Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

No Boot After Malware Removal [Solved]

Started by oze , Jul 27 2013 09:57 PM

  • This topic is locked This topic is locked

#31
emeraldnzl
Posted 01 August 2013 - 09:57 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
That is good, it can take some time but may be able to fix some corruption. It's possible it will find the answer but if not, this is where I think we are.

Farbars Recovery Scan Tool tells us that your machine has some essential files missing. Ones that prevent you booting up normally. This is why we ran with the Startup Repair option at post #6.

Start up repair should replace your system files and allow a normal boot. For some reason you weren't able to boot up and scans following appear to show that the files are still not there.

Accordingly we have been using another approach to access your machine and attempt to replace the files either from good copies already on your computer or by using System File Checker.

We have been managing to access your machine using OTLPE. However we haven't had much success in finding all the missing files or in using System File Checker. Sometimes using Reatgo can be a bit problematic because for one reason or another the instructions don't always get to system drive properly. Also there was some malware on the machine that may have been getting in the way. In that last fix we attempted to remove the malware and this maybe why chkdsk has been prompted.

Let's see how chkdsk gets on and after that tell me what you think.

I am thinking that the best alternative if chkdsk doesn't work might be for you to use OTLPE to backup your personal documents and then carry out a full System Repair.

Edited by emeraldnzl, 01 August 2013 - 10:01 PM.
correction

  • 0

Advertisements

#32
emeraldnzl
Posted 01 August 2013 - 10:02 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Oh I see we have cross posted.

but I think there is a Windows hotfix for this issue. Is that worth a try, or have we already gone down a different path?


Yes, when I researched I saw that and it might be worth a shot. My reason for not going there is because our scans are reporting missing files which you need to boot up in any event. However it is strange that Startup Repair didn't fix that and maybe there is something else going on.
  • 0

#33
emeraldnzl
Posted 01 August 2013 - 10:36 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
It occurs to me that there is a possibility that there is a hard drive problem.

Here are some instructions to test that if you wish.

Go to Sea Tools for Dos tutorial for instructions.

Click on Seatools to download the tool.

Save the download to your desktop.

In Windows 7 right click the ISO file, select Open With, then select Windows Disc Image Burning Tool then follow the prompts.
For all other versions of windows (if you do not have an ISO burner) download this free software. ImgBurn Install the program and start the application. Select the top left hand option to Write image file to disc and then on the next window click on the small yellow folder icon and browse to the ISO file on your desktop. Then click on the two grey discs with the arrow in between (bottom left) and leave it to complete the operation.

You will need a blank recordable CD or a re-recordable CD. You cannot use this software on a USB flash drive.

When the CD has been burned boot the PC into the Bios setup and set the CD/DVD drive to 1st in the boot sequence Bios Boot Order Guide. Insert the disk in the drive then reboot and the disc will load into DOS. Click on Basic Tests and select the Long Test.

A full set of instructions can be found here: Seatools instructions

When the test completes it will show a Pass or Fail.
  • 0

#34
oze
Posted 02 August 2013 - 07:24 AM

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Thanks for the summary and further information. I did find a discussion which indicated that the logon error points to the missing file: %Systemroot%\System32\Logonui.exe.

Having said that, though, I did create the SeaTools disk and started the test, during which I stepped away from the computer. 20 minutes or so later, I heard a strange alarm sound from the office, and saw that the computer had frozen about 3% into the test, and was sounding the alarm. I'm going to try again.

Test completed without error after 5 hours of scanning. I downloaded the Hotfix that it supposed to address this problem, but cannot seem to execute it beyond extracting the .msu file. :blush:

Edited by oze, 02 August 2013 - 01:34 PM.

  • 0

#35
emeraldnzl
Posted 02 August 2013 - 03:03 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again oze,

Test completed without error after 5 hours of scanning.


Good that we can eliminate that then.

I did find a discussion which indicated that the logon error points to the missing file: %Systemroot%\System32\Logonui.exe.


The thing about those error messages (including the hotfix one) is that often there a multiple possible reasons for them. Any one can be the cause and a solution you find on the web might not be the answer. As far as the missing files are concerned they should have been fixed with the Startup Repair. Maybe that would be worth another try!

After that let's see another scan with FRST.
  • 0

#36
oze
Posted 02 August 2013 - 04:54 PM

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hello!

I agree with the uncountable possible causes for the odd effects that my computer is displaying, so let's stay the course.

Per your instructions, I ran Startup Repair (three times, for good measure); nothing was found.

I next ran FRST64 (per the original instructions in the Unbootable System Turorial, and attached the log here. Thanks again and fingers crossed!

=================================================================================================================================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2013 01 (ATTENTION: FRST version is 7 days old)
Ran by SYSTEM on 02-08-2013 22:48:37
Running from K:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\RunDLL32.exe [45568 2009-07-13] (Microsoft Corporation)
HKLM\...\Run: [RunDLLEntry_EptMon] - C:\Windows\system32\RunDLL32.exe [45568 2009-07-13] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/w...9b490a12c856971 [x]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
HKLM-x32\...\Winlogon: [Userinit] userinit.exe, [x]
HKLM-x32\...\Winlogon: [Shell] explorer.exe [x ] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [x]
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-11] (cyberlink)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LifeCam] - "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [x]
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2835443 2012-02-01] ()
HKLM-x32\...\Run: [Info Center] - C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [26264 2012-01-31] (PC Pitstop LLC)
HKLM-x32\...\Run: [PC MaticRT] - C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe [1105672 2013-01-02] (PC Pitstop LLC)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]
HKU\Administrator\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Administrator\...\Run: [StartUp This] - C:\Program Files (x86)\Laplink\PCmover\LaunchSt.exe [251256 2010-06-16] (Laplink Software, Inc.)
HKU\Administrator\...\Run: [Epson Stylus NX510(Network) (Copy 1)] - C:\Windows\SysWOW64\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE /FU "C:\WINDOWS\TEMP\E_S4F.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Administrator\...\Run: [Download Nitro] - C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe [3597520 2011-06-30] (PC Pitstop, LLC)
HKU\Administrator\...\Run: [EPSON NX510 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_SEFD9.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Administrator\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKU\Administrator\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [x]
HKU\Administrator\...\RunOnce: [avg_spchecker] - "C:\Program Files (x86)\AVG\AVG9\Notification\SPChecker1.exe" /start [x]
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [x]
HKU\Default\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files (x86)\Common Files\Ahead\Lib\NMFirstStart.exe [x]
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [x]
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files (x86)\Common Files\Ahead\Lib\NMFirstStart.exe [x]
HKU\Oze\...\Run: [Download Nitro] - C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe [3597520 2011-06-30] (PC Pitstop, LLC)
HKU\Oze\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation)
HKU\Oze\...\Run: [Dxtory Update Checker 2.0] - C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\Oze\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-12-19] (AMD)
Startup: C:\Users\Oze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Caller ID.lnk
ShortcutTarget: Caller ID.lnk -> C:\Program Files (x86)\Caller ID\Caller ID.exe ()
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - No File
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - No File
SSODL-x32: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - No File

==================== Services (Whitelisted) =================

S2 AudioSrv; C:\Windows\SysWow64\Audiosrv.dll [42496 2008-04-13] (Microsoft Corporation)
S2 BITS; C:\Windows\SysWow64\qmgr.dll [409088 2008-04-13] (Microsoft Corporation)
S3 CLKMSVC10_9EC60124; c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
S2 LanmanServer; C:\Windows\SysWow64\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)
S2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86216 2013-02-02] (PC Pitstop LLC)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-15] ()
S2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2012-12-15] ()
S3 RasAuto; C:\Windows\SysWow64\rasauto.dll [88576 2008-04-13] (Microsoft Corporation)
S3 RasMan; C:\Windows\SysWow64\rasmans.dll [186368 2008-04-13] (Microsoft Corporation)
S2 Schedule; C:\Windows\SysWow64\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation)
S3 TermService; C:\Windows\SysWow64\termsrv.dll [295424 2008-04-13] (Microsoft Corporation)
S2 wuauserv; C:\Windows\SysWow64\wuaueng.dll [1929952 2009-08-06] (Microsoft Corporation)
S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [x]
S3 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [x]
S2 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S3 ALG; %SystemRoot%\System32\alg.exe [x]
S2 AMD External Events Utility; %SystemRoot%\system32\atiesrxx.exe [x]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [x]
S3 clr_optimization_v2.0.50727_32; %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
S3 clr_optimization_v2.0.50727_64; %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [x]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [x]
S2 cvhsvc; "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [x]
S3 ehSched; %systemroot%\ehome\ehsched.exe [x]
S3 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [x]
S3 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [x]
S3 Fax; %systemroot%\system32\fxssvc.exe [x]
S2 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [x]
S2 GoToAssist; "C:\Program Files (x86)\Citrix\GoToAssist\822\g2aservice.exe" Start=service [x]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [x]
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [x]
S2 KPF4; "C:\Program Files (x86)\Sunbelt Software\Personal Firewall 4\kpf4ss.exe" [x]
S2 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [x]
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [x]
S3 MSDTC; %SystemRoot%\System32\msdtc.exe [x]
S2 msiserver; %systemroot%\system32\msiexec.exe /V [x]
S2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [x]
S2 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [x]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [x]
S2 PCPitstop Realtime; C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe [x]
S2 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [x]
S3 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [x]
S2 sftlist; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [x]
S3 sftvsa; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [x]
S3 SNMPTRAP; %SystemRoot%\System32\snmptrap.exe [x]
S2 sppsvc; %SystemRoot%\system32\sppsvc.exe [x]
S2 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService [x]
S2 UI0Detect; %SystemRoot%\system32\UI0Detect.exe [x]
S2 vds; %SystemRoot%\System32\vds.exe [x]
S2 VSS; %systemroot%\system32\vssvc.exe [x]
S2 WatAdminSvc; %SystemRoot%\system32\Wat\WatAdminSvc.exe [x]
S2 wbengine; "%systemroot%\system32\wbengine.exe" [x]
S2 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [x]
S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [x]
S2 wmiApSrv; %systemroot%\system32\wbem\WmiApSrv.exe [x]
S3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [x]
S3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [x]
S2 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security)
S1 mbmiodrvr; C:\Windows\syswow64\mbmiodrvr.sys [4608 2004-04-10] ([email protected])
S1 mbmiodrvr; C:\Windows\syswow64\mbmiodrvr.sys [4608 2004-04-10] ([email protected])
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [7408 2009-03-23] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 dfg; System32\DRIVERS\dfg.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 FTD2XX; System32\Drivers\FTD2XX.sys [x]
S1 fwdrv; \SystemRoot\system32\drivers\fwdrv.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]
S1 khips; \SystemRoot\system32\drivers\khips.sys [x]
S0 PxHelp20; System32\DRIVERS\PxHelp20.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-02 01:41 - 2013-08-02 01:41 - 00003288 ____N C:\bootsqm.dat
2013-08-02 01:39 - 2013-08-02 01:39 - 00000000 __SHD C:\found.000
2013-08-02 00:11 - 2011-07-12 21:55 - 02237440 ____R (OldTimer Tools) C:\OTLPE.exe
2013-08-01 21:26 - 2013-08-01 21:26 - 00000000 ____D C:\_OTL
2013-08-01 20:31 - 2013-08-01 23:23 - 00006520 _____ C:\OTL.Txt
2013-08-01 18:14 - 2013-08-01 18:14 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-08-01 03:00 - 2013-08-01 03:00 - 00000000 _____ C:\that
2013-07-27 23:19 - 2013-07-27 23:19 - 00000000 ____D C:\FRST
2013-07-26 13:11 - 2013-07-26 13:11 - 00000000 _____ C:\Windows\SysWOW64\SBRC.dat
2013-07-26 11:30 - 2013-07-26 11:30 - 00000030 _____ C:\Users\Oze\AppData\Roaming\mbam.context.scan
2013-07-26 09:16 - 2013-07-26 09:16 - 21840856 _____ (Mozilla) C:\Users\Oze\Downloads\Firefox_Setup [1].exe
2013-07-25 19:00 - 2013-07-25 19:00 - 00002036 _____ C:\Users\Oze\Desktop\PC Matic (2).lnk
2013-07-25 18:35 - 2012-10-24 12:39 - 00082872 _____ (GFI Software) C:\Windows\System32\Drivers\sbapifs.sys
2013-07-25 18:09 - 2013-07-25 18:09 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Oze\Downloads\pcmatic-setup-0002.exe
2013-07-25 16:58 - 2013-07-25 16:58 - 00000000 ____D C:\Users\Oze\AppData\Local\VS Revo Group
2013-07-25 16:58 - 2013-07-25 16:58 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-07-25 16:58 - 2013-07-25 16:58 - 00000000 ____D C:\Program Files\VS Revo Group
2013-07-25 16:58 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
2013-07-25 16:33 - 2013-07-26 12:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-25 16:33 - 2013-07-26 12:38 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-25 16:33 - 2013-07-25 16:33 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-25 16:33 - 2013-07-25 16:33 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-25 16:16 - 2013-07-26 13:01 - 00000003 _____ C:\Users\Oze\AppData\Local\dafccegc28.nls
2013-07-23 04:17 - 2013-07-26 13:26 - 00000003 _____ C:\ProgramData\dafccegc28.nls
2013-07-22 20:32 - 2013-07-22 20:33 - 00000000 ____D C:\Users\Oze\AppData\Local\Smartbar
2013-07-22 20:32 - 2013-07-22 20:32 - 00000000 ____D C:\Users\Oze\Documents\My Cheat Tables
2013-07-22 20:32 - 2013-07-22 20:32 - 00000000 ____D C:\Users\Oze\AppData\Roaming\OpenCandy
2013-07-22 20:32 - 2013-07-22 20:32 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3
2013-07-22 19:56 - 2013-07-26 13:05 - 00512221 _____ C:\Users\Oze\AppData\Local\dfl28z32.dll
2013-07-20 13:58 - 2013-07-20 13:58 - 00123323 _____ C:\Users\Oze\Desktop\Zune_chat..xps
2013-07-20 09:06 - 2013-07-20 09:06 - 00000889 _____ C:\Users\Public\Desktop\Zune.lnk
2013-07-20 09:06 - 2013-07-20 09:06 - 00000889 _____ C:\ProgramData\Desktop\Zune.lnk
2013-07-17 19:28 - 2013-07-17 19:28 - 00227070 _____ C:\Users\Oze\Downloads\League of Legends Modifier 1.00 IP plus RP Adder.rar
2013-07-16 15:05 - 2013-07-16 15:07 - 00000000 ____D C:\Users\Oze\AppData\Roaming\.technic
2013-07-11 14:52 - 2013-07-25 19:01 - 00002119 _____ C:\Users\Oze\Desktop\vba.ini
2013-07-11 02:05 - 2013-06-11 18:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 02:05 - 2013-06-11 18:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 02:05 - 2013-06-11 18:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 02:05 - 2013-06-11 18:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 02:05 - 2013-06-11 18:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 02:05 - 2013-06-11 18:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 02:05 - 2013-06-11 18:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 02:05 - 2013-06-11 18:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 02:05 - 2013-06-11 18:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 02:05 - 2013-06-11 18:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-11 02:05 - 2013-06-06 22:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-11 02:05 - 2013-06-06 21:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 02:04 - 2013-06-11 18:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 02:04 - 2013-06-11 18:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 02:04 - 2013-06-11 18:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 02:04 - 2013-06-11 18:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 02:04 - 2013-06-11 18:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-11 02:04 - 2013-06-11 18:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 02:04 - 2013-06-11 18:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-11 02:04 - 2013-06-11 18:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-11 01:07 - 2013-06-04 22:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-11 01:07 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-11 01:07 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 01:07 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 01:07 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 01:07 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 01:07 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-08 22:07 - 2013-07-08 22:07 - 00108968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-08 22:07 - 2013-07-08 22:07 - 00000000 ____D C:\Program Files\Java
2013-07-07 18:54 - 2013-07-07 18:54 - 00587906 _____ C:\Users\Oze\Desktop\azh_dell.xps
2013-07-07 17:37 - 2013-07-26 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-07 16:43 - 2013-07-26 18:10 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

==================== One Month Modified Files and Folders =======

2013-08-02 20:45 - 2013-03-29 12:36 - 00005999 _____ C:\Windows\setupact.log
2013-08-02 20:45 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-02 02:01 - 2011-09-14 16:12 - 01698879 _____ C:\Windows\WindowsUpdate.log
2013-08-02 01:43 - 2012-10-16 13:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-02 01:42 - 2012-03-07 00:08 - 00000000 ____D C:\ProgramData\PCPitstop
2013-08-02 01:41 - 2013-08-02 01:41 - 00003288 ____N C:\bootsqm.dat
2013-08-02 01:39 - 2013-08-02 01:39 - 00000000 __SHD C:\found.000
2013-08-02 00:08 - 2012-03-26 15:45 - 00000000 ____D C:\Program Files (x86)\Vgrabber
2013-08-01 23:23 - 2013-08-01 20:31 - 00006520 _____ C:\OTL.Txt
2013-08-01 21:26 - 2013-08-01 21:26 - 00000000 ____D C:\_OTL
2013-08-01 20:24 - 2011-09-17 14:18 - 00000000 ____D C:\users\Administrator
2013-08-01 20:24 - 2011-09-17 13:01 - 00000000 ____D C:\users\Oze
2013-08-01 18:28 - 2011-12-23 18:41 - 00098232 _____ C:\Windows\PFRO.log
2013-08-01 18:14 - 2013-08-01 18:14 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-08-01 03:04 - 2011-02-10 09:01 - 00000000 ____D C:\dell
2013-08-01 03:00 - 2013-08-01 03:00 - 00000000 _____ C:\that
2013-07-27 23:19 - 2013-07-27 23:19 - 00000000 ____D C:\FRST
2013-07-26 18:23 - 2011-09-18 00:05 - 00000000 ____D C:\I386
2013-07-26 18:22 - 2013-05-22 10:04 - 00000000 ____D C:\Program Files\My Dell
2013-07-26 18:22 - 2012-11-11 09:07 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-26 18:22 - 2012-11-08 13:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-26 18:22 - 2012-03-24 21:23 - 00000000 ____D C:\GameCQ
2013-07-26 18:22 - 2012-01-04 14:31 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2013-07-26 18:22 - 2011-10-31 20:29 - 00000000 ____D C:\Program Files\CCleaner
2013-07-26 18:22 - 2011-09-27 22:27 - 00000000 ____D C:\Program Files\Zune
2013-07-26 18:22 - 2011-09-18 06:33 - 00000000 ____D C:\Users\Oze\Desktop\Malware
2013-07-26 18:22 - 2011-09-18 06:32 - 00000000 ___RD C:\Users\Oze\Desktop\TOOLS
2013-07-26 18:22 - 2011-09-18 06:14 - 00000000 ___RD C:\Users\Oze\Desktop\Games
2013-07-26 18:22 - 2011-09-17 19:01 - 00000000 ____D C:\Drive_F
2013-07-26 18:22 - 2011-09-14 16:40 - 00000000 ____D C:\Program Files\Dell Support Center
2013-07-26 18:22 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-26 18:22 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-26 18:22 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-26 18:22 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-26 18:22 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-07-26 18:21 - 2011-09-17 23:57 - 00000000 ____D C:\DOSBox-0.73
2013-07-26 18:21 - 2011-09-17 18:47 - 00000000 ___HD C:\Windows\ie8
2013-07-26 18:21 - 2011-09-17 18:46 - 00000000 ___HD C:\Windows\ie7
2013-07-26 18:21 - 2011-09-17 18:40 - 00000000 ____D C:\Windows\I386
2013-07-26 18:18 - 2011-09-17 18:49 - 00000000 ____D C:\Windows\V58
2013-07-26 18:18 - 2011-09-17 18:49 - 00000000 ____D C:\Windows\network diagnostic
2013-07-26 18:18 - 2011-09-17 18:48 - 00000000 ____D C:\Windows\msagent
2013-07-26 18:18 - 2011-09-17 18:14 - 00000000 ____D C:\Windows\SysWOW64\npp
2013-07-26 18:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-07-26 18:17 - 2011-09-17 18:19 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-07-26 18:17 - 2011-09-17 18:13 - 00000000 ____D C:\Windows\SysWOW64\hpintro
2013-07-26 18:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2013-07-26 18:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-07-26 18:14 - 2011-09-17 18:09 - 00000000 ____D C:\Windows\SysWOW64\Aod
2013-07-26 18:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-07-26 18:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\oobe
2013-07-26 18:13 - 2013-04-22 22:10 - 00000000 ____D C:\Program Files (x86)\program
2013-07-26 18:13 - 2013-01-12 21:02 - 00000000 ____D C:\Program Files (x86)\War Inc Battlezone
2013-07-26 18:13 - 2012-08-18 18:13 - 00000000 ____D C:\Python27
2013-07-26 18:13 - 2011-11-22 13:03 - 00000000 ____D C:\SBS
2013-07-26 18:13 - 2011-09-18 00:43 - 00000000 ____D C:\Rooter$
2013-07-26 18:13 - 2011-09-17 18:36 - 00000000 ____D C:\Windows\Corel
2013-07-26 18:13 - 2011-09-17 17:53 - 00000000 ____D C:\Program Files (x86)\V CAST Media Manager
2013-07-26 18:13 - 2011-09-17 17:35 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-26 18:13 - 2011-09-17 17:34 - 00000000 ____D C:\Program Files (x86)\Quicken WillMaker Plus 2006
2013-07-26 18:13 - 2011-09-17 17:34 - 00000000 ____D C:\Program Files (x86)\PMP DV
2013-07-26 18:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-07-26 18:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Dism
2013-07-26 18:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\com
2013-07-26 18:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system
2013-07-26 18:12 - 2013-02-22 11:54 - 00000000 ____D C:\Program Files (x86)\wot test
2013-07-26 18:12 - 2011-12-25 12:16 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-26 18:12 - 2011-09-17 17:51 - 00000000 ____D C:\Program Files (x86)\SUPERAntiSpyware
2013-07-26 18:12 - 2011-09-14 16:46 - 00000000 ____D C:\Program Files (x86)\Zinio Reader 4
2013-07-26 18:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-07-26 18:11 - 2013-06-04 16:03 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2013-07-26 18:11 - 2011-09-17 17:55 - 00000000 ____D C:\Program Files (x86)\Windows Media Connect 2
2013-07-26 18:11 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-26 18:10 - 2013-07-07 17:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-26 18:10 - 2013-07-07 16:43 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-26 18:10 - 2013-04-20 13:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-26 18:10 - 2012-08-21 07:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-26 18:10 - 2012-04-02 16:23 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-07-26 18:10 - 2011-09-17 17:55 - 00000000 ____D C:\Program Files (x86)\Windows Live Safety Center
2013-07-26 18:10 - 2011-09-17 17:55 - 00000000 ____D C:\Program Files (x86)\Windows Installer Clean Up
2013-07-26 18:10 - 2011-09-17 17:28 - 00000000 ____D C:\Program Files (x86)\OverDrive Media Console
2013-07-26 18:10 - 2011-09-17 17:23 - 00000000 ____D C:\Program Files (x86)\OpenDNS Updater
2013-07-26 18:10 - 2011-09-17 17:12 - 00000000 ____D C:\Program Files (x86)\Nikon Firmware
2013-07-26 18:10 - 2011-09-17 17:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12
2013-07-26 18:10 - 2011-09-17 17:09 - 00000000 ____D C:\Program Files (x86)\Movie Maker
2013-07-26 18:10 - 2011-09-17 17:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-26 18:09 - 2012-11-08 13:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-26 18:08 - 2012-08-28 14:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-07-26 18:08 - 2012-01-04 14:31 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2013-07-26 18:08 - 2011-09-17 17:52 - 00000000 ____D C:\Program Files (x86)\TrueSwitchEsaya
2013-07-26 18:08 - 2011-09-17 17:09 - 00000000 ____D C:\Program Files (x86)\Microsoft IntelliPoint 5.5
2013-07-26 18:08 - 2011-09-17 17:09 - 00000000 ____D C:\Program Files (x86)\Microsoft IntelliPoint
2013-07-26 18:08 - 2011-09-17 17:09 - 00000000 ____D C:\Program Files (x86)\Messenger
2013-07-26 18:08 - 2011-09-17 15:30 - 00000000 ____D C:\Program Files (x86)\CrossLoop
2013-07-26 18:08 - 2011-09-17 15:16 - 00000000 ____D C:\Program Files (x86)\Audible
2013-07-26 18:08 - 2011-09-14 16:28 - 00000000 ____D C:\Program Files (x86)\Cozi Express
2013-07-26 18:08 - 2011-09-14 16:26 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-07-26 18:06 - 2011-10-29 18:23 - 00000000 ____D C:\Program Files (x86)\Bandicam
2013-07-26 18:06 - 2011-09-17 16:02 - 00000000 ____D C:\Program Files (x86)\Finale NotePad 2003a
2013-07-26 18:06 - 2011-09-17 15:16 - 00000000 ____D C:\Program Files (x86)\Audacity
2013-07-26 18:06 - 2011-09-17 14:57 - 00000000 ____D C:\Program Files (x86)\AIM95
2013-07-26 13:26 - 2013-07-23 04:17 - 00000003 _____ C:\ProgramData\dafccegc28.nls
2013-07-26 13:26 - 2012-09-14 05:44 - 00000000 ____D C:\Users\Oze\AppData\Roaming\Free Download Manager
2013-07-26 13:26 - 2012-03-06 10:09 - 00000000 ____D C:\ProgramData\PCPitstopDat
2013-07-26 13:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-07-26 13:11 - 2013-07-26 13:11 - 00000000 _____ C:\Windows\SysWOW64\SBRC.dat
2013-07-26 13:05 - 2013-07-22 19:56 - 00512221 _____ C:\Users\Oze\AppData\Local\dfl28z32.dll
2013-07-26 13:01 - 2013-07-25 16:16 - 00000003 _____ C:\Users\Oze\AppData\Local\dafccegc28.nls
2013-07-26 12:53 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-26 12:53 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-26 12:51 - 2009-07-14 00:13 - 00779788 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-26 12:46 - 2012-03-19 17:42 - 00000000 ____D C:\Users\Oze\AppData\Local\LogMeIn Hamachi
2013-07-26 12:46 - 2011-09-14 16:44 - 00000000 ____D C:\ProgramData\Sonic
2013-07-26 12:45 - 2013-07-25 16:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-26 12:45 - 2011-09-14 16:52 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-07-26 12:45 - 2011-09-14 16:52 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-07-26 12:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-07-26 12:38 - 2013-07-25 16:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-26 12:32 - 2013-01-26 14:31 - 00000000 ___RD C:\Users\Oze\Desktop\azhie
2013-07-26 11:36 - 2011-09-18 06:15 - 00000000 ____D C:\Users\Oze\Desktop\Kids
2013-07-26 11:30 - 2013-07-26 11:30 - 00000030 _____ C:\Users\Oze\AppData\Roaming\mbam.context.scan
2013-07-26 09:16 - 2013-07-26 09:16 - 21840856 _____ (Mozilla) C:\Users\Oze\Downloads\Firefox_Setup [1].exe
2013-07-26 06:09 - 2011-10-23 19:26 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6C79EAD0-30A9-4F51-AF18-53C5A208D247}
2013-07-25 19:01 - 2013-07-11 14:52 - 00002119 _____ C:\Users\Oze\Desktop\vba.ini
2013-07-25 19:00 - 2013-07-25 19:00 - 00002036 _____ C:\Users\Oze\Desktop\PC Matic (2).lnk
2013-07-25 18:55 - 2013-06-22 22:53 - 00000000 ____D C:\Users\Oze\AppData\Roaming\.minecraft
2013-07-25 18:55 - 2011-09-17 18:27 - 00000000 ____D C:\ProgramData\NoteBurner
2013-07-25 18:09 - 2013-07-25 18:09 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Oze\Downloads\pcmatic-setup-0002.exe
2013-07-25 17:08 - 2011-09-17 17:51 - 00000000 ____D C:\Program Files (x86)\Sunbelt Software
2013-07-25 16:58 - 2013-07-25 16:58 - 00000000 ____D C:\Users\Oze\AppData\Local\VS Revo Group
2013-07-25 16:58 - 2013-07-25 16:58 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-07-25 16:58 - 2013-07-25 16:58 - 00000000 ____D C:\Program Files\VS Revo Group
2013-07-25 16:33 - 2013-07-25 16:33 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-25 16:33 - 2013-07-25 16:33 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-25 16:29 - 2011-10-14 13:08 - 00000000 ____D C:\Users\Oze\AppData\Roaming\Skype
2013-07-25 16:29 - 2011-09-17 17:55 - 00000000 ____D C:\Program Files (x86)\WinZip
2013-07-25 16:29 - 2011-09-17 17:33 - 00000000 ____D C:\Program Files (x86)\PCPitstop
2013-07-25 16:29 - 2011-09-14 16:24 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-07-24 15:01 - 2013-05-22 10:04 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-07-22 22:11 - 2012-10-16 13:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-22 22:11 - 2011-09-14 16:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-22 22:10 - 2010-11-20 22:24 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2013-07-22 22:10 - 2009-07-13 19:13 - 01397248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Utilman.exe
2013-07-22 22:10 - 2009-07-13 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
2013-07-22 22:10 - 2009-07-13 18:41 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2013-07-22 22:10 - 2009-07-13 18:37 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\net.exe
2013-07-22 22:10 - 2009-07-13 18:19 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
2013-07-22 22:09 - 2012-07-11 16:38 - 02684416 _____ (Sysinternals - www.sysinternals.com) C:\Users\Oze\Desktop\ CPAP SD Card (1).exe
2013-07-22 22:09 - 2010-02-09 09:49 - 17231872 _____ (Microsoft Corporation) C:\Users\Oze\Desktop\LMSetup.exe
2013-07-22 21:13 - 2012-01-28 20:26 - 00000000 ____D C:\Users\Oze\AppData\Local\PMB Files
2013-07-22 21:13 - 2012-01-28 20:26 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-22 20:33 - 2013-07-22 20:32 - 00000000 ____D C:\Users\Oze\AppData\Local\Smartbar
2013-07-22 20:32 - 2013-07-22 20:32 - 00000000 ____D C:\Users\Oze\Documents\My Cheat Tables
2013-07-22 20:32 - 2013-07-22 20:32 - 00000000 ____D C:\Users\Oze\AppData\Roaming\OpenCandy
2013-07-22 20:32 - 2013-07-22 20:32 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3
2013-07-22 19:43 - 2012-08-14 14:21 - 00000000 ____D C:\Program Files (x86)\Caller ID
2013-07-22 19:43 - 2011-09-17 15:17 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-22 15:04 - 2011-09-17 15:00 - 00000000 ____D C:\ProgramData\PCDr
2013-07-20 13:58 - 2013-07-20 13:58 - 00123323 _____ C:\Users\Oze\Desktop\Zune_chat..xps
2013-07-20 09:06 - 2013-07-20 09:06 - 00000889 _____ C:\Users\Public\Desktop\Zune.lnk
2013-07-20 09:06 - 2013-07-20 09:06 - 00000889 _____ C:\ProgramData\Desktop\Zune.lnk
2013-07-19 19:00 - 2013-03-07 17:05 - 00585216 ___SH C:\Users\Oze\Downloads\Thumbs.db
2013-07-17 19:28 - 2013-07-17 19:28 - 00227070 _____ C:\Users\Oze\Downloads\League of Legends Modifier 1.00 IP plus RP Adder.rar
2013-07-17 19:23 - 2013-01-25 06:41 - 00000000 ____D C:\ProgramData\VisualBee
2013-07-17 19:22 - 2013-01-25 06:41 - 00000000 ____D C:\Users\Oze\AppData\Local\VisualBeeExe
2013-07-17 01:29 - 2012-01-10 11:52 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-07-16 15:07 - 2013-07-16 15:05 - 00000000 ____D C:\Users\Oze\AppData\Roaming\.technic
2013-07-16 15:04 - 2012-08-05 15:19 - 00000000 ____D C:\Users\Oze\AppData\Roaming\.techniclauncher
2013-07-11 08:16 - 2008-06-02 17:45 - 00253952 ___SH C:\Users\Oze\Desktop\Thumbs.db
2013-07-11 02:27 - 2009-07-13 23:45 - 00534760 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-11 02:25 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-08 22:07 - 2013-07-08 22:07 - 00108968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-08 22:07 - 2013-07-08 22:07 - 00000000 ____D C:\Program Files\Java
2013-07-08 22:07 - 2012-11-02 10:23 - 01093032 _____ (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-07-08 22:07 - 2011-09-14 16:21 - 00972712 _____ (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-07-07 19:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-07 18:54 - 2013-07-07 18:54 - 00587906 _____ C:\Users\Oze\Desktop\azh_dell.xps
2013-07-07 16:47 - 2011-09-18 01:04 - 00000000 ____D C:\Users\Oze\AppData\Roaming\wsInspector

Files to move or delete:
====================
C:\Users\Oze\GoToAssistDownloadHelper.exe
C:\ProgramData\hash.dat
C:\ProgramData\winiml.dat

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe
[2009-07-13 18:19] - [2013-07-22 22:10] - 0020992 ____A (Microsoft Corporation) 1630B7CCFA1307C1E8A314E4BD20E8ED

C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-07-24 23:00:06
Restore point made on: 2013-07-25 16:26:55
Restore point made on: 2013-07-25 16:33:50
Restore point made on: 2013-07-25 16:48:15
Restore point made on: 2013-07-25 16:55:06
Restore point made on: 2013-07-25 17:01:29
Restore point made on: 2013-07-25 17:01:57

==================== Memory info ===========================

Percentage of memory in use: 8%
Total physical RAM: 12278.93 MB
Available physical RAM: 11267.08 MB
Total Pagefile: 12277.13 MB
Available Pagefile: 11262.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1849.73 GB) (Free:1443.68 GB) NTFS (Disk=0 Partition=3)
Drive e: (RECOVERY) (Fixed) (Total:13.25 GB) (Free:5.34 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive f: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:75.68 GB) NTFS (Disk=5 Partition=1)
Drive k: () (Removable) (Total:0.99 GB) (Free:0.99 GB) FAT (Disk=6 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: CB59CF0B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-212892385280) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 466 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 1019 MB) (Disk ID: 3C813E58)
Partition 1: (Active) - (Size=1012 MB) - (Type=06)


LastRegBack: 2013-08-02 02:04

==================== End Of Log ============================

Edited by oze, 02 August 2013 - 04:55 PM.

  • 0

#37
emeraldnzl
Posted 02 August 2013 - 05:18 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello oze,

This doesn't get them all but let's see what happens.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe C:\Windows\SysWOW64\wininit.exe
Replace: C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe C:\Windows\SysWOW64\explorer.exe


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • 0

#38
oze
Posted 02 August 2013 - 06:08 PM

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Well, this is odd. Attached is the Fixlog. However, I did a quick look at the C:\Windows\SysWOW64 directory, and did, at least, see wininit.exe there.



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2013 01
Ran by SYSTEM at 2013-08-02 23:59:34 Run:3
Running from K:\
Boot Mode: Recovery
==============================================

Could not find C:\Windows\SysWOW64\wininit.exe.
C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe copied successfully to C:\Windows\SysWOW64\wininit.exe
Could not find C:\Windows\SysWOW64\explorer.exe.
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe copied successfully to C:\Windows\SysWOW64\explorer.exe

==== End of Fixlog ====
  • 0

#39
emeraldnzl
Posted 02 August 2013 - 06:13 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Did you try to boot up?

Also please run another scan with FRST and post back here. :)
  • 0

#40
oze
Posted 02 August 2013 - 06:42 PM

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
No joy on the normal boot, nor Safe Mode with Command Prompt (same logon error). :killcomp: Here's the FRST log:

================================================================================================================================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2013 01 (ATTENTION: FRST version is 8 days old)
Ran by SYSTEM on 03-08-2013 00:39:50
Running from K:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\RunDLL32.exe [45568 2009-07-13] (Microsoft Corporation)
HKLM\...\Run: [RunDLLEntry_EptMon] - C:\Windows\system32\RunDLL32.exe [45568 2009-07-13] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/w...9b490a12c856971 [x]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
HKLM-x32\...\Winlogon: [Userinit] userinit.exe, [x]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [x]
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-11] (cyberlink)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LifeCam] - "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [x]
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2835443 2012-02-01] ()
HKLM-x32\...\Run: [Info Center] - C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [26264 2012-01-31] (PC Pitstop LLC)
HKLM-x32\...\Run: [PC MaticRT] - C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe [1105672 2013-01-02] (PC Pitstop LLC)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]
HKU\Administrator\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Administrator\...\Run: [StartUp This] - C:\Program Files (x86)\Laplink\PCmover\LaunchSt.exe [251256 2010-06-16] (Laplink Software, Inc.)
HKU\Administrator\...\Run: [Epson Stylus NX510(Network) (Copy 1)] - C:\Windows\SysWOW64\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE /FU "C:\WINDOWS\TEMP\E_S4F.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Administrator\...\Run: [Download Nitro] - C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe [3597520 2011-06-30] (PC Pitstop, LLC)
HKU\Administrator\...\Run: [EPSON NX510 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_SEFD9.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Administrator\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKU\Administrator\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [x]
HKU\Administrator\...\RunOnce: [avg_spchecker] - "C:\Program Files (x86)\AVG\AVG9\Notification\SPChecker1.exe" /start [x]
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [x]
HKU\Default\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files (x86)\Common Files\Ahead\Lib\NMFirstStart.exe [x]
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [x]
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files (x86)\Common Files\Ahead\Lib\NMFirstStart.exe [x]
HKU\Oze\...\Run: [Download Nitro] - C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe [3597520 2011-06-30] (PC Pitstop, LLC)
HKU\Oze\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation)
HKU\Oze\...\Run: [Dxtory Update Checker 2.0] - C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\Oze\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-12-19] (AMD)
Startup: C:\Users\Oze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Caller ID.lnk
ShortcutTarget: Caller ID.lnk -> C:\Program Files (x86)\Caller ID\Caller ID.exe ()
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - No File
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - No File
SSODL-x32: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - No File

==================== Services (Whitelisted) =================

S2 AudioSrv; C:\Windows\SysWow64\Audiosrv.dll [42496 2008-04-13] (Microsoft Corporation)
S2 BITS; C:\Windows\SysWow64\qmgr.dll [409088 2008-04-13] (Microsoft Corporation)
S3 CLKMSVC10_9EC60124; c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
S2 LanmanServer; C:\Windows\SysWow64\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)
S2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86216 2013-02-02] (PC Pitstop LLC)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-15] ()
S2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2012-12-15] ()
S3 RasAuto; C:\Windows\SysWow64\rasauto.dll [88576 2008-04-13] (Microsoft Corporation)
S3 RasMan; C:\Windows\SysWow64\rasmans.dll [186368 2008-04-13] (Microsoft Corporation)
S2 Schedule; C:\Windows\SysWow64\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation)
S3 TermService; C:\Windows\SysWow64\termsrv.dll [295424 2008-04-13] (Microsoft Corporation)
S2 wuauserv; C:\Windows\SysWow64\wuaueng.dll [1929952 2009-08-06] (Microsoft Corporation)
S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [x]
S3 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [x]
S2 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S3 ALG; %SystemRoot%\System32\alg.exe [x]
S2 AMD External Events Utility; %SystemRoot%\system32\atiesrxx.exe [x]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [x]
S3 clr_optimization_v2.0.50727_32; %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
S3 clr_optimization_v2.0.50727_64; %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [x]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [x]
S2 cvhsvc; "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [x]
S3 ehSched; %systemroot%\ehome\ehsched.exe [x]
S3 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [x]
S3 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [x]
S3 Fax; %systemroot%\system32\fxssvc.exe [x]
S2 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [x]
S2 GoToAssist; "C:\Program Files (x86)\Citrix\GoToAssist\822\g2aservice.exe" Start=service [x]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [x]
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [x]
S2 KPF4; "C:\Program Files (x86)\Sunbelt Software\Personal Firewall 4\kpf4ss.exe" [x]
S2 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [x]
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [x]
S3 MSDTC; %SystemRoot%\System32\msdtc.exe [x]
S2 msiserver; %systemroot%\system32\msiexec.exe /V [x]
S2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [x]
S2 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [x]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [x]
S2 PCPitstop Realtime; C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe [x]
S2 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [x]
S3 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [x]
S2 sftlist; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [x]
S3 sftvsa; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [x]
S3 SNMPTRAP; %SystemRoot%\System32\snmptrap.exe [x]
S2 sppsvc; %SystemRoot%\system32\sppsvc.exe [x]
S2 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService [x]
S2 UI0Detect; %SystemRoot%\system32\UI0Detect.exe [x]
S2 vds; %SystemRoot%\System32\vds.exe [x]
S2 VSS; %systemroot%\system32\vssvc.exe [x]
S2 WatAdminSvc; %SystemRoot%\system32\Wat\WatAdminSvc.exe [x]
S2 wbengine; "%systemroot%\system32\wbengine.exe" [x]
S2 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [x]
S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [x]
S2 wmiApSrv; %systemroot%\system32\wbem\WmiApSrv.exe [x]
S3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [x]
S3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [x]
S2 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security)
S1 mbmiodrvr; C:\Windows\syswow64\mbmiodrvr.sys [4608 2004-04-10] ([email protected])
S1 mbmiodrvr; C:\Windows\syswow64\mbmiodrvr.sys [4608 2004-04-10] ([email protected])
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [7408 2009-03-23] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 dfg; System32\DRIVERS\dfg.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 FTD2XX; System32\Drivers\FTD2XX.sys [x]
S1 fwdrv; \SystemRoot\system32\drivers\fwdrv.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]
S1 khips; \SystemRoot\system32\drivers\khips.sys [x]
S0 PxHelp20; System32\DRIVERS\PxHelp20.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-02 23:59 - 2011-09-14 18:04 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-08-02 23:59 - 2009-07-13 20:39 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininit.exe
2013-08-02 01:41 - 2013-08-02 01:41 - 00003288 ____N C:\bootsqm.dat
2013-08-02 01:39 - 2013-08-02 01:39 - 00000000 __SHD C:\found.000
2013-08-02 00:11 - 2011-07-12 21:55 - 02237440 ____R (OldTimer Tools) C:\OTLPE.exe
2013-08-01 21:26 - 2013-08-01 21:26 - 00000000 ____D C:\_OTL
2013-08-01 20:31 - 2013-08-01 23:23 - 00006520 _____ C:\OTL.Txt
2013-08-01 18:14 - 2013-08-01 18:14 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-08-01 03:00 - 2013-08-01 03:00 - 00000000 _____ C:\that
2013-07-27 23:19 - 2013-07-27 23:19 - 00000000 ____D C:\FRST
2013-07-26 13:11 - 2013-07-26 13:11 - 00000000 _____ C:\Windows\SysWOW64\SBRC.dat
2013-07-26 11:30 - 2013-07-26 11:30 - 00000030 _____ C:\Users\Oze\AppData\Roaming\mbam.context.scan
2013-07-26 09:16 - 2013-07-26 09:16 - 21840856 _____ (Mozilla) C:\Users\Oze\Downloads\Firefox_Setup [1].exe
2013-07-25 19:00 - 2013-07-25 19:00 - 00002036 _____ C:\Users\Oze\Desktop\PC Matic (2).lnk
2013-07-25 18:35 - 2012-10-24 12:39 - 00082872 _____ (GFI Software) C:\Windows\System32\Drivers\sbapifs.sys
2013-07-25 18:09 - 2013-07-25 18:09 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Oze\Downloads\pcmatic-setup-0002.exe
2013-07-25 16:58 - 2013-07-25 16:58 - 00000000 ____D C:\Users\Oze\AppData\Local\VS Revo Group
2013-07-25 16:58 - 2013-07-25 16:58 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-07-25 16:58 - 2013-07-25 16:58 - 00000000 ____D C:\Program Files\VS Revo Group
2013-07-25 16:58 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
2013-07-25 16:33 - 2013-07-26 12:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-25 16:33 - 2013-07-26 12:38 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-25 16:33 - 2013-07-25 16:33 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-25 16:33 - 2013-07-25 16:33 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-25 16:16 - 2013-07-26 13:01 - 00000003 _____ C:\Users\Oze\AppData\Local\dafccegc28.nls
2013-07-23 04:17 - 2013-07-26 13:26 - 00000003 _____ C:\ProgramData\dafccegc28.nls
2013-07-22 20:32 - 2013-07-22 20:33 - 00000000 ____D C:\Users\Oze\AppData\Local\Smartbar
2013-07-22 20:32 - 2013-07-22 20:32 - 00000000 ____D C:\Users\Oze\Documents\My Cheat Tables
2013-07-22 20:32 - 2013-07-22 20:32 - 00000000 ____D C:\Users\Oze\AppData\Roaming\OpenCandy
2013-07-22 20:32 - 2013-07-22 20:32 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3
2013-07-22 19:56 - 2013-07-26 13:05 - 00512221 _____ C:\Users\Oze\AppData\Local\dfl28z32.dll
2013-07-20 13:58 - 2013-07-20 13:58 - 00123323 _____ C:\Users\Oze\Desktop\Zune_chat..xps
2013-07-20 09:06 - 2013-07-20 09:06 - 00000889 _____ C:\Users\Public\Desktop\Zune.lnk
2013-07-20 09:06 - 2013-07-20 09:06 - 00000889 _____ C:\ProgramData\Desktop\Zune.lnk
2013-07-17 19:28 - 2013-07-17 19:28 - 00227070 _____ C:\Users\Oze\Downloads\League of Legends Modifier 1.00 IP plus RP Adder.rar
2013-07-16 15:05 - 2013-07-16 15:07 - 00000000 ____D C:\Users\Oze\AppData\Roaming\.technic
2013-07-11 14:52 - 2013-07-25 19:01 - 00002119 _____ C:\Users\Oze\Desktop\vba.ini
2013-07-11 02:05 - 2013-06-11 18:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 02:05 - 2013-06-11 18:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 02:05 - 2013-06-11 18:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 02:05 - 2013-06-11 18:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 02:05 - 2013-06-11 18:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 02:05 - 2013-06-11 18:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 02:05 - 2013-06-11 18:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 02:05 - 2013-06-11 18:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 02:05 - 2013-06-11 18:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 02:05 - 2013-06-11 18:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-11 02:05 - 2013-06-11 18:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-11 02:05 - 2013-06-06 22:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-11 02:05 - 2013-06-06 21:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 02:04 - 2013-06-11 18:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 02:04 - 2013-06-11 18:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 02:04 - 2013-06-11 18:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 02:04 - 2013-06-11 18:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 02:04 - 2013-06-11 18:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-11 02:04 - 2013-06-11 18:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 02:04 - 2013-06-11 18:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-11 02:04 - 2013-06-11 18:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-11 01:07 - 2013-06-04 22:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-11 01:07 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-11 01:07 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 01:07 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 01:07 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 01:07 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 01:07 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-08 22:07 - 2013-07-08 22:07 - 00108968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-08 22:07 - 2013-07-08 22:07 - 00000000 ____D C:\Program Files\Java
2013-07-07 18:54 - 2013-07-07 18:54 - 00587906 _____ C:\Users\Oze\Desktop\azh_dell.xps
2013-07-07 17:37 - 2013-07-26 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-07 16:43 - 2013-07-26 18:10 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

==================== One Month Modified Files and Folders =======

2013-08-02 23:32 - 2013-03-29 12:36 - 00006055 _____ C:\Windows\setupact.log
2013-08-02 23:32 - 2012-03-07 00:08 - 00000000 ____D C:\ProgramData\PCPitstop
2013-08-02 23:32 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-02 02:01 - 2011-09-14 16:12 - 01698879 _____ C:\Windows\WindowsUpdate.log
2013-08-02 01:43 - 2012-10-16 13:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-02 01:41 - 2013-08-02 01:41 - 00003288 ____N C:\bootsqm.dat
2013-08-02 01:39 - 2013-08-02 01:39 - 00000000 __SHD C:\found.000
2013-08-02 00:08 - 2012-03-26 15:45 - 00000000 ____D C:\Program Files (x86)\Vgrabber
2013-08-01 23:23 - 2013-08-01 20:31 - 00006520 _____ C:\OTL.Txt
2013-08-01 21:26 - 2013-08-01 21:26 - 00000000 ____D C:\_OTL
2013-08-01 20:24 - 2011-09-17 14:18 - 00000000 ____D C:\users\Administrator
2013-08-01 20:24 - 2011-09-17 13:01 - 00000000 ____D C:\users\Oze
2013-08-01 18:28 - 2011-12-23 18:41 - 00098232 _____ C:\Windows\PFRO.log
2013-08-01 18:14 - 2013-08-01 18:14 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-08-01 03:04 - 2011-02-10 09:01 - 00000000 ____D C:\dell
2013-08-01 03:00 - 2013-08-01 03:00 - 00000000 _____ C:\that
2013-07-27 23:19 - 2013-07-27 23:19 - 00000000 ____D C:\FRST
2013-07-26 18:23 - 2011-09-18 00:05 - 00000000 ____D C:\I386
2013-07-26 18:22 - 2013-05-22 10:04 - 00000000 ____D C:\Program Files\My Dell
2013-07-26 18:22 - 2012-11-11 09:07 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-26 18:22 - 2012-11-08 13:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-26 18:22 - 2012-03-24 21:23 - 00000000 ____D C:\GameCQ
2013-07-26 18:22 - 2012-01-04 14:31 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2013-07-26 18:22 - 2011-10-31 20:29 - 00000000 ____D C:\Program Files\CCleaner
2013-07-26 18:22 - 2011-09-27 22:27 - 00000000 ____D C:\Program Files\Zune
2013-07-26 18:22 - 2011-09-18 06:33 - 00000000 ____D C:\Users\Oze\Desktop\Malware
2013-07-26 18:22 - 2011-09-18 06:32 - 00000000 ___RD C:\Users\Oze\Desktop\TOOLS
2013-07-26 18:22 - 2011-09-18 06:14 - 00000000 ___RD C:\Users\Oze\Desktop\Games
2013-07-26 18:22 - 2011-09-17 19:01 - 00000000 ____D C:\Drive_F
2013-07-26 18:22 - 2011-09-14 16:40 - 00000000 ____D C:\Program Files\Dell Support Center
2013-07-26 18:22 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-26 18:22 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-26 18:22 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-26 18:22 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-26 18:22 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-07-26 18:21 - 2011-09-17 23:57 - 00000000 ____D C:\DOSBox-0.73
2013-07-26 18:21 - 2011-09-17 18:47 - 00000000 ___HD C:\Windows\ie8
2013-07-26 18:21 - 2011-09-17 18:46 - 00000000 ___HD C:\Windows\ie7
2013-07-26 18:21 - 2011-09-17 18:40 - 00000000 ____D C:\Windows\I386
2013-07-26 18:18 - 2011-09-17 18:49 - 00000000 ____D C:\Windows\V58
2013-07-26 18:18 - 2011-09-17 18:49 - 00000000 ____D C:\Windows\network diagnostic
2013-07-26 18:18 - 2011-09-17 18:48 - 00000000 ____D C:\Windows\msagent
2013-07-26 18:18 - 2011-09-17 18:14 - 00000000 ____D C:\Windows\SysWOW64\npp
2013-07-26 18:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-07-26 18:17 - 2011-09-17 18:19 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-07-26 18:17 - 2011-09-17 18:13 - 00000000 ____D C:\Windows\SysWOW64\hpintro
2013-07-26 18:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2013-07-26 18:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-07-26 18:14 - 2011-09-17 18:09 - 00000000 ____D C:\Windows\SysWOW64\Aod
2013-07-26 18:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-07-26 18:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\oobe
2013-07-26 18:13 - 2013-04-22 22:10 - 00000000 ____D C:\Program Files (x86)\program
2013-07-26 18:13 - 2013-01-12 21:02 - 00000000 ____D C:\Program Files (x86)\War Inc Battlezone
2013-07-26 18:13 - 2012-08-18 18:13 - 00000000 ____D C:\Python27
2013-07-26 18:13 - 2011-11-22 13:03 - 00000000 ____D C:\SBS
2013-07-26 18:13 - 2011-09-18 00:43 - 00000000 ____D C:\Rooter$
2013-07-26 18:13 - 2011-09-17 18:36 - 00000000 ____D C:\Windows\Corel
2013-07-26 18:13 - 2011-09-17 17:53 - 00000000 ____D C:\Program Files (x86)\V CAST Media Manager
2013-07-26 18:13 - 2011-09-17 17:35 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-26 18:13 - 2011-09-17 17:34 - 00000000 ____D C:\Program Files (x86)\Quicken WillMaker Plus 2006
2013-07-26 18:13 - 2011-09-17 17:34 - 00000000 ____D C:\Program Files (x86)\PMP DV
2013-07-26 18:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-07-26 18:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Dism
2013-07-26 18:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\com
2013-07-26 18:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system
2013-07-26 18:12 - 2013-02-22 11:54 - 00000000 ____D C:\Program Files (x86)\wot test
2013-07-26 18:12 - 2011-12-25 12:16 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-26 18:12 - 2011-09-17 17:51 - 00000000 ____D C:\Program Files (x86)\SUPERAntiSpyware
2013-07-26 18:12 - 2011-09-14 16:46 - 00000000 ____D C:\Program Files (x86)\Zinio Reader 4
2013-07-26 18:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-07-26 18:11 - 2013-06-04 16:03 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2013-07-26 18:11 - 2011-09-17 17:55 - 00000000 ____D C:\Program Files (x86)\Windows Media Connect 2
2013-07-26 18:11 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-26 18:10 - 2013-07-07 17:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-26 18:10 - 2013-07-07 16:43 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-26 18:10 - 2013-04-20 13:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-26 18:10 - 2012-08-21 07:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-26 18:10 - 2012-04-02 16:23 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-07-26 18:10 - 2011-09-17 17:55 - 00000000 ____D C:\Program Files (x86)\Windows Live Safety Center
2013-07-26 18:10 - 2011-09-17 17:55 - 00000000 ____D C:\Program Files (x86)\Windows Installer Clean Up
2013-07-26 18:10 - 2011-09-17 17:28 - 00000000 ____D C:\Program Files (x86)\OverDrive Media Console
2013-07-26 18:10 - 2011-09-17 17:23 - 00000000 ____D C:\Program Files (x86)\OpenDNS Updater
2013-07-26 18:10 - 2011-09-17 17:12 - 00000000 ____D C:\Program Files (x86)\Nikon Firmware
2013-07-26 18:10 - 2011-09-17 17:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12
2013-07-26 18:10 - 2011-09-17 17:09 - 00000000 ____D C:\Program Files (x86)\Movie Maker
2013-07-26 18:10 - 2011-09-17 17:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-26 18:09 - 2012-11-08 13:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-26 18:08 - 2012-08-28 14:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-07-26 18:08 - 2012-01-04 14:31 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2013-07-26 18:08 - 2011-09-17 17:52 - 00000000 ____D C:\Program Files (x86)\TrueSwitchEsaya
2013-07-26 18:08 - 2011-09-17 17:09 - 00000000 ____D C:\Program Files (x86)\Microsoft IntelliPoint 5.5
2013-07-26 18:08 - 2011-09-17 17:09 - 00000000 ____D C:\Program Files (x86)\Microsoft IntelliPoint
2013-07-26 18:08 - 2011-09-17 17:09 - 00000000 ____D C:\Program Files (x86)\Messenger
2013-07-26 18:08 - 2011-09-17 15:30 - 00000000 ____D C:\Program Files (x86)\CrossLoop
2013-07-26 18:08 - 2011-09-17 15:16 - 00000000 ____D C:\Program Files (x86)\Audible
2013-07-26 18:08 - 2011-09-14 16:28 - 00000000 ____D C:\Program Files (x86)\Cozi Express
2013-07-26 18:08 - 2011-09-14 16:26 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-07-26 18:06 - 2011-10-29 18:23 - 00000000 ____D C:\Program Files (x86)\Bandicam
2013-07-26 18:06 - 2011-09-17 16:02 - 00000000 ____D C:\Program Files (x86)\Finale NotePad 2003a
2013-07-26 18:06 - 2011-09-17 15:16 - 00000000 ____D C:\Program Files (x86)\Audacity
2013-07-26 18:06 - 2011-09-17 14:57 - 00000000 ____D C:\Program Files (x86)\AIM95
2013-07-26 13:26 - 2013-07-23 04:17 - 00000003 _____ C:\ProgramData\dafccegc28.nls
2013-07-26 13:26 - 2012-09-14 05:44 - 00000000 ____D C:\Users\Oze\AppData\Roaming\Free Download Manager
2013-07-26 13:26 - 2012-03-06 10:09 - 00000000 ____D C:\ProgramData\PCPitstopDat
2013-07-26 13:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-07-26 13:11 - 2013-07-26 13:11 - 00000000 _____ C:\Windows\SysWOW64\SBRC.dat
2013-07-26 13:05 - 2013-07-22 19:56 - 00512221 _____ C:\Users\Oze\AppData\Local\dfl28z32.dll
2013-07-26 13:01 - 2013-07-25 16:16 - 00000003 _____ C:\Users\Oze\AppData\Local\dafccegc28.nls
2013-07-26 12:53 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-26 12:53 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-26 12:51 - 2009-07-14 00:13 - 00779788 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-26 12:46 - 2012-03-19 17:42 - 00000000 ____D C:\Users\Oze\AppData\Local\LogMeIn Hamachi
2013-07-26 12:46 - 2011-09-14 16:44 - 00000000 ____D C:\ProgramData\Sonic
2013-07-26 12:45 - 2013-07-25 16:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-26 12:45 - 2011-09-14 16:52 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-07-26 12:45 - 2011-09-14 16:52 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-07-26 12:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-07-26 12:38 - 2013-07-25 16:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-26 12:32 - 2013-01-26 14:31 - 00000000 ___RD C:\Users\Oze\Desktop\azhie
2013-07-26 11:36 - 2011-09-18 06:15 - 00000000 ____D C:\Users\Oze\Desktop\Kids
2013-07-26 11:30 - 2013-07-26 11:30 - 00000030 _____ C:\Users\Oze\AppData\Roaming\mbam.context.scan
2013-07-26 09:16 - 2013-07-26 09:16 - 21840856 _____ (Mozilla) C:\Users\Oze\Downloads\Firefox_Setup [1].exe
2013-07-26 06:09 - 2011-10-23 19:26 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6C79EAD0-30A9-4F51-AF18-53C5A208D247}
2013-07-25 19:01 - 2013-07-11 14:52 - 00002119 _____ C:\Users\Oze\Desktop\vba.ini
2013-07-25 19:00 - 2013-07-25 19:00 - 00002036 _____ C:\Users\Oze\Desktop\PC Matic (2).lnk
2013-07-25 18:55 - 2013-06-22 22:53 - 00000000 ____D C:\Users\Oze\AppData\Roaming\.minecraft
2013-07-25 18:55 - 2011-09-17 18:27 - 00000000 ____D C:\ProgramData\NoteBurner
2013-07-25 18:09 - 2013-07-25 18:09 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Oze\Downloads\pcmatic-setup-0002.exe
2013-07-25 17:08 - 2011-09-17 17:51 - 00000000 ____D C:\Program Files (x86)\Sunbelt Software
2013-07-25 16:58 - 2013-07-25 16:58 - 00000000 ____D C:\Users\Oze\AppData\Local\VS Revo Group
2013-07-25 16:58 - 2013-07-25 16:58 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-07-25 16:58 - 2013-07-25 16:58 - 00000000 ____D C:\Program Files\VS Revo Group
2013-07-25 16:33 - 2013-07-25 16:33 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-25 16:33 - 2013-07-25 16:33 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-25 16:29 - 2011-10-14 13:08 - 00000000 ____D C:\Users\Oze\AppData\Roaming\Skype
2013-07-25 16:29 - 2011-09-17 17:55 - 00000000 ____D C:\Program Files (x86)\WinZip
2013-07-25 16:29 - 2011-09-17 17:33 - 00000000 ____D C:\Program Files (x86)\PCPitstop
2013-07-25 16:29 - 2011-09-14 16:24 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-07-24 15:01 - 2013-05-22 10:04 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-07-22 22:11 - 2012-10-16 13:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-22 22:11 - 2011-09-14 16:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-22 22:10 - 2010-11-20 22:24 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2013-07-22 22:10 - 2009-07-13 19:13 - 01397248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Utilman.exe
2013-07-22 22:10 - 2009-07-13 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
2013-07-22 22:10 - 2009-07-13 18:41 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2013-07-22 22:10 - 2009-07-13 18:37 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\net.exe
2013-07-22 22:10 - 2009-07-13 18:19 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
2013-07-22 22:09 - 2012-07-11 16:38 - 02684416 _____ (Sysinternals - www.sysinternals.com) C:\Users\Oze\Desktop\ CPAP SD Card (1).exe
2013-07-22 22:09 - 2010-02-09 09:49 - 17231872 _____ (Microsoft Corporation) C:\Users\Oze\Desktop\LMSetup.exe
2013-07-22 21:13 - 2012-01-28 20:26 - 00000000 ____D C:\Users\Oze\AppData\Local\PMB Files
2013-07-22 21:13 - 2012-01-28 20:26 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-22 20:33 - 2013-07-22 20:32 - 00000000 ____D C:\Users\Oze\AppData\Local\Smartbar
2013-07-22 20:32 - 2013-07-22 20:32 - 00000000 ____D C:\Users\Oze\Documents\My Cheat Tables
2013-07-22 20:32 - 2013-07-22 20:32 - 00000000 ____D C:\Users\Oze\AppData\Roaming\OpenCandy
2013-07-22 20:32 - 2013-07-22 20:32 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3
2013-07-22 19:43 - 2012-08-14 14:21 - 00000000 ____D C:\Program Files (x86)\Caller ID
2013-07-22 19:43 - 2011-09-17 15:17 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-22 15:04 - 2011-09-17 15:00 - 00000000 ____D C:\ProgramData\PCDr
2013-07-20 13:58 - 2013-07-20 13:58 - 00123323 _____ C:\Users\Oze\Desktop\Zune_chat..xps
2013-07-20 09:06 - 2013-07-20 09:06 - 00000889 _____ C:\Users\Public\Desktop\Zune.lnk
2013-07-20 09:06 - 2013-07-20 09:06 - 00000889 _____ C:\ProgramData\Desktop\Zune.lnk
2013-07-19 19:00 - 2013-03-07 17:05 - 00585216 ___SH C:\Users\Oze\Downloads\Thumbs.db
2013-07-17 19:28 - 2013-07-17 19:28 - 00227070 _____ C:\Users\Oze\Downloads\League of Legends Modifier 1.00 IP plus RP Adder.rar
2013-07-17 19:23 - 2013-01-25 06:41 - 00000000 ____D C:\ProgramData\VisualBee
2013-07-17 19:22 - 2013-01-25 06:41 - 00000000 ____D C:\Users\Oze\AppData\Local\VisualBeeExe
2013-07-17 01:29 - 2012-01-10 11:52 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-07-16 15:07 - 2013-07-16 15:05 - 00000000 ____D C:\Users\Oze\AppData\Roaming\.technic
2013-07-16 15:04 - 2012-08-05 15:19 - 00000000 ____D C:\Users\Oze\AppData\Roaming\.techniclauncher
2013-07-11 08:16 - 2008-06-02 17:45 - 00253952 ___SH C:\Users\Oze\Desktop\Thumbs.db
2013-07-11 02:27 - 2009-07-13 23:45 - 00534760 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-11 02:25 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-08 22:07 - 2013-07-08 22:07 - 00108968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-08 22:07 - 2013-07-08 22:07 - 00000000 ____D C:\Program Files\Java
2013-07-08 22:07 - 2012-11-02 10:23 - 01093032 _____ (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-07-08 22:07 - 2011-09-14 16:21 - 00972712 _____ (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-07-07 19:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-07 18:54 - 2013-07-07 18:54 - 00587906 _____ C:\Users\Oze\Desktop\azh_dell.xps
2013-07-07 16:47 - 2011-09-18 01:04 - 00000000 ____D C:\Users\Oze\AppData\Roaming\wsInspector

Files to move or delete:
====================
C:\Users\Oze\GoToAssistDownloadHelper.exe
C:\ProgramData\hash.dat
C:\ProgramData\winiml.dat

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe
[2013-08-02 23:59] - [2009-07-13 20:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe
[2013-08-02 23:59] - [2011-09-14 18:04] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe
[2009-07-13 18:19] - [2013-07-22 22:10] - 0020992 ____A (Microsoft Corporation) 1630B7CCFA1307C1E8A314E4BD20E8ED

C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-07-24 23:00:06
Restore point made on: 2013-07-25 16:26:55
Restore point made on: 2013-07-25 16:33:50
Restore point made on: 2013-07-25 16:48:15
Restore point made on: 2013-07-25 16:55:06
Restore point made on: 2013-07-25 17:01:29
Restore point made on: 2013-07-25 17:01:57

==================== Memory info ===========================

Percentage of memory in use: 8%
Total physical RAM: 12278.93 MB
Available physical RAM: 11258.86 MB
Total Pagefile: 12277.13 MB
Available Pagefile: 11239.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1849.73 GB) (Free:1443.69 GB) NTFS (Disk=0 Partition=3)
Drive e: (RECOVERY) (Fixed) (Total:13.25 GB) (Free:5.34 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive f: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:75.68 GB) NTFS (Disk=5 Partition=1)
Drive k: () (Removable) (Total:0.99 GB) (Free:0.99 GB) FAT (Disk=6 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: CB59CF0B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-212892385280) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 466 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 1019 MB) (Disk ID: 3C813E58)
Partition 1: (Active) - (Size=1012 MB) - (Type=06)


LastRegBack: 2013-08-02 02:04

==================== End Of Log ============================
  • 0

Advertisements

#41
emeraldnzl
Posted 02 August 2013 - 08:03 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Well it was an outside chance but I was hoping that by replacing those two files we might be able to get into Safe Mode.

The problem is the missing userinit.exe in both 32 and 64 bit versions for which there don't seem to be good copies on your machine to use as replacements.

The Startup Repair it is not working so I think we need to go to a different solution.

I believe your machine is a Dell which should enable you to carry out a factory restore. Care here as you will need to back up your personal files before proceeding. You can use OTLPE to access your files, email information and browser bookmarks. Copy them to a USB stick for later use.

Follow this link for instructions on a factory reset. Step 3 is the one on how to access Avanced Boot Options and carry out the restore.
  • 0

#42
oze
Posted 02 August 2013 - 08:49 PM

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Well, it was a vailent effort! There was no option to restore without saving files, so that is being done to backup disk. Based on the progress, this will probably still be going on when I go to bed. If so, I'll post the restore results tomorrow. Thanks, and good night.
  • 0

#43
emeraldnzl
Posted 02 August 2013 - 09:05 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Best of luck.

Look forward to hearing from you tomorrow. :)
  • 0

#44
oze
Posted 03 August 2013 - 04:24 PM

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
It took 20+ hours, but the backup is complete, and the system has been restored. Now going through the process of restoring (some of the) saved files. I will, of course run Malwarebytes and Super Anti Spyware scans when the reload is complete. Anything else I need to do to endure system integrity, beyond enforcing the lifetime ban upon my teenaged son?

Edited by oze, 03 August 2013 - 04:25 PM.

  • 0

#45
emeraldnzl
Posted 03 August 2013 - 05:07 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again oze,

Glad to see you back and the machine working again. :)

Anything else I need to do to endure system integrity, beyond enforcing the lifetime ban upon my teenaged son?


I think you should have a good anti-virus.

Here are three good antivirus free for personal use:Here are two good firewalls free for personal use:


Microsoft Security Essentials together with Windows Firewall (which comes with Windows) is probably a good choice for the run of the mill user. This because it is light on resources, it is unobtrusive (it works away in the background without interrupting) and you don't have to be an expert. Firewalls have a habit of flagging suspicious files and asking the user to decide whether to accept the file or not. Often the run of the mill user has no idea about what a particular file does and just says no to everything... down the track they wonder why programs they use regularly suddenly stop working or maybe they try and download something they frequently downloaded in the past but now find they can't.

Note: Do not use more than one anti-virus or firewall. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP