Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"Disappearing Shortcuts" [Solved]

Started by fenix1 , Dec 28 2011 02:54 PM

  • This topic is locked This topic is locked

#16
fenix1
Posted 31 December 2011 - 05:51 PM

fenix1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Uninstalled Mcafee completely...even went into the Registry... and in Machine and User got rid of all keys referencing Mcafee. What i was referring to bout "troubleshooting" only allowing only 4 shortcuts i've attached the page so you can see it. I accessed the file and changed the value from 4 to 50.
Doesn't really matter though as i've disabled troublshooting. Also, something really troubling is that i also did this.

Configured system to SHOW all hidden files. Went to C\Documents and Settings\Fenix1\Local\AppData\. I have 20 alpha\numeric entries that are ALL empty. Shows various other programs which are intact. Problem is i dont see any file that says "Icon Cache.db. Shouldn't that file be there? Also, have tried killing Explorer and restarting it thinking it would rebuild or restore icon cache but nothing. I also checked other users files under
Local\AppData and there is no icon cache.db as well. This is unbelievable...help...charlieAttached File  Document1.rtf   2.79KB   91 downloads



  • 0

Advertisements

#17
Essexboy
Posted 01 January 2012 - 05:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do the 0byte files follow this format C:\Users\Martin\AppData\Local\{1A4B8F47-21B1-44D4-A748-07C502BD847B} if so they are related to windows live and are just junk

To rebuild the icon cache there is a small programme here run that and let me know the result. Use option one initially

Did you use the McAfee removal tool ? or did you do it all manually

How is the system behaving now ?
  • 0

#18
fenix1
Posted 01 January 2012 - 02:52 PM

fenix1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Gday Essexboy and thanks for ur help! I deleted the "junk" entrys. I used Mcafees Uninstaller and got rid of registry keys that were left over.
I used the tool the you referred me to to try and automatically restore iconcache.db and its file extensions. Didn't work. I then pulled up CommandPrompt and tried restoring them manually. Killed Explorer with first command then tried the second command to CD d and kill %userprofile% and it said i used an invalid "switch". Typed exactly what it said. Then i tried the third command to delete iconcache.db and it said it couldn't be found! Man, in 16 years of my computing i've never ran into anything like this! I'll never download and install anything in the future without first running every security scan necessary to make certain that it's "clean". Anyways...as a dear friend used ta say, "what we gonna do now".:help:
  • 0

#19
Essexboy
Posted 01 January 2012 - 05:21 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The intriguing thing is, that windows should rebuild the iconcache if it is missing. So lets check if they really are missing

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    iconcache.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#20
fenix1
Posted 01 January 2012 - 09:45 PM

fenix1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Here is the results of OTL scan:



OTL logfile created on: 1/1/2012 9:04:32 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Fenix1\Desktop\Tools
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.87% Memory free
4.41 Gb Paging File | 2.95 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): c:\pagefile.sys 2500 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.95 Gb Total Space | 100.43 Gb Free Space | 71.76% Space Free | Partition Type: NTFS
Drive D: | 140.04 Gb Total Space | 5.74 Gb Free Space | 4.10% Space Free | Partition Type: NTFS

Computer Name: FENIX1-PC | User Name: Fenix1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/29 14:18:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fenix1\Desktop\Tools\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/21 01:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/17 11:03:45 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/15 13:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/24 16:16:52 | 004,657,424 | ---- | M] (Headlight Software, Inc.) -- C:\Program Files\GetRight\GetRight.exe
PRC - [2010/11/20 06:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/06/03 14:53:52 | 000,030,016 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/11/17 15:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | R-S- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/17 18:01:04 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/21 01:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/04/14 19:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2010/04/15 21:33:16 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/11 19:21:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/06/03 14:53:52 | 000,030,016 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2010/03/30 17:52:34 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/11/17 15:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/15 18:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Disabled | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/02/17 18:01:04 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/20 06:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 06:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 04:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/09/14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/09/14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/09/14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/04/15 21:35:44 | 000,237,840 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/07/13 17:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2008/03/11 16:31:54 | 000,022,560 | ---- | M] (Acer, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - [2008/03/11 15:03:02 | 000,087,072 | ---- | M] (Acer, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
DRV - [2005/04/21 15:10:30 | 000,013,335 | ---- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcm.sys -- (usbcm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...65u2i5z47326284
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3792762254-3201514299-365106432-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3792762254-3201514299-365106432-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3792762254-3201514299-365106432-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com
IE - HKU\S-1-5-21-3792762254-3201514299-365106432-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3792762254-3201514299-365106432-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3792762254-3201514299-365106432-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20111220&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Fenix1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Fenix1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fenix1\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fenix1\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\WordWeb\WCaptureMoz [2011/11/10 17:58:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/25 02:43:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/25 12:59:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/01 17:26:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/25 04:19:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/31 01:16:16 | 000,000,000 | ---D | M]

[2011/11/30 01:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fenix1\AppData\Roaming\Mozilla\Extensions
[2011/12/25 05:48:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fenix1\AppData\Roaming\Mozilla\Firefox\Profiles\7hu2limx.default\extensions
[2011/12/31 01:16:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/31 01:16:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/25 12:59:49 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/01/01 17:26:42 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011/11/10 17:58:22 | 000,000,000 | ---D | M] (WordWeb one-click lookup) -- C:\PROGRAM FILES\WORDWEB\WCAPTUREMOZ
() (No name found) -- C:\USERS\FENIX1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7HU2LIMX.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\FENIX1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7HU2LIMX.DEFAULT\EXTENSIONS\[email protected]
[2011/12/21 01:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/31 01:16:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 22:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 19:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/12/20 22:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/30 22:43:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (GetRight IE Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-3792762254-3201514299-365106432-1001..\Run: [cdloader] C:\Users\Fenix1\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-3792762254-3201514299-365106432-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3792762254-3201514299-365106432-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3792762254-3201514299-365106432-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\Bin\resources\WebMenuImg.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.100 208.180.42.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C170C70C-8D25-46DB-A63A-82E7459E0703}: DhcpNameServer = 208.180.42.100 208.180.42.68
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O30 - LSA: Authentication Packages - (wvauth) -C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/01 17:47:29 | 000,000,000 | ---D | C] -- C:\Windows\$regcmp$
[2012/01/01 17:28:50 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\DDMSettings
[2012/01/01 17:26:34 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\DivX
[2012/01/01 17:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012/01/01 17:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/01/01 17:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012/01/01 17:23:09 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/01/01 17:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/12/31 16:06:19 | 000,000,000 | R--D | C] -- C:\Users\Fenix1\Documents\Notes
[2011/12/31 01:17:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/12/31 01:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/12/31 01:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/31 01:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/30 04:21:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/30 04:21:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/30 04:21:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/30 04:20:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/30 04:20:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/30 02:03:25 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\Desktop\Tools
[2011/12/29 21:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\IncrediMail_MediaBar_2
[2011/12/29 13:44:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/28 14:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/12/28 12:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstall Information
[2011/12/27 23:55:08 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\ElevatedDiagnostics
[2011/12/27 20:36:07 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Nero
[2011/12/27 20:16:51 | 001,114,624 | ---- | C] (The Windows Club) -- C:\Windows\memorb.exe
[2011/12/27 18:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2011/12/27 18:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2011/12/27 18:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2011/12/27 18:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2011/12/27 18:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Backup Manager
[2011/12/25 16:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011/12/25 13:00:14 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/12/25 13:00:14 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/12/25 13:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/12/25 13:00:12 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/12/25 13:00:11 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/12/25 13:00:09 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/12/25 13:00:08 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/12/25 12:59:45 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/12/25 12:59:44 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/12/25 12:54:06 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/25 12:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/25 08:01:29 | 000,000,000 | ---D | C] -- C:\Windows\PIF
[2011/12/25 07:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2011/12/25 07:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/12/25 03:46:16 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
[2011/12/25 03:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2011/12/24 23:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/12/24 23:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/24 20:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2011/12/24 20:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/12/24 18:51:42 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\McAfee
[2011/12/24 05:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\ExpressFiles
[2011/12/24 03:33:08 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Thinstall
[2011/12/24 03:30:35 | 000,000,000 | ---D | C] -- C:\Games
[2011/12/24 01:29:56 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/12/24 00:51:39 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Small Rockets
[2011/12/24 00:34:36 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\eType
[2011/12/23 20:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
[2011/12/23 20:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\City Interactive
[2011/12/23 19:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
[2011/12/19 18:38:43 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Applian FLV and Media Player
[2011/12/19 18:13:25 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\Documents\Freecorder
[2011/12/16 15:34:40 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bill2's Process Manager
[2011/12/16 15:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bill2's Process Manager
[2011/12/16 15:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bill2's Process Manager
[2011/12/16 15:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\Ainvo
[2011/12/13 18:17:31 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/12/10 14:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Clean Expert
[2011/12/10 14:34:15 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Clean Expert
[2011/12/10 14:33:40 | 000,544,768 | ---- | C] (Stardock Corporation) -- C:\Windows\System32\wbocx.ocx
[2011/12/10 14:33:40 | 000,056,496 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbhelp2.dll
[2011/12/10 14:33:40 | 000,033,968 | ---- | C] (Neil Banfield) -- C:\Windows\System32\anim.dll
[2011/12/10 14:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinUtilities
[2011/12/10 11:07:59 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\LockHunter
[2011/12/10 10:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
[2011/12/10 10:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
[2011/12/04 12:53:30 | 000,000,000 | ---D | C] -- C:\InterbankFX_1-Click
[2011/12/03 17:24:05 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Free Photo Converter
[2011/12/03 11:50:08 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\MozillaControl
[2011/12/03 01:41:36 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2011/12/03 01:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\GetRight
[2011/12/03 01:31:35 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\GetRight
[2011/12/03 01:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\GetRight
[2011/12/02 23:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
[2011/10/13 11:31:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2012/01/01 20:36:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/01 20:10:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3792762254-3201514299-365106432-1001UA.job
[2012/01/01 18:03:37 | 000,021,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/01 18:03:37 | 000,021,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/01 17:56:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/01 17:55:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/01 17:55:52 | 1583,222,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/01 17:53:14 | 000,000,046 | ---- | M] () -- C:\Windows\System32\_WKERNEL.FRE
[2012/01/01 17:26:47 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/01/01 17:26:28 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/01/01 17:20:47 | 000,001,553 | ---- | M] () -- C:\Users\Fenix1\Desktop\AvastUI.lnk
[2012/01/01 17:16:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/01 16:39:47 | 000,000,987 | ---- | M] () -- C:\Users\Fenix1\Desktop\Guitar and Bass.lnk
[2012/01/01 16:07:32 | 000,001,086 | ---- | M] () -- C:\Users\Fenix1\Desktop\REGEDIT.lnk
[2012/01/01 15:48:19 | 000,000,999 | ---- | M] () -- C:\Users\Fenix1\Desktop\magicJack.lnk
[2012/01/01 14:27:28 | 000,002,853 | ---- | M] () -- C:\Users\Fenix1\Desktop\COMMAND.pif
[2012/01/01 10:10:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3792762254-3201514299-365106432-1001Core.job
[2011/12/31 23:31:48 | 000,338,440 | ---- | M] () -- C:\Users\Fenix1\Desktop\Songbook.htm
[2011/12/31 21:24:34 | 000,000,393 | ---- | M] () -- C:\Users\Fenix1\AppData\Roaming\burnaware.ini
[2011/12/31 21:20:39 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2011/12/31 21:13:49 | 000,009,728 | ---- | M] () -- C:\Users\Fenix1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/31 17:49:03 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2011/12/31 15:14:29 | 000,625,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/31 15:14:29 | 000,107,084 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/31 15:08:38 | 000,014,686 | ---- | M] () -- C:\Windows\System32\results.xml
[2011/12/31 00:13:23 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/12/30 22:43:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/30 02:40:37 | 000,000,000 | ---- | M] () -- C:\Users\Fenix1\AppData\Local\WavXMapDrive.bat
[2011/12/30 02:30:25 | 000,001,835 | ---- | M] () -- C:\Users\Fenix1\Desktop\GetRight.lnk
[2011/12/29 21:44:56 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2011/12/29 15:06:32 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/29 12:50:57 | 000,005,661 | ---- | M] () -- C:\Users\Fenix1\Documents\INFLATION.htm
[2011/12/29 00:26:31 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2011/12/28 01:54:10 | 000,000,787 | ---- | M] () -- C:\Users\Fenix1\Documents\shot1.jpg
[2011/12/27 18:53:29 | 000,325,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/27 18:39:04 | 000,002,682 | ---- | M] () -- C:\Users\Fenix1\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2011/12/27 18:39:04 | 000,002,658 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2011/12/25 13:00:14 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/25 12:58:36 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2011/12/25 05:11:50 | 000,001,084 | ---- | M] () -- C:\Users\Fenix1\Desktop\YouTube Downloader.lnk
[2011/12/25 04:19:20 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/24 06:27:40 | 000,000,000 | ---- | M] () -- C:\ProgramData\wv2UTA.dat
[2011/12/23 16:49:53 | 002,100,280 | ---- | M] () -- C:\Users\Fenix1\RVCap.avi
[2011/12/23 14:58:33 | 000,013,354 | ---- | M] () -- C:\Users\Fenix1\Documents\DetailedStatement3.htm
[2011/12/23 14:58:33 | 000,005,715 | ---- | M] () -- C:\Users\Fenix1\Documents\DetailedStatement3.gif
[2011/12/23 13:01:06 | 000,105,397 | ---- | M] () -- C:\Users\Fenix1\Documents\Corruption Of America.html
[2011/12/21 18:31:01 | 000,012,803 | ---- | M] () -- C:\Users\Fenix1\Documents\DetailedStatement.htm
[2011/12/21 18:31:01 | 000,005,714 | ---- | M] () -- C:\Users\Fenix1\Documents\DetailedStatement.gif
[2011/12/21 14:58:31 | 004,281,108 | ---- | M] () -- C:\Users\Fenix1\Documents\Html.Files1.htm
[2011/12/21 14:43:44 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2011/12/21 13:03:45 | 000,001,002 | ---- | M] () -- C:\Windows\wininit.ini
[2011/12/20 15:39:02 | 054,006,627 | ---- | M] () -- C:\Users\Fenix1\This_Is_the_Video_the_Government_Doesn_t_Want_You_to_See_fim2.m4v
[2011/12/16 15:37:05 | 000,001,222 | ---- | M] () -- C:\Users\Public\Desktop\Screen Grab Pro.lnk
[2011/12/16 15:36:30 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/12/16 15:33:21 | 000,148,208 | ---- | M] () -- C:\Users\Fenix1\Documents\(Fenix1-PC).html
[2011/12/16 15:27:57 | 000,002,038 | ---- | M] () -- C:\Users\Fenix1\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/12/16 15:27:57 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2011/12/11 14:42:47 | 000,000,051 | ---- | M] () -- C:\Users\Fenix1\Desktop\Forex Street. The Foreign Exchange Market.URL
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/10 14:34:15 | 000,000,982 | ---- | M] () -- C:\Users\Fenix1\Desktop\Free Registry Defrag.lnk
[2011/12/10 10:39:35 | 000,001,241 | ---- | M] () -- C:\Users\Fenix1\Desktop\Procexplorer.lnk
[2011/12/10 09:15:17 | 003,284,332 | ---- | M] () -- C:\Users\Fenix1\Documents\Presidential Candidate Positions.pdf
[2011/12/05 16:27:26 | 000,001,178 | ---- | M] () -- C:\Users\Fenix1\Desktop\TCPOptimizer.lnk
[2011/12/04 20:14:37 | 000,000,794 | ---- | M] () -- C:\Users\Fenix1\Documents\mmme.jpg
[2011/12/04 13:43:10 | 000,000,062 | ---- | M] () -- C:\Users\Fenix1\Desktop\Plentyoffish.com.URL
[2011/12/04 12:53:41 | 000,001,547 | ---- | M] () -- C:\Users\Fenix1\Desktop\Interbank FX Trader 4.lnk
[2011/12/04 10:35:36 | 000,001,504 | ---- | M] () -- C:\Users\Fenix1\Desktop\wmplayer.lnk
[2011/12/03 16:23:20 | 001,640,630 | ---- | M] () -- C:\Users\Fenix1\Documents\Least ya know what i look like!.JPG
[2011/12/03 15:41:06 | 000,570,823 | ---- | M] () -- C:\Users\Fenix1\Documents\Google Background.jpg
[2011/12/03 00:53:46 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2011/12/03 00:26:56 | 066,238,499 | ---- | M] () -- C:\Users\Fenix1\Documents\One Nation Under God - Jon McNaughton.wmv

========== Files Created - No Company Name ==========

[2012/01/01 17:26:28 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/01/01 17:25:58 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/01/01 17:20:47 | 000,001,553 | ---- | C] () -- C:\Users\Fenix1\Desktop\AvastUI.lnk
[2012/01/01 16:39:47 | 000,000,987 | ---- | C] () -- C:\Users\Fenix1\Desktop\Guitar and Bass.lnk
[2012/01/01 16:07:32 | 000,001,086 | ---- | C] () -- C:\Users\Fenix1\Desktop\REGEDIT.lnk
[2012/01/01 14:27:28 | 000,002,853 | ---- | C] () -- C:\Users\Fenix1\Desktop\COMMAND.pif
[2011/12/31 23:31:43 | 000,338,440 | ---- | C] () -- C:\Users\Fenix1\Desktop\Songbook.htm
[2011/12/31 00:08:27 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/12/30 04:21:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/30 04:21:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/30 04:21:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/30 04:21:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/30 04:21:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/30 02:30:25 | 000,001,835 | ---- | C] () -- C:\Users\Fenix1\Desktop\GetRight.lnk
[2011/12/29 15:06:32 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/29 12:50:54 | 000,005,661 | ---- | C] () -- C:\Users\Fenix1\Documents\INFLATION.htm
[2011/12/28 01:54:35 | 000,000,787 | ---- | C] () -- C:\Users\Fenix1\Documents\shot1.jpg
[2011/12/27 18:39:04 | 000,002,682 | ---- | C] () -- C:\Users\Fenix1\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2011/12/27 18:39:04 | 000,002,658 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2011/12/27 16:48:35 | 000,325,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/27 15:11:04 | 1583,222,784 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/25 13:00:14 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/25 07:31:00 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/12/25 05:11:50 | 000,001,084 | ---- | C] () -- C:\Users\Fenix1\Desktop\YouTube Downloader.lnk
[2011/12/25 03:37:09 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/24 06:27:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\wv2UTA.dat
[2011/12/23 16:49:49 | 002,100,280 | ---- | C] () -- C:\Users\Fenix1\RVCap.avi
[2011/12/23 15:09:49 | 000,005,715 | ---- | C] () -- C:\Users\Fenix1\Documents\DetailedStatement3.gif
[2011/12/23 15:09:44 | 000,013,354 | ---- | C] () -- C:\Users\Fenix1\Documents\DetailedStatement3.htm
[2011/12/23 13:01:03 | 000,105,397 | ---- | C] () -- C:\Users\Fenix1\Documents\Corruption Of America.html
[2011/12/21 18:35:50 | 000,005,714 | ---- | C] () -- C:\Users\Fenix1\Documents\DetailedStatement.gif
[2011/12/21 18:35:45 | 000,012,803 | ---- | C] () -- C:\Users\Fenix1\Documents\DetailedStatement.htm
[2011/12/21 14:58:31 | 004,281,108 | ---- | C] () -- C:\Users\Fenix1\Documents\Html.Files1.htm
[2011/12/21 13:03:42 | 000,001,002 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/19 21:54:17 | 054,006,627 | ---- | C] () -- C:\Users\Fenix1\This_Is_the_Video_the_Government_Doesn_t_Want_You_to_See_fim2.m4v
[2011/12/11 19:50:18 | 000,000,794 | ---- | C] () -- C:\Users\Fenix1\Documents\mmme.jpg
[2011/12/11 14:42:47 | 000,000,051 | ---- | C] () -- C:\Users\Fenix1\Desktop\Forex Street. The Foreign Exchange Market.URL
[2011/12/10 14:42:28 | 000,000,046 | ---- | C] () -- C:\Windows\System32\_WKERNEL.FRE
[2011/12/10 14:34:15 | 000,000,982 | ---- | C] () -- C:\Users\Fenix1\Desktop\Free Registry Defrag.lnk
[2011/12/10 14:33:55 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2011/12/10 14:33:40 | 000,000,439 | ---- | C] () -- C:\Windows\System32\shfolder.inf
[2011/12/10 13:26:54 | 003,284,332 | ---- | C] () -- C:\Users\Fenix1\Documents\Presidential Candidate Positions.pdf
[2011/12/10 10:38:09 | 000,001,241 | ---- | C] () -- C:\Users\Fenix1\Desktop\Procexplorer.lnk
[2011/12/05 16:27:26 | 000,001,178 | ---- | C] () -- C:\Users\Fenix1\Desktop\TCPOptimizer.lnk
[2011/12/04 13:43:10 | 000,000,062 | ---- | C] () -- C:\Users\Fenix1\Desktop\Plentyoffish.com.URL
[2011/12/04 10:35:36 | 000,001,504 | ---- | C] () -- C:\Users\Fenix1\Desktop\wmplayer.lnk
[2011/12/03 16:22:37 | 001,640,630 | ---- | C] () -- C:\Users\Fenix1\Documents\Least ya know what i look like!.JPG
[2011/12/03 15:41:05 | 000,570,823 | ---- | C] () -- C:\Users\Fenix1\Documents\Google Background.jpg
[2011/12/03 02:39:55 | 000,148,208 | ---- | C] () -- C:\Users\Fenix1\Documents\(Fenix1-PC).html
[2011/12/03 00:25:42 | 066,238,499 | ---- | C] () -- C:\Users\Fenix1\Documents\One Nation Under God - Jon McNaughton.wmv
[2011/12/02 23:42:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/12/02 23:33:59 | 000,001,144 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doxillion Document Converter.lnk
[2011/11/18 01:07:17 | 000,007,624 | ---- | C] () -- C:\Users\Fenix1\AppData\Local\resmon.resmoncfg
[2011/11/15 10:21:25 | 000,000,275 | ---- | C] () -- C:\Users\Fenix1\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/11/14 03:17:21 | 000,009,728 | ---- | C] () -- C:\Users\Fenix1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/13 21:16:28 | 000,000,393 | ---- | C] () -- C:\Users\Fenix1\AppData\Roaming\burnaware.ini
[2011/11/13 11:05:52 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011/11/11 23:28:00 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/11/11 23:24:53 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/11/11 21:57:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/11/11 03:19:46 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2011/11/10 17:58:23 | 002,212,096 | ---- | C] () -- C:\Windows\System32\wweb32.dll
[2011/11/08 16:38:54 | 000,000,000 | ---- | C] () -- C:\Users\Fenix1\AppData\Local\WavXMapDrive.bat
[2011/10/13 11:30:24 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/09/08 20:56:51 | 000,031,232 | ---- | C] () -- C:\Windows\System32\TSP1.dll
[2010/09/08 20:56:31 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll.bak
[2010/09/08 20:56:31 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2010/09/08 20:56:31 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll.bak
[2010/09/08 20:56:31 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2010/09/08 20:50:50 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/07/05 21:08:20 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/04/19 00:00:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2010/04/15 21:33:16 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2010/04/08 11:21:16 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_th.dll
[2010/04/08 11:21:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
[2010/04/08 11:21:14 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sl.dll
[2010/04/08 11:21:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sk.dll
[2010/04/08 11:21:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_hr.dll
[2010/04/08 11:21:06 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2010/04/08 11:21:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2010/04/08 11:21:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2010/04/08 11:21:02 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2010/04/08 11:21:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2010/04/08 11:21:00 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2010/04/08 11:20:58 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2010/04/08 11:20:58 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2010/04/08 11:20:56 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2010/04/08 11:20:54 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2010/04/08 11:20:54 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2010/04/08 11:20:52 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2010/04/08 11:20:52 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2010/04/08 11:20:50 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2010/04/08 11:20:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2010/04/08 11:20:48 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2010/04/08 11:20:46 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2010/04/08 11:20:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2010/04/08 11:20:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2010/04/08 11:20:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2010/04/08 11:20:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2010/04/08 11:20:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2010/04/08 11:20:38 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2010/04/08 11:20:36 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2009/11/06 16:27:22 | 000,839,680 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2009/08/26 17:25:08 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:05:48 | 000,625,976 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,107,084 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/12/29 22:51:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Auslogics
[2011/12/30 01:26:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GetRight
[2011/12/29 20:01:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mjusbsp
[2011/12/29 19:22:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WeatherBug
[2011/12/29 19:46:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinPatrol
[2011/12/25 02:43:58 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Applian FLV and Media Player
[2011/11/14 12:00:39 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Auslogics
[2011/12/25 02:43:40 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\eType
[2011/12/25 02:43:22 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Foxreal
[2011/12/03 17:24:05 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Free Photo Converter
[2011/12/03 01:37:12 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\GetRight
[2011/12/03 15:53:38 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\GetRightToGo
[2011/12/10 11:07:59 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\LockHunter
[2012/01/01 15:48:20 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\mjusbsp
[2011/11/10 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Nullsoft
[2011/11/09 08:22:01 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\OpenCandy
[2011/11/17 22:03:02 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\PCFix
[2011/11/11 23:19:47 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\SMRecorder
[2011/12/28 00:27:05 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\SoftGrid Client
[2011/12/24 03:33:08 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Thinstall
[2011/11/12 12:55:57 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\TP
[2011/12/31 19:57:47 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Wave Systems Corp
[2011/11/11 18:17:06 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\WeatherBug
[2011/11/13 21:45:55 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Windows Live Writer
[2011/11/09 10:33:43 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\WinPatrol
[2011/12/28 22:12:39 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\WinPatrol
[2011/12/30 04:26:41 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:587EB586

< End of report >
  • 0

#21
fenix1
Posted 01 January 2012 - 09:56 PM

fenix1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Here's another file that just popped up.

[LocalizedFileNames]
services.lnk=@%systemroot%\system32\filemgmt.dll,-2204
  • 0

#22
Essexboy
Posted 02 January 2012 - 05:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is legitimate

Mac has just had a quick look and has posed this question

CD /d %userprofile%\AppData\Local
My guess is he missed the space between /d and %user
as of course the space between CD and /d - does not matter
OR he typed after the second % / instead of \.


Could you check that out please
  • 0

#23
fenix1
Posted 02 January 2012 - 03:40 PM

fenix1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I went to Command Prompt and executed all 3 commands exactly. Says CD using d was an invalid switch. Also when trying to delete IconCache it says it couldn't be found. Reaaaally wierd. Never had a problem Changing Directorys in DOS before. And apparently i don't have an IconCache! What tha ****? :wacko: Thank
GOD there's people like you who are as dedicated and intent on destroying malware and correcting the problems it creates as the sick demented ******** who write it! Fellas, i am at a total loss...Charlie
  • 0

#24
Essexboy
Posted 02 January 2012 - 04:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I will have a look at the implications of creating a dummy file and then overwritting it
  • 0

#25
fenix1
Posted 02 January 2012 - 06:54 PM

fenix1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Essexboy if you can help me fix this i will fly to England in a few months and the drinks will be on me!...Charlie
  • 0

Advertisements

#26
Macboatmaster
Posted 02 January 2012 - 08:25 PM

Macboatmaster

    7k

  • Member
  • PipPipPipPipPipPipPipPip
  • 7,237 posts
I have been granted permission to post by my colleague Essexboy. I mention that, because as I explained previously ONLY qualified members can advise on Malware.

I am NOT so authorised, as I said before. Therefore please DO NOT MAKE any changes to your system, as a result of this post.

You have burnaware software installed. When please did you install that program.
\burnaware.ini


May I stress again - PLEASE DO NOT alter anything until Essexboy returns to you
  • 0

#27
fenix1
Posted 02 January 2012 - 09:25 PM

fenix1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I installed Burnaware on 11/9/11. Don't know why as i already had a program that was sufficient. This has broken me of the habit of downloading unecesary software! Believe me! Thankyou for you'r input...i really appreciate it!
  • 0

#28
Essexboy
Posted 03 January 2012 - 12:31 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There may be a correlation there

How did you uninstall burnaware, or is it still present on the system ?
  • 0

#29
fenix1
Posted 03 January 2012 - 02:46 PM

fenix1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I uninstalled "burnaware" couple of hours ago AND a bunch of other freebies that i didn't need as i suspect one of those downloads has created this problem. What's left in my program file are apps that are legitimate and well known. 98% are signed and the great majority are MS. Gonna reboot now and see what happens.
  • 0

#30
fenix1
Posted 03 January 2012 - 03:06 PM

fenix1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Rebooted no problem...just no icons and start menu only titles. Brought up "winutilities". Ran registry cleaner then defrag. Brought up processes and they all were "trustworthy", i then looked at "services" and found that quite a few were "stopped". Trouble is i never stopped any of them! Don't know if they're considered "default" or something stopped them for me? Just as a matter of convenience i just put REGEDIT, COMMAND, and SERVICES on my Desktop. Not good when ya see those on ur Desktop. Anyways, hope ta talk to ya later...Charlie

p.s. I uninstalled "burnaware" with programs and features in control panel.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP