1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Problems With Initial Scans Told To Run

Discussion in 'Virus & Other Malware Removal' started by HelpMePlease1313, Feb 20, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. HelpMePlease1313

    HelpMePlease1313 Thread Starter

    Joined:
    Feb 20, 2013
    Messages:
    6
    First of all, thank you in advance for your help.
    t
    I was following the instructions of what to do before proceeding, and I had a few problem with the first step running Hijack This.

    When it started, it quickly stopped and said I did not have access for some reason. It told me to find the Hijack report and delete them. I pushed "ok". Then the scan resumed.

    A huge log came up, with no line item of "HijackThis reports" so I could not delete the report as the instructions say to do. and when I went to save it as "hosts", it told me I did not have access as Administrator to do so, even though I do and am logged in that way. I had to save the huge log of info as a txt file in "My Document"

    Since things were not proceeding as the instructions indicated they would, I stopped and am sendin this info to you now to know how to proceed. This computer has been acting very strangely for over a month how, and I am hoping you can help me.

    Thank you and I look forward to hearing from you.:)
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,376
    First Name:
    Kevin
    Download and save DDS to your Desktop from either of the following links:

    http://download.bleepingcomputer.com/sUBs/dds.scr
    http://compendiate.net/sUBs/dds/dds.scr

    Note: You must use Internet Explorer to download dds.scr, other browsers will open the file in the browser and not save it. Or if you must use Firefox, or Chrome, then right click the link and select "save link as" and save the file to your desktop.

    Double-click the dds.scr file to run the program.

    It will automatically run in silent mode and then you will see the following note:

    "Two logs shall be created on your Desktop"

    The logs will be named dds.txt and attach.txt".

    Wait until the logs appear and then copy and paste their contents in your post.

    Kevin....
     
  3. HelpMePlease1313

    HelpMePlease1313 Thread Starter

    Joined:
    Feb 20, 2013
    Messages:
    6
    okay, will do as instructed and post asap. Thank you :) (y)
     
  4. HelpMePlease1313

    HelpMePlease1313 Thread Starter

    Joined:
    Feb 20, 2013
    Messages:
    6
    computer shut down while I was following your last instructions, and rebooted in Safe Mode with networking. I am trying to include three pictures showing the screens that came up when trying to start up again in Window 7. i did not tell it to automatically check for a solution on line.

    Please let me know if there are not three pictures included here with the info. when crashed.

    Thank you.
     

    Attached Files:

  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,376
    First Name:
    Kevin
    Can you navigate to C:\Windows\Minidump\022013-21824.dmp
    Right click on that file, Select > Send to > Compressed (zipped) folder. The file will be zipped and saved in the same folder, attach that to next reply...
     
  6. HelpMePlease1313

    HelpMePlease1313 Thread Starter

    Joined:
    Feb 20, 2013
    Messages:
    6
    I am still in safe mode with networking, and when trying to zip the minidump file as you instructed, it will not do so, and says that my access is denied. I can't seem to do anything the instructions say to do. I await your reply, and thank you.
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,376
    First Name:
    Kevin
    OK do the following:

    Please download Farbar Recovery Scan Tool from here:
    http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
    save it to a flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options I give two methods, use whichever is convenient for you.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Kevin....
     
  8. HelpMePlease1313

    HelpMePlease1313 Thread Starter

    Joined:
    Feb 20, 2013
    Messages:
    6
    Kevin, I hope you are still out there. Sorry about delay in getting back here. Family situations, church last night, etc. I will be back as soon as following your last instructions. thank you.
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,376
    First Name:
    Kevin
    Don`t worry about your reply times, we all have busy lives to run. Post the FRST log when you`re ready, I do check in throughout the day but do have to go out myself now and again... We`ll get ther eventually....

    Kevin...
     
  10. HelpMePlease1313

    HelpMePlease1313 Thread Starter

    Joined:
    Feb 20, 2013
    Messages:
    6
    wow, finally got something. After I copied the report to paste here, the computer rebooted, but not into safe mode this time. Now the computer is still running with the flash drive still in it. Should I remove the flash drive yet?

    Here is the report it generated: (again, thank you, and I look forward to hearing from you)

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-02-2013 01
    Ran by SYSTEM at 21-02-2013 05:40:00
    Running from G:\
    Windows 7 Home Premium (X86) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-03-02] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [496184 2010-03-09] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-18] ()
    HKLM\...\Run: [UpdateP2GShortCut] "C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [218408 2008-12-03] (CyberLink Corp.)
    HKLM\...\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe [4114368 2009-12-16] (Lenovo(beijing) Limited)
    HKLM\...\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe [6223808 2009-12-16] (Lenovo (Beijing) Limited)
    HKLM\...\Run: [UDC Integration] [x]
    HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1821576 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
    HKLM\...\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe" [46368 2010-03-08] (Nuance Communications, Inc.)
    HKLM\...\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe" [29984 2010-03-08] (Nuance Communications, Inc.)
    HKLM\...\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" [362 2013-02-18] ()
    HKLM\...\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
    HKLM\...\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
    HKLM\...\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun [139264 2011-04-20] (Brother Industries, Ltd.)
    HKLM\...\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-06-10] (Brother Industries, Ltd.)
    HKLM\...\Run: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60 [3365288 2013-01-30] (Emsisoft GmbH)
    HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
    HKU\Default\...\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage [768336 2009-07-26] (Microsoft Corporation)
    HKU\Default User\...\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage [768336 2009-07-26] (Microsoft Corporation)
    HKU\Steve\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
    HKU\Steve\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-01-19] (Google Inc.)
    HKU\Steve\...\Run: [Amazon Cloud Drive] C:\Users\Steve\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe [x]
    HKU\Steve\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17877168 2012-11-09] (Skype Technologies S.A.)
    HKU\Steve\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    AppInit_DLLs: C:\PROGRA~1\KEYCRY~1\KEYCRY~3.DLL
    Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
    ShortcutTarget: OpenOffice.org 3.2.lnk -> X:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
    ==================== Services (Whitelisted) ===================
    2 0078901360591482mcinstcleanup; C:\Users\Diane\AppData\Local\Temp\007890~1.EXE -cleanup -nolog [832664 2012-09-28] (McAfee, Inc.)
    2 a2AntiMalware; "C:\Program Files\Emsisoft Anti-Malware\a2service.exe" [3089320 2013-01-30] (Emsisoft GmbH)
    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
    2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [133912 2012-10-30] (AVAST Software)
    3 BrYNSvc; "C:\Program Files\Browny02\BrYNSvc.exe" [245760 2010-01-25] (Brother Industries, Ltd.)
    2 DDNIMSGService; "C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe" [171872 2010-07-20] (Digital Delivery Networks, Inc.)
    2 DDNIService; C:\Program Files\DDNI\DIBS\DDNIService.exe [163680 2010-07-23] (Digital Delivery Networks, Inc.)
    3 IGRS; "C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe" [38152 2009-07-14] (Lenovo Group Limited)
    3 Lenovo ReadyComm AppSvc; "C:\Program Files\Lenovo\ReadyComm\AppSvc.exe" [509192 2009-08-14] (Lenovo Group Limited)
    3 Lenovo ReadyComm ConnSvc; "C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe" [575304 2009-11-17] (Lenovo Group Limited)
    2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
    3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
    2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
    4 IDVaultSvc; "C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe" [x]
    3 MSSQL$MSSMLBIZ; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [x]
    4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
    2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
    2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]
    ==================== Drivers (Whitelisted) ====================
    3 a2acc; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [54072 2012-04-30] (Emsisoft GmbH)
    1 A2DDA; \??\C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [17904 2011-05-19] (Emsi Software GmbH)
    1 a2injectiondriver; \??\C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [37856 2012-04-30] (Emsisoft GmbH)
    1 a2util; \??\C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [11776 2010-05-05] (Emsi Software GmbH)
    3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21256 2009-09-03] (Lenovo Corporation)
    3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5340160 2010-03-02] (ATI Technologies Inc.)
    1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog32.sys [82320 2013-01-15] (Zemana Ltd.)
    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-10-30] (AVAST Software)
    1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [106560 2012-10-30] (AVAST Software)
    1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [20624 2012-10-30] (AVAST Software)
    2 aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [58680 2012-10-30] (AVAST Software)
    0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2012-09-21] (ALWIL Software)
    0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [199320 2012-10-30] (AVAST Software)
    1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-10-15] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [738504 2012-10-30] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [361032 2012-10-30] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-10-30] (AVAST Software)
    3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
    3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt32.sys [25936 2013-01-05] (Zemana Ltd.)
    3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
    3 PTQHBUS; C:\Windows\System32\DRIVERS\PTQHBUS.sys [55056 2009-12-14] (DEVGURU Co., LTD.)
    3 PTQHMDM; C:\Windows\System32\DRIVERS\PTQHMDM.sys [161040 2009-12-14] (DEVGURU Co., LTD.(www.devguru.co.kr))
    3 PTQHVSP; C:\Windows\System32\DRIVERS\PTQHVSP.sys [161040 2009-12-14] (DEVGURU Co., LTD.(www.devguru.co.kr))
    3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [171776 2009-10-16] (SMI)
    3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider)
    3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
    3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
    3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
    1 SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys [x]
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2013-02-20 08:31 - 2013-02-20 08:31 - 00150392 ____A C:\Windows\Minidump\022013-21824-01.dmp
    2013-02-20 08:18 - 2013-02-20 08:18 - 00688992 ____R (Swearware) C:\Users\Diane\Desktop\dds.scr
    2013-02-20 07:38 - 2013-02-20 07:39 - 00011204 ____A C:\Users\Diane\Desktop\hijackthis.log
    2013-02-20 07:31 - 2013-02-20 07:31 - 00388608 ____A (Trend Micro Inc.) C:\Users\Diane\Desktop\HijackThis.exe
    2013-02-19 03:06 - 2013-02-19 03:06 - 00000000 ____D C:\Users\Diane\Desktop\G--More
    2013-02-19 02:52 - 2013-02-19 04:19 - 00000000 ____D C:\Users\Diane\Desktop\G-More3
    2013-02-19 01:28 - 2013-02-19 02:33 - 00000000 ____D C:\Users\Diane\Desktop\G-Dict
    2013-02-18 07:59 - 2013-02-18 07:59 - 00000056 ____A C:\Windows\setupact.log
    2013-02-18 07:59 - 2013-02-18 07:59 - 00000000 ____A C:\Windows\setuperr.log
    2013-02-15 00:20 - 2012-08-23 06:44 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
    2013-02-15 00:20 - 2012-08-23 06:10 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
    2013-02-15 00:20 - 2012-08-23 06:10 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
    2013-02-15 00:20 - 2012-08-23 05:52 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
    2013-02-15 00:19 - 2012-08-23 06:40 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
    2013-02-15 00:18 - 2012-08-23 06:48 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
    2013-02-15 00:18 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
    2013-02-15 00:18 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
    2013-02-15 00:18 - 2012-08-23 05:32 - 00032768 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
    2013-02-15 00:18 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
    2013-02-15 00:18 - 2012-08-23 03:40 - 00056320 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
    2013-02-15 00:18 - 2012-08-23 03:32 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
    2013-02-15 00:18 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
    2013-02-15 00:18 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
    2013-02-15 00:18 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
    2013-02-15 00:18 - 2012-08-23 02:08 - 02739712 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2013-02-15 00:18 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2013-02-15 00:13 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2013-02-15 00:12 - 2012-08-24 09:05 - 00136560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2013-02-15 00:12 - 2012-08-24 09:02 - 00369856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2013-02-15 00:12 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2013-02-15 00:12 - 2012-08-24 08:56 - 01039360 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
    2013-02-14 01:03 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-02-14 01:03 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-02-14 01:03 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-02-14 01:03 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-02-14 01:03 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-02-14 01:03 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-02-14 01:03 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-02-14 01:03 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-02-14 01:03 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-02-14 01:03 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-02-14 01:03 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-02-14 01:03 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-02-14 01:03 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-02-14 01:03 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-02-14 01:02 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-02-14 01:02 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-02-13 06:34 - 2013-01-03 19:00 - 02347008 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-02-13 06:32 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2013-02-13 06:32 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-02-13 06:32 - 2013-01-02 21:05 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-02-13 06:32 - 2013-01-02 21:04 - 00187752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2013-02-13 06:31 - 2013-01-03 20:50 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2013-02-11 07:48 - 2013-02-20 08:32 - 00376320 __ASH C:\Users\Diane\Desktop\Thumbs.db
    2013-02-11 07:18 - 2013-02-11 07:18 - 00002107 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
    2013-02-11 07:18 - 2012-10-30 15:51 - 00361032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2013-02-11 07:18 - 2012-10-30 15:51 - 00106560 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
    2013-02-11 07:18 - 2012-10-30 15:51 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2013-02-11 07:17 - 2012-10-30 15:51 - 00738504 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2013-02-11 07:17 - 2012-10-30 15:51 - 00199320 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
    2013-02-11 07:17 - 2012-10-30 15:51 - 00058680 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2013-02-11 07:17 - 2012-10-30 15:51 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2013-02-11 07:17 - 2012-10-30 15:51 - 00020624 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
    2013-02-11 07:17 - 2012-10-15 08:59 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2013-02-11 07:14 - 2012-10-30 15:51 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2013-02-11 07:14 - 2012-10-30 15:50 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2013-02-11 07:14 - 2012-09-21 01:26 - 00012112 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys
    2013-02-11 07:12 - 2013-02-11 07:12 - 00000000 ____D C:\ProgramData\AVAST Software
    2013-02-11 07:12 - 2013-02-11 07:12 - 00000000 ____D C:\Program Files\AVAST Software
    2013-02-10 00:33 - 2013-02-10 00:33 - 00007680 ____A C:\Windows\130980966.exe
    2013-02-10 00:33 - 2013-02-10 00:33 - 00000110 ____A C:\Windows\130980966.dat
    2013-02-09 05:03 - 2013-02-09 05:03 - 00002052 ____A C:\Windows\epplauncher.mif
    2013-02-08 21:20 - 2013-02-08 21:20 - 00001045 ____A C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    2013-02-08 21:18 - 2013-02-20 08:04 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
    2013-02-08 20:51 - 2013-02-08 21:13 - 238163264 ____A (Emsisoft GmbH ) C:\Program Files\EmsisoftAntiMalwareSetup.exe
    2013-02-08 11:43 - 2013-02-08 11:43 - 00000000 ____D C:\Users\Diane\AppData\Local\{0DC471FF-FEA1-4CA3-B901-4729E69DDD05}
    2013-02-08 09:25 - 2013-02-08 09:25 - 00000000 ____D C:\Users\Diane\AppData\Roaming\Motive
    2013-02-08 09:18 - 2013-02-08 09:19 - 00385904 ____A C:\Program Files\ATT_SST.exe
    2013-02-06 09:51 - 2013-02-06 09:51 - 00000000 ____D C:\Users\Diane\AppData\Local\{D2458CEE-CDC1-4199-A9A3-3A401F6F6B20}
    2013-02-05 07:43 - 2013-02-05 11:30 - 00000000 ____D C:\Users\Diane\Desktop\All-New-Ideas
    2013-02-04 12:22 - 2013-02-08 23:25 - 00000000 ____D C:\Users\Diane\Desktop\G-More2
    2013-02-04 11:45 - 2013-02-04 11:49 - 00000000 ____D C:\Users\Diane\AppData\Roaming\WinRAR
    2013-02-04 11:43 - 2013-02-04 12:07 - 00000000 ____D C:\Program Files\WinRAR
    2013-02-04 11:32 - 2013-02-07 00:35 - 00000000 __SHD C:\Windows\System32\AI_RecycleBin
    2013-02-04 11:32 - 2013-02-07 00:35 - 00000000 ____D C:\ProgramData\Strongvault Online Backup
    2013-02-04 11:31 - 2013-02-09 05:31 - 00000000 ____D C:\Users\Diane\AppData\Local\Updater21804
    2013-02-04 11:31 - 2013-02-09 00:35 - 00000000 ____D C:\Program Files\Coupon Companion Plugin
    2013-02-04 11:31 - 2013-02-07 00:35 - 00000000 __SHD C:\AI_RecycleBin
    2013-02-04 11:31 - 2013-02-04 11:31 - 00000009 ____A C:\END
    2013-02-04 11:31 - 2013-02-04 11:31 - 00000000 ____D C:\Users\Diane\AppData\Local\Coupon Companion Plugin
    2013-02-03 10:53 - 2013-02-08 23:34 - 00000000 ___RD C:\Users\Diane\Desktop\G-27000
    2013-02-03 10:53 - 2013-02-08 23:32 - 00000000 ___RD C:\Users\Diane\Desktop\G-28000
    2013-02-03 10:53 - 2013-02-08 21:01 - 00000000 ___RD C:\Users\Diane\Desktop\G-29000
    2013-02-03 10:52 - 2013-02-08 23:31 - 00000000 ___RD C:\Users\Diane\Desktop\G-26000
    2013-02-03 10:41 - 2013-02-08 23:33 - 00000000 ___RD C:\Users\Diane\Desktop\G-24000
    2013-02-03 10:41 - 2013-02-08 23:24 - 00000000 ___RD C:\Users\Diane\Desktop\G-23000
    2013-02-03 10:41 - 2013-02-08 22:49 - 00000000 ___RD C:\Users\Diane\Desktop\G-25000
    2013-02-03 10:39 - 2013-02-08 23:24 - 00000000 ___RD C:\Users\Diane\Desktop\G-22000
    2013-02-03 10:39 - 2013-02-08 23:24 - 00000000 ___RD C:\Users\Diane\Desktop\G-21000
    2013-02-03 10:13 - 2013-02-08 23:23 - 00000000 ___RD C:\Users\Diane\Desktop\G-20000
    2013-02-03 10:13 - 2013-02-08 23:21 - 00000000 ___RD C:\Users\Diane\Desktop\G-18000
    2013-02-03 10:12 - 2013-02-08 23:28 - 00000000 ___RD C:\Users\Diane\Desktop\G-19000
    2013-02-03 10:07 - 2013-02-08 23:19 - 00000000 ___RD C:\Users\Diane\Desktop\G-15000
    2013-02-03 10:06 - 2013-02-08 23:28 - 00000000 ___RD C:\Users\Diane\Desktop\G-17000
    2013-02-03 10:06 - 2013-02-08 23:19 - 00000000 ___RD C:\Users\Diane\Desktop\G-11000
    2013-02-03 10:06 - 2013-02-08 23:18 - 00000000 ___RD C:\Users\Diane\Desktop\G-13000
    2013-02-03 10:06 - 2013-02-08 22:59 - 00000000 ___RD C:\Users\Diane\Desktop\G-16000
    2013-02-03 10:05 - 2013-02-18 09:42 - 00000000 ____D C:\Users\Diane\New folder
    2013-02-03 10:05 - 2013-02-08 23:18 - 00000000 ___RD C:\Users\Diane\Desktop\G-12000
    2013-02-03 10:05 - 2013-02-08 22:34 - 00000000 ___RD C:\Users\Diane\Desktop\G-14000
    2013-02-03 10:03 - 2013-02-08 23:22 - 00000000 ___RD C:\Users\Diane\Desktop\G-10000
    2013-02-02 15:42 - 2013-02-02 15:42 - 00000000 ____A C:\extensions.sqlite
    2013-02-02 10:19 - 2013-02-02 10:20 - 00000193 ____A C:\Users\Diane\Desktop\LookWow - Web-Based Photo Enhancement - Features.url
    2013-02-02 10:18 - 2013-02-02 10:18 - 00000193 ____A C:\Users\Diane\Desktop\Photoshop How Do I Get Clarity When I Blow Up An Image#NQLadPqv.url
    2013-01-31 22:30 - 2013-02-17 22:43 - 00000000 ____D C:\Users\Diane\Desktop\G-More
    2013-01-31 08:46 - 2013-01-31 08:46 - 00262144 ____A C:\Windows\System32\config\ELAM
    2013-01-31 08:22 - 2013-01-31 08:22 - 00002349 ____A C:\Users\Diane\Desktop\Bejeweled 2.lnk
    2013-01-31 08:22 - 2013-01-31 08:22 - 00000000 ____D C:\Program Files\Oberon Media SIDR
    2013-01-30 17:51 - 2013-01-30 17:51 - 04874408 ____A (McAfee, Inc.) C:\Users\Diane\Desktop\McAfeeSetup-Serial.exe
    2013-01-30 13:44 - 2013-01-30 13:44 - 00836288 ____A C:\Users\Diane\Desktop\8-23-7.zip
    2013-01-30 13:28 - 2013-01-30 15:39 - 00000000 ____D C:\Users\Diane\Desktop\Appreciation
    2013-01-27 17:32 - 2009-08-20 04:28 - 03934405 ____A C:\Users\Diane\Desktop\Bankruptcy-02.zip
    2013-01-27 14:42 - 2013-01-30 09:17 - 00000000 ____D C:\Users\Diane\Desktop\Scr-Final-Stmp-JPGS-All
    2013-01-27 07:40 - 2013-01-27 07:42 - 00000000 ____D C:\Users\Diane\Desktop\Faith-Service
    2013-01-27 00:51 - 2013-01-27 00:51 - 00000000 ____D C:\Users\Diane\Desktop\ABS-disk
    2013-01-26 23:12 - 2013-01-26 23:12 - 00000000 ____D C:\Users\Public\Documents\PlayfulAge
    2013-01-26 21:47 - 2013-02-15 02:36 - 00000000 ____D C:\ProgramData\T1 Games
    2013-01-26 21:12 - 2013-01-26 22:38 - 00000000 ____D C:\Users\Diane\AppData\Roaming\Arkadium
    2013-01-26 20:49 - 2013-01-26 20:55 - 00002412 ____A C:\ProgramData\match_gob.log
    2013-01-26 10:33 - 2013-02-18 09:42 - 00000000 ____D C:\Users\Diane\Desktop\nco-zip
    2013-01-26 09:52 - 2013-01-26 09:53 - 00000000 ____D C:\Users\Diane\Desktop\Med-Disk
    2013-01-26 09:15 - 2013-02-06 10:28 - 00000000 ____D C:\Users\Diane\Desktop\2005-disk
    2013-01-26 05:49 - 2013-02-18 11:05 - 00000000 ____D C:\Users\Diane\Desktop\B-Up-10-29-10-1-A
    2013-01-26 04:41 - 2013-01-26 04:41 - 00001192 ____A C:\Users\Diane\Desktop\AT&T Games.lnk
    2013-01-26 04:41 - 2013-01-26 04:41 - 00000000 ____D C:\Program Files\GamesBar
    2013-01-26 04:41 - 2013-01-26 04:41 - 00000000 ____D C:\Program Files\Common Files\Oberon Media
    2013-01-26 04:40 - 2013-01-31 08:24 - 00000000 ____D C:\ProgramData\Oberon Media
    2013-01-24 21:35 - 2013-02-04 14:14 - 00000000 ____D C:\Users\Diane\Desktop\G-Botanical
    2013-01-24 05:19 - 2013-01-24 05:50 - 00000000 ____D C:\Users\Diane\Desktop\fr-Gut-disk
    2013-01-24 01:59 - 2013-02-08 23:35 - 00000000 ___RD C:\Users\Diane\Desktop\G-37000
    2013-01-24 01:59 - 2013-02-08 22:57 - 00000000 ___RD C:\Users\Diane\Desktop\G-39000
    2013-01-24 01:59 - 2013-02-08 21:06 - 00000000 ___RD C:\Users\Diane\Desktop\G-38000
    2013-01-24 01:58 - 2013-02-08 23:34 - 00000000 ___RD C:\Users\Diane\Desktop\G-33000
    2013-01-24 01:58 - 2013-02-08 22:54 - 00000000 ___RD C:\Users\Diane\Desktop\G-36000
    2013-01-24 01:58 - 2013-02-08 22:54 - 00000000 ___RD C:\Users\Diane\Desktop\G-35000
    2013-01-24 01:58 - 2013-02-08 22:53 - 00000000 ___RD C:\Users\Diane\Desktop\G-34000
    2013-01-24 01:57 - 2013-02-08 23:32 - 00000000 ___RD C:\Users\Diane\Desktop\G-32000
    2013-01-24 01:57 - 2013-02-08 23:31 - 00000000 ___RD C:\Users\Diane\Desktop\G-31000
    2013-01-24 01:55 - 2013-02-08 21:05 - 00000000 ___RD C:\Users\Diane\Desktop\G-41900
    2013-01-24 01:52 - 2013-02-08 23:35 - 00000000 ___RD C:\Users\Diane\Desktop\G-41700
    2013-01-24 01:52 - 2013-02-08 22:58 - 00000000 ___RD C:\Users\Diane\Desktop\G-41600
    2013-01-24 01:52 - 2013-02-08 22:57 - 00000000 ___RD C:\Users\Diane\Desktop\G-41500
    2013-01-24 01:52 - 2013-02-08 21:05 - 00000000 ___RD C:\Users\Diane\Desktop\G-41800
    2013-01-24 01:51 - 2013-02-08 21:05 - 00000000 ___RD C:\Users\Diane\Desktop\G-41100
    2013-01-24 01:51 - 2013-02-03 11:13 - 00000000 ___RD C:\Users\Diane\Desktop\G-41400
    2013-01-24 01:48 - 2013-02-04 13:45 - 00000000 ___RD C:\Users\Diane\Desktop\G-41200
    2013-01-24 01:08 - 2013-02-08 22:59 - 00000000 ___RD C:\Users\Diane\Desktop\G-40000
    2013-01-24 01:03 - 2013-01-24 02:21 - 00000000 ____D C:\Users\Diane\Desktop\G-Christian
    2013-01-24 01:03 - 2013-01-24 01:06 - 00000000 ____D C:\Users\Diane\Desktop\G-Clocks
    2013-01-24 01:02 - 2013-01-24 01:02 - 00000000 ____D C:\Users\Diane\Desktop\G-Birds
    2013-01-24 01:00 - 2013-01-24 02:11 - 00000000 ____D C:\Users\Diane\Desktop\G-Peter
    2013-01-24 00:57 - 2013-01-24 02:21 - 00000000 ____D C:\Users\Diane\Desktop\G-Christmas
    2013-01-24 00:57 - 2013-01-24 01:05 - 00000000 ____D C:\Users\Diane\Desktop\G-Alice
    2013-01-24 00:55 - 2013-02-04 13:45 - 00000000 ___RD C:\Users\Diane\Desktop\G-41300
    2013-01-24 00:48 - 2013-02-08 23:34 - 00000000 ___RD C:\Users\Diane\Desktop\G-30000
    2013-01-23 19:33 - 2013-01-23 19:38 - 00000000 ____D C:\Users\Diane\1-22-13-Virus-Detector
    2013-01-22 22:40 - 2013-02-11 06:21 - 00000000 ____D C:\Program Files\Common Files\Motive
    2013-01-22 22:40 - 2013-02-08 09:37 - 00000000 ____D C:\ProgramData\Motive
    2013-01-22 22:36 - 2013-01-22 22:36 - 00385904 ____A C:\Users\Diane\ATT_SST.exe

    ==================== One Month Modified Files and Folders ========
    2013-02-21 05:39 - 2013-02-21 05:39 - 00000000 ____D C:\FRST
    2013-02-21 00:57 - 2011-08-07 17:53 - 00000000 ____D C:\Windows\Minidump
    2013-02-20 08:32 - 2013-02-11 07:48 - 00376320 __ASH C:\Users\Diane\Desktop\Thumbs.db
    2013-02-20 08:31 - 2013-02-20 08:31 - 00150392 ____A C:\Windows\Minidump\022013-21824-01.dmp
    2013-02-20 08:19 - 2012-08-16 04:44 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-02-20 08:18 - 2013-02-20 08:18 - 00688992 ____R (Swearware) C:\Users\Diane\Desktop\dds.scr
    2013-02-20 08:04 - 2013-02-08 21:18 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
    2013-02-20 07:57 - 2013-01-19 06:41 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-02-20 07:53 - 2012-09-09 14:05 - 02043409 ____A C:\Windows\WindowsUpdate.log
    2013-02-20 07:39 - 2013-02-20 07:38 - 00011204 ____A C:\Users\Diane\Desktop\hijackthis.log
    2013-02-20 07:31 - 2013-02-20 07:31 - 00388608 ____A (Trend Micro Inc.) C:\Users\Diane\Desktop\HijackThis.exe
    2013-02-20 07:24 - 2011-01-08 17:26 - 00000000 ____D C:\Users\Diane\Desktop\2011
    2013-02-20 05:36 - 2010-05-21 15:59 - 09135389 ____A C:\FaceProv.log
    2013-02-20 01:51 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
    2013-02-19 13:01 - 2011-01-08 17:58 - 00000000 ____D C:\Users\Diane\Desktop\All-Charlie
    2013-02-19 12:57 - 2013-01-19 06:41 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-02-19 10:17 - 2011-07-17 04:53 - 00000000 ____D C:\Users\Diane\Desktop\All-Stamps
    2013-02-19 10:17 - 2011-01-18 11:25 - 00000000 ____D C:\Users\Diane\Desktop\All-Ideas
    2013-02-19 04:19 - 2013-02-19 02:52 - 00000000 ____D C:\Users\Diane\Desktop\G-More3
    2013-02-19 03:06 - 2013-02-19 03:06 - 00000000 ____D C:\Users\Diane\Desktop\G--More
    2013-02-19 02:33 - 2013-02-19 01:28 - 00000000 ____D C:\Users\Diane\Desktop\G-Dict
    2013-02-18 12:28 - 2011-01-07 17:02 - 00000000 ____D C:\Users\Diane\AppData\Local\CrashDumps
    2013-02-18 11:23 - 2011-11-08 06:45 - 00000000 ____D C:\Users\Diane\Desktop\AAA-MAX-Format
    2013-02-18 11:05 - 2013-01-26 05:49 - 00000000 ____D C:\Users\Diane\Desktop\B-Up-10-29-10-1-A
    2013-02-18 10:47 - 2012-12-09 20:36 - 00000000 ____D C:\Users\Diane\Desktop\ATT-mob-share
    2013-02-18 10:43 - 2012-12-09 19:36 - 00000000 ____D C:\Users\Diane\Desktop\ATT-Str-Talk
    2013-02-18 09:46 - 2013-01-18 07:08 - 00000000 ____D C:\Users\Diane\Desktop\Not-On-Disk
    2013-02-18 09:46 - 2012-12-02 17:22 - 00000000 ___RD C:\Users\Diane\Desktop\Gutenberg
    2013-02-18 09:42 - 2013-02-03 10:05 - 00000000 ____D C:\Users\Diane\New folder
    2013-02-18 09:42 - 2013-01-26 10:33 - 00000000 ____D C:\Users\Diane\Desktop\nco-zip
    2013-02-18 09:40 - 2011-03-03 20:35 - 00000000 ____D C:\Users\Diane\Desktop\dmsuite
    2013-02-18 09:39 - 2011-06-10 07:36 - 00000000 ____D C:\Users\Diane\Desktop\All-WRH
    2013-02-18 09:38 - 2011-01-08 17:49 - 00000000 ____D C:\Users\Diane\Desktop\All-Tickets
    2013-02-18 08:50 - 2012-07-10 11:34 - 00000000 ____D C:\Users\Diane\Desktop\2-Convert
    2013-02-18 08:41 - 2011-01-03 09:57 - 00000000 ____D C:\Users\Diane\Desktop\All-ABS
    2013-02-18 08:07 - 2009-07-13 20:34 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-02-18 08:07 - 2009-07-13 20:34 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-02-18 07:59 - 2013-02-18 07:59 - 00000056 ____A C:\Windows\setupact.log
    2013-02-18 07:59 - 2013-02-18 07:59 - 00000000 ____A C:\Windows\setuperr.log
    2013-02-18 07:59 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-02-18 07:56 - 2011-01-12 23:26 - 00000000 ____D C:\Users\Diane\Desktop\All-Photos
    2013-02-18 07:35 - 2011-01-08 19:31 - 00000000 ____D C:\Users\Diane\Desktop\All-Harris
    2013-02-18 05:49 - 2010-12-22 03:18 - 00000000 ____D C:\users\Diane
    2013-02-18 05:29 - 2011-01-12 23:26 - 00000000 ____D C:\Users\Diane\Desktop\All-KES
    2013-02-17 22:43 - 2013-01-31 22:30 - 00000000 ____D C:\Users\Diane\Desktop\G-More
    2013-02-17 05:00 - 2010-06-15 01:49 - 00000000 ____D C:\Users\Steve\Documents\Reg-BUp-CClean
    2013-02-15 14:16 - 2009-07-29 02:50 - 00000000 ___RD C:\Users\Public\Recorded TV
    2013-02-15 06:47 - 2011-01-03 09:57 - 00000000 ____D C:\Users\Diane\Desktop\All-FamilyTreeInfo
    2013-02-15 02:36 - 2013-01-26 21:47 - 00000000 ____D C:\ProgramData\T1 Games
    2013-02-15 00:38 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
    2013-02-15 00:22 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
    2013-02-14 01:32 - 2009-07-13 20:33 - 00489376 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-02-14 01:07 - 2010-06-09 08:56 - 67823584 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-02-11 07:27 - 2010-04-20 00:50 - 00000000 ____D C:\ProgramData\McAfee
    2013-02-11 07:18 - 2013-02-11 07:18 - 00002107 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
    2013-02-11 07:17 - 2009-07-13 18:04 - 00002577 ____A C:\Windows\System32\config.nt
    2013-02-11 07:12 - 2013-02-11 07:12 - 00000000 ____D C:\ProgramData\AVAST Software
    2013-02-11 07:12 - 2013-02-11 07:12 - 00000000 ____D C:\Program Files\AVAST Software
    2013-02-11 06:21 - 2013-01-22 22:40 - 00000000 ____D C:\Program Files\Common Files\Motive
    2013-02-11 05:41 - 2013-01-08 07:30 - 00000000 ____D C:\Users\Diane\Desktop\2013
    2013-02-10 11:10 - 2012-11-27 22:40 - 00000000 ____D C:\Users\Diane\Desktop\A--Canada
    2013-02-10 00:33 - 2013-02-10 00:33 - 00007680 ____A C:\Windows\130980966.exe
    2013-02-10 00:33 - 2013-02-10 00:33 - 00000110 ____A C:\Windows\130980966.dat
    2013-02-09 07:08 - 2011-01-08 09:45 - 00000000 ____D C:\Users\Diane\Desktop\Zips-2-Store
    2013-02-09 05:31 - 2013-02-04 11:31 - 00000000 ____D C:\Users\Diane\AppData\Local\Updater21804
    2013-02-09 05:03 - 2013-02-09 05:03 - 00002052 ____A C:\Windows\epplauncher.mif
    2013-02-09 00:35 - 2013-02-04 11:31 - 00000000 ____D C:\Program Files\Coupon Companion Plugin
    2013-02-08 23:35 - 2013-01-24 01:59 - 00000000 ___RD C:\Users\Diane\Desktop\G-37000
    2013-02-08 23:35 - 2013-01-24 01:52 - 00000000 ___RD C:\Users\Diane\Desktop\G-41700
    2013-02-08 23:34 - 2013-02-03 10:53 - 00000000 ___RD C:\Users\Diane\Desktop\G-27000
    2013-02-08 23:34 - 2013-01-24 01:58 - 00000000 ___RD C:\Users\Diane\Desktop\G-33000
    2013-02-08 23:34 - 2013-01-24 00:48 - 00000000 ___RD C:\Users\Diane\Desktop\G-30000
    2013-02-08 23:33 - 2013-02-03 10:41 - 00000000 ___RD C:\Users\Diane\Desktop\G-24000
    2013-02-08 23:32 - 2013-02-03 10:53 - 00000000 ___RD C:\Users\Diane\Desktop\G-28000
    2013-02-08 23:32 - 2013-01-24 01:57 - 00000000 ___RD C:\Users\Diane\Desktop\G-32000
    2013-02-08 23:31 - 2013-02-03 10:52 - 00000000 ___RD C:\Users\Diane\Desktop\G-26000
    2013-02-08 23:31 - 2013-01-24 01:57 - 00000000 ___RD C:\Users\Diane\Desktop\G-31000
    2013-02-08 23:28 - 2013-02-03 10:12 - 00000000 ___RD C:\Users\Diane\Desktop\G-19000
    2013-02-08 23:28 - 2013-02-03 10:06 - 00000000 ___RD C:\Users\Diane\Desktop\G-17000
    2013-02-08 23:25 - 2013-02-04 12:22 - 00000000 ____D C:\Users\Diane\Desktop\G-More2
    2013-02-08 23:24 - 2013-02-03 10:41 - 00000000 ___RD C:\Users\Diane\Desktop\G-23000
    2013-02-08 23:24 - 2013-02-03 10:39 - 00000000 ___RD C:\Users\Diane\Desktop\G-22000
    2013-02-08 23:24 - 2013-02-03 10:39 - 00000000 ___RD C:\Users\Diane\Desktop\G-21000
    2013-02-08 23:23 - 2013-02-03 10:13 - 00000000 ___RD C:\Users\Diane\Desktop\G-20000
    2013-02-08 23:22 - 2013-02-03 10:03 - 00000000 ___RD C:\Users\Diane\Desktop\G-10000
    2013-02-08 23:21 - 2013-02-03 10:13 - 00000000 ___RD C:\Users\Diane\Desktop\G-18000
    2013-02-08 23:19 - 2013-02-03 10:07 - 00000000 ___RD C:\Users\Diane\Desktop\G-15000
    2013-02-08 23:19 - 2013-02-03 10:06 - 00000000 ___RD C:\Users\Diane\Desktop\G-11000
    2013-02-08 23:18 - 2013-02-03 10:06 - 00000000 ___RD C:\Users\Diane\Desktop\G-13000
    2013-02-08 23:18 - 2013-02-03 10:05 - 00000000 ___RD C:\Users\Diane\Desktop\G-12000
    2013-02-08 22:59 - 2013-02-03 10:06 - 00000000 ___RD C:\Users\Diane\Desktop\G-16000
    2013-02-08 22:59 - 2013-01-24 01:08 - 00000000 ___RD C:\Users\Diane\Desktop\G-40000
    2013-02-08 22:58 - 2013-01-24 01:52 - 00000000 ___RD C:\Users\Diane\Desktop\G-41600
    2013-02-08 22:57 - 2013-01-24 01:59 - 00000000 ___RD C:\Users\Diane\Desktop\G-39000
    2013-02-08 22:57 - 2013-01-24 01:52 - 00000000 ___RD C:\Users\Diane\Desktop\G-41500
    2013-02-08 22:54 - 2013-01-24 01:58 - 00000000 ___RD C:\Users\Diane\Desktop\G-36000
    2013-02-08 22:54 - 2013-01-24 01:58 - 00000000 ___RD C:\Users\Diane\Desktop\G-35000
    2013-02-08 22:53 - 2013-01-24 01:58 - 00000000 ___RD C:\Users\Diane\Desktop\G-34000
    2013-02-08 22:49 - 2013-02-03 10:41 - 00000000 ___RD C:\Users\Diane\Desktop\G-25000
    2013-02-08 22:34 - 2013-02-03 10:05 - 00000000 ___RD C:\Users\Diane\Desktop\G-14000
    2013-02-08 21:20 - 2013-02-08 21:20 - 00001045 ____A C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    2013-02-08 21:13 - 2013-02-08 20:51 - 238163264 ____A (Emsisoft GmbH ) C:\Program Files\EmsisoftAntiMalwareSetup.exe
    2013-02-08 21:06 - 2013-01-24 01:59 - 00000000 ___RD C:\Users\Diane\Desktop\G-38000
    2013-02-08 21:05 - 2013-01-24 01:55 - 00000000 ___RD C:\Users\Diane\Desktop\G-41900
    2013-02-08 21:05 - 2013-01-24 01:52 - 00000000 ___RD C:\Users\Diane\Desktop\G-41800
    2013-02-08 21:05 - 2013-01-24 01:51 - 00000000 ___RD C:\Users\Diane\Desktop\G-41100
    2013-02-08 21:01 - 2013-02-03 10:53 - 00000000 ___RD C:\Users\Diane\Desktop\G-29000
    2013-02-08 11:43 - 2013-02-08 11:43 - 00000000 ____D C:\Users\Diane\AppData\Local\{0DC471FF-FEA1-4CA3-B901-4729E69DDD05}
    2013-02-08 09:37 - 2013-01-22 22:40 - 00000000 ____D C:\ProgramData\Motive
    2013-02-08 09:25 - 2013-02-08 09:25 - 00000000 ____D C:\Users\Diane\AppData\Roaming\Motive
    2013-02-08 09:19 - 2013-02-08 09:18 - 00385904 ____A C:\Program Files\ATT_SST.exe
    2013-02-08 08:23 - 2010-06-15 01:41 - 00000000 ____D C:\ProgramData\Norton
    2013-02-08 04:19 - 2012-08-16 04:44 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2013-02-08 04:19 - 2011-07-28 08:40 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2013-02-07 19:37 - 2013-01-10 23:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2013-02-07 00:35 - 2013-02-04 11:32 - 00000000 __SHD C:\Windows\System32\AI_RecycleBin
    2013-02-07 00:35 - 2013-02-04 11:32 - 00000000 ____D C:\ProgramData\Strongvault Online Backup
    2013-02-07 00:35 - 2013-02-04 11:31 - 00000000 __SHD C:\AI_RecycleBin
    2013-02-06 10:28 - 2013-01-26 09:15 - 00000000 ____D C:\Users\Diane\Desktop\2005-disk
    2013-02-06 09:51 - 2013-02-06 09:51 - 00000000 ____D C:\Users\Diane\AppData\Local\{D2458CEE-CDC1-4199-A9A3-3A401F6F6B20}
    2013-02-06 09:05 - 2013-01-10 08:28 - 00000000 ____D C:\Users\Diane\Desktop\31
    2013-02-06 04:35 - 2011-01-08 17:56 - 00000000 ____D C:\Users\Diane\Desktop\All-Blog
    2013-02-05 11:30 - 2013-02-05 07:43 - 00000000 ____D C:\Users\Diane\Desktop\All-New-Ideas
    2013-02-04 14:14 - 2013-01-24 21:35 - 00000000 ____D C:\Users\Diane\Desktop\G-Botanical
    2013-02-04 13:45 - 2013-01-24 01:48 - 00000000 ___RD C:\Users\Diane\Desktop\G-41200
    2013-02-04 13:45 - 2013-01-24 00:55 - 00000000 ___RD C:\Users\Diane\Desktop\G-41300
    2013-02-04 12:07 - 2013-02-04 11:43 - 00000000 ____D C:\Program Files\WinRAR
    2013-02-04 11:49 - 2013-02-04 11:45 - 00000000 ____D C:\Users\Diane\AppData\Roaming\WinRAR
    2013-02-04 11:31 - 2013-02-04 11:31 - 00000009 ____A C:\END
    2013-02-04 11:31 - 2013-02-04 11:31 - 00000000 ____D C:\Users\Diane\AppData\Local\Coupon Companion Plugin
    2013-02-04 11:31 - 2010-12-22 04:48 - 00000000 ____D C:\Users\Diane\AppData\Local\Google
    2013-02-04 11:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Resources
    2013-02-03 11:13 - 2013-01-24 01:51 - 00000000 ___RD C:\Users\Diane\Desktop\G-41400
    2013-02-03 01:27 - 2011-01-09 07:58 - 00007605 ____A C:\Users\Diane\AppData\Local\Resmon.ResmonCfg
    2013-02-02 15:42 - 2013-02-02 15:42 - 00000000 ____A C:\extensions.sqlite
    2013-02-02 10:20 - 2013-02-02 10:19 - 00000193 ____A C:\Users\Diane\Desktop\LookWow - Web-Based Photo Enhancement - Features.url
    2013-02-02 10:18 - 2013-02-02 10:18 - 00000193 ____A C:\Users\Diane\Desktop\Photoshop How Do I Get Clarity When I Blow Up An Image#NQLadPqv.url
    2013-01-31 22:05 - 2011-01-08 18:33 - 00000000 ____D C:\Users\Diane\Desktop\All-DHS
    2013-01-31 08:46 - 2013-01-31 08:46 - 00262144 ____A C:\Windows\System32\config\ELAM
    2013-01-31 08:24 - 2013-01-26 04:40 - 00000000 ____D C:\ProgramData\Oberon Media
    2013-01-31 08:22 - 2013-01-31 08:22 - 00002349 ____A C:\Users\Diane\Desktop\Bejeweled 2.lnk
    2013-01-31 08:22 - 2013-01-31 08:22 - 00000000 ____D C:\Program Files\Oberon Media SIDR
    2013-01-31 00:34 - 2009-07-29 02:27 - 00000000 ____D C:\Windows\Panther
    2013-01-31 00:32 - 2010-06-15 01:47 - 00000000 ____D C:\Program Files\CCleaner
    2013-01-30 17:51 - 2013-01-30 17:51 - 04874408 ____A (McAfee, Inc.) C:\Users\Diane\Desktop\McAfeeSetup-Serial.exe
    2013-01-30 16:46 - 2013-01-17 22:02 - 00000000 ____D C:\Windows\pss
    2013-01-30 15:39 - 2013-01-30 13:28 - 00000000 ____D C:\Users\Diane\Desktop\Appreciation
    2013-01-30 13:44 - 2013-01-30 13:44 - 00836288 ____A C:\Users\Diane\Desktop\8-23-7.zip
    2013-01-30 09:17 - 2013-01-27 14:42 - 00000000 ____D C:\Users\Diane\Desktop\Scr-Final-Stmp-JPGS-All
    2013-01-29 19:42 - 2012-07-02 11:53 - 00000000 ____D C:\Users\Diane\Desktop\All-Shea
    2013-01-29 15:28 - 2012-01-14 14:05 - 00000000 ____D C:\Users\Diane\Desktop\2012
    2013-01-29 01:16 - 2011-01-12 22:38 - 00000000 ____D C:\Users\Diane\Desktop\All-SBS
    2013-01-27 11:09 - 2011-01-08 18:32 - 00000000 ____D C:\Users\Diane\Desktop\All-Clipart
    2013-01-27 07:42 - 2013-01-27 07:40 - 00000000 ____D C:\Users\Diane\Desktop\Faith-Service
    2013-01-27 00:51 - 2013-01-27 00:51 - 00000000 ____D C:\Users\Diane\Desktop\ABS-disk
    2013-01-26 23:12 - 2013-01-26 23:12 - 00000000 ____D C:\Users\Public\Documents\PlayfulAge
    2013-01-26 22:38 - 2013-01-26 21:12 - 00000000 ____D C:\Users\Diane\AppData\Roaming\Arkadium
    2013-01-26 21:43 - 2011-12-29 00:45 - 00000000 ____D C:\Users\Diane\AppData\Roaming\Oberon Media
    2013-01-26 20:55 - 2013-01-26 20:49 - 00002412 ____A C:\ProgramData\match_gob.log
    2013-01-26 09:53 - 2013-01-26 09:52 - 00000000 ____D C:\Users\Diane\Desktop\Med-Disk
    2013-01-26 04:41 - 2013-01-26 04:41 - 00001192 ____A C:\Users\Diane\Desktop\AT&T Games.lnk
    2013-01-26 04:41 - 2013-01-26 04:41 - 00000000 ____D C:\Program Files\GamesBar
    2013-01-26 04:41 - 2013-01-26 04:41 - 00000000 ____D C:\Program Files\Common Files\Oberon Media
    2013-01-26 01:12 - 2009-07-13 20:41 - 00000749 __RAH C:\Windows\WindowsShell.Manifest
    2013-01-26 01:12 - 2009-07-13 20:41 - 00000174 __ASH C:\Users\Public\desktop.ini
    2013-01-26 01:12 - 2009-07-13 20:41 - 00000174 ___SH C:\users\desktop.ini
    2013-01-26 01:12 - 2009-07-13 20:41 - 00000174 ___SH C:\Program Files\desktop.ini
    2013-01-26 01:12 - 2009-07-13 18:37 - 00000000 __RHD C:\Users\Public\Libraries
    2013-01-26 01:12 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
    2013-01-25 21:12 - 2013-01-15 23:49 - 00000000 ____D C:\Users\Diane\Desktop\fr-My-Favorites-Sh-Cuts
    2013-01-24 05:50 - 2013-01-24 05:19 - 00000000 ____D C:\Users\Diane\Desktop\fr-Gut-disk
    2013-01-24 03:11 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
    2013-01-24 02:21 - 2013-01-24 01:03 - 00000000 ____D C:\Users\Diane\Desktop\G-Christian
    2013-01-24 02:21 - 2013-01-24 00:57 - 00000000 ____D C:\Users\Diane\Desktop\G-Christmas
    2013-01-24 02:11 - 2013-01-24 01:00 - 00000000 ____D C:\Users\Diane\Desktop\G-Peter
    2013-01-24 01:06 - 2013-01-24 01:03 - 00000000 ____D C:\Users\Diane\Desktop\G-Clocks
    2013-01-24 01:05 - 2013-01-24 00:57 - 00000000 ____D C:\Users\Diane\Desktop\G-Alice
    2013-01-24 01:02 - 2013-01-24 01:02 - 00000000 ____D C:\Users\Diane\Desktop\G-Birds
    2013-01-23 19:38 - 2013-01-23 19:33 - 00000000 ____D C:\Users\Diane\1-22-13-Virus-Detector
    2013-01-23 14:22 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
    2013-01-22 22:36 - 2013-01-22 22:36 - 00385904 ____A C:\Users\Diane\ATT_SST.exe
    2013-01-22 09:22 - 2011-01-08 18:34 - 00000000 ____D C:\Users\Diane\Desktop\All-eB-Plates
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2013-02-20 01:00:43
    ==================== Memory info ===========================
    Percentage of memory in use: 16%
    Total physical RAM: 2812.2 MB
    Available physical RAM: 2356.47 MB
    Total Pagefile: 2810.48 MB
    Available Pagefile: 2362.2 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1960.7 MB
    ==================== Partitions =============================
    1 Drive c: () (Fixed) (Total:105.1 GB) (Free:13.31 GB) NTFS
    2 Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:28.17 GB) NTFS
    4 Drive g: () (Removable) (Total:3.64 GB) (Free:3.58 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 149 GB 1024 KB
    Disk 1 Online 3740 MB 0 B
    Partitions of Disk 0:
    ===============
    Disk ID: 048C8CF7
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 200 MB 1024 KB
    Partition 2 Primary 105 GB 201 MB
    Partition 0 Extended 28 GB 105 GB
    Partition 4 Logical 28 GB 105 GB
    Partition 3 OEM 14 GB 134 GB
    =========================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y NTFS Partition 200 MB Healthy
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 105 GB Healthy
    =========================================================
    Disk: 0
    Partition 4
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D LENOVO NTFS Partition 28 GB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 12
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 LENOVO_PART NTFS Partition 14 GB Healthy Hidden
    =========================================================
    Partitions of Disk 1:
    ===============
    Disk ID: 00000000
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3736 MB 4096 KB
    =========================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT32 Removable 3736 MB Healthy
    =========================================================
    Last Boot: 2013-01-04 11:38
    ==================== End Of Log ============================
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,376
    First Name:
    Kevin
    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy. Then right click into open open notepad and select Paste. Save it on the flashdrive as fixlist.txt

    Code:
    start
    HKLM\...\Run: [UDC Integration] [x]
    HKU\Steve\...\Run: [Amazon Cloud Drive] C:\Users\Steve\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe [x]
    C:\Users\Steve\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
    2 0078901360591482mcinstcleanup; C:\Users\Diane\AppData\Local\Temp\007890~1.EXE -cleanup -nolog [832664 2012-09-28] (McAfee, Inc.)
    C:\Users\Diane\AppData\Local\Temp\007890~1.EXE
    4 IDVaultSvc; "C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe" [x]
    3 MSSQL$MSSMLBIZ; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [x]
    4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
    2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
    2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]
    3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
    3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
    1 SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys [x]
    2013-02-10 00:33 - 2013-02-10 00:33 - 00007680 ____A C:\Windows\130980966.exe
    2013-02-10 00:33 - 2013-02-10 00:33 - 00000110 ____A C:\Windows\130980966.dat
    end
    
    Now please enter System Recovery Options as you did to get the log.

    Run FRST64 or FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Problems Initial Scans
  1. HaroRider
    Replies:
    12
    Views:
    981
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090322

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice