-09-17 23:57 - 00000000 ____D C:\DOSBox-0.73
2013-07-26 18:21 - 2011-09-17 18:47 - 00000000 ___HD C:\Windows\ie8
2013-07-26 18:21 - 2011-09-17 18:46 - 00000000 ___HD C:\Windows\ie7
2013-07-26 18:21 - 2011-09-17 18:40 - 00000000 ____D C:\Windows\I386
2013-07-26 18:18 - 2011-09-17 18:49 - 00000000 ____D C:\Windows\V58
2013-07-26 18:18 - 2011-09-17 18:49 - 00000000 ____D C:\Windows\network diagnostic
2013-07-26 18:18 - 2011-09-17 18:48 - 00000000 ____D C:\Windows\msagent
2013-07-26 18:18 - 2011-09-17 18:14 - 00000000 ____D C:\Windows\SysWOW64\npp
2013-07-26 18:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-07-26 18:17 - 2011-09-17 18:19 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-07-26 18:17 - 2011-09-17 18:13 - 00000000 ____D C:\Windows\SysWOW64\hpintro
2013-07-26 18:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2013-07-26 18:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-07-26 18:14 - 2011-09-17 18:09 - 00000000 ____D C:\Windows\SysWOW64\Aod
2013-07-26 18:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-07-26 18:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\oobe
2013-07-26 18:13 - 2013-04-22 22:10 - 00000000 ____D C:\Program Files (x86)\program
2013-07-26 18:13 - 2013-01-12 21:02 - 00000000 ____D C:\Program Files (x86)\War Inc Battlezone
2013-07-26 18:13 - 2012-08-18 18:13 - 00000000 ____D C:\Python27
2013-07-26 18:13 - 2012-03-26 15:45 - 00000000 ____D C:\Program Files (x86)\Vgrabber
2013-07-26 18:13 - 2011-11-22 13:03 - 00000000 ____D C:\SBS
2013-07-26 18:13 - 2011-09-18 00:43 - 00000000 ____D C:\Rooter$
2013-07-26 18:13 - 2011-09-17 18:36 - 00000000 ____D C:\Windows\Corel
2013-07-26 18:13 - 2011-09-17 17:53 - 00000000 ____D C:\Program Files (x86)\V CAST Media Manager
2013-07-26 18:13 - 2011-09-17 17:35 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-26 18:13 - 2011-09-17 17:34 - 00000000 ____D C:\Program Files (x86)\Quicken WillMaker Plus 2006
2013-07-26 18:13 - 2011-09-17 17:34 - 00000000 ____D C:\Program Files (x86)\PMP DV
2013-07-26 18:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-07-26 18:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Dism
2013-07-26 18:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\com
2013-07-26 18:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system
2013-07-26 18:12 - 2013-02-22 11:54 - 00000000 ____D C:\Program Files (x86)\wot test
2013-07-26 18:12 - 2011-12-25 12:16 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-26 18:12 - 2011-09-17 17:51 - 00000000 ____D C:\Program Files (x86)\SUPERAntiSpyware
2013-07-26 18:12 - 2011-09-14 16:46 - 00000000 ____D C:\Program Files (x86)\Zinio Reader 4
2013-07-26 18:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-07-26 18:11 - 2013-06-04 16:03 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2013-07-26 18:11 - 2011-09-17 17:55 - 00000000 ____D C:\Program Files (x86)\Windows Media Connect 2
2013-07-26 18:11 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-26 18:10 - 2013-07-07 17:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-26 18:10 - 2013-07-07 16:43 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-26 18:10 - 2013-04-20 13:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-26 18:10 - 2012-08-21 07:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-26 18:10 - 2012-04-02 16:23 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-07-26 18:10 - 2011-09-17 17:55 - 00000000 ____D C:\Program Files (x86)\Windows Live Safety Center
2013-07-26 18:10 - 2011-09-17 17:55 - 00000000 ____D C:\Program Files (x86)\Windows Installer Clean Up
2013-07-26 18:10 - 2011-09-17 17:28 - 00000000 ____D C:\Program Files (x86)\OverDrive Media Console
2013-07-26 18:10 - 2011-09-17 17:23 - 00000000 ____D C:\Program Files (x86)\OpenDNS Updater
2013-07-26 18:10 - 2011-09-17 17:12 - 00000000 ____D C:\Program Files (x86)\Nikon Firmware
2013-07-26 18:10 - 2011-09-17 17:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12
2013-07-26 18:10 - 2011-09-17 17:09 - 00000000 ____D C:\Program Files (x86)\Movie Maker
2013-07-26 18:10 - 2011-09-17 17:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-26 18:09 - 2012-11-08 13:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-26 18:08 - 2012-08-28 14:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-07-26 18:08 - 2012-01-04 14:31 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2013-07-26 18:08 - 2011-09-17 17:52 - 00000000 ____D C:\Program Files (x86)\TrueSwitchEsaya
2013-07-26 18:08 - 2011-09-17 17:09 - 00000000 ____D C:\Program Files (x86)\Microsoft IntelliPoint 5.5
2013-07-26 18:08 - 2011-09-17 17:09 - 00000000 ____D C:\Program Files (x86)\Microsoft IntelliPoint
2013-07-26 18:08 - 2011-09-17 17:09 - 00000000 ____D C:\Program Files (x86)\Messenger
2013-07-26 18:08 - 2011-09-17 15:30 - 00000000 ____D C:\Program Files (x86)\CrossLoop
2013-07-26 18:08 - 2011-09-17 15:16 - 00000000 ____D C:\Program Files (x86)\Audible
2013-07-26 18:08 - 2011-09-14 16:28 - 00000000 ____D C:\Program Files (x86)\Cozi Express
2013-07-26 18:08 - 2011-09-14 16:26 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-07-26 18:06 - 2011-10-29 18:23 - 00000000 ____D C:\Program Files (x86)\Bandicam
2013-07-26 18:06 - 2011-09-17 16:02 - 00000000 ____D C:\Program Files (x86)\Finale NotePad 2003a
2013-07-26 18:06 - 2011-09-17 15:16 - 00000000 ____D C:\Program Files (x86)\Audacity
2013-07-26 18:06 - 2011-09-17 14:57 - 00000000 ____D C:\Program Files (x86)\AIM95
2013-07-26 13:27 - 2011-12-23 18:41 - 00097640 _____ C:\Windows\PFRO.log
2013-07-26 13:27 - 2011-09-14 16:12 - 01596440 _____ C:\Windows\WindowsUpdate.log
2013-07-26 13:26 - 2013-07-23 04:17 - 00000003 _____ C:\ProgramData\dafccegc28.nls
2013-07-26 13:26 - 2012-09-14 05:44 - 00000000 ____D C:\Users\Oze\AppData\Roaming\Free Download Manager
2013-07-26 13:26 - 2012-03-06 10:09 - 00000000 ____D C:\ProgramData\PCPitstopDat
2013-07-26 13:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-07-26 13:11 - 2013-07-26 13:11 - 00000000 _____ C:\Windows\SysWOW64\SBRC.dat
2013-07-26 13:10 - 2012-03-07 00:08 - 00000000 ____D C:\ProgramData\PCPitstop
2013-07-26 13:05 - 2013-07-22 19:56 - 00512221 _____ C:\Users\Oze\AppData\Local\dfl28z32.dll
2013-07-26 13:01 - 2013-07-25 16:16 - 00000003 _____ C:\Users\Oze\AppData\Local\dafccegc28.nls
2013-07-26 12:53 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-26 12:53 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-26 12:51 - 2009-07-14 00:13 - 00779788 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-26 12:46 - 2012-03-19 17:42 - 00000000 ____D C:\Users\Oze\AppData\Local\LogMeIn Hamachi
2013-07-26 12:46 - 2011-09-14 16:44 - 00000000 ____D C:\ProgramData\Sonic
2013-07-26 12:45 - 2013-07-25 16:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-26 12:45 - 2011-09-14 16:52 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-07-26 12:45 - 2011-09-14 16:52 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-07-26 12:44 - 2013-03-29 12:36 - 00005775 _____ C:\Windows\setupact.log
2013-07-26 12:44 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-26 12:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-07-26 12:43 - 2012-10-16 13:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-26 12:38 - 2013-07-25 16:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-26 12:32 - 2013-01-26 14:31 - 00000000 ___RD C:\Users\Oze\Desktop\azhie
2013-07-26 11:36 - 2011-09-18 06:15 - 00000000 ____D C:\Users\Oze\Desktop\Kids
2013-07-26 11:30 - 2013-07-26 11:30 - 00000030 _____ C:\Users\Oze\AppData\Roaming\mbam.context.scan
2013-07-26 09:16 - 2013-07-26 09:16 - 21840856 _____ (Mozilla) C:\Users\Oze\Downloads\Firefox_Setup [1].exe
2013-07-26 06:09 - 2011-10-23 19:26 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6C79EAD0-30A9-4F51-AF18-53C5A208D247}
2013-07-25 19:01 - 2013-07-11 14:52 - 00002119 _____ C:\Users\Oze\Desktop\vba.ini
2013-07-25 19:00 - 2013-07-25 19:00 - 00002036 _____ C:\Users\Oze\Desktop\PC Matic (2).lnk
2013-07-25 18:55 - 2013-06-22 22:53 - 00000000 ____D C:\Users\Oze\AppData\Roaming\.minecraft
2013-07-25 18:55 - 2011-09-17 18:27 - 00000000 ____D C:\ProgramData\NoteBurner
2013-07-25 18:09 - 2013-07-25 18:09 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Oze\Downloads\pcmatic-setup-0002.exe
2013-07-25 17:08 - 2011-09-17 17:51 - 00000000 ____D C:\Program Files (x86)\Sunbelt Software
2013-07-25 16:58 - 2013-07-25 16:58 - 00000000 ____D C:\Users\Oze\AppData\Local\VS Revo Group
2013-07-25 16:58 - 2013-07-25 16:58 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-07-25 16:58 - 2013-07-25 16:58 - 00000000 ____D C:\Program Files\VS Revo Group
2013-07-25 16:33 - 2013-07-25 16:33 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-25 16:33 - 2013-07-25 16:33 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-25 16:30 - 2011-09-17 13:01 - 00000000 ____D C:\users\Oze
2013-07-25 16:29 - 2011-10-14 13:08 - 00000000 ____D C:\Users\Oze\AppData\Roaming\Skype
2013-07-25 16:29 - 2011-09-17 17:55 - 00000000 ____D C:\Program Files (x86)\WinZip
2013-07-25 16:29 - 2011-09-17 17:33 - 00000000 ____D C:\Program Files (x86)\PCPitstop
2013-07-25 16:29 - 2011-09-17 14:18 - 00000000 ____D C:\users\Administrator
2013-07-25 16:29 - 2011-09-14 16:24 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-07-24 15:01 - 2013-05-22 10:04 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-07-22 22:11 - 2012-10-16 13:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-22 22:11 - 2011-09-14 16:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-22 22:10 - 2010-11-20 22:24 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2013-07-22 22:10 - 2009-07-13 19:13 - 01397248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Utilman.exe
2013-07-22 22:10 - 2009-07-13 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
2013-07-22 22:10 - 2009-07-13 18:41 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2013-07-22 22:10 - 2009-07-13 18:37 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\net.exe
2013-07-22 22:10 - 2009-07-13 18:19 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
2013-07-22 22:09 - 2012-07-11 16:38 - 02684416 _____ (Sysinternals - www.sysinternals.com) C:\Users\Oze\Desktop\ CPAP SD Card (1).exe
2013-07-22 22:09 - 2010-02-09 09:49 - 17231872 _____ (Microsoft Corporation) C:\Users\Oze\Desktop\LMSetup.exe
2013-07-22 21:13 - 2012-01-28 20:26 - 00000000 ____D C:\Users\Oze\AppData\Local\PMB Files
2013-07-22 21:13 - 2012-01-28 20:26 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-22 20:33 - 2013-07-22 20:32 - 00000000 ____D C:\Users\Oze\AppData\Local\Smartbar
2013-07-22 20:32 - 2013-07-22 20:32 - 00000000 ____D C:\Users\Oze\Documents\My Cheat Tables
2013-07-22 20:32 - 2013-07-22 20:32 - 00000000 ____D C:\Users\Oze\AppData\Roaming\OpenCandy
2013-07-22 20:32 - 2013-07-22 20:32 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3
2013-07-22 19:43 - 2012-08-14 14:21 - 00000000 ____D C:\Program Files (x86)\Caller ID
2013-07-22 19:43 - 2011-09-17 15:17 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-22 15:04 - 2011-09-17 15:00 - 00000000 ____D C:\ProgramData\PCDr
2013-07-20 13:58 - 2013-07-20 13:58 - 00123323 _____ C:\Users\Oze\Desktop\Zune_chat..xps
2013-07-20 09:06 - 2013-07-20 09:06 - 00000889 _____ C:\Users\Public\Desktop\Zune.lnk
2013-07-20 09:06 - 2013-07-20 09:06 - 00000889 _____ C:\ProgramData\Desktop\Zune.lnk
2013-07-19 19:00 - 2013-03-07 17:05 - 00585216 ___SH C:\Users\Oze\Downloads\Thumbs.db
2013-07-17 19:28 - 2013-07-17 19:28 - 00227070 _____ C:\Users\Oze\Downloads\League of Legends Modifier 1.00 IP plus RP Adder.rar
2013-07-17 19:23 - 2013-01-25 06:41 - 00000000 ____D C:\ProgramData\VisualBee
2013-07-17 19:22 - 2013-01-25 06:41 - 00000000 ____D C:\Users\Oze\AppData\Local\VisualBeeExe
2013-07-17 01:29 - 2012-01-10 11:52 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-07-16 15:07 - 2013-07-16 15:05 - 00000000 ____D C:\Users\Oze\AppData\Roaming\.technic
2013-07-16 15:04 - 2012-08-05 15:19 - 00000000 ____D C:\Users\Oze\AppData\Roaming\.techniclauncher
2013-07-11 08:16 - 2008-06-02 17:45 - 00253952 ___SH C:\Users\Oze\Desktop\Thumbs.db
2013-07-11 02:27 - 2009-07-13 23:45 - 00534760 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-11 02:25 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-08 22:07 - 2013-07-08 22:07 - 00108968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-08 22:07 - 2013-07-08 22:07 - 00000000 ____D C:\Program Files\Java
2013-07-08 22:07 - 2012-11-02 10:23 - 01093032 _____ (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-07-08 22:07 - 2011-09-14 16:21 - 00972712 _____ (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-07-07 19:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-07 18:54 - 2013-07-07 18:54 - 00587906 _____ C:\Users\Oze\Desktop\azh_dell.xps
2013-07-07 16:47 - 2011-09-18 01:04 - 00000000 ____D C:\Users\Oze\AppData\Roaming\wsInspector
2013-06-28 05:39 - 2011-09-18 06:37 - 00000000 ____D C:\Users\Oze\Desktop\Yard Sale
2013-06-28 02:03 - 2011-02-10 11:10 - 00773512 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-27 12:13 - 2012-09-24 10:01 - 00000000 ____D C:\Users\Oze\Desktop\Scanned Docs
2013-06-27 12:13 - 2012-08-17 15:26 - 00000000 ____D C:\Users\Oze\Desktop\Anna College

Files to move or delete:
====================
C:\Users\Oze\GoToAssistDownloadHelper.exe
C:\ProgramData\hash.dat
C:\ProgramData\winiml.dat

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe
[2009-07-13 18:19] - [2013-07-22 22:10] - 0020992 ____A (Microsoft Corporation) 1630B7CCFA1307C1E8A314E4BD20E8ED

C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-07-24 23:00:06
Restore point made on: 2013-07-25 16:26:55
Restore point made on: 2013-07-25 16:33:50
Restore point made on: 2013-07-25 16:48:15
Restore point made on: 2013-07-25 16:55:06
Restore point made on: 2013-07-25 17:01:29
Restore point made on: 2013-07-25 17:01:57

==================== Memory info ===========================

Percentage of memory in use: 8%
Total physical RAM: 12278.93 MB
Available physical RAM: 11251.07 MB
Total Pagefile: 12277.13 MB
Available Pagefile: 11246.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1849.73 GB) (Free:1442.26 GB) NTFS (Disk=0 Partition=3)
Drive e: (RECOVERY) (Fixed) (Total:13.25 GB) (Free:5.34 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive f: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:75.68 GB) NTFS (Disk=2 Partition=1)
Drive g: () (Removable) (Total:0.99 GB) (Free:0.99 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: CB59CF0B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-212892385280) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1019 MB) (Disk ID: 3C813E58)
Partition 1: (Active) - (Size=1012 MB) - (Type=06)

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)


LastRegBack: 2013-07-22 23:26

==================== End Of Log ============================
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,024 posts
Hello oze,

Please download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next

  • Run FRST and type the following into the search box:
    wininit.exe*;explorer.exe*;userinit.exe*
  • Now press the search button
  • When the search is complete, search.txt will also be saved in the same location as FRST.exe
  • Please copy and paste both logs in your reply.(FRST.txt and Search.txt)
So when you return please post
  • Fixlog.txt
  • Search.txt

  • 0

#3
oze

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Thanks for the quick reply and instructions! I got sent out of town on business at the last minute; I should be home late Wednesday to give this a go.
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,024 posts
:thumbsup:
  • 0

#5
oze

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I've followed your instructions, and have attached Fixlog.txt and Search.txt. I am not clear if you meant to attach FRST.txt as well, so I went ahead and did that as well. Thanks again!

Dave

Attached File  Fixlog.txt   449bytes   66 downloads
Attached File  Search.txt   4.57KB   91 downloads
Attached File  FRST.txt   37.68KB   74 downloads
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,024 posts
Hello oze,

Please post your logs in the thread; do not attach your logs unless specifically requested to do so.

Now

Your machine is missing some essential system files. While I am seeing some that might work, I am not finding satisfactory replacement files from your logs.

I think the best approach would be a Start up Repair.

If you have a retail Windows 7 installation disk go straight to the instructions at Step 2 below. If not carry out the next instructions first. You can use another Windows 7 system machine with the same operating system as your broken computer.

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
Posted Image

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
Posted Image

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.
Step 2

Go to the link below and follow the instructions to carry out a Start Up Repair of your machine.

http://www.sevenforu...tup-repair.html

Come back and tell me how you got on.
  • 0

#7
oze

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Thanks for your persistence! I created the system repair disk, and went through the steps listed in the link you provided three times, as directed in the instructions. Unfortunately, in all three instances, no problems were found. :help:
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,024 posts
So does that mean you can boot up normally?
  • 0

#9
oze

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Unfortunately, no. I tried to boot after removing the repair disk, but there is no change from before. Am I SOL?
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,024 posts

Am I SOL?


Not yet... time to try a different approach. ;)


IMPORTANT:
You will need a flash drive with a size of 512 Mb or bigger. Make sure that you do not leave anything important on the flash drive, as all data on it will be deleted during the following steps.

    • Download OTLPEStd.exe from one of the following links and save it to your Desktop: mirror1 or mirror2
    • Download eeepcfr.zip from the following link and save it to your Desktop: the mirror
    • Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror
  • Once you have 7-zip install, decompress OTLPEStd.exe by rightclicking on the folder and choosing the options shown in the picture below. Please use a dedicated folder, for example OTLPE, on your Desktop

    Posted Image
  • Open the folder OTLPEStd which will be created in the same location as OTLPEStd.exe and right-click OTLPE_New_Std.iso. Select 7-Zip and from the submenu select Extract files... and extract the content onto your Desktop in a OTLPE folder:

    Posted Image
  • Please also decompress eeepcfr to your systemroot (usually C:\).
  • Empty the flash drive you want to install OTLPE on.
  • Go to C:\eeecpfr and double-click usb_prep8.cmd to launch it.
  • Press any key when asked to in the black window that opens.
  • As indicated in the image, make sure you have selected the correct flash drive, before proceeding.
    For Drive Label: type in OTLPE.
    Under Source Path to built BartPE/WinPE Files click ... and select the folder OTLPE that you created on your Desktop.
    Finally check Enable File Copy.

    Posted Image
  • Click on Start, accept the disclaimers and wait for the program to finish.
Your bootable flash drive should now be ready!


  • Reboot your system using the bootable flash drive you just created.
  • Note : If you do not know how to set your computer to boot from Flash drive follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

  • 0

Advertisements


#11
oze

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Sorry to sound like a goof, :blush: but before I proceed, I want to verify something.

I was attempting to prepare the USB drive to make it bootable, when I noticed that the instructions indicated that an XP bootable disk would be created. Will this be an issue with the Windows 7 computer we are trying to fix? Thanks.
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,024 posts
Well it boots off the USB so I don't think it makes a difference what OS it is but if it doesn't work come back and tell me. :)
  • 0

#13
oze

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Thanks for your patience. The program seems to want to create Win XP Source files--am I wrong about this? Here is part of the help text which concerns me:


***** HELP for Using USB-Drive for Install of Windows XP: *****

Boot with USB-Drive plugged and Press [Delete] to Enter BIOS Setup
Change BIOS Boot Settings:
Harddisk is First Boot Device Type and USB-Drive is seen as First Harddisk

Reboot from USB-Drive and Select 1. TXT Mode Setup Windows XP

Use Only C: Drive of Computer Harddisk as Partition for Install of Windows XP
and then Select Quick Format with NTFS FileSystem, XP Install is Automatic



In case I am and you think that I should go ahead, I did format a 4GB USB drive as FAT and executed usb_prep8--the program does not detect my flash drive. I feel so dull...

Edited by oze, 01 August 2013 - 03:45 PM.

  • 0

#14
oze

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
While I am waiting for further instructions, I re-ran the AVG scan from the recovery disk, and it did find infected files that it states it cannot correct. I tried to copy/paste, but could not. All ended in a .arl extension. Is it worthwhile for me to try to get the names of these files?
  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,024 posts

In case I am and you think that I should go ahead, I did format a 4GB USB drive as FAT and executed usb_prep8--the program does not detect my flash drive. I feel so dull...


No you are not dull it seems that one won't work with your machine. My apologies for not seeing that.

This is an outside chance but let's try this:

You will need the flash drive with Farbars Recovery Scan Tool on it to do this.

Please copy the contents of the code box below.

To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

Save it on the flashdrive as fixlist.txt

start
LastRegBack: 2013-07-22 23:26
end

This Registry file is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Please enter System Recovery Options, as we've done previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP