Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus. Windows recovery Windows Risk

Started by Vero_ , Jun 22 2011 07:37 AM

  • This topic is locked This topic is locked

#31
Vero_
Posted 24 June 2011 - 03:57 PM

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
It's gone now
  • 0

Advertisements

#32
Vero_
Posted 24 June 2011 - 07:42 PM

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Yes.
  • 0

#33
Essexboy
Posted 25 June 2011 - 07:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.

    Posted Image

  • Please follow the prompts to uninstall Combofix.
  • This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup an select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0

#34
Essexboy
Posted 26 June 2011 - 03:17 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#35
Essexboy
Posted 27 June 2011 - 12:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

  • Under the Custom Scan box paste this in


    %USERPROFILE%\..|smtmp;true;true;true /FP
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.
  • 0

#36
Vero_
Posted 27 June 2011 - 01:45 PM

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
ok. done. here it is:

OTS logfile created on: 6/27/2011 3:30:02 PM - Run 1
OTS by OldTimer - Version 3.1.44.0 Folder = C:\Users\Veronica\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.70 Gb Total Space | 89.82 Gb Free Space | 64.76% Space Free | Partition Type: NTFS
Drive D: | 10.34 Gb Total Space | 1.78 Gb Free Space | 17.17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VERONICA-PC
Current User Name: Veronica
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\Veronica\Desktop\OTS.exe -> [2011/06/27 15:26:55 | 000,645,120 | ---- | M] (OldTimer Tools)
mbamgui.exe -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe -> [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation)
mbamservice.exe -> C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation)
flashutil10o_activex.exe -> C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe -> [2011/04/06 23:26:24 | 000,235,168 | ---- | M] (Adobe Systems, Inc.)
rbmonitor.exe -> C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe -> [2011/03/14 11:31:03 | 000,025,472 | ---- | M] (Uniblue Systems Limited)
msseces.exe -> C:\Program Files\Microsoft Security Essentials\msseces.exe -> [2010/09/15 05:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation)
msmpeng.exe -> c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2010/03/25 22:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation)
wdsmartware.exe -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe -> [2010/01/21 16:27:44 | 009,136,960 | ---- | M] (Western Digital)
wddmstatus.exe -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe -> [2010/01/21 16:27:42 | 002,057,536 | ---- | M] (WDC)
wddmservice.exe -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -> [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC)
intuitupdateservice.exe -> C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -> [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.)
wdsmartwarebackgroundservice.exe -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -> [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo)
explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
blservice.exe -> C:\Program Files\SMINST\BLService.exe -> [2008/10/06 12:54:52 | 000,365,952 | ---- | M] ()
wmdsync.exe -> C:\Windows\WindowsMobile\wmdSync.exe -> [2008/01/20 22:32:50 | 000,215,552 | ---- | M] (Microsoft Corporation)
dlbxcoms.exe -> C:\Windows\System32\dlbxcoms.exe -> [2007/05/22 22:10:50 | 000,538,096 | ---- | M] ( )

[Modules - Safe List]
ots.exe -> C:\Users\Veronica\Desktop\OTS.exe -> [2011/06/27 15:26:55 | 000,645,120 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll -> [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(MBAMService) MBAMService [Auto | Running] -> C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation)
(MsMpSvc) Microsoft Antimalware Service [Auto | Running] -> c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2010/03/25 22:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation)
(Microsoft SharePoint Workspace Audit Service) Microsoft SharePoint Workspace Audit Service [On_Demand | Stopped] -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -> [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation)
(WDDMService) WD SmartWare Drive Manager [Auto | Running] -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -> [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC)
(IntuitUpdateService) Intuit Update Service [Auto | Running] -> C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -> [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.)
(WDSmartWareBackgroundService) WD SmartWare Background Service [Auto | Running] -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -> [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo)
(Recovery Service for Windows) Recovery Service for Windows [Auto | Running] -> C:\Program Files\SMINST\BLService.exe -> [2008/10/06 12:54:52 | 000,365,952 | ---- | M] ()
(WinDefend) Windows Defender [Auto | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation)
(WcesComm) Windows Mobile 2003-based device connectivity [Auto | Running] -> C:\Windows\WindowsMobile\wcescomm.dll -> [2008/01/20 22:32:50 | 000,365,568 | ---- | M] (Microsoft Corporation)
(RapiMgr) Windows Mobile-based device connectivity [Auto | Running] -> C:\Windows\WindowsMobile\rapimgr.dll -> [2008/01/20 22:32:50 | 000,167,936 | ---- | M] (Microsoft Corporation)
(dlbx_device) dlbx_device [Auto | Running] -> C:\Windows\System32\dlbxcoms.exe -> [2007/05/22 22:10:50 | 000,538,096 | ---- | M] ( )

[Driver Services - Safe List]
(MpKsl2359ece3) MpKsl2359ece3 [Kernel | System | Running] -> C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E21DF64-0CCD-4005-9304-4474A0F72AF2}\MpKsl2359ece3.sys -> [2011/06/27 15:16:52 | 000,028,752 | ---- | M] (Microsoft Corporation)
(MpKsl5d3e8f64) MpKsl5d3e8f64 [Kernel | System | Running] -> C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E21DF64-0CCD-4005-9304-4474A0F72AF2}\MpKsl5d3e8f64.sys -> [2011/06/26 22:31:36 | 000,028,752 | ---- | M] (Microsoft Corporation)
(MpKsl5d62b969) MpKsl5d62b969 [Kernel | System | Running] -> C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E21DF64-0CCD-4005-9304-4474A0F72AF2}\MpKsl5d62b969.sys -> [2011/06/26 18:11:57 | 000,028,752 | ---- | M] (Microsoft Corporation)
(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\Windows\System32\drivers\mbam.sys -> [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation)
(MpNWMon) Microsoft Malware Protection Network Driver [File_System | On_Demand | Running] -> C:\Windows\System32\drivers\MpNWMon.sys -> [2010/03/25 22:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation)
(WDC_SAM) WD SCSI Pass Thru driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\wdcsam.sys -> [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies)
(IntcHdmiAddService) Intel® High Definition Audio HDMI [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\IntcHdmi.sys -> [2008/06/29 10:52:26 | 000,112,128 | ---- | M] (Intel® Corporation)
(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Rtlh86.sys -> [2008/06/10 14:54:36 | 000,123,904 | ---- | M] (Realtek Corporation )
(CnxtHdAudService) Conexant UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\CHDRT32.sys -> [2008/06/05 12:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.)
(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\athr.sys -> [2008/04/27 15:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.)
(NETw3v32) Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\NETw3v32.sys -> [2008/01/20 22:32:45 | 002,225,664 | ---- | M] (Intel Corporation)
(XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\System32\drivers\XAudio.sys -> [2007/10/17 19:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.)
(HpqKbFiltr) HpqKbFilter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HpqKbFiltr.sys -> [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(BVRPMPR5) BVRPMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\BVRPMPR5.SYS -> [2007/05/23 17:26:34 | 000,049,904 | R--- | M] (Avanquest Software)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.h...resario&pf=cnnb ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\] > -> ->
HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\: Main\\"Start Page" -> http://ie.redirect.h...resario&pf=cnnb ->
HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\: Main\\"StartPageCache" -> 1 ->
HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\: "ProxyOverride" -> *.local ->
< FireFox Settings [Prefs.js] > -> C:\Users\Veronica\AppData\Roaming\Mozilla\FireFox\Profiles\m5wjplke.default\prefs.js ->
browser.search.param.yahoo-fr -> "chrf-ytbm" ->
browser.search.param.yahoo-fr-cjkt -> "chrf-ytbm" ->
browser.search.param.yahoo-type -> "${8}" ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 ->
extensions.enabledItems -> [email protected]:7 ->
network.proxy.no_proxies_on -> "*.local" ->
< FireFox Settings [User.js] > -> C:\Users\Veronica\AppData\Roaming\Mozilla\FireFox\Profiles\m5wjplke.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/01/01 15:17:22 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2011/06/27 15:20:58 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\Veronica\AppData\Roaming\Mozilla\Extensions -> [2009/11/17 17:32:27 | 000,000,000 | ---D | M]
-> C:\Users\Veronica\AppData\Roaming\Mozilla\Extensions\[email protected] -> [2009/04/30 08:42:39 | 000,000,000 | ---D | M]
-> C:\Users\Veronica\AppData\Roaming\Mozilla\Firefox\Profiles\m5wjplke.default\extensions -> [2011/06/23 13:06:34 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant -> C:\Users\Veronica\AppData\Roaming\Mozilla\Firefox\Profiles\m5wjplke.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/11/18 08:46:11 | 000,000,000 | ---D | M]
Yahoo! Toolbar -> C:\Users\Veronica\AppData\Roaming\Mozilla\Firefox\Profiles\m5wjplke.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2009/12/09 15:39:26 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2011/06/26 17:02:27 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} -> [2011/06/26 17:02:27 | 000,000,000 | ---D | M]
Move Media Player -> C:\USERS\VERONICA\APPDATA\ROAMING\MOVE NETWORKS -> [2009/11/17 17:33:06 | 000,000,000 | ---D | M]
< FireFox Plugins [Program Folders] > ->
npqmp071505000010.dll -> C:\Users\Veronica\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll -> [2009/10/07 12:14:38 | 004,187,512 | ---- | M] (Move Networks)
npqmp071505000011.dll -> C:\Users\Veronica\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll -> [2009/11/14 11:24:37 | 004,187,512 | ---- | M] (Move Networks)
< HOSTS File > ([2011/06/26 16:35:18 | 000,000,098 | ---- | M] - 2 lines) -> C:\Windows\System32\drivers\etc\Hosts ->
Reset Hosts
127.0.0.1 localhost
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2009/12/18 02:16:54 | 000,061,888 | ---- | M] (Adobe Systems Incorporated)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Browser Helper] -> [2010/03/25 10:25:22 | 004,222,864 | ---- | M] (Microsoft Corporation)
{B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [Office Document Cache Handler] -> [2010/02/28 02:20:14 | 000,561,552 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"BCSSync" -> C:\Program Files\Microsoft Office\Office14\BCSSync.exe ["C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices] -> [2010/03/13 14:54:26 | 000,091,520 | ---- | M] (Microsoft Corporation)
"DLBXCATS" -> C:\Windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.DLL [rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16] -> [2007/02/22 10:29:02 | 000,073,728 | ---- | M] ()
"HP Health Check Scheduler" -> c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2008/10/09 10:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard)
"Malwarebytes' Anti-Malware" -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray] -> [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation)
"Malwarebytes' Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation)
"MSSE" -> c:\Program Files\Microsoft Security Essentials\msseces.exe ["c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey] -> [2010/09/15 05:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation)
"RegTask" -> [C:\Program Files\RegTask\RegTask.exe] -> File not found
"UpdateLBPShortCut" -> C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe ["C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"] -> [2008/06/13 21:11:32 | 000,210,216 | ---- | M] (CyberLink Corp.)
"UpdateP2GoShortCut" -> C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe ["C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"] -> [2008/06/13 21:11:32 | 000,210,216 | ---- | M] (CyberLink Corp.)
"UpdatePDIRShortCut" -> C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe ["C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"] -> [2008/06/13 21:11:32 | 000,210,216 | ---- | M] (CyberLink Corp.)
"UpdatePSTShortCut" -> C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe ["C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"] -> [2008/10/06 23:42:38 | 000,210,216 | ---- | M] (CyberLink Corp.)
"Windows Mobile-based device management" -> C:\Windows\WindowsMobile\wmdSync.exe [%windir%\WindowsMobile\wmdSync.exe] -> [2008/01/20 22:32:50 | 000,215,552 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\] > -> HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"FileHippo.com" -> C:\Program Files\FileHippo.com\UpdateChecker.exe ["C:\Program Files\FileHippo.com\UpdateChecker.exe" /background] -> [2010/08/09 08:47:54 | 000,248,832 | ---- | M] (FileHippo.com)
"RegistryBooster" -> C:\Program Files\Uniblue\RegistryBooster\launcher.exe ["C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 ] -> [2011/03/14 11:31:03 | 000,067,456 | ---- | M] (Uniblue Systems Limited)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000] > -> HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000] > -> HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000] > -> HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\] > -> HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office14\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000] -> [2011/03/16 23:26:08 | 020,759,392 | ---- | M] (Microsoft Corporation)
Google Sidewiki... -> [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html] -> File not found
Se&nd to OneNote -> C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105] -> [2010/02/28 04:41:04 | 000,643,472 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [Button: Send to OneNote] -> [2010/02/28 04:41:04 | 000,643,472 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [Menu: Se&nd to OneNote] -> [2010/02/28 04:41:04 | 000,643,472 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Button: OneNote Lin&ked Notes] -> [2010/02/28 04:41:04 | 000,496,528 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Menu: OneNote Lin&ked Notes] -> [2010/02/28 04:41:04 | 000,496,528 | ---- | M] (Microsoft Corporation)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
Range1 [:Range = 127.0.0.1] -> http = Local intranet | ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
Range1 [:Range = 127.0.0.1] -> http = Local intranet | ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\] > -> HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
ttlc_intuit.com [https] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\] > -> HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-2748465558-1098121324-1902766786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
Range1 [:Range = 127.0.0.1] -> http = Local intranet | ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_26] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_26] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_26] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{5F23643A-30D0-4A88-88F9-AD3A2FAAC9D4}\\DhcpNameServer -> 192.168.1.1 (Atheros AR5007 802.11b/g WiFi Adapter) ->
{F2AFB4E5-A1E8-415B-A7B3-A433B3227715}\\DhcpNameServer -> 209.18.47.61 209.18.47.62 (Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Stub Execution Hook] -> [2010/03/25 10:25:22 | 004,222,864 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 17:43:36 | 000,000,024 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"msacm.l3acm" -> C:\Windows\System32\l3codeca.acm [C:\Windows\System32\l3codeca.acm] -> [2010/01/21 11:59:47 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.l3codecp" -> C:\Windows\System32\l3codecp.acm [l3codecp.acm] -> [2008/01/20 22:35:08 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"vidc.cvid" -> C:\Windows\System32\iccvid.dll [iccvid.dll] -> [2010/05/27 15:16:09 | 000,081,920 | ---- | M] (Radius Inc.)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
FastUserSwitchingCompatibility -> -> File not found
Ias -> -> File not found
Nla -> -> File not found
Ntmssvc -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
SRService -> -> File not found
WmdmPmSp -> -> File not found
LogonHours -> -> File not found
PCAudit -> -> File not found
helpsvc -> -> File not found
uploadmgr -> -> File not found
*MultiFile Done* -> ->
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
{D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices
AppMgmt -> -> File not found
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> Service
MsMpSvc -> c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2010/03/25 22:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation)
NTDS -> -> File not found
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
sacsvr -> Service
SCSI Class -> Driver Group
System Bus Extender -> Driver Group
WinDefend -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation)
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [open] -> "%1" %* ->
cmdfile [open] -> "%1" %* ->
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* ->
exefile [open] -> "%1" %* ->
hlpfile [open] -> %SystemRoot%\winhlp32.exe %1 -> [2006/11/02 05:45:57 | 000,009,216 | ---- | M] (Microsoft Corporation)
htmlfile [edit] -> "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 -> [2010/01/10 19:49:12 | 000,071,040 | ---- | M] (Microsoft Corporation)
piffile [open] -> "%1" %* ->
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l ->
scrfile [open] -> "%1" /S ->
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->
Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2008/01/20 22:33:22 | 000,318,976 | ---- | M] (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
Folder [open] -> %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L -> [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 3/9/2011 6:30:53 PM Computer Name = Veronica-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second
Application [ Error ] 3/9/2011 6:30:53 PM Computer Name = Veronica-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 2746
Application [ Error ] 3/9/2011 6:30:53 PM Computer Name = Veronica-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 2746
Application [ Error ] 3/10/2011 4:00:16 AM Computer Name = Veronica-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second
Application [ Error ] 3/10/2011 4:00:16 AM Computer Name = Veronica-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 34166138
Application [ Error ] 3/10/2011 4:00:16 AM Computer Name = Veronica-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 34166138
Application [ Error ] 3/10/2011 4:15:19 AM Computer Name = Veronica-PC | Source = Application Error | ID = 1000 -> Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module USER32.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000142, fault offset 0x00009cfc, process id 0x1660, application start time 0x01cbdefb4b1f1970.
Application [ Error ] 3/10/2011 1:37:31 PM Computer Name = Veronica-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second
Application [ Error ] 3/10/2011 1:37:31 PM Computer Name = Veronica-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 2605
Application [ Error ] 3/10/2011 1:37:31 PM Computer Name = Veronica-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 2605
System [ Error ] 6/27/2011 3:07:14 AM Computer Name = Veronica-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 -> Description =
System [ Error ] 6/27/2011 3:07:14 AM Computer Name = Veronica-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 -> Description =
System [ Error ] 6/27/2011 3:07:15 AM Computer Name = Veronica-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 -> Description =
System [ Error ] 6/27/2011 3:16:42 PM Computer Name = Veronica-PC | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 9:49:41 AM on 6/27/2011 was unexpected.
System [ Error ] 6/27/2011 3:16:45 PM Computer Name = Veronica-PC | Source = HTTP | ID = 15016 -> Description =
System [ Error ] 6/27/2011 3:17:35 PM Computer Name = Veronica-PC | Source = Service Control Manager | ID = 7000 -> Description =
System [ Error ] 6/27/2011 3:17:35 PM Computer Name = Veronica-PC | Source = Service Control Manager | ID = 7034 -> Description =
System [ Error ] 6/27/2011 3:20:05 PM Computer Name = Veronica-PC | Source = DCOM | ID = 10005 -> Description =
System [ Error ] 6/27/2011 3:20:05 PM Computer Name = Veronica-PC | Source = Service Control Manager | ID = 7009 -> Description =
System [ Error ] 6/27/2011 3:20:05 PM Computer Name = Veronica-PC | Source = Service Control Manager | ID = 7000 -> Description =

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\Veronica\Desktop\OTS.exe -> [2011/06/27 15:26:41 | 000,645,120 | ---- | C] (OldTimer Tools)
Adobe -> C:\Program Files\Adobe -> [2011/06/27 15:20:38 | 000,000,000 | ---D | C]
Config.Msi -> C:\Config.Msi -> [2011/06/27 15:19:40 | 000,000,000 | -HSD | C]
FileHippo.com -> C:\Program Files\FileHippo.com -> [2011/06/26 17:15:43 | 000,000,000 | ---D | C]
Sun -> C:\ProgramData\Sun -> [2011/06/26 17:03:24 | 000,000,000 | ---D | C]
deployJava1.dll -> C:\Windows\System32\deployJava1.dll -> [2011/06/26 17:02:24 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.)
javaws.exe -> C:\Windows\System32\javaws.exe -> [2011/06/26 17:02:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.)
javaw.exe -> C:\Windows\System32\javaw.exe -> [2011/06/26 17:02:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
java.exe -> C:\Windows\System32\java.exe -> [2011/06/26 17:02:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
JavaSetup6u26.exe -> C:\Users\Veronica\Desktop\JavaSetup6u26.exe -> [2011/06/26 16:49:54 | 000,900,384 | ---- | C] (Sun Microsystems, Inc.)
Sun -> C:\Windows\Sun -> [2011/06/26 16:49:31 | 000,000,000 | ---D | C]
temp -> C:\Windows\temp -> [2011/06/24 15:09:47 | 000,000,000 | ---D | C]
$RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2011/06/24 15:09:17 | 000,000,000 | -HSD | C]
DoctorWeb -> C:\Users\Veronica\DoctorWeb -> [2011/06/23 17:20:23 | 000,000,000 | ---D | C]
temp -> C:\Users\Veronica\AppData\Local\temp -> [2011/06/23 16:55:23 | 000,000,000 | ---D | C]
ERDNT -> C:\Windows\ERDNT -> [2011/06/23 13:09:10 | 000,000,000 | ---D | C]
jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2011/06/15 21:04:33 | 000,025,600 | ---- | C] (Microsoft Corporation)
inetcpl.cpl -> C:\Windows\System32\inetcpl.cpl -> [2011/06/15 21:04:28 | 001,469,440 | ---- | C] (Microsoft Corporation)
mstime.dll -> C:\Windows\System32\mstime.dll -> [2011/06/15 21:04:28 | 000,611,840 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\System32\msfeeds.dll -> [2011/06/15 21:04:28 | 000,602,112 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\System32\iedkcs32.dll -> [2011/06/15 21:04:27 | 000,387,584 | ---- | C] (Microsoft Corporation)
html.iec -> C:\Windows\System32\html.iec -> [2011/06/15 21:04:27 | 000,385,024 | ---- | C] (Microsoft Corporation)
ieui.dll -> C:\Windows\System32\ieui.dll -> [2011/06/15 21:04:27 | 000,164,352 | ---- | C] (Microsoft Corporation)
iepeers.dll -> C:\Windows\System32\iepeers.dll -> [2011/06/15 21:04:26 | 000,184,320 | ---- | C] (Microsoft Corporation)
ie4uinit.exe -> C:\Windows\System32\ie4uinit.exe -> [2011/06/15 21:04:26 | 000,173,568 | ---- | C] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2011/06/15 21:04:26 | 000,133,632 | ---- | C] (Microsoft Corporation)
iesysprep.dll -> C:\Windows\System32\iesysprep.dll -> [2011/06/15 21:04:26 | 000,109,056 | ---- | C] (Microsoft Corporation)
iesetup.dll -> C:\Windows\System32\iesetup.dll -> [2011/06/15 21:04:26 | 000,071,680 | ---- | C] (Microsoft Corporation)
iernonce.dll -> C:\Windows\System32\iernonce.dll -> [2011/06/15 21:04:26 | 000,055,808 | ---- | C] (Microsoft Corporation)
msfeedsbs.dll -> C:\Windows\System32\msfeedsbs.dll -> [2011/06/15 21:04:26 | 000,055,296 | ---- | C] (Microsoft Corporation)
licmgr10.dll -> C:\Windows\System32\licmgr10.dll -> [2011/06/15 21:04:26 | 000,043,520 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2011/06/15 21:04:25 | 001,638,912 | ---- | C] (Microsoft Corporation)
msfeedssync.exe -> C:\Windows\System32\msfeedssync.exe -> [2011/06/15 21:04:25 | 000,013,312 | ---- | C] (Microsoft Corporation)
Western_Digital -> C:\Users\Veronica\AppData\Local\Western_Digital -> [2011/06/03 20:05:33 | 000,000,000 | ---D | C]
Western Digital -> C:\Users\Veronica\AppData\Roaming\Western Digital -> [2011/05/31 22:09:40 | 000,000,000 | ---D | C]
Western Digital -> C:\ProgramData\Western Digital -> [2011/05/31 22:09:24 | 000,000,000 | ---D | C]
Western Digital -> C:\Program Files\Western Digital -> [2011/05/31 22:08:10 | 000,000,000 | ---D | C]
WD SmartWare -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare -> [2011/05/31 22:08:10 | 000,000,000 | ---D | C]
Western Digital -> C:\Users\Veronica\AppData\Local\Western Digital -> [2011/05/31 22:07:50 | 000,000,000 | ---D | C]
IGFXDEVLib.dll -> C:\Windows\System32\IGFXDEVLib.dll -> [2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( )
dlbxih.exe -> C:\Windows\System32\dlbxih.exe -> [2007/05/22 22:10:52 | 000,386,544 | ---- | C] ( )
dlbxcoms.exe -> C:\Windows\System32\dlbxcoms.exe -> [2007/05/22 22:10:50 | 000,538,096 | ---- | C] ( )
dlbxcfg.exe -> C:\Windows\System32\dlbxcfg.exe -> [2007/05/22 22:10:48 | 000,382,448 | ---- | C] ( )
dlbxpmui.dll -> C:\Windows\System32\dlbxpmui.dll -> [2007/01/30 15:47:52 | 000,643,072 | ---- | C] ( )
dlbxserv.dll -> C:\Windows\System32\dlbxserv.dll -> [2007/01/30 15:46:00 | 001,224,704 | ---- | C] ( )
dlbxcomm.dll -> C:\Windows\System32\dlbxcomm.dll -> [2007/01/30 15:38:18 | 000,421,888 | ---- | C] ( )
dlbxlmpm.dll -> C:\Windows\System32\dlbxlmpm.dll -> [2007/01/30 15:36:30 | 000,585,728 | ---- | C] ( )
dlbxiesc.dll -> C:\Windows\System32\dlbxiesc.dll -> [2007/01/30 15:35:00 | 000,397,312 | ---- | C] ( )
dlbxpplc.dll -> C:\Windows\System32\dlbxpplc.dll -> [2007/01/30 15:32:06 | 000,094,208 | ---- | C] ( )
dlbxcomc.dll -> C:\Windows\System32\dlbxcomc.dll -> [2007/01/30 15:31:08 | 000,684,032 | ---- | C] ( )
dlbxprox.dll -> C:\Windows\System32\dlbxprox.dll -> [2007/01/30 15:30:30 | 000,163,840 | ---- | C] ( )
dlbxinpa.dll -> C:\Windows\System32\dlbxinpa.dll -> [2007/01/30 15:22:32 | 000,413,696 | ---- | C] ( )
dlbxusb1.dll -> C:\Windows\System32\dlbxusb1.dll -> [2007/01/30 15:21:46 | 000,995,328 | ---- | C] ( )
dlbxhbn3.dll -> C:\Windows\System32\dlbxhbn3.dll -> [2007/01/30 15:17:02 | 000,696,320 | ---- | C] ( )
1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp ->
1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp ->

[Files/Folders - Modified Within 30 Days]
OTS.exe -> C:\Users\Veronica\Desktop\OTS.exe -> [2011/06/27 15:26:55 | 000,645,120 | ---- | M] (OldTimer Tools)
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2011/06/27 15:23:10 | 000,604,502 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2011/06/27 15:23:10 | 000,104,170 | ---- | M] ()
Adobe Reader 8.lnk -> C:\Users\Public\Desktop\Adobe Reader 8.lnk -> [2011/06/27 15:20:58 | 000,001,887 | ---- | M] ()
hpqp.ini -> C:\ProgramData\hpqp.ini -> [2011/06/27 15:17:53 | 000,000,284 | ---- | M] ()
RegistryBooster.job -> C:\Windows\tasks\RegistryBooster.job -> [2011/06/27 15:17:03 | 000,000,338 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/27 15:16:51 | 000,003,216 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/27 15:16:50 | 000,003,216 | ---- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2011/06/27 15:16:42 | 000,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2011/06/27 15:16:20 | 2075,336,704 | -HS- | M] ()
MicrosoftFixit50202.msi -> C:\Users\Veronica\Desktop\MicrosoftFixit50202.msi -> [2011/06/26 18:03:31 | 000,689,664 | ---- | M] ()
Update Checker.lnk -> C:\Users\Veronica\Desktop\Update Checker.lnk -> [2011/06/26 17:15:44 | 000,001,754 | ---- | M] ()
FHSetup.exe -> C:\Users\Veronica\Desktop\FHSetup.exe -> [2011/06/26 17:15:32 | 000,252,991 | ---- | M] ()
JavaSetup6u26.exe -> C:\Users\Veronica\Desktop\JavaSetup6u26.exe -> [2011/06/26 16:56:54 | 000,900,384 | ---- | M] (Sun Microsystems, Inc.)
d3d9caps.dat -> C:\Users\Veronica\AppData\Local\d3d9caps.dat -> [2011/06/26 16:49:31 | 000,007,728 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2011/06/26 16:44:11 | 000,401,488 | ---- | M] ()
Hosts -> C:\Windows\System32\drivers\etc\Hosts -> [2011/06/26 16:35:18 | 000,000,098 | ---- | M] ()
RegTask.job -> C:\Windows\tasks\RegTask.job -> [2011/06/24 16:46:20 | 000,000,320 | ---- | M] ()
mlfcache.dat -> C:\Windows\System32\mlfcache.dat -> [2011/06/23 18:17:56 | 000,184,520 | -H-- | M] ()
q2c3566m.exe -> C:\Users\Veronica\Desktop\q2c3566m.exe -> [2011/06/23 17:19:19 | 067,596,792 | ---- | M] ()
IMG_0219a.zip -> C:\Users\Veronica\Desktop\IMG_0219a.zip -> [2011/06/21 21:58:10 | 020,958,880 | ---- | M] ()
HPCeeScheduleForVeronica.job -> C:\Windows\tasks\HPCeeScheduleForVeronica.job -> [2011/06/20 07:04:08 | 000,000,334 | ---- | M] ()
Floor Plan.wps -> C:\Users\Veronica\Documents\Floor Plan.wps -> [2011/06/05 10:09:02 | 000,013,312 | ---- | M] ()
WDSmartWare.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk -> [2011/05/31 22:09:11 | 000,001,282 | ---- | M] ()
WDDMStatus.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk -> [2011/05/31 22:09:11 | 000,001,221 | ---- | M] ()
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation)
24 C:\Users\Veronica\AppData\Local\temp\*.tmp files -> C:\Users\Veronica\AppData\Local\temp\*.tmp ->
1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp ->
1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp ->

[Files - No Company Name]
Adobe Reader 8.lnk -> C:\Users\Public\Desktop\Adobe Reader 8.lnk -> [2011/06/27 15:20:58 | 000,001,887 | ---- | C] ()
Adobe Reader 8.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk -> [2011/06/27 15:20:58 | 000,001,804 | ---- | C] ()
MicrosoftFixit50202.msi -> C:\Users\Veronica\Desktop\MicrosoftFixit50202.msi -> [2011/06/26 18:03:15 | 000,689,664 | ---- | C] ()
Update Checker.lnk -> C:\Users\Veronica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk -> [2011/06/26 17:15:44 | 000,001,784 | ---- | C] ()
Update Checker.lnk -> C:\Users\Veronica\Desktop\Update Checker.lnk -> [2011/06/26 17:15:44 | 000,001,754 | ---- | C] ()
FHSetup.exe -> C:\Users\Veronica\Desktop\FHSetup.exe -> [2011/06/26 17:15:27 | 000,252,991 | ---- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2011/06/26 16:51:37 | 2075,336,704 | -HS- | C] ()
mlfcache.dat -> C:\Windows\System32\mlfcache.dat -> [2011/06/23 18:17:56 | 000,184,520 | -H-- | C] ()
q2c3566m.exe -> C:\Users\Veronica\Desktop\q2c3566m.exe -> [2011/06/23 17:14:58 | 067,596,792 | ---- | C] ()
Floor Plan.wps -> C:\Users\Veronica\Documents\Floor Plan.wps -> [2011/06/03 20:22:12 | 000,013,312 | ---- | C] ()
WDSmartWare.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk -> [2011/05/31 22:09:11 | 000,001,282 | ---- | C] ()
WDDMStatus.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk -> [2011/05/31 22:09:11 | 000,001,221 | ---- | C] ()
igcompkrng500.bin -> C:\Windows\System32\igcompkrng500.bin -> [2010/08/25 20:30:02 | 000,439,308 | ---- | C] ()
igkrng500.bin -> C:\Windows\System32\igkrng500.bin -> [2010/08/25 20:30:00 | 000,982,240 | ---- | C] ()
igfcg500m.bin -> C:\Windows\System32\igfcg500m.bin -> [2010/08/25 20:30:00 | 000,092,356 | ---- | C] ()
GfxUI.exe.config -> C:\Windows\System32\GfxUI.exe.config -> [2010/08/25 19:57:00 | 000,000,151 | ---- | C] ()
iglhsip32.dll -> C:\Windows\System32\iglhsip32.dll -> [2010/08/25 19:52:00 | 000,208,896 | ---- | C] ()
iglhcp32.dll -> C:\Windows\System32\iglhcp32.dll -> [2010/08/25 19:52:00 | 000,143,360 | ---- | C] ()
OGACheckControl.dll -> C:\Windows\System32\OGACheckControl.dll -> [2009/08/03 15:07:42 | 000,403,816 | ---- | C] ()
OGAEXEC.exe -> C:\Windows\System32\OGAEXEC.exe -> [2009/08/03 15:07:42 | 000,230,768 | ---- | C] ()
wklnhst.dat -> C:\Users\Veronica\AppData\Roaming\wklnhst.dat -> [2009/06/20 13:17:33 | 000,000,378 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Veronica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/06/01 14:56:43 | 000,034,304 | ---- | C] ()
ezsidmv.dat -> C:\ProgramData\ezsidmv.dat -> [2009/03/04 13:02:26 | 000,000,056 | ---- | C] ()
d3d9caps.dat -> C:\Users\Veronica\AppData\Local\d3d9caps.dat -> [2009/02/06 18:18:40 | 000,007,728 | ---- | C] ()
A4W.INI -> C:\Windows\A4W.INI -> [2009/02/01 23:16:16 | 000,000,035 | ---- | C] ()
Tx32.dll -> C:\Windows\System32\Tx32.dll -> [2009/02/01 23:03:10 | 000,495,616 | ---- | C] ()
wodCertificate.dll -> C:\Windows\System32\wodCertificate.dll -> [2009/02/01 22:59:42 | 000,595,160 | ---- | C] ()
brgrt.dll -> C:\Windows\System32\brgrt.dll -> [2009/02/01 22:59:39 | 000,589,960 | ---- | C] ()
hpqp.ini -> C:\ProgramData\hpqp.ini -> [2009/01/05 15:19:21 | 000,000,284 | ---- | C] ()
StructuredQuerySchema.bin -> C:\Windows\System32\StructuredQuerySchema.bin -> [2008/10/23 01:43:24 | 000,106,605 | ---- | C] ()
StructuredQuerySchemaTrivial.bin -> C:\Windows\System32\StructuredQuerySchemaTrivial.bin -> [2008/10/23 01:43:24 | 000,018,904 | ---- | C] ()
igfxCoIn_v1518.dll -> C:\Windows\System32\igfxCoIn_v1518.dll -> [2008/07/06 16:29:46 | 000,147,456 | ---- | C] ()
igfcg550.bin -> C:\Windows\System32\igfcg550.bin -> [2008/07/06 16:14:06 | 000,147,172 | ---- | C] ()
HdmiCoin.dll -> C:\Windows\System32\HdmiCoin.dll -> [2008/06/29 10:52:14 | 000,004,608 | ---- | C] ()
dlbxinsr.dll -> C:\Windows\System32\dlbxinsr.dll -> [2007/02/19 08:26:42 | 000,106,496 | ---- | C] ()
dlbxcur.dll -> C:\Windows\System32\dlbxcur.dll -> [2007/02/19 08:26:36 | 000,036,864 | ---- | C] ()
dlbxjswr.dll -> C:\Windows\System32\dlbxjswr.dll -> [2007/02/19 08:26:16 | 000,135,168 | ---- | C] ()
dlbxinsb.dll -> C:\Windows\System32\dlbxinsb.dll -> [2007/02/19 08:23:24 | 000,176,128 | ---- | C] ()
dlbxcub.dll -> C:\Windows\System32\dlbxcub.dll -> [2007/02/19 08:23:18 | 000,086,016 | ---- | C] ()
dlbxcu.dll -> C:\Windows\System32\dlbxcu.dll -> [2007/02/19 08:23:10 | 000,073,728 | ---- | C] ()
dlbxins.dll -> C:\Windows\System32\dlbxins.dll -> [2007/02/19 08:23:08 | 000,159,744 | ---- | C] ()
dlbxutil.dll -> C:\Windows\System32\dlbxutil.dll -> [2007/02/19 08:21:58 | 000,434,176 | ---- | C] ()
dlbxcoin.dll -> C:\Windows\System32\dlbxcoin.dll -> [2007/02/07 18:57:16 | 000,344,064 | ---- | C] ()
dlbxcfg.dll -> C:\Windows\System32\dlbxcfg.dll -> [2007/01/22 08:18:02 | 000,069,632 | ---- | C] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2006/11/02 08:53:49 | 000,067,584 | --S- | C] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2006/11/02 08:44:53 | 000,401,488 | ---- | C] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2006/11/02 06:33:01 | 000,604,502 | ---- | C] ()
perfi009.dat -> C:\Windows\System32\perfi009.dat -> [2006/11/02 06:33:01 | 000,287,440 | ---- | C] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2006/11/02 06:33:01 | 000,104,170 | ---- | C] ()
perfd009.dat -> C:\Windows\System32\perfd009.dat -> [2006/11/02 06:33:01 | 000,030,674 | ---- | C] ()
dssec.dat -> C:\Windows\System32\dssec.dat -> [2006/11/02 06:23:21 | 000,215,943 | ---- | C] ()
mib.bin -> C:\Windows\mib.bin -> [2006/11/02 04:58:30 | 000,043,131 | ---- | C] ()
NOISE.DAT -> C:\Windows\System32\NOISE.DAT -> [2006/11/02 04:19:00 | 000,000,741 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 03:40:29 | 000,013,750 | ---- | C] ()
mlang.dat -> C:\Windows\System32\mlang.dat -> [2006/11/02 03:25:31 | 000,673,088 | ---- | C] ()
WdfCoInstaller01000.dll -> C:\Windows\System32\WdfCoInstaller01000.dll -> [2006/03/09 05:58:00 | 001,060,424 | ---- | C] ()
dlbxvs.dll -> C:\Windows\System32\dlbxvs.dll -> [2005/08/18 11:26:46 | 000,040,960 | ---- | C] ()
dlbxcnv4.dll -> C:\Windows\System32\dlbxcnv4.dll -> [2005/02/24 22:23:46 | 000,061,440 | ---- | C] ()

[File - Lop Check]
LimeWire -> C:\Users\Guest\AppData\Roaming\LimeWire -> [2011/06/11 17:18:55 | 000,000,000 | ---D | M]
Western Digital -> C:\Users\Guest\AppData\Roaming\Western Digital -> [2011/06/11 17:18:13 | 000,000,000 | ---D | M]
LimeWire -> C:\Users\Veronica\AppData\Roaming\LimeWire -> [2011/06/27 15:18:43 | 000,000,000 | ---D | M]
Template -> C:\Users\Veronica\AppData\Roaming\Template -> [2009/06/20 13:17:36 | 000,000,000 | ---D | M]
Uniblue -> C:\Users\Veronica\AppData\Roaming\Uniblue -> [2011/04/20 20:41:10 | 000,000,000 | ---D | M]
Western Digital -> C:\Users\Veronica\AppData\Roaming\Western Digital -> [2011/05/31 22:09:40 | 000,000,000 | ---D | M]
RegistryBooster.job -> C:\Windows\Tasks\RegistryBooster.job -> [2011/06/27 15:17:03 | 000,000,338 | ---- | M] ()
RegTask.job -> C:\Windows\Tasks\RegTask.job -> [2011/06/24 16:46:20 | 000,000,320 | ---- | M] ()
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2011/06/26 18:10:04 | 000,032,592 | ---- | M] ()
[Custom Scans]
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %SYSTEMDRIVE%\*.exe >
< MD5 Scans Start>
< %systemdrive%\EXPLORER.EXE /md5 /s >
explorer.exe : MD5=37440D09DEAE0B672A04DCCF7ABF06BE -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe -> [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)
explorer.exe : MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -> C:\Windows\ERDNT\cache\explorer.exe -> [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
explorer.exe : MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -> C:\Windows\explorer.exe -> [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
explorer.exe : MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe -> [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
explorer.exe : MD5=50BA5850147410CDE89C523AD3BC606E -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe -> [2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation)
explorer.exe : MD5=D07D4C3038F3578FFCE1C0237F2A1253 -> C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe -> [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
explorer.exe : MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe -> [2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation)
explorer.exe : MD5=FFA764631CB70A30065C12EF8E174F9F -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe -> [2008/01/20 22:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation)
< %systemdrive%\SVCHOST.EXE /md5 /s >
svchost.exe : MD5=3794B461C45882E06856F282EEF025AF -> C:\Windows\ERDNT\cache\svchost.exe -> [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation)
svchost.exe : MD5=3794B461C45882E06856F282EEF025AF -> C:\Windows\System32\svchost.exe -> [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation)
svchost.exe : MD5=3794B461C45882E06856F282EEF025AF -> C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe -> [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation)
< %systemdrive%\USERINIT.EXE /md5 /s >
userinit.exe : MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -> C:\Windows\ERDNT\cache\userinit.exe -> [2008/01/20 22:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation)
userinit.exe : MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -> C:\Windows\System32\userinit.exe -> [2008/01/20 22:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation)
userinit.exe : MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -> C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe -> [2008/01/20 22:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation)
< %systemdrive%\VOLSNAP.INF /md5 /s >
volsnap.inf : MD5=E5EE5E075DAB1367001C467C70E8C580 -> C:\Windows\inf\volsnap.inf -> [2006/11/02 06:25:18 | 000,001,790 | ---- | M] ()
volsnap.inf : MD5=E5EE5E075DAB1367001C467C70E8C580 -> C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.inf -> [2006/11/02 02:35:04 | 000,001,790 | ---- | M] ()
< %systemdrive%\VOLSNAP.INF_LOC /md5 /s >
volsnap.inf_loc : MD5=F040058B592FE682204B2FC15DDEAC0D -> C:\Windows\System32\DriverStore\en-US\volsnap.inf_loc -> [2006/11/02 08:38:54 | 000,000,198 | ---- | M] ()
volsnap.inf_loc : MD5=F040058B592FE682204B2FC15DDEAC0D -> C:\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_112c68f98452eff6\volsnap.inf_loc -> [2006/11/02 08:38:54 | 000,000,198 | ---- | M] ()
< %systemdrive%\VOLSNAP.PNF /md5 /s >
volsnap.PNF : MD5=D798A5AB52391B0379BF9362C830216D -> C:\Windows\inf\volsnap.PNF -> [2009/02/01 14:05:19 | 000,004,940 | ---- | M] ()
volsnap.PNF : MD5=EC59A0A78096C0FC3DA8BB653D1FE54D -> C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.PNF -> [2009/02/01 13:56:58 | 000,004,940 | ---- | M] ()
< %systemdrive%\VOLSNAP.SYS /md5 /s >
volsnap.sys : MD5=11EF6C1CAEF76B685233450A126125D6 -> C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys -> [2006/11/02 05:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation)
volsnap.sys : MD5=147281C01FCB1DF9252DE2A10D5E7093 -> C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys -> [2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation)
volsnap.sys : MD5=D8B4A53DD2769F226B3EB374374987C9 -> C:\Windows\System32\drivers\volsnap.sys -> [2008/01/20 22:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation)
volsnap.sys : MD5=D8B4A53DD2769F226B3EB374374987C9 -> C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys -> [2008/01/20 22:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation)
volsnap.sys : MD5=D8B4A53DD2769F226B3EB374374987C9 -> C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys -> [2008/01/20 22:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation)
< %systemdrive%\VOLSNAP.SYS.MUI /md5 /s >
volsnap.sys.mui : MD5=2A3DEAD70397152006B4E3CED20B41C4 -> C:\Windows\System32\drivers\en-US\volsnap.sys.mui -> [2008/01/20 22:35:34 | 000,032,768 | ---- | M] (Microsoft Corporation)
volsnap.sys.mui : MD5=2A3DEAD70397152006B4E3CED20B41C4 -> C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7b264a38bff55d35\volsnap.sys.mui -> [2008/01/20 22:35:34 | 000,032,768 | ---- | M] (Microsoft Corporation)
volsnap.sys.mui : MD5=F9B09F7E31E49004666C9B3EB0BEBD94 -> C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_78ef883cc30a4c61\volsnap.sys.mui -> [2006/11/02 08:38:59 | 000,014,848 | ---- | M] (Microsoft Corporation)
< %systemdrive%\WINLOGON.EXE /md5 /s >
winlogon.exe : MD5=898E7C06A350D4A1A64A9EA264D55452 -> C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe -> [2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation)
winlogon.exe : MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -> C:\Windows\ERDNT\cache\winlogon.exe -> [2008/01/20 22:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation)
winlogon.exe : MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -> C:\Windows\System32\winlogon.exe -> [2008/01/20 22:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation)
winlogon.exe : MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe -> [2008/01/20 22:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS] -> [2010/11/28 15:42:37 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS] -> [2010/11/28 15:42:37 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL] -> [2010/11/28 15:42:37 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\ -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE] -> [2010/11/28 15:42:31 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES] -> [2010/11/28 15:42:31 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE] -> [2010/11/28 15:42:31 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF] -> [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE"] -> [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES\SAFARI\SAFARI.EXE ["C:\PROGRAM FILES\SAFARI\SAFARI.EXE" /REINSTALL] -> [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES\SAFARI\SAFARI.EXE ["C:\PROGRAM FILES\SAFARI\SAFARI.EXE" /HIDEICONS] -> [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES\SAFARI\SAFARI.EXE ["C:\PROGRAM FILES\SAFARI\SAFARI.EXE" /SHOWICONS] -> [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\ -> C:\PROGRAM FILES\SAFARI\SAFARI.EXE ["C:\PROGRAM FILES\SAFARI\SAFARI.EXE"] -> [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS] -> [2010/11/28 15:42:37 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS] -> [2010/11/28 15:42:37 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL] -> [2010/11/28 15:42:37 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\ -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE] -> [2010/11/28 15:42:31 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES] -> [2010/11/28 15:42:31 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE] -> [2010/11/28 15:42:31 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF] -> [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE"] -> [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES\SAFARI\SAFARI.EXE ["C:\PROGRAM FILES\SAFARI\SAFARI.EXE" /REINSTALL] -> [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES\SAFARI\SAFARI.EXE ["C:\PROGRAM FILES\SAFARI\SAFARI.EXE" /HIDEICONS] -> [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES\SAFARI\SAFARI.EXE ["C:\PROGRAM FILES\SAFARI\SAFARI.EXE" /SHOWICONS] -> [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\ -> C:\PROGRAM FILES\SAFARI\SAFARI.EXE ["C:\PROGRAM FILES\SAFARI\SAFARI.EXE"] -> [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)

CREATERESTOREPOINT
Restore point Set: OTS Restore Point
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %SYSTEMDRIVE%\*.exe >
< MD5 Scans Start>
< %systemdrive%\EXPLORER.EXE /md5 /s >
explorer.exe : MD5=37440D09DEAE0B672A04DCCF7ABF06BE -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe -> [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)
explorer.exe : MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -> C:\Windows\ERDNT\cache\explorer.exe -> [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
explorer.exe : MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -> C:\Windows\explorer.exe -> [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
explorer.exe : MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe -> [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
explorer.exe : MD5=50BA5850147410CDE89C523AD3BC606E -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe -> [2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation)
explorer.exe : MD5=D07D4C3038F3578FFCE1C0237F2A1253 -> C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe -> [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
explorer.exe : MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe -> [2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation)
explorer.exe : MD5=FFA764631CB70A30065C12EF8E174F9F -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe -> [2008/01/20 22:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation)
< %systemdrive%\SVCHOST.EXE /md5 /s >
svchost.exe : MD5=3794B461C45882E06856F282EEF025AF -> C:\Windows\ERDNT\cache\svchost.exe -> [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation)
svchost.exe : MD5=3794B461C45882E06856F282EEF025AF -> C:\Windows\System32\svchost.exe -> [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation)
svchost.exe : MD5=3794B461C45882E06856F282EEF025AF -> C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe -> [2008/01/20 22:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation)
< %systemdrive%\USERINIT.EXE /md5 /s >
userinit.exe : MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -> C:\Windows\ERDNT\cache\userinit.exe -> [2008/01/20 22:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation)
userinit.exe : MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -> C:\Windows\System32\userinit.exe -> [2008/01/20 22:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation)
userinit.exe : MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -> C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe -> [2008/01/20 22:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation)
< %systemdrive%\VOLSNAP.INF /md5 /s >
volsnap.inf : MD5=E5EE5E075DAB1367001C467C70E8C580 -> C:\Windows\inf\volsnap.inf -> [2006/11/02 06:25:18 | 000,001,790 | ---- | M] ()
volsnap.inf : MD5=E5EE5E075DAB1367001C467C70E8C580 -> C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.inf -> [2006/11/02 02:35:04 | 000,001,790 | ---- | M] ()
< %systemdrive%\VOLSNAP.INF_LOC /md5 /s >
volsnap.inf_loc : MD5=F040058B592FE682204B2FC15DDEAC0D -> C:\Windows\System32\DriverStore\en-US\volsnap.inf_loc -> [2006/11/02 08:38:54 | 000,000,198 | ---- | M] ()
volsnap.inf_loc : MD5=F040058B592FE682204B2FC15DDEAC0D -> C:\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_112c68f98452eff6\volsnap.inf_loc -> [2006/11/02 08:38:54 | 000,000,198 | ---- | M] ()
< %systemdrive%\VOLSNAP.PNF /md5 /s >
volsnap.PNF : MD5=D798A5AB52391B0379BF9362C830216D -> C:\Windows\inf\volsnap.PNF -> [2009/02/01 14:05:19 | 000,004,940 | ---- | M] ()
volsnap.PNF : MD5=EC59A0A78096C0FC3DA8BB653D1FE54D -> C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.PNF -> [2009/02/01 13:56:58 | 000,004,940 | ---- | M] ()
< %systemdrive%\VOLSNAP.SYS /md5 /s >
volsnap.sys : MD5=11EF6C1CAEF76B685233450A126125D6 -> C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys -> [2006/11/02 05:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation)
volsnap.sys : MD5=147281C01FCB1DF9252DE2A10D5E7093 -> C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys -> [2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation)
volsnap.sys : MD5=D8B4A53DD2769F226B3EB374374987C9 -> C:\Windows\System32\drivers\volsnap.sys -> [2008/01/20 22:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation)
volsnap.sys : MD5=D8B4A53DD2769F226B3EB374374987C9 -> C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys -> [2008/01/20 22:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation)
volsnap.sys : MD5=D8B4A53DD2769F226B3EB374374987C9 -> C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys -> [2008/01/20 22:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation)
< %systemdrive%\VOLSNAP.SYS.MUI /md5 /s >
volsnap.sys.mui : MD5=2A3DEAD70397152006B4E3CED20B41C4 -> C:\Windows\System32\drivers\en-US\volsnap.sys.mui -> [2008/01/20 22:35:34 | 000,032,768 | ---- | M] (Microsoft Corporation)
volsnap.sys.mui : MD5=2A3DEAD70397152006B4E3CED20B41C4 -> C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7b264a38bff55d35\volsnap.sys.mui -> [2008/01/20 22:35:34 | 000,032,768 | ---- | M] (Microsoft Corporation)
volsnap.sys.mui : MD5=F9B09F7E31E49004666C9B3EB0BEBD94 -> C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_78ef883cc30a4c61\volsnap.sys.mui -> [2006/11/02 08:38:59 | 000,014,848 | ---- | M] (Microsoft Corporation)
< %systemdrive%\WINLOGON.EXE /md5 /s >
winlogon.exe : MD5=898E7C06A350D4A1A64A9EA264D55452 -> C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe -> [2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation)
winlogon.exe : MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -> C:\Windows\ERDNT\cache\winlogon.exe -> [2008/01/20 22:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation)
winlogon.exe : MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -> C:\Windows\System32\winlogon.exe -> [2008/01/20 22:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation)
winlogon.exe : MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe -> [2008/01/20 22:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS] -> [2010/11/28 15:42:37 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS] -> [2010/11/28 15:42:37 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL] -> [2010/11/28 15:42:37 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\ -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE] -> [2010/11/28 15:42:31 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES] -> [2010/11/28 15:42:31 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE] -> [2010/11/28 15:42:31 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF] -> [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE"] -> [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES\SAFARI\SAFARI.EXE ["C:\PROGRAM FILES\SAFARI\SAFARI.EXE" /REINSTALL] -> [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES\SAFARI\SAFARI.EXE ["C:\PROGRAM FILES\SAFARI\SAFARI.EXE" /HIDEICONS] -> [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES\SAFARI\SAFARI.EXE ["C:\PROGRAM FILES\SAFARI\SAFARI.EXE" /SHOWICONS] -> [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\ -> C:\PROGRAM FILES\SAFARI\SAFARI.EXE ["C:\PROGRAM FILES\SAFARI\SAFARI.EXE"] -> [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS] -> [2010/11/28 15:42:37 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS] -> [2010/11/28 15:42:37 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL] -> [2010/11/28 15:42:37 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\ -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE] -> [2010/11/28 15:42:31 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES] -> [2010/11/28 15:42:31 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE] -> [2010/11/28 15:42:31 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF] -> [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE"] -> [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES\SAFARI\SAFARI.EXE ["C:\PROGRAM FILES\SAFARI\SAFARI.EXE" /REINSTALL] -> [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES\SAFARI\SAFARI.EXE ["C:\PROGRAM FILES\SAFARI\SAFARI.EXE" /HIDEICONS] -> [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES\SAFARI\SAFARI.EXE ["C:\PROGRAM FILES\SAFARI\SAFARI.EXE" /SHOWICONS] -> [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command -> ->
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\ -> C:\PROGRAM FILES\SAFARI\SAFARI.EXE ["C:\PROGRAM FILES\SAFARI\SAFARI.EXE"] -> [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)

CREATERESTOREPOINT
Restore point Set: OTS Restore Point

[Files/Folders - Unicode - All]
C:\Users\Veronica\Documents\??????.doc -> C:\Users\Veronica\Documents\Сырное.doc -> [2009/08/04 23:57:06 | 000,044,032 | ---- | C] ()
C:\Users\Veronica\Documents\??????.doc -> C:\Users\Veronica\Documents\Сырное.doc -> [2009/08/04 23:57:08 | 000,044,032 | ---- | M] ()
< End of report >
  • 0

#37
Essexboy
Posted 27 June 2011 - 02:46 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you check to see if it has set the screensaver back on please
  • 0

#38
Vero_
Posted 27 June 2011 - 02:58 PM

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
wow. yes it did. i switched it back to none again. now what?
  • 0

#39
Essexboy
Posted 27 June 2011 - 03:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What name does that screensaver have

[attachment=51027:Capture.GIF]
  • 0

#40
Vero_
Posted 27 June 2011 - 03:27 PM

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
it was Blinx before. now i changed it to none
  • 0

Advertisements

#41
Essexboy
Posted 27 June 2011 - 03:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets see what I can find

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield: 
    :filefind 
Blinx.*
*.scr

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#42
Vero_
Posted 27 June 2011 - 03:50 PM

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
SystemLook 04.09.10 by jpshortstuff
Log created at 17:47 on 27/06/2011 by Veronica
Administrator - Elevation successful

========== filefind ==========

Searching for "Blinx.* "
No files found.

Searching for "*.scr "
C:\Users\Guest\AppData\Roaming\LimeWire\promotion\promodb.script --a---- 1010 bytes [16:13 08/01/2011] [21:19 11/06/2011] 7B95195C39733F91B8C58D9E6EECEB26
C:\Users\Veronica\AppData\Roaming\LimeWire\promotion\promodb.script --a---- 1013 bytes [20:59 30/04/2009] [19:44 10/05/2011] 58B560FD42847A1761E0A1131E873F62
C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6002.18005_none_6db9f7e45597cad5\PhotoScreensaver.scr --a---- 704512 bytes [23:11 18/08/2009] [06:27 11/04/2009] AAC78A91ED32BC0CA7FC8AEC39975016
C:\Windows\System32\Aurora.scr --a---- 1370624 bytes [02:33 21/01/2008] [02:33 21/01/2008] F240B31DA00632718CC2392A4D193313
C:\Windows\System32\Bubbles.scr --a---- 879616 bytes [02:33 21/01/2008] [02:33 21/01/2008] 26DBDDEB53BA845451DF191FBE3459B9
C:\Windows\System32\logon.scr --a---- 5714432 bytes [02:34 21/01/2008] [02:34 21/01/2008] B17D18FD6594AAA25CBC95E799B1BF40
C:\Windows\System32\Mystify.scr --a---- 221184 bytes [02:33 21/01/2008] [02:33 21/01/2008] 39BA737EBF8E7DA1CD019FE95333FD70
C:\Windows\System32\PhotoScreensaver.scr --a---- 704512 bytes [02:35 21/01/2008] [02:35 21/01/2008] D3583217A771037F3A49B67CA5F2CE8F
C:\Windows\System32\Ribbons.scr --a---- 220672 bytes [02:32 21/01/2008] [02:32 21/01/2008] 5A32D90A3D3D63E9011869A07A720AB3
C:\Windows\System32\scrnsave.scr --a---- 10240 bytes [08:48 02/11/2006] [09:44 02/11/2006] 0B883A187017547784420E0A855604D9
C:\Windows\System32\ssblinkx.scr --a---- 458752 bytes [08:22 26/11/2010] [08:22 26/11/2010] 398CBD217173F213E47FEF44200C6FFF
C:\Windows\System32\ssBranded.scr --a---- 8139264 bytes [02:32 21/01/2008] [02:32 21/01/2008] 383D0C71DCCD40081BE04B450EF5037D
C:\Windows\System32\ssText3d.scr --a---- 294912 bytes [02:33 21/01/2008] [02:33 21/01/2008] 36A107E19010259FCAC647EA2BF94B37
C:\Windows\winsxs\x86_microsoft-windows-aurora_31bf3856ad364e35_6.0.6001.18000_none_9b06fa43a64d3c3c\Aurora.scr --a---- 1370624 bytes [02:33 21/01/2008] [02:33 21/01/2008] F240B31DA00632718CC2392A4D193313
C:\Windows\winsxs\x86_microsoft-windows-bubbles_31bf3856ad364e35_6.0.6001.18000_none_6e7e463bc9f1a17d\Bubbles.scr --a---- 879616 bytes [02:33 21/01/2008] [02:33 21/01/2008] 26DBDDEB53BA845451DF191FBE3459B9
C:\Windows\winsxs\x86_microsoft-windows-logon_31bf3856ad364e35_6.0.6001.18000_none_58fb5219c92c4735\logon.scr --a---- 5714432 bytes [02:34 21/01/2008] [02:34 21/01/2008] B17D18FD6594AAA25CBC95E799B1BF40
C:\Windows\winsxs\x86_microsoft-windows-mystify_31bf3856ad364e35_6.0.6001.18000_none_f0119b125f5d44fd\Mystify.scr --a---- 221184 bytes [02:33 21/01/2008] [02:33 21/01/2008] 39BA737EBF8E7DA1CD019FE95333FD70
C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6001.18000_none_6bce7ed85875ff89\PhotoScreensaver.scr --a---- 704512 bytes [02:35 21/01/2008] [02:35 21/01/2008] D3583217A771037F3A49B67CA5F2CE8F
C:\Windows\winsxs\x86_microsoft-windows-ribbons_31bf3856ad364e35_6.0.6001.18000_none_88b4e40227fbeb47\Ribbons.scr --a---- 220672 bytes [02:32 21/01/2008] [02:32 21/01/2008] 5A32D90A3D3D63E9011869A07A720AB3
C:\Windows\winsxs\x86_microsoft-windows-scrnsave_31bf3856ad364e35_6.0.6000.16386_none_df08df07dd79c713\scrnsave.scr --a---- 10240 bytes [08:48 02/11/2006] [09:44 02/11/2006] 0B883A187017547784420E0A855604D9
C:\Windows\winsxs\x86_microsoft-windows-ssbranded_31bf3856ad364e35_6.0.6001.18000_none_388afdb9078c6894\ssBranded.scr --a---- 8139264 bytes [02:32 21/01/2008] [02:32 21/01/2008] 383D0C71DCCD40081BE04B450EF5037D
C:\Windows\winsxs\x86_microsoft-windows-sstext3d_31bf3856ad364e35_6.0.6001.18000_none_0438b87e5f9c33e2\ssText3d.scr --a---- 294912 bytes [02:33 21/01/2008] [02:33 21/01/2008] 36A107E19010259FCAC647EA2BF94B37

-= EOF =-
  • 0

#43
Essexboy
Posted 27 June 2011 - 03:56 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well looky here what we found

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Custom Items]
:Files 
C:\Windows\System32\ssblinkx.scr 
:end
[Empty Temp Folders]
[EmptyFlash]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!
  • 0

#44
Vero_
Posted 27 June 2011 - 05:54 PM

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
did that. but it rebooted my computer. didnt give me any logs. what to do?
  • 0

#45
Essexboy
Posted 28 June 2011 - 10:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run systemlook again with the same script to confirm that it has gone bye bye
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP