Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
RUNDLL ERRORS
Message
<blockquote data-quote="Arliia" data-source="post: 123170" data-attributes="member: 8664"><p>frst report</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2013 02</p><p>Ran by SYSTEM on 01-06-2013 22:41:38</p><p>Running from J:\</p><p>Windows 7 Home Premium (X64) OS Language: English(US)</p><p>Internet Explorer Version 9</p><p>Boot Mode: Recovery</p><p></p><p>The current controlset is ControlSet001</p><p><strong>ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.</strong></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [] [x]</p><p>HKLM\...\Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [12656 2012-06-18] (Alienware)</p><p>HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [2419512 2012-11-04] (Logitech, Inc.)</p><p>HKLM\...\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Avanquest\Fix-It\Antivirus\SBRC.exe" [201608 2012-11-06] (GFI Software)</p><p>HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe [165184 2011-09-22] (Softthinks)</p><p>Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)</p><p>HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [1058400 2011-10-31] (SEIKO EPSON CORPORATION)</p><p>HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)</p><p>HKU\Ar\...\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-400 Series" [283232 2012-02-29] (SEIKO EPSON CORPORATION)</p><p>HKU\Ar\...\Run: [SoftThinks] rundll32 "C:\Users\Ar\AppData\Local\Microsoft Help\SoftThinks\wkhnzka.dll",DllRegisterServer [x]</p><p>HKU\Ar\...\Run: [Red 5 Studios] RUNDLL32.EXE "C:\Users\Ar\AppData\Local\Red 5 Studios\zvwoafjx.dll",wtpmeppnraztwciltqturql [x]</p><p>HKU\Ar\...\Run: [Adobe CSS5.1 Manager] C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad\deeecacafbebfad.exe [126976 2013-05-31] ()</p><p>HKU\Ar\...\Run: [TimeServer] "C:\Users\Ar\AppData\Roaming\Dell\WIN79D2.exe" [126976 2013-06-01] ()</p><p>HKU\Ar\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad\deeecacafbebfad.exe [126976 2013-05-31] ()</p><p>HKU\Ar\...\Winlogon: [Shell] explorer.exe</p><p>SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File</p><p>SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>S2 .AVQWindowsMonitorService; C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe [249128 2013-04-08] (Avanquest Software)</p><p>S2 AQFileRestoreSrv; C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe [82816 2013-04-08] (Avanquest Software)</p><p>S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)</p><p>S2 Fix-It Task Manager; C:\PROGRA~2\AVANQU~1\Fix-It\MxTask.exe [537504 2013-04-08] (Avanquest Software)</p><p>S2 SBAMSvc; C:\Program Files (x86)\Avanquest\Fix-It\Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)</p><p>S2 VCOMCloudAgent; C:\Program Files (x86)\Avanquest\Fix-It\VcomCloudAgent.exe [86400 2013-04-08] (Avanquest Software North America)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S3 AQFileRestore; C:\Windows\SysWow64\DRIVERS\AQFileRestore.sys [20496 2013-04-08] ()</p><p>S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-06-01] ()</p><p>S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [25600 2012-10-24] (Razer USA Ltd)</p><p>S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [22016 2012-10-24] (Razer USA Ltd)</p><p>S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [23040 2012-10-24] (Razer USA Ltd)</p><p>S1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [49752 2010-03-22] (Sunbelt Software)</p><p>S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x]</p><p>S3 gfiark; system32\drivers\gfiark.sys [x]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-06-01 22:41 - 2013-06-01 22:41 - 00000000 ____D C:\FRST</p><p>2013-06-01 19:57 - 2013-06-01 19:57 - 00001275 ____A C:\AdwCleaner[S2].txt</p><p>2013-06-01 12:03 - 2013-06-01 12:03 - 00001199 ____A C:\Users\Ar\Desktop\AdwCleaner[R1].txt</p><p>2013-06-01 12:02 - 2013-06-01 12:02 - 00001422 ____A C:\Users\Ar\Desktop\adwcleaner.exe - Shortcut.lnk</p><p>2013-06-01 12:02 - 2013-06-01 12:02 - 00001199 ____A C:\AdwCleaner[R1].txt</p><p>2013-06-01 11:53 - 2013-06-01 11:53 - 00108130 ____A C:\Users\Ar\Desktop\OTL.Txt</p><p>2013-06-01 10:25 - 2013-06-01 10:25 - 00032000 ____A C:\Windows\System32\Drivers\hitmanpro37.sys</p><p>2013-06-01 10:23 - 2013-06-01 10:23 - 00001408 ____A C:\Users\Clay\Desktop\HitmanPro_20130601_1023.log</p><p>2013-06-01 10:23 - 2013-06-01 10:23 - 00000356 ____A C:\Windows\System32\.crusader</p><p>2013-06-01 10:14 - 2013-06-01 10:14 - 00000000 ____D C:\Program Files\HitmanPro</p><p>2013-06-01 10:13 - 2013-06-01 10:23 - 00000000 ____D C:\ProgramData\HitmanPro</p><p>2013-06-01 10:13 - 2013-06-01 10:23 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro</p><p>2013-06-01 10:11 - 2013-06-01 10:11 - 09818384 ____A (SurfRight B.V.) C:\Users\Clay\Desktop\HitmanPro_x64.exe</p><p>2013-06-01 03:05 - 2013-06-01 03:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab</p><p>2013-06-01 03:05 - 2013-06-01 03:05 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab</p><p>2013-06-01 03:02 - 2013-06-01 03:05 - 169354200 ____A C:\Users\Clay\Desktop\setup_11.0.0.1245.x01_2013_06_01_06_26.exe</p><p>2013-06-01 03:01 - 2013-06-01 03:01 - 00000255 ____A C:\Users\Clay\Desktop\est text.txt</p><p>2013-06-01 01:25 - 2013-06-01 01:25 - 02347384 ____A (ESET) C:\Users\Clay\Desktop\esetsmartinstaller_enu.exe</p><p>2013-06-01 01:25 - 2013-06-01 01:25 - 00000000 ____D C:\Program Files (x86)\ESET</p><p>2013-06-01 00:58 - 2013-06-01 00:58 - 00000000 ____D C:\Users\Clay\Desktop\mbar-1.06.0.1003</p><p>2013-06-01 00:36 - 2013-06-01 00:36 - 00000000 ____D C:\Users\Clay\My Documents\mbar-1.06.0.1003</p><p>2013-06-01 00:36 - 2013-06-01 00:36 - 00000000 ____D C:\Users\Clay\Documents\mbar-1.06.0.1003</p><p>2013-06-01 00:26 - 2013-06-01 00:26 - 00001496 ____A C:\Users\Clay\Desktop\JRT.txt</p><p>2013-06-01 00:23 - 2013-06-01 00:23 - 00000000 ____D C:\Windows\ERUNT</p><p>2013-06-01 00:22 - 2013-06-01 00:23 - 00000000 ____D C:\JRT</p><p>2013-06-01 00:22 - 2013-06-01 00:22 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Clay\Desktop\JRT.exe</p><p>2013-06-01 00:21 - 2013-06-01 00:21 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Clay\Downloads\JRT.exe</p><p>2013-06-01 00:16 - 2013-06-01 00:16 - 00001346 ____A C:\AdwCleaner[S1].txt</p><p>2013-06-01 00:15 - 2013-06-01 00:15 - 00632031 ____A C:\Users\Clay\Desktop\adwcleaner.exe</p><p>2013-05-31 19:42 - 2013-05-31 19:42 - 00000000 ____D C:\Users\Clay\My Backup Files</p><p>2013-05-31 19:14 - 2013-05-31 19:14 - 05025824 ____A C:\Users\Clay\Local Settings\census.cache</p><p>2013-05-31 19:14 - 2013-05-31 19:14 - 05025824 ____A C:\Users\Clay\Local Settings\Application Data\census.cache</p><p>2013-05-31 19:14 - 2013-05-31 19:14 - 05025824 ____A C:\Users\Clay\AppData\Local\census.cache</p><p>2013-05-31 19:11 - 2013-05-31 19:11 - 00091456 ____A C:\Users\Clay\Local Settings\ars.cache</p><p>2013-05-31 19:11 - 2013-05-31 19:11 - 00091456 ____A C:\Users\Clay\Local Settings\Application Data\ars.cache</p><p>2013-05-31 19:11 - 2013-05-31 19:11 - 00091456 ____A C:\Users\Clay\AppData\Local\ars.cache</p><p>2013-05-31 16:52 - 2013-05-31 16:52 - 00000036 ____A C:\Users\Clay\Local Settings\housecall.guid.cache</p><p>2013-05-31 16:52 - 2013-05-31 16:52 - 00000036 ____A C:\Users\Clay\Local Settings\Application Data\housecall.guid.cache</p><p>2013-05-31 16:52 - 2013-05-31 16:52 - 00000036 ____A C:\Users\Clay\AppData\Local\housecall.guid.cache</p><p>2013-05-31 16:52 - 2012-06-05 02:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys</p><p>2013-05-31 16:50 - 2013-05-31 16:50 - 00000000 ____D C:\Users\Clay\Desktop\log</p><p>2013-05-31 15:28 - 2013-05-31 15:28 - 00000000 ____D C:\0deee554-9c61-4aca-8f06-41b716eb59f7ad</p><p>2013-05-31 15:23 - 2013-06-01 00:02 - 00000004 ____A C:\Users\Ar\Application Data\skype.ini</p><p>2013-05-31 15:23 - 2013-06-01 00:02 - 00000004 ____A C:\Users\Ar\AppData\Roaming\skype.ini</p><p>2013-05-31 15:20 - 2013-05-31 15:20 - 00126976 ____A C:\Users\Ar\opera.exe</p><p>2013-05-31 15:20 - 2013-05-31 15:20 - 00000000 ____A C:\Users\Ar\teamviewer.exe</p><p>2013-05-31 15:20 - 2013-05-31 15:20 - 00000000 ____A C:\Users\Ar\skype.exe</p><p>2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\vlcplayer.exe</p><p>2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\icq.exe</p><p>2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\googleupdate.exe</p><p>2013-05-31 15:15 - 2013-05-31 15:15 - 00000000 ____A C:\Users\Ar\mstsc.exe</p><p>2013-05-31 15:15 - 2013-05-31 15:15 - 00000000 ____A C:\Users\Ar\msconfig.exe</p><p>2013-05-31 09:08 - 2013-06-01 21:00 - 00000318 ___AH C:\Windows\Tasks\{AAC7A130-C70F-4334-BD9E-E86127026A81}.job</p><p>2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\Local Settings\Application Data\0deee554-9c61-4aca-8f06-41b716eb59f7ad</p><p>2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\Local Settings\0deee554-9c61-4aca-8f06-41b716eb59f7ad</p><p>2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad</p><p>2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\nvwgf2um.dll</p><p>2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\nvd3dum.dll</p><p>2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\nvapi.dll</p><p>2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\eEBUtil.dll</p><p>2013-05-28 22:44 - 2013-05-28 22:44 - 00232221 ____A C:\Users\Ar\Downloads\Wowhead_Client.zip</p><p>2013-05-25 14:26 - 2013-05-25 14:26 - 00000000 ____D C:\Program Files (x86)\QuickTime</p><p>2013-05-24 00:54 - 2013-05-24 00:54 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2013-05-24 00:54 - 2013-05-24 00:54 - 00001113 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2013-05-24 00:54 - 2013-05-24 00:54 - 00000000 ____D C:\Users\Clay\Application Data\Malwarebytes</p><p>2013-05-24 00:54 - 2013-05-24 00:54 - 00000000 ____D C:\Users\Clay\AppData\Roaming\Malwarebytes</p><p>2013-05-24 00:54 - 2013-05-24 00:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>2013-05-24 00:54 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys</p><p>2013-05-24 00:53 - 2013-05-24 00:53 - 00000000 ____D C:\Users\Clay\My Documents\AlienFX</p><p>2013-05-24 00:53 - 2013-05-24 00:53 - 00000000 ____D C:\Users\Clay\Documents\AlienFX</p><p>2013-05-24 00:52 - 2013-05-24 00:52 - 00000000 ____D C:\Users\Clay\Application Data\Adobe</p><p>2013-05-24 00:52 - 2013-05-24 00:52 - 00000000 ____D C:\Users\Clay\AppData\Roaming\Adobe</p><p>2013-05-20 10:35 - 2013-05-05 16:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll</p><p>2013-05-20 10:35 - 2013-05-05 16:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb</p><p>2013-05-20 10:35 - 2013-05-05 14:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2013-05-20 10:35 - 2013-05-05 14:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2013-05-20 10:34 - 2013-04-04 20:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll</p><p>2013-05-20 10:34 - 2013-04-04 20:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll</p><p>2013-05-20 10:34 - 2013-04-04 20:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll</p><p>2013-05-20 10:34 - 2013-04-04 20:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll</p><p>2013-05-20 10:34 - 2013-04-04 19:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl</p><p>2013-05-20 10:34 - 2013-04-04 19:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll</p><p>2013-05-20 10:34 - 2013-04-04 19:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll</p><p>2013-05-20 10:34 - 2013-04-04 19:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe</p><p>2013-05-20 10:34 - 2013-04-04 19:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll</p><p>2013-05-20 10:34 - 2013-04-04 19:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll</p><p>2013-05-20 10:34 - 2013-04-04 19:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll</p><p>2013-05-20 10:34 - 2013-04-04 19:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll</p><p>2013-05-20 10:34 - 2013-04-04 19:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll</p><p>2013-05-20 10:34 - 2013-04-04 19:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll</p><p>2013-05-20 10:34 - 2013-04-04 17:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2013-05-20 10:34 - 2013-04-04 17:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2013-05-20 10:34 - 2013-04-04 17:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</p><p>2013-05-20 10:34 - 2013-04-04 17:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2013-05-20 10:34 - 2013-04-04 17:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2013-05-20 10:34 - 2013-04-04 17:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll</p><p>2013-05-20 10:34 - 2013-04-04 16:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2013-05-20 10:34 - 2013-04-04 16:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</p><p>2013-05-20 10:34 - 2013-04-04 16:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</p><p>2013-05-20 10:34 - 2013-04-04 16:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</p><p>2013-05-20 10:34 - 2013-04-04 16:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2013-05-20 10:34 - 2013-04-04 16:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2013-05-20 10:34 - 2013-04-04 16:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</p><p>2013-05-20 10:34 - 2013-04-04 16:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2013-05-20 10:33 - 2013-04-10 01:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys</p><p>2013-05-20 10:33 - 2013-04-10 01:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys</p><p>2013-05-20 10:33 - 2013-04-09 22:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys</p><p>2013-05-20 10:33 - 2013-03-19 00:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll</p><p>2013-05-20 10:33 - 2013-03-19 00:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll</p><p>2013-05-20 10:33 - 2013-02-27 01:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe</p><p>2013-05-20 10:33 - 2013-02-27 00:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll</p><p>2013-05-20 10:33 - 2013-02-27 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll</p><p>2013-05-20 10:33 - 2013-02-27 00:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll</p><p>2013-05-20 10:33 - 2013-02-27 00:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll</p><p>2013-05-20 10:33 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll</p><p>2013-05-20 10:33 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll</p><p>2013-05-20 10:33 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll</p><p>2013-05-20 10:33 - 2011-02-03 06:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll</p><p>2013-05-18 09:00 - 2013-05-18 09:01 - 00000000 ____D C:\ProgramData\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69</p><p>2013-05-18 09:00 - 2013-05-18 09:01 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69</p><p>2013-05-18 09:00 - 2013-05-18 09:01 - 00000000 ____D C:\Program Files\iTunes</p><p>2013-05-18 09:00 - 2013-05-18 09:00 - 00000000 ____D C:\Program Files\iPod</p><p>2013-05-15 11:26 - 2013-05-15 11:28 - 00000000 ____D C:\Users\Ar\Desktop\Brittany's</p><p>2013-05-13 20:55 - 2012-11-06 11:20 - 00047496 ____N (GFI Software) C:\Windows\System32\sbbd.exe</p><p>2013-05-13 20:55 - 2012-02-09 12:58 - 00035000 ____A C:\Windows\System32\mxntdfg.exe</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-06-01 22:41 - 2013-06-01 22:41 - 00000000 ____D C:\FRST</p><p>2013-06-01 21:37 - 2012-01-25 14:21 - 01079936 ____A C:\Windows\WindowsUpdate.log</p><p>2013-06-01 21:37 - 2009-07-13 23:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-06-01 21:37 - 2009-07-13 23:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-06-01 21:36 - 2012-01-25 21:45 - 00000000 ____D C:\Program Files (x86)\AlienRespawn</p><p>2013-06-01 21:32 - 2012-01-25 23:41 - 00000000 ____D C:\ProgramData\NVIDIA</p><p>2013-06-01 21:32 - 2012-01-25 23:41 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA</p><p>2013-06-01 21:32 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-06-01 21:32 - 2009-07-13 23:51 - 00053925 ____A C:\Windows\setupact.log</p><p>2013-06-01 21:30 - 2009-07-14 00:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI</p><p>2013-06-01 21:20 - 2012-01-25 21:50 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks</p><p>2013-06-01 21:20 - 2012-01-25 21:50 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks</p><p>2013-06-01 21:20 - 2012-01-25 21:50 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks</p><p>2013-06-01 21:20 - 2012-01-25 21:50 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks</p><p>2013-06-01 21:20 - 2012-01-25 21:50 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks</p><p>2013-06-01 21:20 - 2012-01-25 21:50 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks</p><p>2013-06-01 21:00 - 2013-05-31 09:08 - 00000318 ___AH C:\Windows\Tasks\{AAC7A130-C70F-4334-BD9E-E86127026A81}.job</p><p>2013-06-01 20:47 - 2012-12-19 10:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2013-06-01 19:57 - 2013-06-01 19:57 - 00001275 ____A C:\AdwCleaner[S2].txt</p><p>2013-06-01 19:47 - 2013-04-18 14:05 - 00000000 ___HD C:\_Backup</p><p>2013-06-01 19:10 - 2012-08-20 17:06 - 00000000 ____D C:\Users\Ar\Application Data\Dell</p><p>2013-06-01 19:10 - 2012-08-20 17:06 - 00000000 ____D C:\Users\Ar\AppData\Roaming\Dell</p><p>2013-06-01 19:06 - 2012-01-26 17:17 - 00071772 ____A C:\Windows\PFRO.log</p><p>2013-06-01 18:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF</p><p>2013-06-01 12:03 - 2013-06-01 12:03 - 00001199 ____A C:\Users\Ar\Desktop\AdwCleaner[R1].txt</p><p>2013-06-01 12:02 - 2013-06-01 12:02 - 00001422 ____A C:\Users\Ar\Desktop\adwcleaner.exe - Shortcut.lnk</p><p>2013-06-01 12:02 - 2013-06-01 12:02 - 00001199 ____A C:\AdwCleaner[R1].txt</p><p>2013-06-01 11:53 - 2013-06-01 11:53 - 00108130 ____A C:\Users\Ar\Desktop\OTL.Txt</p><p>2013-06-01 10:36 - 2012-01-26 22:57 - 00000000 ____D C:\Users\Ar\Local Settings\Application Data\Apple Computer</p><p>2013-06-01 10:36 - 2012-01-26 22:57 - 00000000 ____D C:\Users\Ar\Local Settings\Apple Computer</p><p>2013-06-01 10:36 - 2012-01-26 22:57 - 00000000 ____D C:\Users\Ar\AppData\Local\Apple Computer</p><p>2013-06-01 10:25 - 2013-06-01 10:25 - 00032000 ____A C:\Windows\System32\Drivers\hitmanpro37.sys</p><p>2013-06-01 10:23 - 2013-06-01 10:23 - 00001408 ____A C:\Users\Clay\Desktop\HitmanPro_20130601_1023.log</p><p>2013-06-01 10:23 - 2013-06-01 10:23 - 00000356 ____A C:\Windows\System32\.crusader</p><p>2013-06-01 10:23 - 2013-06-01 10:13 - 00000000 ____D C:\ProgramData\HitmanPro</p><p>2013-06-01 10:23 - 2013-06-01 10:13 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro</p><p>2013-06-01 10:14 - 2013-06-01 10:14 - 00000000 ____D C:\Program Files\HitmanPro</p><p>2013-06-01 10:11 - 2013-06-01 10:11 - 09818384 ____A (SurfRight B.V.) C:\Users\Clay\Desktop\HitmanPro_x64.exe</p><p>2013-06-01 04:05 - 2012-01-26 09:00 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk</p><p>2013-06-01 04:05 - 2012-01-26 09:00 - 00002515 ____A C:\ProgramData\Desktop\Skype.lnk</p><p>2013-06-01 04:05 - 2012-01-26 09:00 - 00000000 ____D C:\ProgramData\Skype</p><p>2013-06-01 04:05 - 2012-01-26 09:00 - 00000000 ____D C:\ProgramData\Application Data\Skype</p><p>2013-06-01 03:11 - 2012-05-15 16:36 - 00000000 ____D C:\Users\Ar\Local Settings\Red 5 Studios</p><p>2013-06-01 03:11 - 2012-05-15 16:36 - 00000000 ____D C:\Users\Ar\Local Settings\Application Data\Red 5 Studios</p><p>2013-06-01 03:11 - 2012-05-15 16:36 - 00000000 ____D C:\Users\Ar\AppData\Local\Red 5 Studios</p><p>2013-06-01 03:11 - 2012-01-25 12:51 - 00000000 ____D C:\users\Ar</p><p>2013-06-01 03:05 - 2013-06-01 03:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab</p><p>2013-06-01 03:05 - 2013-06-01 03:05 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab</p><p>2013-06-01 03:05 - 2013-06-01 03:02 - 169354200 ____A C:\Users\Clay\Desktop\setup_11.0.0.1245.x01_2013_06_01_06_26.exe</p><p>2013-06-01 03:01 - 2013-06-01 03:01 - 00000255 ____A C:\Users\Clay\Desktop\est text.txt</p><p>2013-06-01 01:25 - 2013-06-01 01:25 - 02347384 ____A (ESET) C:\Users\Clay\Desktop\esetsmartinstaller_enu.exe</p><p>2013-06-01 01:25 - 2013-06-01 01:25 - 00000000 ____D C:\Program Files (x86)\ESET</p><p>2013-06-01 00:58 - 2013-06-01 00:58 - 00000000 ____D C:\Users\Clay\Desktop\mbar-1.06.0.1003</p><p>2013-06-01 00:36 - 2013-06-01 00:36 - 00000000 ____D C:\Users\Clay\My Documents\mbar-1.06.0.1003</p><p>2013-06-01 00:36 - 2013-06-01 00:36 - 00000000 ____D C:\Users\Clay\Documents\mbar-1.06.0.1003</p><p>2013-06-01 00:26 - 2013-06-01 00:26 - 00001496 ____A C:\Users\Clay\Desktop\JRT.txt</p><p>2013-06-01 00:23 - 2013-06-01 00:23 - 00000000 ____D C:\Windows\ERUNT</p><p>2013-06-01 00:23 - 2013-06-01 00:22 - 00000000 ____D C:\JRT</p><p>2013-06-01 00:22 - 2013-06-01 00:22 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Clay\Desktop\JRT.exe</p><p>2013-06-01 00:21 - 2013-06-01 00:21 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Clay\Downloads\JRT.exe</p><p>2013-06-01 00:16 - 2013-06-01 00:16 - 00001346 ____A C:\AdwCleaner[S1].txt</p><p>2013-06-01 00:15 - 2013-06-01 00:15 - 00632031 ____A C:\Users\Clay\Desktop\adwcleaner.exe</p><p>2013-06-01 00:02 - 2013-05-31 15:23 - 00000004 ____A C:\Users\Ar\Application Data\skype.ini</p><p>2013-06-01 00:02 - 2013-05-31 15:23 - 00000004 ____A C:\Users\Ar\AppData\Roaming\skype.ini</p><p>2013-05-31 19:42 - 2013-05-31 19:42 - 00000000 ____D C:\Users\Clay\My Backup Files</p><p>2013-05-31 19:42 - 2012-08-20 17:42 - 00000000 ____D C:\Users\Clay\Local Settings\SoftThinks</p><p>2013-05-31 19:42 - 2012-08-20 17:42 - 00000000 ____D C:\Users\Clay\Local Settings\Application Data\SoftThinks</p><p>2013-05-31 19:42 - 2012-08-20 17:42 - 00000000 ____D C:\Users\Clay\AppData\Local\SoftThinks</p><p>2013-05-31 19:42 - 2012-08-20 17:42 - 00000000 ____D C:\users\Clay</p><p>2013-05-31 19:14 - 2013-05-31 19:14 - 05025824 ____A C:\Users\Clay\Local Settings\census.cache</p><p>2013-05-31 19:14 - 2013-05-31 19:14 - 05025824 ____A C:\Users\Clay\Local Settings\Application Data\census.cache</p><p>2013-05-31 19:14 - 2013-05-31 19:14 - 05025824 ____A C:\Users\Clay\AppData\Local\census.cache</p><p>2013-05-31 19:11 - 2013-05-31 19:11 - 00091456 ____A C:\Users\Clay\Local Settings\ars.cache</p><p>2013-05-31 19:11 - 2013-05-31 19:11 - 00091456 ____A C:\Users\Clay\Local Settings\Application Data\ars.cache</p><p>2013-05-31 19:11 - 2013-05-31 19:11 - 00091456 ____A C:\Users\Clay\AppData\Local\ars.cache</p><p>2013-05-31 16:52 - 2013-05-31 16:52 - 00000036 ____A C:\Users\Clay\Local Settings\housecall.guid.cache</p><p>2013-05-31 16:52 - 2013-05-31 16:52 - 00000036 ____A C:\Users\Clay\Local Settings\Application Data\housecall.guid.cache</p><p>2013-05-31 16:52 - 2013-05-31 16:52 - 00000036 ____A C:\Users\Clay\AppData\Local\housecall.guid.cache</p><p>2013-05-31 16:50 - 2013-05-31 16:50 - 00000000 ____D C:\Users\Clay\Desktop\log</p><p>2013-05-31 15:28 - 2013-05-31 15:28 - 00000000 ____D C:\0deee554-9c61-4aca-8f06-41b716eb59f7ad</p><p>2013-05-31 15:20 - 2013-05-31 15:20 - 00126976 ____A C:\Users\Ar\opera.exe</p><p>2013-05-31 15:20 - 2013-05-31 15:20 - 00000000 ____A C:\Users\Ar\teamviewer.exe</p><p>2013-05-31 15:20 - 2013-05-31 15:20 - 00000000 ____A C:\Users\Ar\skype.exe</p><p>2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\vlcplayer.exe</p><p>2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\icq.exe</p><p>2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\googleupdate.exe</p><p>2013-05-31 15:15 - 2013-05-31 15:15 - 00000000 ____A C:\Users\Ar\mstsc.exe</p><p>2013-05-31 15:15 - 2013-05-31 15:15 - 00000000 ____A C:\Users\Ar\msconfig.exe</p><p>2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\Local Settings\Application Data\0deee554-9c61-4aca-8f06-41b716eb59f7ad</p><p>2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\Local Settings\0deee554-9c61-4aca-8f06-41b716eb59f7ad</p><p>2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad</p><p>2013-05-31 06:02 - 2012-05-30 17:29 - 00000000 ____D C:\Users\Ar\Local Settings\Deployment</p><p>2013-05-31 06:02 - 2012-05-30 17:29 - 00000000 ____D C:\Users\Ar\Local Settings\Application Data\Deployment</p><p>2013-05-31 06:02 - 2012-05-30 17:29 - 00000000 ____D C:\Users\Ar\AppData\Local\Deployment</p><p>2013-05-30 17:47 - 2012-01-26 09:00 - 00000000 ____D C:\Users\Ar\Application Data\Skype</p><p>2013-05-30 17:47 - 2012-01-26 09:00 - 00000000 ____D C:\Users\Ar\AppData\Roaming\Skype</p><p>2013-05-30 15:19 - 2012-04-19 14:20 - 00095811 ____A C:\Users\Ar\Local Settings\ars.cache</p><p>2013-05-30 15:19 - 2012-04-19 14:20 - 00095811 ____A C:\Users\Ar\Local Settings\Application Data\ars.cache</p><p>2013-05-30 15:19 - 2012-04-19 14:20 - 00095811 ____A C:\Users\Ar\AppData\Local\ars.cache</p><p>2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\nvwgf2um.dll</p><p>2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\nvd3dum.dll</p><p>2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\nvapi.dll</p><p>2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\eEBUtil.dll</p><p>2013-05-28 22:44 - 2013-05-28 22:44 - 00232221 ____A C:\Users\Ar\Downloads\Wowhead_Client.zip</p><p>2013-05-28 22:37 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp</p><p>2013-05-25 14:26 - 2013-05-25 14:26 - 00000000 ____D C:\Program Files (x86)\QuickTime</p><p>2013-05-25 14:26 - 2012-05-19 18:53 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk</p><p>2013-05-25 14:26 - 2012-05-19 18:53 - 00001845 ____A C:\ProgramData\Desktop\QuickTime Player.lnk</p><p>2013-05-24 00:54 - 2013-05-24 00:54 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2013-05-24 00:54 - 2013-05-24 00:54 - 00001113 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2013-05-24 00:54 - 2013-05-24 00:54 - 00000000 ____D C:\Users\Clay\Application Data\Malwarebytes</p><p>2013-05-24 00:54 - 2013-05-24 00:54 - 00000000 ____D C:\Users\Clay\AppData\Roaming\Malwarebytes</p><p>2013-05-24 00:54 - 2013-05-24 00:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>2013-05-24 00:53 - 2013-05-24 00:53 - 00000000 ____D C:\Users\Clay\My Documents\AlienFX</p><p>2013-05-24 00:53 - 2013-05-24 00:53 - 00000000 ____D C:\Users\Clay\Documents\AlienFX</p><p>2013-05-24 00:52 - 2013-05-24 00:52 - 00000000 ____D C:\Users\Clay\Application Data\Adobe</p><p>2013-05-24 00:52 - 2013-05-24 00:52 - 00000000 ____D C:\Users\Clay\AppData\Roaming\Adobe</p><p>2013-05-24 00:04 - 2012-10-18 21:43 - 00000000 ____D C:\Users\Ar\Local Settings\Microsoft Help</p><p>2013-05-24 00:04 - 2012-10-18 21:43 - 00000000 ____D C:\Users\Ar\Local Settings\Application Data\Microsoft Help</p><p>2013-05-24 00:04 - 2012-10-18 21:43 - 00000000 ____D C:\Users\Ar\AppData\Local\Microsoft Help</p><p>2013-05-23 23:04 - 2012-01-26 12:51 - 00000000 ____D C:\Program Files (x86)\World of Warcraft</p><p>2013-05-21 15:04 - 2012-08-20 17:06 - 00000000 ____D C:\Program Files\AlienAutopsy</p><p>2013-05-21 15:03 - 2012-08-20 17:06 - 00000000 ____D C:\ProgramData\PCDr</p><p>2013-05-21 15:03 - 2012-08-20 17:06 - 00000000 ____D C:\ProgramData\Application Data\PCDr</p><p>2013-05-21 08:35 - 2012-05-14 16:33 - 00000000 ____D C:\Program Files (x86)\Diablo III</p><p>2013-05-20 12:24 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache</p><p>2013-05-20 11:32 - 2009-07-13 23:45 - 00327256 ____A C:\Windows\System32\FNTCACHE.DAT</p><p>2013-05-20 10:40 - 2012-10-18 21:43 - 00000000 ____D C:\ProgramData\Microsoft Help</p><p>2013-05-20 10:40 - 2012-10-18 21:43 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help</p><p>2013-05-20 10:38 - 2012-01-26 17:00 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe</p><p>2013-05-18 09:01 - 2013-05-18 09:00 - 00000000 ____D C:\ProgramData\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69</p><p>2013-05-18 09:01 - 2013-05-18 09:00 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69</p><p>2013-05-18 09:01 - 2013-05-18 09:00 - 00000000 ____D C:\Program Files\iTunes</p><p>2013-05-18 09:01 - 2012-09-15 14:49 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk</p><p>2013-05-18 09:01 - 2012-09-15 14:49 - 00001783 ____A C:\ProgramData\Desktop\iTunes.lnk</p><p>2013-05-18 09:01 - 2012-06-16 14:13 - 00000000 ____D C:\Program Files (x86)\iTunes</p><p>2013-05-18 09:00 - 2013-05-18 09:00 - 00000000 ____D C:\Program Files\iPod</p><p>2013-05-15 11:28 - 2013-05-15 11:26 - 00000000 ____D C:\Users\Ar\Desktop\Brittany's</p><p>2013-05-15 00:47 - 2012-04-04 12:32 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2013-05-15 00:47 - 2012-01-25 19:41 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2013-05-13 20:54 - 2012-01-25 21:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information</p><p>2013-05-10 08:16 - 2013-03-09 01:01 - 00000000 ____D C:\users\UpdatusUser.ARLENE</p><p>2013-05-05 16:36 - 2013-05-20 10:35 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll</p><p>2013-05-05 16:16 - 2013-05-20 10:35 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb</p><p>2013-05-05 14:25 - 2013-05-20 10:35 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2013-05-05 14:12 - 2013-05-20 10:35 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p></p><p>Files to move or delete:</p><p>====================</p><p>C:\Users\Ar\googleupdate.exe</p><p>C:\Users\Ar\icq.exe</p><p>C:\Users\Ar\msconfig.exe</p><p>C:\Users\Ar\mstsc.exe</p><p>C:\Users\Ar\opera.exe</p><p>C:\Users\Ar\skype.exe</p><p>C:\Users\Ar\teamviewer.exe</p><p>C:\Users\Ar\vlcplayer.exe</p><p>C:\Users\Ar\AppData\Roaming\skype.ini</p><p>C:\Windows\Tasks\{AAC7A130-C70F-4334-BD9E-E86127026A81}.job</p><p></p><p>==================== Known DLLs (Whitelisted) ================</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points =========================</p><p></p><p>Restore point made on: 2013-05-28 00:00:08</p><p>Restore point made on: 2013-05-31 19:43:24</p><p>Restore point made on: 2013-06-01 00:48:52</p><p>Restore point made on: 2013-06-01 10:47:20</p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 8%</p><p>Total physical RAM: 9206.99 MB</p><p>Available physical RAM: 8379.63 MB</p><p>Total Pagefile: 9205.14 MB</p><p>Available Pagefile: 8369.98 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.84 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:925.23 GB) (Free:817.62 GB) NTFS (Disk=0 Partition=2)</p><p>Drive j: () (Removable) (Total:0.93 GB) (Free:0.75 GB) FAT (Disk=1 Partition=1)</p><p>Drive k: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]</p><p>Drive l: (RECOVERY) (Fixed) (Total:6.18 GB) (Free:2.25 GB) NTFS (Disk=0 Partition=3)</p><p>Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6ECA5067)</p><p>Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=925 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=6 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 1 (Size: 949 MB) (Disk ID: 00000000)</p><p>Partition 1: (Active) - (Size=949 MB) - (Type=0E)</p><p></p><p></p><p>Last Boot: 2013-05-24 02:01</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="Arliia, post: 123170, member: 8664"] frst report Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2013 02 Ran by SYSTEM on 01-06-2013 22:41:38 Running from J:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] [x] HKLM\...\Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [12656 2012-06-18] (Alienware) HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [2419512 2012-11-04] (Logitech, Inc.) HKLM\...\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Avanquest\Fix-It\Antivirus\SBRC.exe" [201608 2012-11-06] (GFI Software) HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe [165184 2011-09-22] (Softthinks) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [1058400 2011-10-31] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.) HKU\Ar\...\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-400 Series" [283232 2012-02-29] (SEIKO EPSON CORPORATION) HKU\Ar\...\Run: [SoftThinks] rundll32 "C:\Users\Ar\AppData\Local\Microsoft Help\SoftThinks\wkhnzka.dll",DllRegisterServer [x] HKU\Ar\...\Run: [Red 5 Studios] RUNDLL32.EXE "C:\Users\Ar\AppData\Local\Red 5 Studios\zvwoafjx.dll",wtpmeppnraztwciltqturql [x] HKU\Ar\...\Run: [Adobe CSS5.1 Manager] C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad\deeecacafbebfad.exe [126976 2013-05-31] () HKU\Ar\...\Run: [TimeServer] "C:\Users\Ar\AppData\Roaming\Dell\WIN79D2.exe" [126976 2013-06-01] () HKU\Ar\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad\deeecacafbebfad.exe [126976 2013-05-31] () HKU\Ar\...\Winlogon: [Shell] explorer.exe SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File ==================== Services (Whitelisted) ================= S2 .AVQWindowsMonitorService; C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe [249128 2013-04-08] (Avanquest Software) S2 AQFileRestoreSrv; C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe [82816 2013-04-08] (Avanquest Software) S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) S2 Fix-It Task Manager; C:\PROGRA~2\AVANQU~1\Fix-It\MxTask.exe [537504 2013-04-08] (Avanquest Software) S2 SBAMSvc; C:\Program Files (x86)\Avanquest\Fix-It\Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software) S2 VCOMCloudAgent; C:\Program Files (x86)\Avanquest\Fix-It\VcomCloudAgent.exe [86400 2013-04-08] (Avanquest Software North America) ==================== Drivers (Whitelisted) ==================== S3 AQFileRestore; C:\Windows\SysWow64\DRIVERS\AQFileRestore.sys [20496 2013-04-08] () S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-06-01] () S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [25600 2012-10-24] (Razer USA Ltd) S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [22016 2012-10-24] (Razer USA Ltd) S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [23040 2012-10-24] (Razer USA Ltd) S1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [49752 2010-03-22] (Sunbelt Software) S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x] S3 gfiark; system32\drivers\gfiark.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-01 22:41 - 2013-06-01 22:41 - 00000000 ____D C:\FRST 2013-06-01 19:57 - 2013-06-01 19:57 - 00001275 ____A C:\AdwCleaner[S2].txt 2013-06-01 12:03 - 2013-06-01 12:03 - 00001199 ____A C:\Users\Ar\Desktop\AdwCleaner[R1].txt 2013-06-01 12:02 - 2013-06-01 12:02 - 00001422 ____A C:\Users\Ar\Desktop\adwcleaner.exe - Shortcut.lnk 2013-06-01 12:02 - 2013-06-01 12:02 - 00001199 ____A C:\AdwCleaner[R1].txt 2013-06-01 11:53 - 2013-06-01 11:53 - 00108130 ____A C:\Users\Ar\Desktop\OTL.Txt 2013-06-01 10:25 - 2013-06-01 10:25 - 00032000 ____A C:\Windows\System32\Drivers\hitmanpro37.sys 2013-06-01 10:23 - 2013-06-01 10:23 - 00001408 ____A C:\Users\Clay\Desktop\HitmanPro_20130601_1023.log 2013-06-01 10:23 - 2013-06-01 10:23 - 00000356 ____A C:\Windows\System32\.crusader 2013-06-01 10:14 - 2013-06-01 10:14 - 00000000 ____D C:\Program Files\HitmanPro 2013-06-01 10:13 - 2013-06-01 10:23 - 00000000 ____D C:\ProgramData\HitmanPro 2013-06-01 10:13 - 2013-06-01 10:23 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro 2013-06-01 10:11 - 2013-06-01 10:11 - 09818384 ____A (SurfRight B.V.) C:\Users\Clay\Desktop\HitmanPro_x64.exe 2013-06-01 03:05 - 2013-06-01 03:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-06-01 03:05 - 2013-06-01 03:05 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab 2013-06-01 03:02 - 2013-06-01 03:05 - 169354200 ____A C:\Users\Clay\Desktop\setup_11.0.0.1245.x01_2013_06_01_06_26.exe 2013-06-01 03:01 - 2013-06-01 03:01 - 00000255 ____A C:\Users\Clay\Desktop\est text.txt 2013-06-01 01:25 - 2013-06-01 01:25 - 02347384 ____A (ESET) C:\Users\Clay\Desktop\esetsmartinstaller_enu.exe 2013-06-01 01:25 - 2013-06-01 01:25 - 00000000 ____D C:\Program Files (x86)\ESET 2013-06-01 00:58 - 2013-06-01 00:58 - 00000000 ____D C:\Users\Clay\Desktop\mbar-1.06.0.1003 2013-06-01 00:36 - 2013-06-01 00:36 - 00000000 ____D C:\Users\Clay\My Documents\mbar-1.06.0.1003 2013-06-01 00:36 - 2013-06-01 00:36 - 00000000 ____D C:\Users\Clay\Documents\mbar-1.06.0.1003 2013-06-01 00:26 - 2013-06-01 00:26 - 00001496 ____A C:\Users\Clay\Desktop\JRT.txt 2013-06-01 00:23 - 2013-06-01 00:23 - 00000000 ____D C:\Windows\ERUNT 2013-06-01 00:22 - 2013-06-01 00:23 - 00000000 ____D C:\JRT 2013-06-01 00:22 - 2013-06-01 00:22 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Clay\Desktop\JRT.exe 2013-06-01 00:21 - 2013-06-01 00:21 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Clay\Downloads\JRT.exe 2013-06-01 00:16 - 2013-06-01 00:16 - 00001346 ____A C:\AdwCleaner[S1].txt 2013-06-01 00:15 - 2013-06-01 00:15 - 00632031 ____A C:\Users\Clay\Desktop\adwcleaner.exe 2013-05-31 19:42 - 2013-05-31 19:42 - 00000000 ____D C:\Users\Clay\My Backup Files 2013-05-31 19:14 - 2013-05-31 19:14 - 05025824 ____A C:\Users\Clay\Local Settings\census.cache 2013-05-31 19:14 - 2013-05-31 19:14 - 05025824 ____A C:\Users\Clay\Local Settings\Application Data\census.cache 2013-05-31 19:14 - 2013-05-31 19:14 - 05025824 ____A C:\Users\Clay\AppData\Local\census.cache 2013-05-31 19:11 - 2013-05-31 19:11 - 00091456 ____A C:\Users\Clay\Local Settings\ars.cache 2013-05-31 19:11 - 2013-05-31 19:11 - 00091456 ____A C:\Users\Clay\Local Settings\Application Data\ars.cache 2013-05-31 19:11 - 2013-05-31 19:11 - 00091456 ____A C:\Users\Clay\AppData\Local\ars.cache 2013-05-31 16:52 - 2013-05-31 16:52 - 00000036 ____A C:\Users\Clay\Local Settings\housecall.guid.cache 2013-05-31 16:52 - 2013-05-31 16:52 - 00000036 ____A C:\Users\Clay\Local Settings\Application Data\housecall.guid.cache 2013-05-31 16:52 - 2013-05-31 16:52 - 00000036 ____A C:\Users\Clay\AppData\Local\housecall.guid.cache 2013-05-31 16:52 - 2012-06-05 02:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys 2013-05-31 16:50 - 2013-05-31 16:50 - 00000000 ____D C:\Users\Clay\Desktop\log 2013-05-31 15:28 - 2013-05-31 15:28 - 00000000 ____D C:\0deee554-9c61-4aca-8f06-41b716eb59f7ad 2013-05-31 15:23 - 2013-06-01 00:02 - 00000004 ____A C:\Users\Ar\Application Data\skype.ini 2013-05-31 15:23 - 2013-06-01 00:02 - 00000004 ____A C:\Users\Ar\AppData\Roaming\skype.ini 2013-05-31 15:20 - 2013-05-31 15:20 - 00126976 ____A C:\Users\Ar\opera.exe 2013-05-31 15:20 - 2013-05-31 15:20 - 00000000 ____A C:\Users\Ar\teamviewer.exe 2013-05-31 15:20 - 2013-05-31 15:20 - 00000000 ____A C:\Users\Ar\skype.exe 2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\vlcplayer.exe 2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\icq.exe 2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\googleupdate.exe 2013-05-31 15:15 - 2013-05-31 15:15 - 00000000 ____A C:\Users\Ar\mstsc.exe 2013-05-31 15:15 - 2013-05-31 15:15 - 00000000 ____A C:\Users\Ar\msconfig.exe 2013-05-31 09:08 - 2013-06-01 21:00 - 00000318 ___AH C:\Windows\Tasks\{AAC7A130-C70F-4334-BD9E-E86127026A81}.job 2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\Local Settings\Application Data\0deee554-9c61-4aca-8f06-41b716eb59f7ad 2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\Local Settings\0deee554-9c61-4aca-8f06-41b716eb59f7ad 2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad 2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\nvwgf2um.dll 2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\nvd3dum.dll 2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\nvapi.dll 2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\eEBUtil.dll 2013-05-28 22:44 - 2013-05-28 22:44 - 00232221 ____A C:\Users\Ar\Downloads\Wowhead_Client.zip 2013-05-25 14:26 - 2013-05-25 14:26 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-05-24 00:54 - 2013-05-24 00:54 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-05-24 00:54 - 2013-05-24 00:54 - 00001113 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk 2013-05-24 00:54 - 2013-05-24 00:54 - 00000000 ____D C:\Users\Clay\Application Data\Malwarebytes 2013-05-24 00:54 - 2013-05-24 00:54 - 00000000 ____D C:\Users\Clay\AppData\Roaming\Malwarebytes 2013-05-24 00:54 - 2013-05-24 00:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-24 00:54 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-05-24 00:53 - 2013-05-24 00:53 - 00000000 ____D C:\Users\Clay\My Documents\AlienFX 2013-05-24 00:53 - 2013-05-24 00:53 - 00000000 ____D C:\Users\Clay\Documents\AlienFX 2013-05-24 00:52 - 2013-05-24 00:52 - 00000000 ____D C:\Users\Clay\Application Data\Adobe 2013-05-24 00:52 - 2013-05-24 00:52 - 00000000 ____D C:\Users\Clay\AppData\Roaming\Adobe 2013-05-20 10:35 - 2013-05-05 16:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-20 10:35 - 2013-05-05 16:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-20 10:35 - 2013-05-05 14:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-20 10:35 - 2013-05-05 14:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-20 10:34 - 2013-04-04 20:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-20 10:34 - 2013-04-04 20:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-20 10:34 - 2013-04-04 20:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-20 10:34 - 2013-04-04 20:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-20 10:34 - 2013-04-04 19:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-05-20 10:34 - 2013-04-04 19:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-05-20 10:34 - 2013-04-04 19:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-20 10:34 - 2013-04-04 19:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-05-20 10:34 - 2013-04-04 19:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-20 10:34 - 2013-04-04 19:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-05-20 10:34 - 2013-04-04 19:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-20 10:34 - 2013-04-04 19:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-20 10:34 - 2013-04-04 19:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-05-20 10:34 - 2013-04-04 19:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-20 10:34 - 2013-04-04 17:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-20 10:34 - 2013-04-04 17:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-20 10:34 - 2013-04-04 17:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-05-20 10:34 - 2013-04-04 17:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-20 10:34 - 2013-04-04 17:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-20 10:34 - 2013-04-04 17:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-05-20 10:34 - 2013-04-04 16:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-20 10:34 - 2013-04-04 16:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-20 10:34 - 2013-04-04 16:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-05-20 10:34 - 2013-04-04 16:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-05-20 10:34 - 2013-04-04 16:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-20 10:34 - 2013-04-04 16:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-20 10:34 - 2013-04-04 16:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-05-20 10:34 - 2013-04-04 16:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-20 10:33 - 2013-04-10 01:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-20 10:33 - 2013-04-10 01:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-20 10:33 - 2013-04-09 22:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-20 10:33 - 2013-03-19 00:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-20 10:33 - 2013-03-19 00:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-20 10:33 - 2013-02-27 01:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-20 10:33 - 2013-02-27 00:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-20 10:33 - 2013-02-27 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-20 10:33 - 2013-02-27 00:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-20 10:33 - 2013-02-27 00:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-20 10:33 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-20 10:33 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-20 10:33 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-20 10:33 - 2011-02-03 06:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-18 09:00 - 2013-05-18 09:01 - 00000000 ____D C:\ProgramData\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-05-18 09:00 - 2013-05-18 09:01 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-05-18 09:00 - 2013-05-18 09:01 - 00000000 ____D C:\Program Files\iTunes 2013-05-18 09:00 - 2013-05-18 09:00 - 00000000 ____D C:\Program Files\iPod 2013-05-15 11:26 - 2013-05-15 11:28 - 00000000 ____D C:\Users\Ar\Desktop\Brittany's 2013-05-13 20:55 - 2012-11-06 11:20 - 00047496 ____N (GFI Software) C:\Windows\System32\sbbd.exe 2013-05-13 20:55 - 2012-02-09 12:58 - 00035000 ____A C:\Windows\System32\mxntdfg.exe ==================== One Month Modified Files and Folders ======= 2013-06-01 22:41 - 2013-06-01 22:41 - 00000000 ____D C:\FRST 2013-06-01 21:37 - 2012-01-25 14:21 - 01079936 ____A C:\Windows\WindowsUpdate.log 2013-06-01 21:37 - 2009-07-13 23:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-01 21:37 - 2009-07-13 23:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-01 21:36 - 2012-01-25 21:45 - 00000000 ____D C:\Program Files (x86)\AlienRespawn 2013-06-01 21:32 - 2012-01-25 23:41 - 00000000 ____D C:\ProgramData\NVIDIA 2013-06-01 21:32 - 2012-01-25 23:41 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA 2013-06-01 21:32 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-01 21:32 - 2009-07-13 23:51 - 00053925 ____A C:\Windows\setupact.log 2013-06-01 21:30 - 2009-07-14 00:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-01 21:20 - 2012-01-25 21:50 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks 2013-06-01 21:20 - 2012-01-25 21:50 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks 2013-06-01 21:20 - 2012-01-25 21:50 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2013-06-01 21:20 - 2012-01-25 21:50 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks 2013-06-01 21:20 - 2012-01-25 21:50 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks 2013-06-01 21:20 - 2012-01-25 21:50 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2013-06-01 21:00 - 2013-05-31 09:08 - 00000318 ___AH C:\Windows\Tasks\{AAC7A130-C70F-4334-BD9E-E86127026A81}.job 2013-06-01 20:47 - 2012-12-19 10:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-01 19:57 - 2013-06-01 19:57 - 00001275 ____A C:\AdwCleaner[S2].txt 2013-06-01 19:47 - 2013-04-18 14:05 - 00000000 ___HD C:\_Backup 2013-06-01 19:10 - 2012-08-20 17:06 - 00000000 ____D C:\Users\Ar\Application Data\Dell 2013-06-01 19:10 - 2012-08-20 17:06 - 00000000 ____D C:\Users\Ar\AppData\Roaming\Dell 2013-06-01 19:06 - 2012-01-26 17:17 - 00071772 ____A C:\Windows\PFRO.log 2013-06-01 18:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF 2013-06-01 12:03 - 2013-06-01 12:03 - 00001199 ____A C:\Users\Ar\Desktop\AdwCleaner[R1].txt 2013-06-01 12:02 - 2013-06-01 12:02 - 00001422 ____A C:\Users\Ar\Desktop\adwcleaner.exe - Shortcut.lnk 2013-06-01 12:02 - 2013-06-01 12:02 - 00001199 ____A C:\AdwCleaner[R1].txt 2013-06-01 11:53 - 2013-06-01 11:53 - 00108130 ____A C:\Users\Ar\Desktop\OTL.Txt 2013-06-01 10:36 - 2012-01-26 22:57 - 00000000 ____D C:\Users\Ar\Local Settings\Application Data\Apple Computer 2013-06-01 10:36 - 2012-01-26 22:57 - 00000000 ____D C:\Users\Ar\Local Settings\Apple Computer 2013-06-01 10:36 - 2012-01-26 22:57 - 00000000 ____D C:\Users\Ar\AppData\Local\Apple Computer 2013-06-01 10:25 - 2013-06-01 10:25 - 00032000 ____A C:\Windows\System32\Drivers\hitmanpro37.sys 2013-06-01 10:23 - 2013-06-01 10:23 - 00001408 ____A C:\Users\Clay\Desktop\HitmanPro_20130601_1023.log 2013-06-01 10:23 - 2013-06-01 10:23 - 00000356 ____A C:\Windows\System32\.crusader 2013-06-01 10:23 - 2013-06-01 10:13 - 00000000 ____D C:\ProgramData\HitmanPro 2013-06-01 10:23 - 2013-06-01 10:13 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro 2013-06-01 10:14 - 2013-06-01 10:14 - 00000000 ____D C:\Program Files\HitmanPro 2013-06-01 10:11 - 2013-06-01 10:11 - 09818384 ____A (SurfRight B.V.) C:\Users\Clay\Desktop\HitmanPro_x64.exe 2013-06-01 04:05 - 2012-01-26 09:00 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk 2013-06-01 04:05 - 2012-01-26 09:00 - 00002515 ____A C:\ProgramData\Desktop\Skype.lnk 2013-06-01 04:05 - 2012-01-26 09:00 - 00000000 ____D C:\ProgramData\Skype 2013-06-01 04:05 - 2012-01-26 09:00 - 00000000 ____D C:\ProgramData\Application Data\Skype 2013-06-01 03:11 - 2012-05-15 16:36 - 00000000 ____D C:\Users\Ar\Local Settings\Red 5 Studios 2013-06-01 03:11 - 2012-05-15 16:36 - 00000000 ____D C:\Users\Ar\Local Settings\Application Data\Red 5 Studios 2013-06-01 03:11 - 2012-05-15 16:36 - 00000000 ____D C:\Users\Ar\AppData\Local\Red 5 Studios 2013-06-01 03:11 - 2012-01-25 12:51 - 00000000 ____D C:\users\Ar 2013-06-01 03:05 - 2013-06-01 03:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-06-01 03:05 - 2013-06-01 03:05 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab 2013-06-01 03:05 - 2013-06-01 03:02 - 169354200 ____A C:\Users\Clay\Desktop\setup_11.0.0.1245.x01_2013_06_01_06_26.exe 2013-06-01 03:01 - 2013-06-01 03:01 - 00000255 ____A C:\Users\Clay\Desktop\est text.txt 2013-06-01 01:25 - 2013-06-01 01:25 - 02347384 ____A (ESET) C:\Users\Clay\Desktop\esetsmartinstaller_enu.exe 2013-06-01 01:25 - 2013-06-01 01:25 - 00000000 ____D C:\Program Files (x86)\ESET 2013-06-01 00:58 - 2013-06-01 00:58 - 00000000 ____D C:\Users\Clay\Desktop\mbar-1.06.0.1003 2013-06-01 00:36 - 2013-06-01 00:36 - 00000000 ____D C:\Users\Clay\My Documents\mbar-1.06.0.1003 2013-06-01 00:36 - 2013-06-01 00:36 - 00000000 ____D C:\Users\Clay\Documents\mbar-1.06.0.1003 2013-06-01 00:26 - 2013-06-01 00:26 - 00001496 ____A C:\Users\Clay\Desktop\JRT.txt 2013-06-01 00:23 - 2013-06-01 00:23 - 00000000 ____D C:\Windows\ERUNT 2013-06-01 00:23 - 2013-06-01 00:22 - 00000000 ____D C:\JRT 2013-06-01 00:22 - 2013-06-01 00:22 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Clay\Desktop\JRT.exe 2013-06-01 00:21 - 2013-06-01 00:21 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Clay\Downloads\JRT.exe 2013-06-01 00:16 - 2013-06-01 00:16 - 00001346 ____A C:\AdwCleaner[S1].txt 2013-06-01 00:15 - 2013-06-01 00:15 - 00632031 ____A C:\Users\Clay\Desktop\adwcleaner.exe 2013-06-01 00:02 - 2013-05-31 15:23 - 00000004 ____A C:\Users\Ar\Application Data\skype.ini 2013-06-01 00:02 - 2013-05-31 15:23 - 00000004 ____A C:\Users\Ar\AppData\Roaming\skype.ini 2013-05-31 19:42 - 2013-05-31 19:42 - 00000000 ____D C:\Users\Clay\My Backup Files 2013-05-31 19:42 - 2012-08-20 17:42 - 00000000 ____D C:\Users\Clay\Local Settings\SoftThinks 2013-05-31 19:42 - 2012-08-20 17:42 - 00000000 ____D C:\Users\Clay\Local Settings\Application Data\SoftThinks 2013-05-31 19:42 - 2012-08-20 17:42 - 00000000 ____D C:\Users\Clay\AppData\Local\SoftThinks 2013-05-31 19:42 - 2012-08-20 17:42 - 00000000 ____D C:\users\Clay 2013-05-31 19:14 - 2013-05-31 19:14 - 05025824 ____A C:\Users\Clay\Local Settings\census.cache 2013-05-31 19:14 - 2013-05-31 19:14 - 05025824 ____A C:\Users\Clay\Local Settings\Application Data\census.cache 2013-05-31 19:14 - 2013-05-31 19:14 - 05025824 ____A C:\Users\Clay\AppData\Local\census.cache 2013-05-31 19:11 - 2013-05-31 19:11 - 00091456 ____A C:\Users\Clay\Local Settings\ars.cache 2013-05-31 19:11 - 2013-05-31 19:11 - 00091456 ____A C:\Users\Clay\Local Settings\Application Data\ars.cache 2013-05-31 19:11 - 2013-05-31 19:11 - 00091456 ____A C:\Users\Clay\AppData\Local\ars.cache 2013-05-31 16:52 - 2013-05-31 16:52 - 00000036 ____A C:\Users\Clay\Local Settings\housecall.guid.cache 2013-05-31 16:52 - 2013-05-31 16:52 - 00000036 ____A C:\Users\Clay\Local Settings\Application Data\housecall.guid.cache 2013-05-31 16:52 - 2013-05-31 16:52 - 00000036 ____A C:\Users\Clay\AppData\Local\housecall.guid.cache 2013-05-31 16:50 - 2013-05-31 16:50 - 00000000 ____D C:\Users\Clay\Desktop\log 2013-05-31 15:28 - 2013-05-31 15:28 - 00000000 ____D C:\0deee554-9c61-4aca-8f06-41b716eb59f7ad 2013-05-31 15:20 - 2013-05-31 15:20 - 00126976 ____A C:\Users\Ar\opera.exe 2013-05-31 15:20 - 2013-05-31 15:20 - 00000000 ____A C:\Users\Ar\teamviewer.exe 2013-05-31 15:20 - 2013-05-31 15:20 - 00000000 ____A C:\Users\Ar\skype.exe 2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\vlcplayer.exe 2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\icq.exe 2013-05-31 15:18 - 2013-05-31 15:18 - 00000000 ____A C:\Users\Ar\googleupdate.exe 2013-05-31 15:15 - 2013-05-31 15:15 - 00000000 ____A C:\Users\Ar\mstsc.exe 2013-05-31 15:15 - 2013-05-31 15:15 - 00000000 ____A C:\Users\Ar\msconfig.exe 2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\Local Settings\Application Data\0deee554-9c61-4aca-8f06-41b716eb59f7ad 2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\Local Settings\0deee554-9c61-4aca-8f06-41b716eb59f7ad 2013-05-31 09:08 - 2013-05-31 09:08 - 00000000 ____D C:\Users\Ar\AppData\Local\0deee554-9c61-4aca-8f06-41b716eb59f7ad 2013-05-31 06:02 - 2012-05-30 17:29 - 00000000 ____D C:\Users\Ar\Local Settings\Deployment 2013-05-31 06:02 - 2012-05-30 17:29 - 00000000 ____D C:\Users\Ar\Local Settings\Application Data\Deployment 2013-05-31 06:02 - 2012-05-30 17:29 - 00000000 ____D C:\Users\Ar\AppData\Local\Deployment 2013-05-30 17:47 - 2012-01-26 09:00 - 00000000 ____D C:\Users\Ar\Application Data\Skype 2013-05-30 17:47 - 2012-01-26 09:00 - 00000000 ____D C:\Users\Ar\AppData\Roaming\Skype 2013-05-30 15:19 - 2012-04-19 14:20 - 00095811 ____A C:\Users\Ar\Local Settings\ars.cache 2013-05-30 15:19 - 2012-04-19 14:20 - 00095811 ____A C:\Users\Ar\Local Settings\Application Data\ars.cache 2013-05-30 15:19 - 2012-04-19 14:20 - 00095811 ____A C:\Users\Ar\AppData\Local\ars.cache 2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\nvwgf2um.dll 2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\nvd3dum.dll 2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\nvapi.dll 2013-05-30 12:12 - 2013-05-30 12:12 - 00000000 ____A C:\Windows\System32\eEBUtil.dll 2013-05-28 22:44 - 2013-05-28 22:44 - 00232221 ____A C:\Users\Ar\Downloads\Wowhead_Client.zip 2013-05-28 22:37 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-05-25 14:26 - 2013-05-25 14:26 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-05-25 14:26 - 2012-05-19 18:53 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2013-05-25 14:26 - 2012-05-19 18:53 - 00001845 ____A C:\ProgramData\Desktop\QuickTime Player.lnk 2013-05-24 00:54 - 2013-05-24 00:54 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-05-24 00:54 - 2013-05-24 00:54 - 00001113 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk 2013-05-24 00:54 - 2013-05-24 00:54 - 00000000 ____D C:\Users\Clay\Application Data\Malwarebytes 2013-05-24 00:54 - 2013-05-24 00:54 - 00000000 ____D C:\Users\Clay\AppData\Roaming\Malwarebytes 2013-05-24 00:54 - 2013-05-24 00:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-24 00:53 - 2013-05-24 00:53 - 00000000 ____D C:\Users\Clay\My Documents\AlienFX 2013-05-24 00:53 - 2013-05-24 00:53 - 00000000 ____D C:\Users\Clay\Documents\AlienFX 2013-05-24 00:52 - 2013-05-24 00:52 - 00000000 ____D C:\Users\Clay\Application Data\Adobe 2013-05-24 00:52 - 2013-05-24 00:52 - 00000000 ____D C:\Users\Clay\AppData\Roaming\Adobe 2013-05-24 00:04 - 2012-10-18 21:43 - 00000000 ____D C:\Users\Ar\Local Settings\Microsoft Help 2013-05-24 00:04 - 2012-10-18 21:43 - 00000000 ____D C:\Users\Ar\Local Settings\Application Data\Microsoft Help 2013-05-24 00:04 - 2012-10-18 21:43 - 00000000 ____D C:\Users\Ar\AppData\Local\Microsoft Help 2013-05-23 23:04 - 2012-01-26 12:51 - 00000000 ____D C:\Program Files (x86)\World of Warcraft 2013-05-21 15:04 - 2012-08-20 17:06 - 00000000 ____D C:\Program Files\AlienAutopsy 2013-05-21 15:03 - 2012-08-20 17:06 - 00000000 ____D C:\ProgramData\PCDr 2013-05-21 15:03 - 2012-08-20 17:06 - 00000000 ____D C:\ProgramData\Application Data\PCDr 2013-05-21 08:35 - 2012-05-14 16:33 - 00000000 ____D C:\Program Files (x86)\Diablo III 2013-05-20 12:24 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2013-05-20 11:32 - 2009-07-13 23:45 - 00327256 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-20 10:40 - 2012-10-18 21:43 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-20 10:40 - 2012-10-18 21:43 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help 2013-05-20 10:38 - 2012-01-26 17:00 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-18 09:01 - 2013-05-18 09:00 - 00000000 ____D C:\ProgramData\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-05-18 09:01 - 2013-05-18 09:00 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-05-18 09:01 - 2013-05-18 09:00 - 00000000 ____D C:\Program Files\iTunes 2013-05-18 09:01 - 2012-09-15 14:49 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-05-18 09:01 - 2012-09-15 14:49 - 00001783 ____A C:\ProgramData\Desktop\iTunes.lnk 2013-05-18 09:01 - 2012-06-16 14:13 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-05-18 09:00 - 2013-05-18 09:00 - 00000000 ____D C:\Program Files\iPod 2013-05-15 11:28 - 2013-05-15 11:26 - 00000000 ____D C:\Users\Ar\Desktop\Brittany's 2013-05-15 00:47 - 2012-04-04 12:32 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-15 00:47 - 2012-01-25 19:41 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-13 20:54 - 2012-01-25 21:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-05-10 08:16 - 2013-03-09 01:01 - 00000000 ____D C:\users\UpdatusUser.ARLENE 2013-05-05 16:36 - 2013-05-20 10:35 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-05 16:16 - 2013-05-20 10:35 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-05 14:25 - 2013-05-20 10:35 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-05 14:12 - 2013-05-20 10:35 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb Files to move or delete: ==================== C:\Users\Ar\googleupdate.exe C:\Users\Ar\icq.exe C:\Users\Ar\msconfig.exe C:\Users\Ar\mstsc.exe C:\Users\Ar\opera.exe C:\Users\Ar\skype.exe C:\Users\Ar\teamviewer.exe C:\Users\Ar\vlcplayer.exe C:\Users\Ar\AppData\Roaming\skype.ini C:\Windows\Tasks\{AAC7A130-C70F-4334-BD9E-E86127026A81}.job ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-28 00:00:08 Restore point made on: 2013-05-31 19:43:24 Restore point made on: 2013-06-01 00:48:52 Restore point made on: 2013-06-01 10:47:20 ==================== Memory info =========================== Percentage of memory in use: 8% Total physical RAM: 9206.99 MB Available physical RAM: 8379.63 MB Total Pagefile: 9205.14 MB Available Pagefile: 8369.98 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:925.23 GB) (Free:817.62 GB) NTFS (Disk=0 Partition=2) Drive j: () (Removable) (Total:0.93 GB) (Free:0.75 GB) FAT (Disk=1 Partition=1) Drive k: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)] Drive l: (RECOVERY) (Fixed) (Total:6.18 GB) (Free:2.25 GB) NTFS (Disk=0 Partition=3) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6ECA5067) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=925 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=6 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 949 MB) (Disk ID: 00000000) Partition 1: (Active) - (Size=949 MB) - (Type=0E) Last Boot: 2013-05-24 02:01 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top