[dnilson76]

Similar to others , black screen comes up before login, mouse cursor only thing visible.
 
Had just run Combofix, and may have deleted the current install folder for ATI graphics card software (C:\ install folder.
 
Ran farbar, attached the scan below, see some funny things, like a runonce {restore] entry, and some remnants of Easus backup that should be gone ....
 
Windows 7-64, SP1 but was updated and running a good commercial paid for AV, but was seeing some malware like symptoms and was looking into it when this happened.
 
 
Am technical so ask for whatever you need
 
Thanks in advance

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by SYSTEM on MININT-T3UT37L on 27-07-2014 12:39:00
Running from C:\BleepingComp
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet004
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-08] (NVIDIA Corporation)
HKLM\...\Run: [Zune Launcher] => "C:\Program Files\Zune\ZuneLauncher.exe"
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1911808 2012-09-08] (Dominik Reichl)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [502288 2012-01-03] (MSI)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1596224 2014-04-17] (IObit)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\CSEWLPackage-x32: C:\Program Files (x86)\ScriptLogic Corporation\Privilege Authority\GPEExtensionsProxy.dll (ScriptLogic Corporation)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\Administrator\...\Run: [CachemanTray] => C:\Program Files (x86)\Cacheman\CachemanTray.exe [414280 2014-06-04] (Outertech)
HKU\Administrator\...\Run: [NVIDIA nTune] => "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile
HKU\Administrator\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [306688 2012-03-25] (FileHippo.com)
HKU\Administrator\...\Run: [SolarWinds SRTM] => "C:\Program Files (x86)\SolarWinds\StorageResponseTimeMonitor\SRTM.exe"
HKU\Administrator\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Administrator\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\Administrator\...\RunOnce: [CTAutoUpdate] => C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [623416 2009-06-19] (Creative Technology Ltd)
HKU\Administrator\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\Administrator\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Administrator\...\Policies\Explorer: [NoDrives] 0x02000000
HKU\Administrator\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\Administrator\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKU\Administrator\...\Policies\Explorer: [NoNetHood] 0
HKU\Administrator\...\Policies\Explorer: [NoNetworkConnections] 0
HKU\Administrator\...\Policies\Explorer: [NoPropertiesMyDocuments] 0
HKU\Administrator\...\Policies\Explorer: [NoPropertiesRecycleBin] 0
HKU\Administrator\...\Policies\Explorer: [NoSecConsole] 0
HKU\Administrator\...\Policies\Explorer: [NoSecurityTab] 0
HKU\Administrator\...\Policies\Explorer: [NoSharedDocuments] 0
HKU\Administrator\...\Policies\Explorer: [NoSMBalloonTip] 0
HKU\Administrator\...\Policies\Explorer: [NoSMMyDocs] 0
HKU\Administrator\...\Policies\Explorer: [NoStrCmpLogical] 0x00000000
HKU\Administrator\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\Administrator\...\Policies\Explorer: [NoAddPrinter] 0
HKU\Administrator\...\Policies\Explorer: [NoBandCustomize] 0
HKU\Administrator\...\Policies\Explorer: [NoChangeAnimation] 0
HKU\Administrator\...\Policies\Explorer: [NoCommonGroups] 0
HKU\Administrator\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\Administrator\...\Policies\Explorer: [NoDFSTab] 0
HKU\Administrator\...\Policies\Explorer: [NoFileMenu] 0
HKU\Administrator\...\Policies\Explorer: [NoHardwareTab] 0
HKU\Administrator\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\Administrator\...\Policies\Explorer: [NoSimpleStartMenu] 0
HKU\Administrator\...\Policies\Explorer: [NoStartMenuMyGames] 0
HKU\Administrator\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 0
HKU\Administrator.Argonne7-64\...\Run: [CachemanTray] => C:\Program Files (x86)\Cacheman\CachemanTray.exe [414280 2014-06-04] (Outertech)
HKU\Administrator.Argonne7-64\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [306688 2012-03-25] (FileHippo.com)
HKU\Administrator.Argonne7-64\...\Run: [Hobbyist Software VLC Streamer] => C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe [1342520 2012-03-28] (Hobbyist Software)
HKU\Administrator.Argonne7-64\...\Run: [SUMo] => C:\Program Files (x86)\KC Softwares\SUMo\SUMo.exe [1431552 2012-03-30] (KC Softwares)
HKU\Administrator.Argonne7-64\...\Run: [SolarWinds SRTM] => "C:\Program Files (x86)\SolarWinds\StorageResponseTimeMonitor\SRTM.exe"
HKU\Administrator.Argonne7-64\...\Run: [NVIDIA nTune] => "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile
HKU\Administrator.Argonne7-64\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-10-26] (AMD)
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoAddPrinter] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoBandCustomize] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoChangeAnimation] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoCommonGroups] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoDFSTab] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoFileMenu] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoHardwareTab] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoNetHood] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoNetworkConnections] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoPropertiesMyDocuments] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoPropertiesRecycleBin] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoSecConsole] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoSharedDocuments] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoSimpleStartMenu] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoSMBalloonTip] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoSMMyDocs] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoStartMenuMyGames] 0
HKU\Administrator.Argonne7-64\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 0
HKU\Dave\...\Run: [CachemanTray] => C:\Program Files (x86)\Cacheman\CachemanTray.exe [414280 2014-06-04] (Outertech)
HKU\Dave\...\Run: [CTRegRun] => C:\Windows\CTRegRun.EXE [53248 2006-10-06] (Creative Technology Ltd )
HKU\Dave\...\Run: [StartUp This] => C:\Program Files (x86)\Laplink\PCmover\LaunchSt.exe [251184 2009-10-02] (Laplink Software, Inc.)
HKU\Dave\...\Run: [TranscodeServer] => C:\Program Files (x86)\Realtek\Transcode Server\TranscodeServer.exe [1163351 2009-02-13] ()
HKU\Dave\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Dave\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\Dave\...\RunOnce: [CTAutoUpdate] => C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [623416 2009-06-19] (Creative Technology Ltd)
HKU\Dave\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Dave\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\Dave\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\Dave\...\Policies\Explorer: [NoDrives] 0x02000000
HKU\Dave\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKU\Dave\...\Policies\Explorer: [NoNetHood] 0
HKU\Dave\...\Policies\Explorer: [NoNetworkConnections] 0
HKU\Dave\...\Policies\Explorer: [NoPropertiesMyDocuments] 0
HKU\Dave\...\Policies\Explorer: [NoPropertiesRecycleBin] 0
HKU\Dave\...\Policies\Explorer: [NoSecConsole] 0
HKU\Dave\...\Policies\Explorer: [NoSecurityTab] 0
HKU\Dave\...\Policies\Explorer: [NoSharedDocuments] 0
HKU\Dave\...\Policies\Explorer: [NoSMBalloonTip] 0
HKU\Dave\...\Policies\Explorer: [NoSMMyDocs] 0
HKU\Dave\...\Policies\Explorer: [NoStrCmpLogical] 0x00000000
HKU\Default\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\dnilson\...\Run: [CachemanTray] => C:\Program Files (x86)\Cacheman\CachemanTray.exe [414280 2014-06-04] (Outertech)
HKU\dnilson\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-10-26] (AMD)
HKU\dnilson\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\dnilson\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\dnilson\...\Policies\Explorer: [NoAddPrinter] 0
HKU\dnilson\...\Policies\Explorer: [NoBandCustomize] 0
HKU\dnilson\...\Policies\Explorer: [NoChangeAnimation] 0
HKU\dnilson\...\Policies\Explorer: [NoCommonGroups] 0
HKU\dnilson\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\dnilson\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\dnilson\...\Policies\Explorer: [NoDFSTab] 0
HKU\dnilson\...\Policies\Explorer: [NoFileMenu] 0
HKU\dnilson\...\Policies\Explorer: [NoHardwareTab] 0
HKU\dnilson\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\dnilson\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKU\dnilson\...\Policies\Explorer: [NoNetHood] 0
HKU\dnilson\...\Policies\Explorer: [NoNetworkConnections] 0
HKU\dnilson\...\Policies\Explorer: [NoPropertiesMyDocuments] 0
HKU\dnilson\...\Policies\Explorer: [NoPropertiesRecycleBin] 0
HKU\dnilson\...\Policies\Explorer: [NoSecConsole] 0
HKU\dnilson\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\dnilson\...\Policies\Explorer: [NoSharedDocuments] 0
HKU\dnilson\...\Policies\Explorer: [NoSimpleStartMenu] 0
HKU\dnilson\...\Policies\Explorer: [NoStartMenuMyGames] 0
HKU\dnilson\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 0
HKU\dnilson\...\Policies\Explorer: [NoResolveSearch] 1
HKU\dnilson\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\dnilson.NILSON\...\Run: [StartUp This] => C:\Program Files (x86)\Laplink\PCmover\LaunchSt.exe [251184 2009-10-02] (Laplink Software, Inc.)
HKU\dnilson.NILSON\...\Run: [CachemanTray] => C:\Program Files (x86)\Cacheman\CachemanTray.exe [414280 2014-06-04] (Outertech)
HKU\dnilson.NILSON\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\dnilson.NILSON\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\dnilson.NILSON\...\RunOnce: [CTAutoUpdate] => C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [623416 2009-06-19] (Creative Technology Ltd)
HKU\dnilson.NILSON\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\dnilson.NILSON\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\dnilson.NILSON\...\Policies\Explorer: [NoDrives] 0x02000000
HKU\dnilson.NILSON\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\dnilson.NILSON\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKU\dnilson.NILSON\...\Policies\Explorer: [NoNetHood] 0
HKU\dnilson.NILSON\...\Policies\Explorer: [NoNetworkConnections] 0
HKU\dnilson.NILSON\...\Policies\Explorer: [NoPropertiesMyDocuments] 0
HKU\dnilson.NILSON\...\Policies\Explorer: [NoPropertiesRecycleBin] 0
HKU\dnilson.NILSON\...\Policies\Explorer: [NoSecConsole] 0
HKU\dnilson.NILSON\...\Policies\Explorer: [NoSecurityTab] 0
HKU\dnilson.NILSON\...\Policies\Explorer: [NoSharedDocuments] 0
HKU\dnilson.NILSON\...\Policies\Explorer: [NoSMBalloonTip] 0
HKU\dnilson.NILSON\...\Policies\Explorer: [NoSMMyDocs] 0
HKU\dnilson.NILSON\...\Policies\Explorer: [NoStrCmpLogical] 0x00000000
Startup: C:\Users\dnilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\dnilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Super Finder XT.lnk
ShortcutTarget: Super Finder XT.lnk -> C:\Program Files (x86)\FSL\SuperFinder\SuperFinder.exe (FSL)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - No File
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - No File
BootExecute: autocheck autochk * SmartDefragBootTime.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
S2 CachemanService; C:\Program Files (x86)\Cacheman\CachemanServ.exe [238152 2013-05-14] (Outertech)
S3 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [60552 2011-10-21] (CHENGDU YIWO Tech Development Co., Ltd)
S2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
S3 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23176 2011-10-21] (CHENGDU YIWO Tech Development Co., Ltd)
S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-01-24] (IObit)
S2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [375176 2012-02-07] (LogMeIn, Inc.)
S3 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [147336 2012-02-07] (LogMeIn, Inc.)
S3 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
S2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [138768 2012-01-03] (MSI)
S3 NfsClnt; C:\Windows\system32\nfsclnt.exe [65536 2010-11-20] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
S2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
S2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S3 TivoBeacon2; C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [1104656 2010-08-24] (TiVo Inc.)
S2 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [913408 2006-10-18] (Microsoft Corporation)
S2 Creative Service for CDROM Access; C:\Windows\SysWOW64\CTsvcCDA.exe [X]
S3 ndsvc; C:\Program Files\NetDrive\ndsvc.exe [X]
S3 Rsync; E:\Cygwin\bin\cygrunsrv.exe [X]
S3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [X]
S3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [X]
S3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 DIRECTIO; C:\Program Files (x86)\PerformanceTest\DirectIo.sys [21056 2010-06-30] ()
S4 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S4 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] ()
S0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [50312 2011-10-21] ()
S4 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S4 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] ()
S1 Ext2fs; C:\Windows\System32\DRIVERS\ext2fs.sys [266688 2008-01-20] (Stephan Schreiber)
S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 hcwhdpvr; C:\Windows\System32\DRIVERS\hcwhdpvr.sys [192072 2012-03-26] (Hauppauge, Inc.)
S1 IfsMount; C:\Windows\System32\DRIVERS\ifsmount.sys [78272 2007-12-29] (Stephan Schreiber)
S2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [85008 2012-05-22] ()
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [17936 2011-12-12] (Windows ® Win 7 DDK provider)
S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2010-01-27] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 NfsRdr; C:\Windows\System32\drivers\nfsrdr.sys [246272 2010-11-20] (Microsoft Corporation)
S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
S3 NVR0Dev; C:\Windows\nvoclk64.sys [40480 2008-06-06] (NVidia Corp.)
S2 NVR0FLASHDev; C:\Windows\nvflsh64.sys [40480 2008-05-23] (NVidia Corp.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 PsxDrv; C:\Windows\System32\drivers\psxdrv.sys [10240 2009-07-13] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2011-09-02] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2011-09-02] ()
S3 QGPEFlt; C:\Program Files (x86)\ScriptLogic Corporation\Privilege Authority\Driver\QGPEFlt.sys [38424 2008-04-04] (Quest Software Corporation)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
S3 RpcXdr; C:\Windows\System32\drivers\rpcxdr.sys [104960 2010-11-20] (Microsoft Corporation)
S2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
S0 Si3531; C:\Windows\System32\drivers\Si3531.sys [333864 2009-02-09] (Silicon Image, Inc)
S0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22568 2009-02-09] (Silicon Image, Inc.)
S0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [16936 2009-02-09] (Silicon Image, Inc.)
S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-10-17] (Duplex Secure Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-12] ()
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [267776 2013-05-12] (Jungo Connectivity)
S3 ndfs; \??\C:\Program Files\NetDrive\ndfs.sys [X]
S4 VirtualDK; \??\E:\DEV\Winbuilder80\Projects\Tools\vdk\vdk.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 12:38 - 2014-07-27 12:39 - 00000000 ____D () C:\FRST
2014-07-27 12:04 - 2014-07-27 12:04 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-07-26 15:34 - 2014-07-26 15:38 - 00000000 ____D () C:\first.FRST.dan
2014-07-26 10:53 - 2014-07-27 12:39 - 00000000 ____D () C:\BleepingComp
2014-07-18 00:00 - 2014-07-18 00:00 - 00000000 _____ () C:\Windows\System32\SBRC.dat
2014-07-13 20:55 - 2014-07-13 20:55 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-07-13 15:17 - 2014-07-15 17:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-13 15:17 - 2014-03-04 03:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-07-13 15:16 - 2014-03-04 05:06 - 06714312 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2014-07-13 15:16 - 2014-03-04 05:06 - 03497816 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2014-07-13 15:16 - 2014-03-04 05:05 - 02558808 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2014-07-13 15:16 - 2014-03-04 05:05 - 00922968 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2014-07-13 15:16 - 2014-03-04 05:05 - 00386336 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2014-07-13 15:16 - 2014-03-04 05:05 - 00064968 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2014-07-13 10:22 - 2014-07-13 10:22 - 00000000 ____D () C:\found.000
2014-07-12 13:36 - 2014-07-12 13:36 - 00000000 ____D () C:\Users\dnilson\AppData\Roaming\FastStone
2014-07-12 13:35 - 2014-07-12 13:35 - 00000000 ____D () C:\Users\dnilson\AppData\Roaming\FreeCommander
2014-07-12 13:05 - 2014-07-12 13:06 - 00000393 _____ () C:\Windows\SecuniaPackage.log
2014-07-12 13:05 - 2014-07-12 13:05 - 00001811 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-07-12 13:05 - 2014-07-12 13:05 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-07-12 12:58 - 2014-07-12 12:58 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe
2014-07-12 12:49 - 2014-07-27 08:27 - 00001512 _____ () C:\Windows\setupact.log
2014-07-12 12:49 - 2014-07-12 15:10 - 00004384 _____ () C:\Windows\PFRO.log
2014-07-12 12:49 - 2014-07-12 12:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-12 11:33 - 2014-07-12 11:33 - 00003804 _____ () C:\Users\dnilson\Documents\cc_20140712_153320.reg
2014-07-12 11:31 - 2014-07-12 11:32 - 00085804 _____ () C:\Users\dnilson\Documents\cc_20140712_153145.reg
2014-07-12 11:02 - 2014-07-12 11:02 - 00000975 _____ () C:\Users\dnilson\Desktop\ExactFile.lnk
2014-07-12 11:02 - 2014-07-12 11:02 - 00000000 ____D () C:\Program Files (x86)\ExactFile
2014-07-12 08:54 - 2014-07-12 13:34 - 00000000 ____D () C:\ComboFix
2014-07-12 08:54 - 2014-07-12 08:22 - 05218570 ____R (Swearware) C:\ComboFix.exe
2014-07-12 08:54 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-12 08:54 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-12 08:54 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-12 08:54 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-12 08:54 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-12 08:54 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-12 08:54 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-12 08:54 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-12 08:19 - 2014-07-12 08:19 - 00000000 ____D () C:\Windows\ERUNT
2014-07-12 08:15 - 2014-07-12 08:19 - 00002092 _____ () C:\Users\dnilson\Desktop\Rkill.txt
2014-07-11 18:06 - 2014-07-11 18:55 - 00000000 ____D () C:\AdwCleaner
2014-07-09 18:21 - 2014-06-29 18:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-07-09 18:21 - 2014-06-29 18:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-07-09 18:21 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe
2014-07-09 18:21 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 18:21 - 2014-06-17 17:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-07-09 18:21 - 2014-06-06 02:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-07-09 18:21 - 2014-06-06 01:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 18:21 - 2014-05-29 22:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-07-09 18:20 - 2014-06-20 12:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-07-09 18:20 - 2014-06-20 11:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 18:20 - 2014-06-18 17:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-07-09 18:20 - 2014-06-18 17:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-07-09 18:20 - 2014-06-18 17:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-07-09 18:20 - 2014-06-18 16:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-07-09 18:20 - 2014-06-18 16:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-07-09 18:20 - 2014-06-18 16:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-07-09 18:20 - 2014-06-18 16:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-07-09 18:20 - 2014-06-18 16:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-07-09 18:20 - 2014-06-18 16:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-07-09 18:20 - 2014-06-18 16:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-07-09 18:20 - 2014-06-18 16:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-07-09 18:20 - 2014-06-18 16:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-07-09 18:20 - 2014-06-18 16:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-07-09 18:20 - 2014-06-18 16:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-07-09 18:20 - 2014-06-18 16:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 18:20 - 2014-06-18 16:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-09 18:20 - 2014-06-18 16:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-07-09 18:20 - 2014-06-18 15:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-09 18:20 - 2014-06-18 15:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 18:20 - 2014-06-18 15:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-07-09 18:20 - 2014-06-18 15:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-07-09 18:20 - 2014-06-18 15:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-07-09 18:20 - 2014-06-18 15:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-07-09 18:20 - 2014-06-18 15:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-07-09 18:20 - 2014-06-18 15:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 18:20 - 2014-06-18 15:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 18:20 - 2014-06-18 15:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 18:20 - 2014-06-18 15:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 18:20 - 2014-06-18 15:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-07-09 18:20 - 2014-06-18 15:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 18:20 - 2014-06-18 15:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 18:20 - 2014-06-18 15:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 18:20 - 2014-06-18 15:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-07-09 18:20 - 2014-06-18 15:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-07-09 18:20 - 2014-06-18 15:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 18:20 - 2014-06-18 15:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 18:20 - 2014-06-18 15:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 18:20 - 2014-06-18 15:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 18:20 - 2014-06-18 15:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 18:20 - 2014-06-18 15:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 18:20 - 2014-06-18 14:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 18:20 - 2014-06-18 14:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-07-09 18:20 - 2014-06-18 14:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 18:20 - 2014-06-18 14:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 18:20 - 2014-06-18 14:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-07-09 18:20 - 2014-06-18 14:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 18:20 - 2014-06-18 14:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 18:20 - 2014-06-18 14:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 18:20 - 2014-06-18 14:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 18:20 - 2014-06-18 14:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-07-09 18:20 - 2014-06-18 14:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-07-09 18:20 - 2014-06-18 14:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 18:20 - 2014-06-18 14:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 18:20 - 2014-06-18 14:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 18:20 - 2014-05-30 00:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-07-09 18:20 - 2014-05-30 00:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-07-09 18:20 - 2014-05-30 00:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-07-09 18:20 - 2014-05-30 00:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-07-09 18:20 - 2014-05-30 00:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-07-09 18:20 - 2014-05-30 00:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-07-09 18:20 - 2014-05-30 00:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-07-09 18:20 - 2014-05-29 23:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 18:20 - 2014-05-29 23:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 18:20 - 2014-05-29 23:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 18:20 - 2014-05-29 23:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 18:20 - 2014-05-29 23:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 18:20 - 2014-05-29 23:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 18:20 - 2014-05-29 23:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 18:19 - 2014-06-05 06:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-07-09 18:19 - 2014-06-05 06:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 18:19 - 2014-06-05 06:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-07 19:37 - 2014-07-07 19:37 - 00000000 ____D () C:\Users\dnilson\AppData\Local\Adobe
2014-07-07 17:33 - 2014-07-07 17:33 - 00001001 _____ () C:\Users\Public\Desktop\AllDup.lnk
2014-07-07 17:33 - 2014-07-07 17:33 - 00000000 ____D () C:\Users\dnilson\AppData\Roaming\AllDup
2014-07-07 17:33 - 2014-07-07 17:33 - 00000000 ____D () C:\ProgramData\AllDup
2014-07-07 17:33 - 2014-07-07 17:33 - 00000000 ____D () C:\Program Files (x86)\AllDup
2014-07-07 17:33 - 2010-06-11 06:50 - 00089888 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtFrame.ocx
2014-07-07 17:33 - 2009-10-12 20:01 - 00077504 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtScrollContainer.ocx
2014-07-07 17:33 - 2008-01-29 03:57 - 00450560 _____ (LogicNP Software (http://www.ssware.com)) C:\Windows\SysWOW64\fldrvw90.ocx
2014-07-07 17:31 - 2014-07-07 18:26 - 00000000 ____D () C:\Users\dnilson\AppData\Roaming\GetFoldersize
2014-07-07 17:31 - 2014-07-07 17:31 - 00001089 _____ () C:\Users\Public\Desktop\GetFoldersize.lnk
2014-07-07 17:31 - 2014-07-07 17:31 - 00000000 ____D () C:\Program Files (x86)\GetFoldersize
2014-07-07 17:31 - 2010-10-13 02:42 - 02369456 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.CommandBars.v13.4.2.ocx
2014-07-07 17:31 - 2010-08-20 17:53 - 00086016 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtSplitter.ocx
2014-07-07 17:31 - 2010-06-01 10:45 - 01005088 _____ (Bennet-Tec Information Systems, Inc) C:\Windows\SysWOW64\TList8.ocx
2014-07-07 17:31 - 2010-03-25 06:33 - 00171752 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtRTF2.ocx
2014-07-07 17:31 - 2009-10-12 20:02 - 00044736 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtSubclass.dll
2014-07-07 16:20 - 2014-07-07 16:20 - 00000474 _____ () C:\Users\dnilson\Desktop\How to Reduce the Size of Your WinSXS Folder on Windows 7 or 8.website
2014-07-07 15:30 - 2014-07-07 15:30 - 00003170 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Startup
2014-07-07 15:30 - 2014-07-07 15:30 - 00003168 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-06-27 10:36 - 2014-07-06 21:59 - 00005994 _____ () C:\Users\dnilson\HACF-wiki.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 12:39 - 2014-07-27 12:38 - 00000000 ____D () C:\FRST
2014-07-27 12:39 - 2014-07-26 10:53 - 00000000 ____D () C:\BleepingComp
2014-07-27 12:04 - 2014-07-27 12:04 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-07-27 08:30 - 2011-02-11 20:13 - 00000000 ____D () C:\temp
2014-07-27 08:27 - 2014-07-12 12:49 - 00001512 _____ () C:\Windows\setupact.log
2014-07-27 08:25 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\tracing
2014-07-27 08:22 - 2012-07-04 10:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 08:22 - 2012-07-04 10:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 08:22 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-27 06:34 - 2014-05-04 11:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-27 05:34 - 2012-01-02 17:36 - 02083284 _____ () C:\Windows\WindowsUpdate.log
2014-07-26 23:00 - 2011-05-29 09:43 - 00000448 _____ () C:\Windows\Tasks\SyncBack 1-Ins.job
2014-07-26 23:00 - 2011-05-29 09:42 - 00000460 _____ () C:\Windows\Tasks\SyncBack 1-IT-Public.job
2014-07-26 23:00 - 2011-05-29 09:42 - 00000458 _____ () C:\Windows\Tasks\SyncBack 1-Internet.job
2014-07-26 23:00 - 2011-05-29 09:41 - 00000448 _____ () C:\Windows\Tasks\SyncBack Music.job
2014-07-26 16:21 - 2009-07-13 20:45 - 00018192 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-26 16:21 - 2009-07-13 20:45 - 00018192 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-26 15:38 - 2014-07-26 15:34 - 00000000 ____D () C:\first.FRST.dan
2014-07-18 00:00 - 2014-07-18 00:00 - 00000000 _____ () C:\Windows\System32\SBRC.dat
2014-07-15 17:41 - 2014-07-13 15:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-14 00:41 - 2012-01-02 16:49 - 00000000 ____D () C:\users\Administrator.Argonne7-64
2014-07-14 00:41 - 2012-01-02 16:49 - 00000000 ____D () C:\users\Administrator
2014-07-14 00:40 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-07-13 23:00 - 2012-01-02 16:49 - 00000000 ____D () C:\users\dnilson
2014-07-13 20:55 - 2014-07-13 20:55 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-07-13 15:17 - 2014-05-14 18:56 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-13 15:17 - 2012-01-02 16:45 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-13 15:17 - 2010-07-09 17:18 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-07-13 10:22 - 2014-07-13 10:22 - 00000000 ____D () C:\found.000
2014-07-12 15:10 - 2014-07-12 12:49 - 00004384 _____ () C:\Windows\PFRO.log
2014-07-12 15:10 - 2012-12-08 19:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-12 15:07 - 2009-07-13 18:34 - 45088768 _____ () C:\Windows\System32\config\system.rcbak
2014-07-12 15:07 - 2009-07-13 18:34 - 196870144 _____ () C:\Windows\System32\config\software.rcbak
2014-07-12 15:07 - 2009-07-13 18:34 - 06553600 _____ () C:\Windows\System32\config\default.rcbak
2014-07-12 15:07 - 2009-07-13 18:34 - 00040960 _____ () C:\Windows\System32\config\security.rcbak
2014-07-12 15:00 - 2011-12-26 22:44 - 00000000 ___RD () C:\Users\dnilson\Dropbox
2014-07-12 15:00 - 2011-04-02 18:04 - 00000414 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2014-07-12 14:59 - 2012-03-18 14:02 - 235143168 _____ () C:\Windows\System32\config\components.rctemp
2014-07-12 13:46 - 2011-11-26 20:54 - 00017785 _____ () C:\JavaRa.log
2014-07-12 13:46 - 2011-04-02 17:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-12 13:36 - 2014-07-12 13:36 - 00000000 ____D () C:\Users\dnilson\AppData\Roaming\FastStone
2014-07-12 13:36 - 2010-10-09 13:40 - 00000000 ___RD () C:\Users\dnilson\Documents\My Bookmark Collections
2014-07-12 13:35 - 2014-07-12 13:35 - 00000000 ____D () C:\Users\dnilson\AppData\Roaming\FreeCommander
2014-07-12 13:34 - 2014-07-12 08:54 - 00000000 ____D () C:\ComboFix
2014-07-12 13:34 - 2013-12-14 13:48 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-12 13:34 - 2013-04-21 15:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-12 13:34 - 2010-10-09 13:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-12 13:27 - 2011-05-21 13:31 - 00000000 ____D () C:\Program Files (x86)\CubicExplorer
2014-07-12 13:23 - 2010-10-09 13:12 - 00000000 ____D () C:\Program Files (x86)\CMAK
2014-07-12 13:08 - 2010-10-09 13:09 - 00000000 ____D () C:\Program Files (x86)\A43FileManager
2014-07-12 13:07 - 2010-10-09 13:09 - 00000000 ____D () C:\Program Files (x86)\abcAVI
2014-07-12 13:06 - 2014-07-12 13:05 - 00000393 _____ () C:\Windows\SecuniaPackage.log
2014-07-12 13:05 - 2014-07-12 13:05 - 00001811 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-07-12 13:05 - 2014-07-12 13:05 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-07-12 13:05 - 2013-08-10 18:40 - 00000000 ____D () C:\Users\dnilson\AppData\Local\CrashDumps
2014-07-12 13:05 - 2011-07-03 16:01 - 00002032 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-07-12 13:04 - 2013-07-05 12:56 - 00001012 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-12 13:02 - 2014-05-13 14:29 - 00000000 ____D () C:\Users\dnilson\AppData\Roaming\DropboxMaster
2014-07-12 13:02 - 2011-12-26 22:40 - 00000000 ____D () C:\Users\dnilson\AppData\Roaming\Dropbox
2014-07-12 13:02 - 2011-04-02 18:04 - 00016152 _____ () C:\Windows\System32\Drivers\SWDUMon.sys
2014-07-12 13:02 - 2011-04-02 18:04 - 00002844 _____ () C:\Windows\System32\Tasks\SlimDrivers Startup
2014-07-12 12:58 - 2014-07-12 12:58 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe
2014-07-12 12:49 - 2014-07-12 12:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-12 12:29 - 2010-10-09 13:09 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-07-12 11:33 - 2014-07-12 11:33 - 00003804 _____ () C:\Users\dnilson\Documents\cc_20140712_153320.reg
2014-07-12 11:32 - 2014-07-12 11:31 - 00085804 _____ () C:\Users\dnilson\Documents\cc_20140712_153145.reg
2014-07-12 11:30 - 2012-01-03 20:54 - 00000000 ____D () C:\Program Files\ccleaner
2014-07-12 11:30 - 2011-12-12 19:25 - 00000842 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-12 11:12 - 2011-04-20 19:24 - 00000000 ____D () C:\Users\dnilson\AppData\Roaming\NetDrive
2014-07-12 11:02 - 2014-07-12 11:02 - 00000975 _____ () C:\Users\dnilson\Desktop\ExactFile.lnk
2014-07-12 11:02 - 2014-07-12 11:02 - 00000000 ____D () C:\Program Files (x86)\ExactFile
2014-07-12 10:18 - 2010-10-09 13:21 - 00000000 ____D () C:\Program Files (x86)\SolarWinds
2014-07-12 10:14 - 2010-08-16 18:50 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-07-12 09:55 - 2013-03-28 16:54 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-07-12 09:50 - 2011-10-23 23:24 - 12857998 _____ () C:\ndsvc.log
2014-07-12 08:54 - 2013-06-22 17:20 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0EEAC82E-539A-4C8F-BFE2-787960AC1DED}
2014-07-12 08:22 - 2014-07-12 08:54 - 05218570 ____R (Swearware) C:\ComboFix.exe
2014-07-12 08:19 - 2014-07-12 08:19 - 00000000 ____D () C:\Windows\ERUNT
2014-07-12 08:19 - 2014-07-12 08:15 - 00002092 _____ () C:\Users\dnilson\Desktop\Rkill.txt
2014-07-12 07:57 - 2014-01-07 16:11 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-11 19:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-07-11 19:05 - 2009-07-13 20:45 - 00447816 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-07-11 18:58 - 2014-05-07 23:04 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-07-11 18:58 - 2011-04-12 00:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 18:58 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-11 18:58 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\tr-TR
2014-07-11 18:58 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\he-IL
2014-07-11 18:58 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism
2014-07-11 18:58 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\ar-SA
2014-07-11 18:55 - 2014-07-11 18:06 - 00000000 ____D () C:\AdwCleaner
2014-07-11 18:02 - 2013-03-12 06:30 - 00438718 _____ () C:\Windows\System32\perfh011.dat
2014-07-11 18:02 - 2013-03-12 06:30 - 00132026 _____ () C:\Windows\System32\perfc011.dat
2014-07-11 18:02 - 2013-03-12 06:10 - 00546682 _____ () C:\Windows\System32\perfh006.dat
2014-07-11 18:02 - 2013-03-12 06:10 - 00111004 _____ () C:\Windows\System32\perfc006.dat
2014-07-11 18:02 - 2013-03-12 05:29 - 00418042 _____ () C:\Windows\System32\prfh0404.dat
2014-07-11 18:02 - 2013-03-12 05:29 - 00125016 _____ () C:\Windows\System32\prfc0404.dat
2014-07-11 18:02 - 2013-03-12 05:14 - 00753072 _____ () C:\Windows\System32\prfh0416.dat
2014-07-11 18:02 - 2013-03-12 05:14 - 00159512 _____ () C:\Windows\System32\prfc0416.dat
2014-07-11 18:02 - 2013-03-10 23:34 - 00769930 _____ () C:\Windows\System32\prfh0816.dat
2014-07-11 18:02 - 2013-03-10 23:34 - 00165064 _____ () C:\Windows\System32\prfc0816.dat
2014-07-11 18:02 - 2013-03-10 23:26 - 00778674 _____ () C:\Windows\System32\perfh015.dat
2014-07-11 18:02 - 2013-03-10 23:26 - 00028844 _____ () C:\Windows\System32\perfc015.dat
2014-07-11 18:02 - 2013-03-10 23:18 - 00692528 _____ () C:\Windows\System32\perfh01F.dat
2014-07-11 18:02 - 2013-03-10 23:18 - 00151914 _____ () C:\Windows\System32\perfc01F.dat
2014-07-11 18:02 - 2013-03-10 23:05 - 00400156 _____ () C:\Windows\System32\prfh0804.dat
2014-07-11 18:02 - 2013-03-10 23:05 - 00128934 _____ () C:\Windows\System32\prfc0804.dat
2014-07-11 18:02 - 2013-03-10 22:39 - 00759896 _____ () C:\Windows\System32\perfh019.dat
2014-07-11 18:02 - 2013-03-10 22:39 - 00164082 _____ () C:\Windows\System32\perfc019.dat
2014-07-11 18:02 - 2013-03-10 22:30 - 00531476 _____ () C:\Windows\System32\perfh014.dat
2014-07-11 18:02 - 2013-03-10 22:30 - 00105826 _____ () C:\Windows\System32\perfc014.dat
2014-07-11 18:02 - 2013-03-10 22:22 - 00648866 _____ () C:\Windows\System32\perfh008.dat
2014-07-11 18:02 - 2013-03-10 22:22 - 00124264 _____ () C:\Windows\System32\perfc008.dat
2014-07-11 18:02 - 2013-03-10 22:14 - 00154414 _____ () C:\Windows\System32\perfc01D.dat
2014-07-11 18:02 - 2013-03-10 22:14 - 00055972 _____ () C:\Windows\System32\perfh01D.dat
2014-07-11 18:02 - 2013-03-10 22:06 - 00449400 _____ () C:\Windows\System32\perfh012.dat
2014-07-11 18:02 - 2013-03-10 22:06 - 00129814 _____ () C:\Windows\System32\perfc012.dat
2014-07-11 18:02 - 2013-03-10 21:56 - 00705144 _____ () C:\Windows\System32\perfh005.dat
2014-07-11 18:02 - 2013-03-10 21:56 - 00153850 _____ () C:\Windows\System32\perfc005.dat
2014-07-11 18:02 - 2013-03-10 21:35 - 00784328 _____ () C:\Windows\System32\perfh013.dat
2014-07-11 18:02 - 2013-03-10 21:35 - 00166192 _____ () C:\Windows\System32\perfc013.dat
2014-07-11 18:02 - 2013-03-10 21:27 - 00518660 _____ () C:\Windows\System32\perfh00B.dat
2014-07-11 18:02 - 2013-03-10 21:27 - 00114612 _____ () C:\Windows\System32\perfc00B.dat
2014-07-11 18:02 - 2013-03-10 21:19 - 00723478 _____ () C:\Windows\System32\perfh00E.dat
2014-07-11 18:02 - 2013-03-10 21:19 - 00185444 _____ () C:\Windows\System32\perfc00E.dat
2014-07-11 18:02 - 2013-03-10 21:06 - 00786448 _____ () C:\Windows\System32\perfh00A.dat
2014-07-11 18:02 - 2013-03-10 21:06 - 00172114 _____ () C:\Windows\System32\perfc00A.dat
2014-07-11 18:02 - 2013-03-10 20:57 - 00422532 _____ () C:\Windows\System32\perfh00D.dat
2014-07-11 18:02 - 2013-03-10 20:57 - 00094684 _____ () C:\Windows\System32\perfc00D.dat
2014-07-11 18:02 - 2013-03-10 20:44 - 00778976 _____ () C:\Windows\System32\perfh010.dat
2014-07-11 18:02 - 2013-03-10 20:44 - 00158532 _____ () C:\Windows\System32\perfc010.dat
2014-07-11 18:02 - 2013-03-10 20:36 - 00785246 _____ () C:\Windows\System32\perfh00C.dat
2014-07-11 18:02 - 2013-03-10 20:36 - 00514038 _____ () C:\Windows\System32\perfh001.dat
2014-07-11 18:02 - 2013-03-10 20:36 - 00162304 _____ () C:\Windows\System32\perfc00C.dat
2014-07-11 18:02 - 2013-03-10 20:36 - 00104698 _____ () C:\Windows\System32\perfc001.dat
2014-07-11 18:02 - 2013-03-10 20:21 - 00737988 _____ () C:\Windows\System32\perfh007.dat
2014-07-11 18:02 - 2013-03-10 20:21 - 00161006 _____ () C:\Windows\System32\perfc007.dat
2014-07-11 18:02 - 2009-07-13 21:13 - 17785838 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-07-09 23:19 - 2010-10-09 13:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 23:17 - 2013-09-19 20:11 - 00000000 ____D () C:\Windows\System32\MRT
2014-07-09 23:10 - 2012-01-02 19:43 - 96441528 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-07-09 00:34 - 2014-05-04 11:33 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 00:34 - 2014-05-04 11:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 00:34 - 2014-05-04 11:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 18:01 - 2010-10-09 13:42 - 00000000 ____D () C:\Users\dnilson\.VirtualBox
2014-07-08 16:09 - 2010-10-09 13:38 - 00000000 ____D () C:\Users\dnilson\AppData\Roaming\TeraCopy
2014-07-07 19:58 - 2010-10-09 13:38 - 00000000 ____D () C:\Users\dnilson\Documents\- Scouts
2014-07-07 19:56 - 2011-01-18 22:52 - 00000000 ____D () C:\Users\dnilson\AppData\Roaming\vlc
2014-07-07 19:54 - 2010-09-11 18:59 - 00000000 ____D () C:\Users\dnilson\Desktop\Internet Purchases
2014-07-07 19:37 - 2014-07-07 19:37 - 00000000 ____D () C:\Users\dnilson\AppData\Local\Adobe
2014-07-07 18:43 - 2011-02-25 20:28 - 00000000 ____D () C:\AMD
2014-07-07 18:26 - 2014-07-07 17:31 - 00000000 ____D () C:\Users\dnilson\AppData\Roaming\GetFoldersize
2014-07-07 17:33 - 2014-07-07 17:33 - 00001001 _____ () C:\Users\Public\Desktop\AllDup.lnk
2014-07-07 17:33 - 2014-07-07 17:33 - 00000000 ____D () C:\Users\dnilson\AppData\Roaming\AllDup
2014-07-07 17:33 - 2014-07-07 17:33 - 00000000 ____D () C:\ProgramData\AllDup
2014-07-07 17:33 - 2014-07-07 17:33 - 00000000 ____D () C:\Program Files (x86)\AllDup
2014-07-07 17:31 - 2014-07-07 17:31 - 00001089 _____ () C:\Users\Public\Desktop\GetFoldersize.lnk
2014-07-07 17:31 - 2014-07-07 17:31 - 00000000 ____D () C:\Program Files (x86)\GetFoldersize
2014-07-07 16:20 - 2014-07-07 16:20 - 00000474 _____ () C:\Users\dnilson\Desktop\How to Reduce the Size of Your WinSXS Folder on Windows 7 or 8.website
2014-07-07 15:55 - 2012-01-13 21:35 - 00000000 ____D () C:\Windows\Minidump
2014-07-07 15:30 - 2014-07-07 15:30 - 00003170 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Startup
2014-07-07 15:30 - 2014-07-07 15:30 - 00003168 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-07-07 15:30 - 2014-02-10 19:01 - 00001192 _____ () C:\Users\Public\Desktop\Smart Defrag 3.lnk
2014-07-07 15:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-07-06 21:59 - 2014-06-27 10:36 - 00005994 _____ () C:\Users\dnilson\HACF-wiki.txt
2014-06-29 18:09 - 2014-07-09 18:21 - 00519168 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-06-29 18:04 - 2014-07-09 18:21 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll

Some content of TEMP:
====================
C:\Users\dnilson\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprehrey.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2014-07-26 13:49:49
Restore point made on: 2014-07-26 23:04:14

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 8191.35 MB
Available physical RAM: 7196.9 MB
Total Pagefile: 8189.5 MB
Available Pagefile: 7185.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (C_0_3_NTFS-win7-64) (Fixed) (Total:290.77 GB) (Free:131.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (D_1_0_FAT32) (Fixed) (Total:15.99 GB) (Free:9.74 GB) FAT32
Drive e: (V) (Fixed) (Total:698.63 GB) (Free:691.89 GB) NTFS
Drive f: (W) (Fixed) (Total:698.63 GB) (Free:656.53 GB) NTFS
Drive g: (E_1_2_NTFS_sata2-p4) (Fixed) (Total:584.98 GB) (Free:307.54 GB) NTFS
Drive h: (System Reserved) (Fixed) (Total:0.09 GB) (Free:0.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (C_0_2_NTFS-win7-32) (Fixed) (Total:100 GB) (Free:72.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (C_1_1_ntfs_sata2-p4) (Fixed) (Total:97.65 GB) (Free:48.97 GB) NTFS
Drive k: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 6BA9FB03)
Partition 1: (Not Active) - (Size=94 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=291 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: 909D4CA2)
Partition 1: (Active) - (Size=16 GB) - (Type=0B)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=585 GB) - (Type=05)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: 5B03C344)
Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: 1C94C36A)
Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 16 MB) (Disk ID: ABA47C1E)


LastRegBack: 2014-07-17 20:17

==================== End Of Log ============================

Attached Files

•  FRST.txt   54.88KB   381 downloads

[Advertisements]

Hi and apologies for the delay, as a first step could you disconnect all hard drives except the one that you use to boot (i.e. 7 or XP )
Then try a boot

[Essexboy]

Hi and apologies for the delay, as a first step could you disconnect all hard drives except the one that you use to boot (i.e. 7 or XP )
Then try a boot

[dnilson76]

Ok, I'd already disconnected the big drives, here is just the one drive

 

target OS is the win7-64 in the 290gig partition

 

Still no OS od Safe mode boot, so ran a new FRST from recovery console

 

Attached the new FRST file

Attached Files

•  FRST.txt   77.82KB   325 downloads

[Essexboy]

OK next step will be to restore the registry

Are you able to access the safe mode menu ?
If this should fail could you go to the safe mode menu and select Enable VGA mode and try that

Download the attached fixlist.txt to the same location as FRST
 fixlist.txt   31bytes   298 downloads
Run FRST as before and press Fix
On completion try a normal boot

[dnilson76]

The registry restored with no errors, but it did not change the symptoms.

 

Both normal boot and Safe mode still show black screen and mouse cursor no matter which safe mode options I select.

 

Did I mention that I beleive the folder that contained my AMD/ATI display driver install (C:\ATI) is missing for some reason?

 

I did try putting in an Nvidia card for which a driver was prev isntalled, but no joy there either.

 

Is there a way to use FRST to force the default VGA driver be used?

 

======

I'm unable to rune PrevX fixshell utility, but since its a dueal boot system with a good 32 bit Win7 install, I was able to load the 64 bit regitry hive nad make shure that ..\Winlogon\shell, and ..\Winlong\userinit were properly filled out including trailing comma after user init.

 

======

I did a sfc /scannow using the /offbootdir and /offwindir parameters and it said corrupted files were replaced

 

the extra param were needed in the recovery command prompt as I got a "pending repair must be completed" message when I did it using std params.

 

 

Thanks for your help so far - love your tagline, but mine would say.....

 

 

Growing old is mandatory
Growing up is optional
But I never expected to grow old BEFORE I grew up!

 

[Essexboy]

OK can you locate, using the recovery console this file:

 

C:\Qoobox\ComboFix-quarantined-files.txt

 

Copy to the USB and attach to your next post

[dnilson76]

No, that's gone.

 

I may have whacked it myself, cant remember, dumb.

 

However it got deleted, I cant locate In recyclebin, found.xxx folders, or system Information either.

 

 

also I'm noting that since the problem started and I could not get in to windows, some of my restore points (from before the issue) are gone.

 

I Know they were there - I'd tried to restore them but the process failed BEFORE I ever ran FRST and contacted you - I know I didn't touch those, but Qoobox may have been me cleaning up after the "successful" Combofix run....  did windows delete even though the shell isn't loading? Weird that.

 

Hope you can still help.....

[dnilson76]

Explorer is configured to show everything hidden, BTW

[Essexboy]

OK what I will try this time is to disable NVidia/ati startups/services and see if I can force windows to use generic drivers

Download the attached fixlist.txt to the same location as FRST
 fixlist.txt   876bytes   306 downloads
Run FRST as before and press Fix
On completion try a normal boot

[dnilson76]

Nice try, but no luck -- still the same in normal and Safe mode

 

I read a post where someone had this problem and the wrong virtual screen was selected (screen 1,2,3 on properties .....)

 

So I put that NVIDIA card back in and tried both DVI connectors, but  they both showed the same black screen / mouse cursor (though could there be more than two?)

 

Tag, your turn..... Im out of ideas

[Essexboy]

Do you have the windows CD ? If so we could try a repair install/upgrade

[dnilson76]

So it come to that?

 

Sure Windows discs are no problem tho (I think) the original disc give a "Newer version if windows is installed" due to SP1, and some use a diff licensing model, but I can put a disk and key that work together.

 

What do you recommend, assuming I have access to most all disc versions

[Essexboy]

You can do a custom install of windows which will retain most of your data .. Details here http://www.sevenforu...indows-7-a.html

[dnilson76]

Just double checking, as I have so much installed and configured from the last 20 or so years of upgrades - some of what's in that image was installed under Win95 and subsequent O/S's and finding the install media at this point ......

 

An UPGRADE install, will keep most of my data (but maybe trigger that "newer version installed" message

 

The CUSTOM option in the link you supplied is/was notorious for leaving one with a new install, and no programs properly installed -- In which case I'm looking at 600-800 installs, and losing some old stuff forever. (and maybe I should just accept that)

 

Or is CUSTOM more forgiving with Win7?

 

does it use anything from the old registry?

 

I guess I can just backup the bad partition to unused space and try the CUSTOM install as you suggest, but if you know the answer here it will set my expectations.

[Essexboy]

Unfortunately you will need to re-install all your programmes, it will just save your user data.
The only drive affected will be the one with windows on it. Secondary drives should be untouched

The registry is completely rebuilt

In your case it may be an idea to use a windows imaging software so if this does occur again you will lose little or nothing