Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown: no task mgr, black desktop, bogus warnings [Solved]

Started by waitingforhelp , Mar 04 2012 10:12 AM

  • This topic is locked This topic is locked

#1
waitingforhelp
Posted 04 March 2012 - 10:12 AM

waitingforhelp

    New Member

  • Member
  • Pip
  • 5 posts
Hello, hope someone can help me recover from an unknown infection that has apparently affected my MBR.

Left my laptop at work for a few hours on Friday day. It was running latest Firefox with a couple webmail tabs open and I think an ebay page. Win XP with automatic updates, use Avast free virus protection. Came back and firefox was closed. Avast had a window warning about an executable trying to run another executable... should it run it in sandbox? I cancelled running it and found the file in question in Local Settings/Temp. I renamed it as you can see in logs.

Opened Avast and checked for updates. Downloaded new definitions and noticed there was a new 7.0 version of program, so downloaded it (maybe that was a mistake!). I think at this point I got a screwy warning window about "drive problems" that looked suspicious, so I cancelled it (theoretically) and continued.

Wanted to come home, so shut down after configuring Avast for boot time (pre Windows load) scan.

At home, ran boot time scan and came back to find Windows started while I was away. Environment was altered (block desktop, normal icons gone). Task manager is disabled. Get repeated warnings about drive problems, memory problems, etc. while I cancelled/closed as possible.

Started in Safe Mode with Networking. Downloaded utils discussed here (MBRcheck, Malwarebytes, MBRscan, OTL) to see if they told me anything while trying to contact friend in IT. After reviewing logs, I opted to let Malwarebytes try to correct what it found. I think it was 14 files, which should be in logs.

Utilities show unknown MBR. I'm not sure whether to let them try to correct it or not. The original Dell factory drive is gone. I imaged it onto a larger drive via Linux box some time ago. I see the Dell recovery partition still seems to exist, but I'm not concerned whether it is usable after present repair; I don't think it was usable after drive change anyway.

Can someone advise if I should attempt to correct MBR with utility?

And afterwards, are there other steps to take, or does it look like Malwarebytes has cleaned what is needed?

Please let me know other information you need. Thank you very much for your help!

============================
here is OTL logfile. sorry the formatting is strange... happened moving from Win to Linux and I can't figure out how to fix it.


��O T L l o g f i l e c r e a t e d o n : 3 / 4 / 2 0 1 2 9 : 1 7 : 1 3 A M - R u n 2

O T L b y O l d T i m e r - V e r s i o n 3 . 2 . 3 5 . 1 F o l d e r = C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ D e s k t o p

W i n d o w s X P H o m e E d i t i o n S e r v i c e P a c k 3 ( V e r s i o n = 5 . 1 . 2 6 0 0 ) - T y p e = N T W o r k s t a t i o n

I n t e r n e t E x p l o r e r ( V e r s i o n = 6 . 0 . 2 9 0 0 . 5 5 1 2 )

L o c a l e : 0 0 0 0 0 4 0 9 | C o u n t r y : U n i t e d S t a t e s | L a n g u a g e : E N U | D a t e F o r m a t : M / d / y y y y



1 . 9 9 G b T o t a l P h y s i c a l M e m o r y | 1 . 5 9 G b A v a i l a b l e P h y s i c a l M e m o r y | 7 9 . 8 9 % M e m o r y f r e e

3 . 8 4 G b P a g i n g F i l e | 3 . 6 7 G b A v a i l a b l e i n P a g i n g F i l e | 9 5 . 6 2 % P a g i n g F i l e f r e e

P a g i n g f i l e l o c a t i o n ( s ) : C : \ p a g e f i l e . s y s 0 0 [ b i n a r y d a t a ]



% S y s t e m D r i v e % = C : | % S y s t e m R o o t % = C : \ W I N D O W S | % P r o g r a m F i l e s % = C : \ P r o g r a m F i l e s

D r i v e C : | 1 4 5 . 9 8 G b T o t a l S p a c e | 7 8 . 1 2 G b F r e e S p a c e | 5 3 . 5 2 % S p a c e F r e e | P a r t i t i o n T y p e : N T F S



C o m p u t e r N a m e : L Y O N S _ L A P T O P _ 1 | U s e r N a m e : E n g i n e e r 1 | L o g g e d i n a s A d m i n i s t r a t o r .

B o o t M o d e : S a f e M o d e w i t h N e t w o r k i n g | S c a n M o d e : A l l u s e r s

C o m p a n y N a m e W h i t e l i s t : O f f | S k i p M i c r o s o f t F i l e s : O f f | N o C o m p a n y N a m e W h i t e l i s t : O n | F i l e A g e = 3 0 D a y s



[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = P r o c e s s e s ( S a f e L i s t ) = = = = = = = = = = [ / c o l o r ]



P R C - [ 2 0 1 2 / 0 3 / 0 4 0 8 : 4 3 : 3 7 | 0 0 0 , 5 8 4 , 7 0 4 | - - - - | M ] ( O l d T i m e r T o o l s ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ D e s k t o p \ O T L . e x e

P R C - [ 2 0 1 2 / 0 2 / 2 3 1 1 : 2 3 : 2 4 | 0 0 4 , 0 3 1 , 3 6 8 | - - - - | M ] ( A V A S T S o f t w a r e ) - - C : \ P r o g r a m F i l e s \ A l w i l S o f t w a r e \ A v a s t 5 \ A v a s t U I . e x e

P R C - [ 2 0 1 2 / 0 2 / 1 7 1 2 : 4 2 : 3 7 | 0 0 0 , 9 2 4 , 6 3 2 | - - - - | M ] ( M o z i l l a C o r p o r a t i o n ) - - C : \ P r o g r a m F i l e s \ M o z i l l a F i r e f o x \ f i r e f o x . e x e

P R C - [ 2 0 0 8 / 0 4 / 1 3 1 9 : 1 2 : 1 9 | 0 0 1 , 0 3 3 , 7 2 8 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) - - C : \ W I N D O W S \ e x p l o r e r . e x e





[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = M o d u l e s ( N o C o m p a n y N a m e ) = = = = = = = = = = [ / c o l o r ]



M O D - [ 2 0 1 2 / 0 2 / 1 7 1 2 : 4 2 : 3 4 | 0 0 1 , 9 1 1 , 7 6 8 | - - - - | M ] ( ) - - C : \ P r o g r a m F i l e s \ M o z i l l a F i r e f o x \ m o z j s . d l l

M O D - [ 2 0 0 7 / 0 3 / 0 1 2 3 : 5 4 : 3 2 | 0 0 0 , 6 5 7 , 9 2 0 | - - - - | M ] ( ) - - C : \ P r o g r a m F i l e s \ F i l e S h r e d d e r \ f s s h e l l . d l l





[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = W i n 3 2 S e r v i c e s ( S a f e L i s t ) = = = = = = = = = = [ / c o l o r ]



S R V - F i l e n o t f o u n d [ O n _ D e m a n d | S t o p p e d ] - - - - ( A p p M g m t )

S R V - [ 2 0 1 2 / 0 2 / 2 3 1 1 : 2 3 : 2 1 | 0 0 0 , 0 4 4 , 7 6 8 | - - - - | M ] ( A V A S T S o f t w a r e ) [ A u t o | S t o p p e d ] - - C : \ P r o g r a m F i l e s \ A l w i l S o f t w a r e \ A v a s t 5 \ A v a s t S v c . e x e - - ( a v a s t ! A n t i v i r u s )

S R V - [ 2 0 0 7 / 0 1 / 3 1 1 3 : 5 5 : 4 2 | 0 0 0 , 0 9 6 , 3 7 0 | - - - - | M ] ( C a n o n I n c . ) [ A u t o | S t o p p e d ] - - C : \ P r o g r a m F i l e s \ C a n o n \ C A L \ C A L M A I N . e x e - - ( C C A L i b 8 )

S R V - [ 2 0 0 7 / 0 1 / 1 9 1 1 : 4 9 : 2 6 | 0 0 0 , 0 4 9 , 1 5 2 | - - - - | M ] ( W i r e l e s s S e r v i c e ) [ O n _ D e m a n d | S t o p p e d ] - - C : \ P r o g r a m F i l e s \ A N I \ A N I W Z C S 2 S e r v i c e \ A N I W Z C S d S . e x e - - ( A N I W Z C S d S e r v i c e )

S R V - [ 2 0 0 6 / 0 7 / 1 8 1 1 : 0 2 : 5 8 | 0 0 1 , 2 0 5 , 7 8 4 | - - - - | M ] ( S u n b e l t S o f t w a r e ) [ A u t o | S t o p p e d ] - - C : \ P r o g r a m F i l e s \ S u n b e l t S o f t w a r e \ P e r s o n a l F i r e w a l l \ k p f 4 s s . e x e - - ( K P F 4 )





[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = D r i v e r S e r v i c e s ( S a f e L i s t ) = = = = = = = = = = [ / c o l o r ]



D R V - F i l e n o t f o u n d [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - - - ( W D I C A )

D R V - F i l e n o t f o u n d [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - - - ( w a n a t w ) W A N M i n i p o r t ( A T W )

D R V - F i l e n o t f o u n d [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - - - ( P D R F R A M E )

D R V - F i l e n o t f o u n d [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - - - ( P D R E L I )

D R V - F i l e n o t f o u n d [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - - - ( P D F R A M E )

D R V - F i l e n o t f o u n d [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - - - ( P D C O M P )

D R V - F i l e n o t f o u n d [ K e r n e l | S y s t e m | S t o p p e d ] - - - - ( P C I D u m p )

D R V - F i l e n o t f o u n d [ K e r n e l | S y s t e m | S t o p p e d ] - - - - ( l b r t f d c )

D R V - F i l e n o t f o u n d [ K e r n e l | S y s t e m | S t o p p e d ] - - - - ( C h a n g e r )

D R V - F i l e n o t f o u n d [ K e r n e l | O n _ D e m a n d | U n k n o w n ] - - - - ( a s w M B R )

D R V - [ 2 0 1 2 / 0 2 / 2 3 1 1 : 1 2 : 2 8 | 0 0 0 , 6 1 0 , 6 4 8 | - - - - | M ] ( A V A S T S o f t w a r e ) [ F i l e _ S y s t e m | S y s t e m | S t o p p e d ] - - C : \ W I N D O W S \ S y s t e m 3 2 \ d r i v e r s \ a s w S n x . s y s - - ( a s w S n x )

D R V - [ 2 0 1 2 / 0 2 / 2 3 1 1 : 1 2 : 1 6 | 0 0 0 , 3 3 7 , 1 1 2 | - - - - | M ] ( A V A S T S o f t w a r e ) [ K e r n e l | S y s t e m | S t o p p e d ] - - C : \ W I N D O W S \ S y s t e m 3 2 \ d r i v e r s \ a s w S P . s y s - - ( a s w S P )

D R V - [ 2 0 1 2 / 0 2 / 2 3 1 1 : 1 0 : 4 6 | 0 0 0 , 0 3 5 , 6 7 2 | - - - - | M ] ( A V A S T S o f t w a r e ) [ K e r n e l | S y s t e m | R u n n i n g ] - - C : \ W I N D O W S \ S y s t e m 3 2 \ d r i v e r s \ a s w R d r . s y s - - ( a s w R d r )

D R V - [ 2 0 1 2 / 0 2 / 2 3 1 1 : 1 0 : 3 9 | 0 0 0 , 0 5 3 , 8 4 8 | - - - - | M ] ( A V A S T S o f t w a r e ) [ K e r n e l | S y s t e m | S t o p p e d ] - - C : \ W I N D O W S \ S y s t e m 3 2 \ d r i v e r s \ a s w T d i . s y s - - ( a s w T d i )

D R V - [ 2 0 1 2 / 0 2 / 2 3 1 1 : 1 0 : 2 5 | 0 0 0 , 0 9 5 , 7 0 4 | - - - - | M ] ( A V A S T S o f t w a r e ) [ F i l e _ S y s t e m | A u t o | S t o p p e d ] - - C : \ W I N D O W S \ S y s t e m 3 2 \ d r i v e r s \ a s w m o n 2 . s y s - - ( a s w M o n 2 )

D R V - [ 2 0 1 2 / 0 2 / 2 3 1 1 : 1 0 : 1 6 | 0 0 0 , 0 2 0 , 6 9 6 | - - - - | M ] ( A V A S T S o f t w a r e ) [ F i l e _ S y s t e m | A u t o | S t o p p e d ] - - C : \ W I N D O W S \ S y s t e m 3 2 \ d r i v e r s \ a s w F s B l k . s y s - - ( a s w F s B l k )

D R V - [ 2 0 1 2 / 0 2 / 2 3 1 1 : 0 7 : 3 3 | 0 0 0 , 0 2 4 , 9 2 0 | - - - - | M ] ( A V A S T S o f t w a r e ) [ K e r n e l | S y s t e m | S t o p p e d ] - - C : \ W I N D O W S \ S y s t e m 3 2 \ d r i v e r s \ a a v m k e r 4 . s y s - - ( A a v m k e r 4 )

D R V - [ 2 0 1 0 / 0 1 / 0 6 1 7 : 2 1 : 0 0 | 0 0 0 , 5 9 4 , 0 4 8 | - - - - | M ] ( R e a l t e k S e m i c o n d u c t o r C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ R T L 8 1 9 2 s u . s y s - - ( R T L 8 1 9 2 s u )

D R V - [ 2 0 0 8 / 0 9 / 1 1 1 3 : 4 6 : 3 5 | 0 0 0 , 0 4 3 , 2 6 4 | - - - - | M ] ( P r o l i f i c T e c h n o l o g y I n c . ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ s e r 2 p l . s y s - - ( S e r 2 p l )

D R V - [ 2 0 0 8 / 0 4 / 1 3 1 3 : 5 6 : 0 6 | 0 0 0 , 0 8 8 , 3 2 0 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ K e r n e l | A u t o | S t o p p e d ] - - C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ n w l n k i p x . s y s - - ( N w l n k I p x )

D R V - [ 2 0 0 7 / 0 9 / 2 3 2 3 : 0 0 : 0 0 | 0 0 0 , 0 3 7 , 4 8 8 | - - - - | M ] ( w w w . w i n c h i p h e a d . c o m ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ C H 3 4 1 S E R . S Y S - - ( C H 3 4 1 S E R )

D R V - [ 2 0 0 7 / 0 9 / 0 5 1 9 : 3 5 : 4 6 | 0 0 0 , 3 7 7 , 9 2 0 | - - - - | M ] ( D - L i n k C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ A 5 A G U . s y s - - ( A 5 A G U )

D R V - [ 2 0 0 7 / 0 5 / 1 0 1 0 : 2 4 : 3 4 | 0 0 1 , 2 2 2 , 8 4 0 | - - - - | M ] ( S i g m a T e l , I n c . ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ s t h d a . s y s - - ( S T H D A )

D R V - [ 2 0 0 6 / 0 7 / 1 8 1 1 : 0 2 : 5 2 | 0 0 0 , 0 9 1 , 6 7 2 | - - - - | M ] ( S u n b e l t S o f t w a r e ) [ K e r n e l | S y s t e m | S t o p p e d ] - - C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ k h i p s . s y s - - ( k h i p s )

D R V - [ 2 0 0 6 / 0 7 / 1 8 1 1 : 0 2 : 5 0 | 0 0 0 , 2 8 4 , 1 8 4 | - - - - | M ] ( S u n b e l t S o f t w a r e ) [ K e r n e l | S y s t e m | R u n n i n g ] - - C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ f w d r v . s y s - - ( f w d r v )

D R V - [ 2 0 0 6 / 0 6 / 0 6 0 8 : 4 5 : 1 4 | 0 0 0 , 3 2 9 , 4 5 2 | - - - - | M ] ( J u n g o ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ w i n d r v r 6 . s y s - - ( W i n D r i v e r 6 )

D R V - [ 2 0 0 5 / 1 2 / 1 1 1 1 : 5 5 : 3 8 | 0 0 0 , 0 2 8 , 1 9 5 | - - - - | M ] ( A l p h a N e t w o r k s I n c . ) [ K e r n e l | A u t o | S t o p p e d ] - - C : \ W I N D O W S \ s y s t e m 3 2 \ A N I O . s y s - - ( A N I O )

D R V - [ 2 0 0 5 / 0 8 / 0 5 0 3 : 3 2 : 1 6 | 0 0 0 , 0 4 5 , 3 1 2 | R - - - | M ] ( B r o a d c o m C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | R u n n i n g ] - - C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ b c m 4 s b x p . s y s - - ( b c m 4 s b x p )

D R V - [ 2 0 0 5 / 0 7 / 2 2 0 3 : 0 2 : 1 2 | 0 0 1 , 0 3 5 , 0 0 8 | - - - - | M ] ( C o n e x a n t S y s t e m s , I n c . ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ H S F _ D P V . s y s - - ( H S F _ D P V )

D R V - [ 2 0 0 5 / 0 7 / 2 2 0 3 : 0 1 : 0 8 | 0 0 0 , 2 0 1 , 6 0 0 | - - - - | M ] ( C o n e x a n t S y s t e m s , I n c . ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ H S F H W A Z L . s y s - - ( H S F H W A Z L )

D R V - [ 2 0 0 5 / 0 7 / 2 2 0 3 : 0 1 : 0 0 | 0 0 0 , 7 1 7 , 9 5 2 | - - - - | M ] ( C o n e x a n t S y s t e m s , I n c . ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ H S F _ C N X T . s y s - - ( w i n a c h s f )

D R V - [ 2 0 0 5 / 0 7 / 0 4 0 6 : 3 5 : 0 2 | 0 0 0 , 1 4 0 , 9 3 0 | - - - - | M ] ( R o l a n d C o r p o r a t i o n ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ R d w m 1 0 5 7 . s y s - - ( R D I D 1 0 5 7 )

D R V - [ 2 0 0 5 / 0 3 / 1 5 2 0 : 1 1 : 0 0 | 0 0 0 , 0 4 3 , 3 9 2 | R - - - | M ] ( W i n d o w s ( R ) 2 0 0 0 D D K p r o v i d e r ) [ K e r n e l | O n _ D e m a n d | S t o p p e d ] - - C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ A t h f m w d l . s y s - - ( A T H F M W D L )

D R V - [ 2 0 0 4 / 0 8 / 1 8 1 5 : 5 3 : 5 4 | 0 0 0 , 0 1 6 , 1 2 8 | - - - - | M ] ( D e l l I n c ) [ K e r n e l | S y s t e m | S t o p p e d ] - - C : \ W I N D O W S \ S Y S T E M 3 2 \ D R I V E R S \ A P P D R V . S Y S - - ( A P P D R V )

D R V - [ 2 0 0 4 / 0 8 / 0 4 0 5 : 0 0 : 0 0 | 0 0 0 , 0 6 3 , 2 3 2 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ K e r n e l | A u t o | S t o p p e d ] - - C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ n w l n k n b . s y s - - ( N w l n k N b )

D R V - [ 2 0 0 4 / 0 8 / 0 4 0 5 : 0 0 : 0 0 | 0 0 0 , 0 5 5 , 9 3 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) [ K e r n e l | A u t o | S t o p p e d ] - - C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ n w l n k s p x . s y s - - ( N w l n k S p x )

D R V - [ 2 0 0 2 / 1 0 / 1 5 1 3 : 5 9 : 2 4 | 0 0 0 , 0 1 7 , 1 5 3 | - - - - | M ] ( D e l l C o m p u t e r C o r p o r a t i o n ) [ K e r n e l | S y s t e m | R u n n i n g ] - - C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ o m c i . s y s - - ( o m c i )





[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = S t a n d a r d R e g i s t r y ( S a f e L i s t ) = = = = = = = = = = [ / c o l o r ]





[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = I n t e r n e t E x p l o r e r = = = = = = = = = = [ / c o l o r ]



I E - H K L M \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , D e f a u l t _ P a g e _ U R L = h t t p : / / w w w . d e l l 4 m e . c o m / m y w a y

I E - H K L M \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , L o c a l P a g e = % S y s t e m R o o t % \ s y s t e m 3 2 \ b l a n k . h t m





I E - H K U \ . D E F A U L T \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , D e f a u l t _ P a g e _ U R L = h t t p : / / w w w . d e l l 4 m e . c o m / m y w a y

I E - H K U \ . D E F A U L T \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , F i r s t H o m e P a g e = h t t p : / / w w w . d e l l 4 m e . c o m / m y w a y

I E - H K U \ . D E F A U L T \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , S t a r t P a g e = h t t p : / / w w w . d e l l 4 m e . c o m / m y w a y

I E - H K U \ . D E F A U L T \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s : " P r o x y E n a b l e " = 0



I E - H K U \ S - 1 - 5 - 1 8 \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , D e f a u l t _ P a g e _ U R L = h t t p : / / w w w . d e l l 4 m e . c o m / m y w a y

I E - H K U \ S - 1 - 5 - 1 8 \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , F i r s t H o m e P a g e = h t t p : / / w w w . d e l l 4 m e . c o m / m y w a y

I E - H K U \ S - 1 - 5 - 1 8 \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , S t a r t P a g e = h t t p : / / w w w . d e l l 4 m e . c o m / m y w a y

I E - H K U \ S - 1 - 5 - 1 8 \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s : " P r o x y E n a b l e " = 0







I E - H K U \ S - 1 - 5 - 2 1 - 8 1 8 0 3 2 5 3 0 - 2 8 5 8 5 7 8 6 0 3 - 2 2 4 9 2 6 2 1 5 6 - 1 0 0 9 \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , D e f a u l t _ P a g e _ U R L = h t t p : / / w w w . d e l l 4 m e . c o m / m y w a y

I E - H K U \ S - 1 - 5 - 2 1 - 8 1 8 0 3 2 5 3 0 - 2 8 5 8 5 7 8 6 0 3 - 2 2 4 9 2 6 2 1 5 6 - 1 0 0 9 \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n , S t a r t P a g e = a b o u t : b l a n k

I E - H K U \ S - 1 - 5 - 2 1 - 8 1 8 0 3 2 5 3 0 - 2 8 5 8 5 7 8 6 0 3 - 2 2 4 9 2 6 2 1 5 6 - 1 0 0 9 \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s : " P r o x y E n a b l e " = 0



[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = F i r e F o x = = = = = = = = = = [ / c o l o r ]



F F - p r e f s . j s . . b r o w s e r . s e a r c h . d e f a u l t e n g i n e n a m e : " G o o g l e "

F F - p r e f s . j s . . b r o w s e r . s e a r c h . d e f a u l t u r l : " h t t p : / / w w w . g o o g l e . c o m / s e a r c h ? l r = & i e = U T F - 8 & o e = U T F - 8 & q = "

F F - p r e f s . j s . . b r o w s e r . s e a r c h . s e l e c t e d E n g i n e : " G o o g l e "

F F - p r e f s . j s . . b r o w s e r . s e a r c h . u p d a t e : f a l s e

F F - p r e f s . j s . . e x t e n s i o n s . e n a b l e d I t e m s : { a 7 c 6 c f 7 f - 1 1 2 c - 4 5 0 0 - a 7 e a - 3 9 8 0 1 a 3 2 7 e 5 f } : 1 . 0 . 1 0

F F - p r e f s . j s . . e x t e n s i o n s . e n a b l e d I t e m s : { 3 d 7 e b 2 4 f - 2 7 4 0 - 4 9 d f - 8 9 3 7 - 2 0 0 b 1 c c 0 8 f 8 a } : 1 . 5 . 1 4 . 2

F F - p r e f s . j s . . e x t e n s i o n s . e n a b l e d I t e m s : { 3 7 E 4 D 8 E A - 8 B D A - 4 8 3 1 - 8 E A 1 - 8 9 0 5 3 9 3 9 A 2 5 0 } : 3 . 0 . 0 . 2

F F - p r e f s . j s . . e x t e n s i o n s . e n a b l e d I t e m s : { d 4 0 f 5 e 7 b - d 2 c f - 4 8 5 6 - b 4 4 1 - c c 6 1 3 e e f f b e 3 } : 1 . 4 9

F F - p r e f s . j s . . e x t e n s i o n s . e n a b l e d I t e m s : { c 1 9 7 0 c 0 d - d b e 6 - 4 d 9 1 - 8 0 4 f - c 9 c 0 d e 6 4 3 a 5 7 } : 1 . 3 . 0

F F - p r e f s . j s . . e x t e n s i o n s . e n a b l e d I t e m s : { C A F E E F A C - 0 0 1 6 - 0 0 0 0 - 0 0 2 4 - A B C D E F F E D C B A } : 6 . 0 . 2 4

F F - p r e f s . j s . . e x t e n s i o n s . e n a b l e d I t e m s : { b 9 d b 1 6 a 4 - 6 e d c - 4 7 e c - a 1 f 4 - b 8 6 2 9 2 e d 2 1 1 d } : 4 . 8 . 4



F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ a d o b e . c o m / F l a s h P l a y e r : C : \ W I N D O W S \ s y s t e m 3 2 \ M a c r o m e d \ F l a s h \ N P S W F 3 2 . d l l ( )

F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ g o o g l e . c o m / n p P i c a s a 3 , v e r s i o n = 3 . 0 . 0 : C : \ P r o g r a m F i l e s \ G o o g l e \ P i c a s a 3 \ n p P i c a s a 3 . d l l ( G o o g l e , I n c . )

F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ j a v a . c o m / J a v a P l u g i n : C : \ P r o g r a m F i l e s \ J a v a \ j r e 6 \ b i n \ n e w _ p l u g i n \ n p j p 2 . d l l ( S u n M i c r o s y s t e m s , I n c . )

F F - H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ m i c r o s o f t . c o m / W P F , v e r s i o n = 3 . 5 : c : \ W I N D O W S \ M i c r o s o f t . N E T \ F r a m e w o r k \ v 3 . 5 \ W i n d o w s P r e s e n t a t i o n F o u n d a t i o n \ N P W P F . d l l ( M i c r o s o f t C o r p o r a t i o n )



F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ F i r e f o x \ e x t e n s i o n s \ \ w r c @ a v a s t . c o m : C : \ P r o g r a m F i l e s \ A l w i l S o f t w a r e \ A v a s t 5 \ W e b R e p \ F F [ 2 0 1 2 / 0 3 / 0 2 1 6 : 0 6 : 1 3 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ]

F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ M o z i l l a F i r e f o x 1 0 . 0 . 2 \ e x t e n s i o n s \ \ C o m p o n e n t s : C : \ P r o g r a m F i l e s \ M o z i l l a F i r e f o x \ c o m p o n e n t s [ 2 0 1 2 / 0 2 / 1 7 1 2 : 4 2 : 4 0 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ]

F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ M o z i l l a F i r e f o x 1 0 . 0 . 2 \ e x t e n s i o n s \ \ P l u g i n s : C : \ P r o g r a m F i l e s \ M o z i l l a F i r e f o x \ p l u g i n s [ 2 0 1 1 / 0 3 / 2 2 1 7 : 0 4 : 4 8 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ]

F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ M o z i l l a T h u n d e r b i r d 2 . 0 . 0 . 9 \ e x t e n s i o n s \ \ C o m p o n e n t s : C : \ P r o g r a m F i l e s \ M o z i l l a T h u n d e r b i r d \ c o m p o n e n t s [ 2 0 0 8 / 0 2 / 0 1 1 7 : 1 4 : 5 5 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ]

F F - H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ m o z i l l a \ M o z i l l a T h u n d e r b i r d 2 . 0 . 0 . 9 \ e x t e n s i o n s \ \ P l u g i n s : C : \ P r o g r a m F i l e s \ M o z i l l a T h u n d e r b i r d \ p l u g i n s [ 2 0 1 0 / 0 3 / 0 3 1 0 : 4 4 : 3 5 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ]



[ 2 0 0 8 / 0 9 / 1 1 1 2 : 2 1 : 1 0 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] ( N o n a m e f o u n d ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ M o z i l l a \ E x t e n s i o n s

[ 2 0 1 2 / 0 2 / 2 8 1 6 : 4 6 : 2 0 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] ( N o n a m e f o u n d ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 6 x 8 5 g z s b . d e f a u l t \ e x t e n s i o n s

[ 2 0 1 1 / 0 2 / 0 4 1 5 : 5 7 : 5 9 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] ( P D F D o w n l o a d ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 6 x 8 5 g z s b . d e f a u l t \ e x t e n s i o n s \ { 3 7 E 4 D 8 E A - 8 B D A - 4 8 3 1 - 8 E A 1 - 8 9 0 5 3 9 3 9 A 2 5 0 }

[ 2 0 1 1 / 1 2 / 2 5 0 9 : 5 6 : 3 8 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] ( D o w n l o a d H e l p e r ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 6 x 8 5 g z s b . d e f a u l t \ e x t e n s i o n s \ { b 9 d b 1 6 a 4 - 6 e d c - 4 7 e c - a 1 f 4 - b 8 6 2 9 2 e d 2 1 1 d }

[ 2 0 1 2 / 0 1 / 0 4 2 0 : 0 3 : 3 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] ( N o n a m e f o u n d ) - - C : \ P r o g r a m F i l e s \ M o z i l l a F i r e f o x \ e x t e n s i o n s

[ 2 0 1 1 / 0 3 / 0 2 1 1 : 1 8 : 1 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] ( N o n a m e f o u n d ) - - C : \ P r o g r a m F i l e s \ M o z i l l a F i r e f o x \ e x t e n s i o n s \ { 3 1 1 2 c a 9 c - d e 6 d - 4 8 8 4 - a 8 6 9 - 9 8 5 5 d e 6 8 0 5 6 c }

( ) ( N o n a m e f o u n d ) - - C : \ D O C U M E N T S A N D S E T T I N G S \ E N G I N E E R 1 \ A P P L I C A T I O N D A T A \ M O Z I L L A \ F I R E F O X \ P R O F I L E S \ 6 X 8 5 G Z S B . D E F A U L T \ E X T E N S I O N S \ { 3 D 7 E B 2 4 F - 2 7 4 0 - 4 9 D F - 8 9 3 7 - 2 0 0 B 1 C C 0 8 F 8 A } . X P I

( ) ( N o n a m e f o u n d ) - - C : \ D O C U M E N T S A N D S E T T I N G S \ E N G I N E E R 1 \ A P P L I C A T I O N D A T A \ M O Z I L L A \ F I R E F O X \ P R O F I L E S \ 6 X 8 5 G Z S B . D E F A U L T \ E X T E N S I O N S \ { A 7 C 6 C F 7 F - 1 1 2 C - 4 5 0 0 - A 7 E A - 3 9 8 0 1 A 3 2 7 E 5 F } . X P I

( ) ( N o n a m e f o u n d ) - - C : \ D O C U M E N T S A N D S E T T I N G S \ E N G I N E E R 1 \ A P P L I C A T I O N D A T A \ M O Z I L L A \ F I R E F O X \ P R O F I L E S \ 6 X 8 5 G Z S B . D E F A U L T \ E X T E N S I O N S \ { C 1 9 7 0 C 0 D - D B E 6 - 4 D 9 1 - 8 0 4 F - C 9 C 0 D E 6 4 3 A 5 7 } . X P I

( ) ( N o n a m e f o u n d ) - - C : \ D O C U M E N T S A N D S E T T I N G S \ E N G I N E E R 1 \ A P P L I C A T I O N D A T A \ M O Z I L L A \ F I R E F O X \ P R O F I L E S \ 6 X 8 5 G Z S B . D E F A U L T \ E X T E N S I O N S \ { D 4 0 F 5 E 7 B - D 2 C F - 4 8 5 6 - B 4 4 1 - C C 6 1 3 E E F F B E 3 } . X P I

( ) ( N o n a m e f o u n d ) - - C : \ D O C U M E N T S A N D S E T T I N G S \ E N G I N E E R 1 \ A P P L I C A T I O N D A T A \ M O Z I L L A \ F I R E F O X \ P R O F I L E S \ 6 X 8 5 G Z S B . D E F A U L T \ E X T E N S I O N S \ R E Q U E S T P O L I C Y @ R E Q U E S T P O L I C Y . C O M . X P I

[ 2 0 1 2 / 0 2 / 1 7 1 2 : 4 2 : 3 9 | 0 0 0 , 1 3 4 , 1 0 4 | - - - - | M ] ( M o z i l l a F o u n d a t i o n ) - - C : \ P r o g r a m F i l e s \ m o z i l l a f i r e f o x \ c o m p o n e n t s \ b r o w s e r c o m p s . d l l

[ 2 0 1 1 / 1 0 / 1 7 1 4 : 5 6 : 5 5 | 0 0 0 , 4 7 6 , 9 0 4 | - - - - | M ] ( S u n M i c r o s y s t e m s , I n c . ) - - C : \ P r o g r a m F i l e s \ m o z i l l a f i r e f o x \ p l u g i n s \ n p d e p l o y J a v a 1 . d l l

[ 2 0 1 1 / 0 9 / 3 0 1 3 : 0 1 : 4 3 | 0 0 0 , 0 0 2 , 2 5 2 | - - - - | M ] ( ) - - C : \ P r o g r a m F i l e s \ m o z i l l a f i r e f o x \ s e a r c h p l u g i n s \ b i n g . x m l

[ 2 0 1 1 / 1 1 / 0 9 0 9 : 5 7 : 2 0 | 0 0 0 , 0 0 2 , 0 4 0 | - - - - | M ] ( ) - - C : \ P r o g r a m F i l e s \ m o z i l l a f i r e f o x \ s e a r c h p l u g i n s \ t w i t t e r . x m l



O 1 H O S T S F i l e : ( [ 2 0 0 4 / 0 8 / 0 4 0 5 : 0 0 : 0 0 | 0 0 0 , 0 0 0 , 7 3 4 | - - - - | M ] ) - C : \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ e t c \ h o s t s

O 1 - H o s t s : 1 2 7 . 0 . 0 . 1 l o c a l h o s t

O 2 - B H O : ( A d o b e P D F R e a d e r L i n k H e l p e r ) - { 0 6 8 4 9 E 9 F - C 8 D 7 - 4 D 5 9 - B 8 7 D - 7 8 4 B 7 D 6 B E 0 B 3 } - C : \ P r o g r a m F i l e s \ A d o b e \ A c r o b a t 7 . 0 \ A c t i v e X \ A c r o I E H e l p e r . d l l ( A d o b e S y s t e m s I n c o r p o r a t e d )

O 4 - H K L M . . \ R u n : [ a v a s t 5 ] C : \ P r o g r a m F i l e s \ A l w i l S o f t w a r e \ A v a s t 5 \ a v a s t U I . e x e ( A V A S T S o f t w a r e )

O 4 - H K L M . . \ R u n : [ K e r n e l F a u l t C h e c k ] % s y s t e m r o o t % \ s y s t e m 3 2 \ d u m p r e p 0 - k F i l e n o t f o u n d

O 4 - H K L M . . \ R u n : [ S i g m a t e l S y s T r a y A p p ] C : \ P r o g r a m F i l e s \ S i g m a t e l \ C - M a j o r A u d i o \ W D M \ s t s y s t r a . e x e ( S i g m a T e l , I n c . )

O 4 - H K L M . . \ R u n O n c e : [ M a l w a r e b y t e s A n t i - M a l w a r e ] C : \ P r o g r a m F i l e s \ M a l w a r e b y t e s ' A n t i - M a l w a r e \ m b a m g u i . e x e ( M a l w a r e b y t e s C o r p o r a t i o n )

O 6 - H K L M \ S o f t w a r e \ P o l i c i e s \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ L o w R i g h t s p r e s e n t

O 6 - H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ p o l i c i e s \ E x p l o r e r : H o n o r A u t o R u n S e t t i n g = 1

O 6 - H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ p o l i c i e s \ E x p l o r e r : N o C D B u r n i n g = 0

O 7 - H K U \ . D E F A U L T \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ p o l i c i e s \ E x p l o r e r : N o D r i v e T y p e A u t o R u n = 1 4 5

O 7 - H K U \ S - 1 - 5 - 1 8 \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ p o l i c i e s \ E x p l o r e r : N o D r i v e T y p e A u t o R u n = 1 4 5

O 7 - H K U \ S - 1 - 5 - 1 9 \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ p o l i c i e s \ E x p l o r e r : N o D r i v e T y p e A u t o R u n = 1 4 5

O 7 - H K U \ S - 1 - 5 - 2 0 \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ p o l i c i e s \ E x p l o r e r : N o D r i v e T y p e A u t o R u n = 1 4 5

O 7 - H K U \ S - 1 - 5 - 2 1 - 8 1 8 0 3 2 5 3 0 - 2 8 5 8 5 7 8 6 0 3 - 2 2 4 9 2 6 2 1 5 6 - 1 0 0 9 \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ p o l i c i e s \ E x p l o r e r : N o D r i v e T y p e A u t o R u n = 1 4 5

O 7 - H K U \ S - 1 - 5 - 2 1 - 8 1 8 0 3 2 5 3 0 - 2 8 5 8 5 7 8 6 0 3 - 2 2 4 9 2 6 2 1 5 6 - 1 0 0 9 \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ p o l i c i e s \ E x p l o r e r : N o D e s k t o p = 0

O 9 - E x t r a ' T o o l s ' m e n u i t e m : S u n J a v a C o n s o l e - { 0 8 B 0 E 5 C 0 - 4 F C B - 1 1 C F - A A A 5 - 0 0 4 0 1 C 6 0 8 5 0 1 } - C : \ P r o g r a m F i l e s \ J a v a \ j r e 6 \ b i n \ n p j p i 1 6 0 _ 2 7 . d l l ( S u n M i c r o s y s t e m s , I n c . )

O 9 - E x t r a B u t t o n : A O L I n s t a n t M e s s e n g e r ( T M ) - { A C 9 E 2 5 4 1 - 2 8 1 4 - 1 1 d 5 - B C 6 D - 0 0 B 0 D 0 A 1 D E 4 5 } - C : \ P r o g r a m F i l e s \ A I M 9 5 \ a i m . e x e F i l e n o t f o u n d

O 9 - E x t r a B u t t o n : M e s s e n g e r - { F B 5 F 1 9 1 0 - F 1 1 0 - 1 1 d 2 - B B 9 E - 0 0 C 0 4 F 7 9 5 6 8 3 } - C : \ P r o g r a m F i l e s \ M e s s e n g e r \ m s m s g s . e x e F i l e n o t f o u n d

O 9 - E x t r a ' T o o l s ' m e n u i t e m : W i n d o w s M e s s e n g e r - { F B 5 F 1 9 1 0 - F 1 1 0 - 1 1 d 2 - B B 9 E - 0 0 C 0 4 F 7 9 5 6 8 3 } - C : \ P r o g r a m F i l e s \ M e s s e n g e r \ m s m s g s . e x e F i l e n o t f o u n d

O 1 0 - N a m e S p a c e _ C a t a l o g 5 \ C a t a l o g _ E n t r i e s \ 0 0 0 0 0 0 0 0 0 0 0 4 [ ] - C : \ W I N D O W S \ s y s t e m 3 2 \ n w p r o v a u . d l l ( M i c r o s o f t C o r p o r a t i o n )

O 1 6 - D P F : { 3 3 5 6 4 D 5 7 - 0 0 0 0 - 0 0 1 0 - 8 0 0 0 - 0 0 A A 0 0 3 8 9 B 7 1 } h t t p : / / d o w n l o a d . m i c r o s o f t . c o m / d o w n l o a d / F / 6 / E / F 6 E 4 9 1 A 6 - 7 7 E 1 - 4 E 2 0 - 9 F 5 F - 9 4 9 0 1 3 3 8 C 9 2 2 / w m v 9 V C M . C A B ( R e g E r r o r : K e y e r r o r . )

O 1 6 - D P F : { 6 4 0 B 3 9 C 1 - D 7 1 3 - 4 6 4 F - 9 2 C 3 - 7 5 B D 9 7 2 B 9 5 E E } h t t p : / / w w w . s i d e s t e p . c o m / g e t / k 4 2 0 3 7 / s b 0 2 b . c a b ( R e g E r r o r : K e y e r r o r . )

O 1 6 - D P F : { 6 4 1 4 5 1 2 B - B 9 7 8 - 4 5 1 D - A 0 D 8 - F C F D F 3 3 E 8 3 3 C } h t t p : / / u p d a t e . m i c r o s o f t . c o m / w i n d o w s u p d a t e / v 6 / V 5 C o n t r o l s / e n / x 8 6 / c l i e n t / w u w e b _ s i t e . c a b ? 1 1 3 8 9 2 2 4 3 1 9 7 5 ( W U W e b C o n t r o l C l a s s )

O 1 6 - D P F : { 8 A D 9 C 8 4 0 - 0 4 4 E - 1 1 D 1 - B 3 E 9 - 0 0 8 0 5 F 4 9 9 D 9 3 } h t t p : / / j a v a . s u n . c o m / u p d a t e / 1 . 6 . 0 / j i n s t a l l - 1 _ 6 _ 0 _ 2 7 - w i n d o w s - i 5 8 6 . c a b ( J a v a P l u g - i n 1 . 6 . 0 _ 2 7 )

O 1 6 - D P F : { C A F E E F A C - 0 0 1 6 - 0 0 0 0 - 0 0 2 7 - A B C D E F F E D C B A } h t t p : / / j a v a . s u n . c o m / u p d a t e / 1 . 6 . 0 / j i n s t a l l - 1 _ 6 _ 0 _ 2 7 - w i n d o w s - i 5 8 6 . c a b ( J a v a P l u g - i n 1 . 6 . 0 _ 2 7 )

O 1 6 - D P F : { C A F E E F A C - F F F F - F F F F - F F F F - A B C D E F F E D C B A } h t t p : / / j a v a . s u n . c o m / u p d a t e / 1 . 6 . 0 / j i n s t a l l - 1 _ 6 _ 0 _ 2 7 - w i n d o w s - i 5 8 6 . c a b ( J a v a P l u g - i n 1 . 6 . 0 _ 2 7 )

O 1 7 - H K L M \ S y s t e m \ C C S \ S e r v i c e s \ T c p i p \ P a r a m e t e r s : D h c p N a m e S e r v e r = 1 9 2 . 1 6 8 . 3 . 1

O 1 7 - H K L M \ S y s t e m \ C C S \ S e r v i c e s \ T c p i p \ P a r a m e t e r s \ I n t e r f a c e s \ { 0 1 7 0 9 1 9 1 - 3 7 1 6 - 4 8 F 3 - 8 6 4 5 - 5 C 9 5 A 7 1 4 C 5 8 E } : D h c p N a m e S e r v e r = 1 9 2 . 1 6 8 . 3 . 1

O 2 0 - H K L M W i n l o g o n : S h e l l - ( E x p l o r e r . e x e ) - C : \ W I N D O W S \ e x p l o r e r . e x e ( M i c r o s o f t C o r p o r a t i o n )

O 2 0 - H K L M W i n l o g o n : U s e r I n i t - ( C : \ W I N D O W S \ s y s t e m 3 2 \ u s e r i n i t . e x e ) - C : \ W I N D O W S \ s y s t e m 3 2 \ u s e r i n i t . e x e ( M i c r o s o f t C o r p o r a t i o n )

O 2 4 - D e s k t o p W a l l P a p e r : C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ L o c a l S e t t i n g s \ A p p l i c a t i o n D a t a \ M i c r o s o f t \ W a l l p a p e r 1 . b m p

O 2 4 - D e s k t o p B a c k u p W a l l P a p e r : C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ L o c a l S e t t i n g s \ A p p l i c a t i o n D a t a \ M i c r o s o f t \ W a l l p a p e r 1 . b m p

O 3 2 - H K L M C D R o m : A u t o R u n - 1

O 3 2 - A u t o R u n F i l e - [ 2 0 1 1 / 0 8 / 1 5 1 3 : 1 2 : 1 0 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - C : \ A u t o d e s k - - [ N T F S ]

O 3 2 - A u t o R u n F i l e - [ 2 0 0 4 / 0 8 / 1 0 1 3 : 0 4 : 0 8 | 0 0 0 , 0 0 0 , 0 0 0 | - - - - | M ] ( ) - C : \ A U T O E X E C . B A T - - [ N T F S ]

O 3 4 - H K L M B o o t E x e c u t e : ( a u t o c h e c k a u t o c h k * )

O 3 5 - H K L M \ . . c o m f i l e [ o p e n ] - - " % 1 " % *

O 3 5 - H K L M \ . . e x e f i l e [ o p e n ] - - " % 1 " % *

O 3 7 - H K L M \ . . . c o m [ @ = c o m f i l e ] - - " % 1 " % *

O 3 7 - H K L M \ . . . e x e [ @ = e x e f i l e ] - - " % 1 " % *



N e t S v c s : 6 t o 4 - F i l e n o t f o u n d

N e t S v c s : A p p M g m t - F i l e n o t f o u n d

N e t S v c s : I a s - F i l e n o t f o u n d

N e t S v c s : I p r i p - F i l e n o t f o u n d

N e t S v c s : I r m o n - F i l e n o t f o u n d

N e t S v c s : N W C W o r k s t a t i o n - F i l e n o t f o u n d

N e t S v c s : N w s a p a g e n t - F i l e n o t f o u n d

N e t S v c s : W m d m P m S p - F i l e n o t f o u n d



C R E A T E R E S T O R E P O I N T

E r r o r c r e a t i n g r e s t o r e p o i n t .



[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = F i l e s / F o l d e r s - C r e a t e d W i t h i n 3 0 D a y s = = = = = = = = = = [ / c o l o r ]



[ 2 0 1 2 / 0 3 / 0 4 0 8 : 4 3 : 3 4 | 0 0 0 , 5 8 4 , 7 0 4 | - - - - | C ] ( O l d T i m e r T o o l s ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ D e s k t o p \ O T L . e x e

[ 2 0 1 2 / 0 3 / 0 4 0 8 : 3 0 : 2 1 | 0 0 0 , 1 4 7 , 4 5 6 | - - - - | C ] ( E r i c _ 7 1 ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ D e s k t o p \ M b r S c a n . e x e

[ 2 0 1 2 / 0 3 / 0 3 1 0 : 2 5 : 5 5 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ M a l w a r e b y t e s

[ 2 0 1 2 / 0 3 / 0 3 1 0 : 2 5 : 5 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ A l l U s e r s \ S t a r t M e n u \ P r o g r a m s \ M a l w a r e b y t e s ' A n t i - M a l w a r e

[ 2 0 1 2 / 0 3 / 0 3 1 0 : 2 5 : 5 0 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ A l l U s e r s \ A p p l i c a t i o n D a t a \ M a l w a r e b y t e s

[ 2 0 1 2 / 0 3 / 0 3 1 0 : 2 5 : 4 9 | 0 0 0 , 0 2 0 , 4 6 4 | - - - - | C ] ( M a l w a r e b y t e s C o r p o r a t i o n ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ d r i v e r s \ m b a m . s y s

[ 2 0 1 2 / 0 3 / 0 3 1 0 : 2 5 : 4 9 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ P r o g r a m F i l e s \ M a l w a r e b y t e s ' A n t i - M a l w a r e

[ 2 0 1 2 / 0 3 / 0 3 1 0 : 2 4 : 0 8 | 0 0 9 , 5 0 2 , 4 2 4 | - - - - | C ] ( M a l w a r e b y t e s C o r p o r a t i o n ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ D e s k t o p \ m b a m - - s e t u p - 1 . 6 0 . 1 . 1 0 0 0 . e x e

[ 2 0 1 2 / 0 3 / 0 3 0 7 : 5 4 : 5 4 | 0 0 4 , 7 3 0 , 8 8 0 | - - - - | C ] ( A V A S T S o f t w a r e ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ D e s k t o p \ a s w M B R . e x e

[ 2 0 1 2 / 0 3 / 0 2 2 1 : 2 2 : 1 1 | 0 0 0 , 0 0 0 , 0 0 0 | R H - D | C ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ R e c e n t

[ 2 0 1 2 / 0 3 / 0 1 2 2 : 1 9 : 2 3 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ L o c a l S e t t i n g s \ A p p l i c a t i o n D a t a \ D O S B o x

[ 2 0 1 2 / 0 3 / 0 1 1 0 : 5 3 : 1 3 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ l a t h e

[ 2 0 1 2 / 0 2 / 1 8 0 9 : 4 1 : 4 5 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ M y D o c u m e n t s \ C r o p p e r C a p t u r e s

[ 2 0 1 2 / 0 2 / 1 0 1 9 : 3 0 : 4 7 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ C r o p p e r

[ 2 0 1 2 / 0 2 / 1 0 1 9 : 3 0 : 2 6 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | C ] - - C : \ P r o g r a m F i l e s \ F u s i o n 8 D e s i g n

[ 4 C : \ W I N D O W S \ S y s t e m 3 2 \ * . t m p f i l e s - > C : \ W I N D O W S \ S y s t e m 3 2 \ * . t m p - > ]



[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = F i l e s - M o d i f i e d W i t h i n 3 0 D a y s = = = = = = = = = = [ / c o l o r ]



[ 2 0 1 2 / 0 3 / 0 4 0 8 : 4 3 : 3 7 | 0 0 0 , 5 8 4 , 7 0 4 | - - - - | M ] ( O l d T i m e r T o o l s ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ D e s k t o p \ O T L . e x e

[ 2 0 1 2 / 0 3 / 0 4 0 8 : 3 3 : 2 1 | 0 0 0 , 0 5 4 , 1 5 6 | - H - - | M ] ( ) - - C : \ W I N D O W S \ Q T F o n t . q f n

[ 2 0 1 2 / 0 3 / 0 4 0 8 : 3 0 : 1 8 | 0 0 0 , 1 4 7 , 4 5 6 | - - - - | M ] ( E r i c _ 7 1 ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ D e s k t o p \ M b r S c a n . e x e

[ 2 0 1 2 / 0 3 / 0 3 2 0 : 3 9 : 3 5 | 0 0 0 , 0 0 2 , 2 0 6 | - - - - | M ] ( ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ w p a . d b l

[ 2 0 1 2 / 0 3 / 0 3 2 0 : 3 8 : 4 6 | 0 0 0 , 0 0 2 , 0 4 8 | - - S - | M ] ( ) - - C : \ W I N D O W S \ b o o t s t a t . d a t

[ 2 0 1 2 / 0 3 / 0 3 1 0 : 2 5 : 5 1 | 0 0 0 , 0 0 0 , 7 8 4 | - - - - | M ] ( ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ A l l U s e r s \ D e s k t o p \ M a l w a r e b y t e s A n t i - M a l w a r e . l n k

[ 2 0 1 2 / 0 3 / 0 3 1 0 : 2 5 : 1 8 | 0 0 9 , 5 0 2 , 4 2 4 | - - - - | M ] ( M a l w a r e b y t e s C o r p o r a t i o n ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ D e s k t o p \ m b a m - - s e t u p - 1 . 6 0 . 1 . 1 0 0 0 . e x e

[ 2 0 1 2 / 0 3 / 0 3 1 0 : 1 5 : 2 4 | 0 0 0 , 0 8 0 , 3 8 4 | - - - - | M ] ( ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ D e s k t o p \ M B R C h e c k . e x e

[ 2 0 1 2 / 0 3 / 0 3 0 9 : 1 0 : 3 0 | 0 0 0 , 0 0 0 , 5 1 2 | - - - - | M ] ( ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ D e s k t o p \ M B R . d a t

[ 2 0 1 2 / 0 3 / 0 3 0 7 : 5 5 : 2 4 | 0 0 4 , 7 3 0 , 8 8 0 | - - - - | M ] ( A V A S T S o f t w a r e ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ D e s k t o p \ a s w M B R . e x e

[ 2 0 1 2 / 0 3 / 0 2 2 1 : 5 8 : 2 2 | 2 1 3 8 , 4 3 5 , 5 8 4 | - - - - | M ] ( ) - - C : \ W I N D O W S \ M E M O R Y . D M P

[ 2 0 1 2 / 0 3 / 0 2 2 1 : 2 3 : 1 9 | 0 0 0 , 0 0 2 , 6 2 6 | - - - - | M ] ( ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ C O N F I G . N T

[ 2 0 1 2 / 0 2 / 2 6 0 8 : 3 8 : 4 3 | 0 0 0 , 0 0 0 , 6 8 2 | - - - - | M ] ( ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ A l l U s e r s \ D e s k t o p \ C C l e a n e r . l n k

[ 2 0 1 2 / 0 2 / 2 5 2 0 : 5 4 : 4 2 | 0 0 0 , 1 9 5 , 0 7 2 | - - - - | M ] ( ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ L o c a l S e t t i n g s \ A p p l i c a t i o n D a t a \ D C B C 2 A 7 1 - 7 0 D 8 - 4 D A N - E H R 8 - E 0 D 6 1 D E A 3 F D F . i n i

[ 2 0 1 2 / 0 2 / 2 3 1 1 : 2 3 : 2 6 | 0 0 0 , 0 4 1 , 1 8 4 | - - - - | M ] ( A V A S T S o f t w a r e ) - - C : \ W I N D O W S \ a v a s t S S . s c r

[ 2 0 1 2 / 0 2 / 2 3 1 1 : 2 3 : 2 1 | 0 0 0 , 2 0 1 , 3 5 2 | - - - - | M ] ( A V A S T S o f t w a r e ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ a s w B o o t . e x e

[ 2 0 1 2 / 0 2 / 2 3 1 1 : 1 2 : 2 8 | 0 0 0 , 6 1 0 , 6 4 8 | - - - - | M ] ( A V A S T S o f t w a r e ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ d r i v e r s \ a s w S n x . s y s

[ 2 0 1 2 / 0 2 / 2 3 1 1 : 1 2 : 1 6 | 0 0 0 , 3 3 7 , 1 1 2 | - - - - | M ] ( A V A S T S o f t w a r e ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ d r i v e r s \ a s w S P . s y s

[ 2 0 1 2 / 0 2 / 2 3 1 1 : 1 0 : 4 6 | 0 0 0 , 0 3 5 , 6 7 2 | - - - - | M ] ( A V A S T S o f t w a r e ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ d r i v e r s \ a s w R d r . s y s

[ 2 0 1 2 / 0 2 / 2 3 1 1 : 1 0 : 3 9 | 0 0 0 , 0 5 3 , 8 4 8 | - - - - | M ] ( A V A S T S o f t w a r e ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ d r i v e r s \ a s w T d i . s y s

[ 2 0 1 2 / 0 2 / 2 3 1 1 : 1 0 : 2 5 | 0 0 0 , 0 9 5 , 7 0 4 | - - - - | M ] ( A V A S T S o f t w a r e ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ d r i v e r s \ a s w m o n 2 . s y s

[ 2 0 1 2 / 0 2 / 2 3 1 1 : 1 0 : 2 2 | 0 0 0 , 0 8 9 , 0 4 8 | - - - - | M ] ( A V A S T S o f t w a r e ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ d r i v e r s \ a s w m o n . s y s

[ 2 0 1 2 / 0 2 / 2 3 1 1 : 1 0 : 1 6 | 0 0 0 , 0 2 0 , 6 9 6 | - - - - | M ] ( A V A S T S o f t w a r e ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ d r i v e r s \ a s w F s B l k . s y s

[ 2 0 1 2 / 0 2 / 2 3 1 1 : 0 7 : 3 3 | 0 0 0 , 0 2 4 , 9 2 0 | - - - - | M ] ( A V A S T S o f t w a r e ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ d r i v e r s \ a a v m k e r 4 . s y s

[ 2 0 1 2 / 0 2 / 1 8 0 8 : 2 9 : 0 1 | 0 0 0 , 1 2 7 , 7 0 4 | - - - - | M ] ( ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ F N T C A C H E . D A T

[ 2 0 1 2 / 0 2 / 1 7 1 6 : 5 2 : 4 5 | 0 0 0 , 4 3 5 , 2 0 8 | - - - - | M ] ( ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ p e r f h 0 0 9 . d a t

[ 2 0 1 2 / 0 2 / 1 7 1 6 : 5 2 : 4 5 | 0 0 0 , 0 6 8 , 9 4 6 | - - - - | M ] ( ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ p e r f c 0 0 9 . d a t

[ 2 0 1 2 / 0 2 / 1 7 1 0 : 5 5 : 0 3 | 0 0 0 , 0 0 0 , 0 0 0 | - - - - | M ] ( ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ . g t k - b o o k m a r k s

[ 4 C : \ W I N D O W S \ S y s t e m 3 2 \ * . t m p f i l e s - > C : \ W I N D O W S \ S y s t e m 3 2 \ * . t m p - > ]



[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = F i l e s C r e a t e d - N o C o m p a n y N a m e = = = = = = = = = = [ / c o l o r ]



[ 2 0 1 2 / 0 3 / 0 3 1 0 : 2 5 : 5 1 | 0 0 0 , 0 0 0 , 7 8 4 | - - - - | C ] ( ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ A l l U s e r s \ D e s k t o p \ M a l w a r e b y t e s A n t i - M a l w a r e . l n k

[ 2 0 1 2 / 0 3 / 0 3 1 0 : 1 5 : 2 6 | 0 0 0 , 0 8 0 , 3 8 4 | - - - - | C ] ( ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ D e s k t o p \ M B R C h e c k . e x e

[ 2 0 1 2 / 0 3 / 0 3 0 9 : 1 0 : 3 0 | 0 0 0 , 0 0 0 , 5 1 2 | - - - - | C ] ( ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ D e s k t o p \ M B R . d a t

[ 2 0 1 2 / 0 2 / 1 6 1 0 : 4 7 : 4 2 | 0 0 0 , 0 0 3 , 0 7 2 | - - - - | C ] ( ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ i a c e n c . d l l

[ 2 0 1 2 / 0 2 / 1 6 1 0 : 4 7 : 4 2 | 0 0 0 , 0 0 3 , 0 7 2 | - - - - | C ] ( ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ d l l c a c h e \ i a c e n c . d l l

[ 2 0 1 2 / 0 2 / 1 0 1 9 : 3 0 : 2 7 | 0 0 0 , 0 0 2 , 4 6 5 | - - - - | C ] ( ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ S t a r t M e n u \ P r o g r a m s \ C r o p p e r . l n k

[ 2 0 1 1 / 0 6 / 2 2 1 1 : 4 9 : 0 0 | 0 0 0 , 0 8 1 , 9 2 0 | - - - - | C ] ( ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ M P M a p T r a c e . d l l

[ 2 0 1 1 / 0 6 / 2 2 1 1 : 0 3 : 4 4 | 0 0 0 , 3 6 4 , 5 4 4 | - - - - | C ] ( ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ m p P a t h a n . d l l

[ 2 0 1 1 / 0 2 / 0 5 0 7 : 2 8 : 2 1 | 0 0 0 , 0 0 0 , 0 5 6 | - H - - | C ] ( ) - - C : \ W I N D O W S \ S y s t e m 3 2 \ e z s i d m v . d a t

[ 2 0 1 0 / 1 0 / 0 6 0 9 : 2 7 : 3 2 | 0 0 0 , 0 0 0 , 0 1 0 | - - - - | C ] ( ) - - C : \ W I N D O W S \ l i b s f . d l l

[ 2 0 1 0 / 0 8 / 1 8 2 0 : 2 7 : 5 6 | 0 0 0 , 5 8 5 , 7 6 0 | - - - - | C ] ( ) - - C : \ D o c u m e n t s a n d S e t t i n g s \ L o c a l S e r v i c e \ L o c a l S e t t i n g s \ A p p l i c a t i o n D a t a \ F o n t C a c h e 3 . 0 . 0 . 0 . d a t

[ 2 0 1 0 / 0 3 / 1 1 0 9 : 0 8 : 4 3 | 0 0 0 , 0 0 0 , 0 6 7 | - - - - | C ] ( ) - - C : \ W I N D O W S \ p m a c a l c . I N I



[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = L O P C h e c k = = = = = = = = = = [ / c o l o r ]



[ 2 0 1 0 / 1 2 / 2 1 1 2 : 4 4 : 2 6 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ A l l U s e r s \ A p p l i c a t i o n D a t a \ A l w i l S o f t w a r e

[ 2 0 1 1 / 0 8 / 1 5 1 3 : 1 7 : 2 3 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ A l l U s e r s \ A p p l i c a t i o n D a t a \ A u t o d e s k

[ 2 0 1 2 / 0 1 / 2 1 0 9 : 3 4 : 3 0 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ A l l U s e r s \ A p p l i c a t i o n D a t a \ D a s s a u l t S y s t e m e s

[ 2 0 0 7 / 1 1 / 0 6 1 9 : 3 3 : 0 6 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ A l l U s e r s \ A p p l i c a t i o n D a t a \ I M S I D e s i g n

[ 2 0 0 6 / 0 2 / 1 2 1 6 : 0 5 : 4 9 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ A l l U s e r s \ A p p l i c a t i o n D a t a \ M o v i e l i n k

[ 2 0 1 0 / 1 0 / 0 6 0 9 : 2 2 : 0 6 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ A l l U s e r s \ A p p l i c a t i o n D a t a \ S a f e N e t S e n t i n e l

[ 2 0 0 6 / 0 1 / 2 9 0 2 : 3 2 : 0 6 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ A l l U s e r s \ A p p l i c a t i o n D a t a \ Z e r o K n o w l e d g e

[ 2 0 0 9 / 0 3 / 0 3 1 8 : 0 8 : 2 0 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ A l l U s e r s \ A p p l i c a t i o n D a t a \ { 6 8 4 D 1 E 7 F - C C 0 4 - 4 2 E 3 - 9 7 E C - E F F A B 7 5 0 A A 5 8 }

[ 2 0 1 1 / 0 8 / 1 5 1 3 : 1 7 : 2 3 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ A u t o d e s k

[ 2 0 0 9 / 0 3 / 2 0 2 0 : 1 1 : 2 8 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ C a d S o f t

[ 2 0 1 2 / 0 2 / 1 0 1 9 : 3 0 : 5 0 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ C r o p p e r

[ 2 0 1 1 / 0 5 / 1 7 0 7 : 0 7 : 0 0 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ D i g i t a l C o n f i d e n c e

[ 2 0 1 2 / 0 1 / 2 1 0 9 : 3 4 : 5 6 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ D r a f t S i g h t

[ 2 0 1 1 / 0 7 / 2 1 1 5 : 0 0 : 3 2 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ E D r a w i n g s

[ 2 0 0 8 / 0 9 / 1 8 1 0 : 0 6 : 1 8 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ L e a d e r t e c h

[ 2 0 1 1 / 1 0 / 3 0 1 3 : 0 9 : 1 7 | 0 0 0 , 0 0 0 , 0 0 0 | R H - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ M i c r o c h i p

[ 2 0 0 6 / 0 9 / 0 1 1 8 : 2 0 : 4 3 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ M S N I n s t a l l e r

[ 2 0 0 9 / 0 7 / 0 8 1 2 : 3 4 : 4 9 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ O p e n O f f i c e . o r g

[ 2 0 0 9 / 0 6 / 1 8 1 4 : 2 6 : 0 8 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ P G P

[ 2 0 0 6 / 0 8 / 1 5 1 3 : 2 0 : 0 6 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ R i b b o n S o f t

[ 2 0 0 6 / 0 8 / 0 8 2 0 : 3 0 : 4 4 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ T h u n d e r b i r d

[ 2 0 1 0 / 0 2 / 2 2 1 2 : 1 9 : 0 6 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ E n g i n e e r 1 \ A p p l i c a t i o n D a t a \ V i r t u a l S t o r e

[ 2 0 0 7 / 1 1 / 2 9 2 0 : 1 0 : 1 8 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ M e \ A p p l i c a t i o n D a t a \ A u t o d e s k

[ 2 0 1 0 / 0 1 / 2 4 0 5 : 1 3 : 0 1 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ M e \ A p p l i c a t i o n D a t a \ G e t R i g h t T o G o

[ 2 0 1 1 / 0 1 / 1 4 1 9 : 4 5 : 2 9 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ M e \ A p p l i c a t i o n D a t a \ L e a d e r t e c h

[ 2 0 1 0 / 0 8 / 2 5 0 7 : 4 0 : 3 2 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ M e \ A p p l i c a t i o n D a t a \ S u p e r U t i l s . c o m

[ 2 0 0 7 / 1 0 / 0 9 1 8 : 4 1 : 1 2 | 0 0 0 , 0 0 0 , 0 0 0 | - - - D | M ] - - C : \ D o c u m e n t s a n d S e t t i n g s \ M e \ A p p l i c a t i o n D a t a \ T h u n d e r b i r d



[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = P u r i t y C h e c k = = = = = = = = = = [ / c o l o r ]







[ c o l o r = # E 5 6 7 1 7 ] = = = = = = = = = = C u s t o m S c a n s = = = = = = = = = = [ / c o l o r ]





[ c o l o r = # A 2 3 B E C ] < % S Y S T E M D R I V E % \ * . e x e > [ / c o l o r ]

[ 2 0 1 0 / 0 2 / 1 1 1 1 : 0 4 : 0 5 | 0 0 0 , 0 4 9 , 1 5 2 | - - - - | M ] ( ) - - C : \ m d 5 s u m . e x e





[ c o l o r = # A 2 3 B E C ] < M D 5 f o r : E X P L O R E R . E X E > [ / c o l o r ]

[ 2 0 0 8 / 0 4 / 1 3 1 9 : 1 2 : 1 9 | 0 0 1 , 0 3 3 , 7 2 8 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) M D 5 = 1 2 8 9 6 8 2 3 F B 9 5 B F B 3 D C 9 B 4 6 B C A E D C 9 9 2 3 - - C : \ W I N D O W S \ e x p l o r e r . e x e

[ 2 0 0 8 / 0 4 / 1 3 1 9 : 1 2 : 1 9 | 0 0 1 , 0 3 3 , 7 2 8 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) M D 5 = 1 2 8 9 6 8 2 3 F B 9 5 B F B 3 D C 9 B 4 6 B C A E D C 9 9 2 3 - - C : \ W I N D O W S \ S e r v i c e P a c k F i l e s \ i 3 8 6 \ e x p l o r e r . e x e

[ 2 0 0 7 / 0 6 / 1 3 0 6 : 2 6 : 0 3 | 0 0 1 , 0 3 3 , 2 1 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) M D 5 = 7 7 1 2 D F 0 C D D E 3 A 5 A C 8 9 8 4 3 E 6 1 C D 5 B 3 6 5 8 - - C : \ W I N D O W S \ $ h f _ m i g $ \ K B 9 3 8 8 2 8 \ S P 2 Q F E \ e x p l o r e r . e x e

[ 2 0 0 7 / 0 6 / 1 3 0 5 : 2 3 : 0 7 | 0 0 1 , 0 3 3 , 2 1 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) M D 5 = 9 7 B D 6 5 1 5 4 6 5 6 5 9 F F 8 F 3 B 7 B E 3 7 5 B 2 E A 8 7 - - C : \ W I N D O W S \ $ N t S e r v i c e P a c k U n i n s t a l l $ \ e x p l o r e r . e x e

[ 2 0 0 4 / 0 8 / 0 4 0 5 : 0 0 : 0 0 | 0 0 1 , 0 3 2 , 1 9 2 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) M D 5 = A 0 7 3 2 1 8 7 0 5 0 0 3 0 A E 3 9 9 B 2 4 1 4 3 6 5 6 5 E 6 4 - - C : \ W I N D O W S \ $ N t U n i n s t a l l K B 9 3 8 8 2 8 $ \ e x p l o r e r . e x e



[ c o l o r = # A 2 3 B E C ] < M D 5 f o r : S V C H O S T . E X E > [ / c o l o r ]

[ 2 0 0 8 / 0 4 / 1 3 1 9 : 1 2 : 3 6 | 0 0 0 , 0 1 4 , 3 3 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) M D 5 = 2 7 C 6 D 0 3 B C D B 8 C F E B 9 6 B 7 1 6 F 3 D 8 B E 3 E 1 8 - - C : \ W I N D O W S \ S e r v i c e P a c k F i l e s \ i 3 8 6 \ s v c h o s t . e x e

[ 2 0 0 8 / 0 4 / 1 3 1 9 : 1 2 : 3 6 | 0 0 0 , 0 1 4 , 3 3 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) M D 5 = 2 7 C 6 D 0 3 B C D B 8 C F E B 9 6 B 7 1 6 F 3 D 8 B E 3 E 1 8 - - C : \ W I N D O W S \ s y s t e m 3 2 \ s v c h o s t . e x e

[ 2 0 1 2 / 0 1 / 1 3 1 4 : 5 3 : 2 0 | 0 0 0 , 1 8 2 , 8 5 6 | - - - - | M ] ( ) M D 5 = 6 3 E E C 8 A 8 B 2 2 1 A B 7 9 0 4 5 E 7 7 6 E 5 F 5 9 2 8 6 8 - - C : \ P r o g r a m F i l e s \ M a l w a r e b y t e s ' A n t i - M a l w a r e \ C h a m e l e o n \ s v c h o s t . e x e

[ 2 0 0 4 / 0 8 / 0 4 0 5 : 0 0 : 0 0 | 0 0 0 , 0 1 4 , 3 3 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) M D 5 = 8 F 0 7 8 A E 4 E D 1 8 7 A A A B C 0 A 3 0 5 1 4 6 D E 6 7 1 6 - - C : \ i 3 8 6 \ s v c h o s t . e x e

[ 2 0 0 4 / 0 8 / 0 4 0 5 : 0 0 : 0 0 | 0 0 0 , 0 1 4 , 3 3 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) M D 5 = 8 F 0 7 8 A E 4 E D 1 8 7 A A A B C 0 A 3 0 5 1 4 6 D E 6 7 1 6 - - C : \ W I N D O W S \ $ N t S e r v i c e P a c k U n i n s t a l l $ \ s v c h o s t . e x e



[ c o l o r = # A 2 3 B E C ] < M D 5 f o r : U S E R I N I T . E X E > [ / c o l o r ]

[ 2 0 0 4 / 0 8 / 0 4 0 5 : 0 0 : 0 0 | 0 0 0 , 0 2 4 , 5 7 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) M D 5 = 3 9 B 1 F F B 0 3 C 2 2 9 6 3 2 3 8 3 2 A C B A E 5 0 D 2 A F F - - C : \ i 3 8 6 \ u s e r i n i t . e x e

[ 2 0 0 4 / 0 8 / 0 4 0 5 : 0 0 : 0 0 | 0 0 0 , 0 2 4 , 5 7 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) M D 5 = 3 9 B 1 F F B 0 3 C 2 2 9 6 3 2 3 8 3 2 A C B A E 5 0 D 2 A F F - - C : \ W I N D O W S \ $ N t S e r v i c e P a c k U n i n s t a l l $ \ u s e r i n i t . e x e

[ 2 0 0 8 / 0 4 / 1 3 1 9 : 1 2 : 3 8 | 0 0 0 , 0 2 6 , 1 1 2 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) M D 5 = A 9 3 A E E 1 9 2 8 A 9 D 7 C E 3 E 1 6 D 2 4 E C 7 3 8 0 F 8 9 - - C : \ W I N D O W S \ S e r v i c e P a c k F i l e s \ i 3 8 6 \ u s e r i n i t . e x e

[ 2 0 0 8 / 0 4 / 1 3 1 9 : 1 2 : 3 8 | 0 0 0 , 0 2 6 , 1 1 2 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) M D 5 = A 9 3 A E E 1 9 2 8 A 9 D 7 C E 3 E 1 6 D 2 4 E C 7 3 8 0 F 8 9 - - C : \ W I N D O W S \ s y s t e m 3 2 \ u s e r i n i t . e x e



[ c o l o r = # A 2 3 B E C ] < M D 5 f o r : W I N L O G O N . E X E > [ / c o l o r ]

[ 2 0 0 4 / 0 8 / 0 4 0 5 : 0 0 : 0 0 | 0 0 0 , 5 0 2 , 2 7 2 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) M D 5 = 0 1 C 3 3 4 6 C 2 4 1 6 5 2 F 4 3 A E D 8 E 2 1 4 9 8 8 1 B F E - - C : \ i 3 8 6 \ w i n l o g o n . e x e

[ 2 0 0 4 / 0 8 / 0 4 0 5 : 0 0 : 0 0 | 0 0 0 , 5 0 2 , 2 7 2 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) M D 5 = 0 1 C 3 3 4 6 C 2 4 1 6 5 2 F 4 3 A E D 8 E 2 1 4 9 8 8 1 B F E - - C : \ W I N D O W S \ $ N t S e r v i c e P a c k U n i n s t a l l $ \ w i n l o g o n . e x e

[ 2 0 1 2 / 0 1 / 1 3 1 4 : 5 3 : 2 0 | 0 0 0 , 1 8 2 , 8 5 6 | - - - - | M ] ( ) M D 5 = 6 3 E E C 8 A 8 B 2 2 1 A B 7 9 0 4 5 E 7 7 6 E 5 F 5 9 2 8 6 8 - - C : \ P r o g r a m F i l e s \ M a l w a r e b y t e s ' A n t i - M a l w a r e \ C h a m e l e o n \ w i n l o g o n . e x e

[ 2 0 0 8 / 0 4 / 1 3 1 9 : 1 2 : 3 9 | 0 0 0 , 5 0 7 , 9 0 4 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) M D 5 = E D 0 E F 0 A 1 3 6 D E C 8 3 D F 6 9 F 0 4 1 1 8 8 7 0 0 0 3 E - - C : \ W I N D O W S \ S e r v i c e P a c k F i l e s \ i 3 8 6 \ w i n l o g o n . e x e

[ 2 0 0 8 / 0 4 / 1 3 1 9 : 1 2 : 3 9 | 0 0 0 , 5 0 7 , 9 0 4 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n ) M D 5 = E D 0 E F 0 A 1 3 6 D E C 8 3 D F 6 9 F 0 4 1 1 8 8 7 0 0 0 3 E - - C : \ W I N D O W S \ s y s t e m 3 2 \ w i n l o g o n . e x e



[ c o l o r = # A 2 3 B E C ] < % s y s t e m r o o t % \ * . / m p / s > [ / c o l o r ]



[ c o l o r = # A 2 3 B E C ] < h k l m \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t | c o m m a n d / r s > [ / c o l o r ]

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ a o l . e x e \ I n s t a l l I n f o \ \ R e i n s t a l l C o m m a n d : C : \ P R O G R A ~ 1 \ A M E R I C ~ 1 . 0 \ a c c d e f . e x e - r b

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ a o l . e x e \ I n s t a l l I n f o \ \ H i d e I c o n s C o m m a n d : C : \ P R O G R A ~ 1 \ A M E R I C ~ 1 . 0 \ a c c d e f . e x e - h b

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ a o l . e x e \ I n s t a l l I n f o \ \ S h o w I c o n s C o m m a n d : C : \ P R O G R A ~ 1 \ A M E R I C ~ 1 . 0 \ a c c d e f . e x e - s b

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ a o l . e x e \ s h e l l \ o p e n \ c o m m a n d \ \ : C : \ P R O G R A ~ 1 \ A M E R I C ~ 1 . 0 \ a o l . e x e

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ F I R E F O X . E X E \ I n s t a l l I n f o \ \ H i d e I c o n s C o m m a n d : " C : \ P r o g r a m F i l e s \ M o z i l l a F i r e f o x \ u n i n s t a l l \ h e l p e r . e x e " / H i d e S h o r t c u t s [ 2 0 1 2 / 0 2 / 1 7 1 2 : 4 2 : 1 6 | 0 0 0 , 8 3 4 , 8 4 0 | - - - - | M ] ( M o z i l l a C o r p o r a t i o n )

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ F I R E F O X . E X E \ I n s t a l l I n f o \ \ S h o w I c o n s C o m m a n d : " C : \ P r o g r a m F i l e s \ M o z i l l a F i r e f o x \ u n i n s t a l l \ h e l p e r . e x e " / S h o w S h o r t c u t s [ 2 0 1 2 / 0 2 / 1 7 1 2 : 4 2 : 1 6 | 0 0 0 , 8 3 4 , 8 4 0 | - - - - | M ] ( M o z i l l a C o r p o r a t i o n )

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ F I R E F O X . E X E \ I n s t a l l I n f o \ \ R e i n s t a l l C o m m a n d : " C : \ P r o g r a m F i l e s \ M o z i l l a F i r e f o x \ u n i n s t a l l \ h e l p e r . e x e " / S e t A s D e f a u l t A p p G l o b a l [ 2 0 1 2 / 0 2 / 1 7 1 2 : 4 2 : 1 6 | 0 0 0 , 8 3 4 , 8 4 0 | - - - - | M ] ( M o z i l l a C o r p o r a t i o n )

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ F I R E F O X . E X E \ s h e l l \ o p e n \ c o m m a n d \ \ : C : \ P r o g r a m F i l e s \ M o z i l l a F i r e f o x \ f i r e f o x . e x e [ 2 0 1 2 / 0 2 / 1 7 1 2 : 4 2 : 3 7 | 0 0 0 , 9 2 4 , 6 3 2 | - - - - | M ] ( M o z i l l a C o r p o r a t i o n )

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ F I R E F O X . E X E \ s h e l l \ p r o p e r t i e s \ c o m m a n d \ \ : " C : \ P r o g r a m F i l e s \ M o z i l l a F i r e f o x \ f i r e f o x . e x e " - p r e f e r e n c e s [ 2 0 1 2 / 0 2 / 1 7 1 2 : 4 2 : 3 7 | 0 0 0 , 9 2 4 , 6 3 2 | - - - - | M ] ( M o z i l l a C o r p o r a t i o n )

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ F I R E F O X . E X E \ s h e l l \ s a f e m o d e \ c o m m a n d \ \ : " C : \ P r o g r a m F i l e s \ M o z i l l a F i r e f o x \ f i r e f o x . e x e " - s a f e - m o d e [ 2 0 1 2 / 0 2 / 1 7 1 2 : 4 2 : 3 7 | 0 0 0 , 9 2 4 , 6 3 2 | - - - - | M ] ( M o z i l l a C o r p o r a t i o n )

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ I E X P L O R E . E X E \ I n s t a l l I n f o \ \ R e i n s t a l l C o m m a n d : % s y s t e m r o o t % \ s y s t e m 3 2 \ s h m g r a t e . e x e O C I n s t a l l R e i n s t a l l I E [ 2 0 0 8 / 0 4 / 1 3 1 9 : 1 2 : 3 5 | 0 0 0 , 0 4 5 , 0 5 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n )

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ I E X P L O R E . E X E \ I n s t a l l I n f o \ \ H i d e I c o n s C o m m a n d : % s y s t e m r o o t % \ s y s t e m 3 2 \ s h m g r a t e . e x e O C I n s t a l l H i d e I E [ 2 0 0 8 / 0 4 / 1 3 1 9 : 1 2 : 3 5 | 0 0 0 , 0 4 5 , 0 5 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n )

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ I E X P L O R E . E X E \ I n s t a l l I n f o \ \ S h o w I c o n s C o m m a n d : % s y s t e m r o o t % \ s y s t e m 3 2 \ s h m g r a t e . e x e O C I n s t a l l S h o w I E [ 2 0 0 8 / 0 4 / 1 3 1 9 : 1 2 : 3 5 | 0 0 0 , 0 4 5 , 0 5 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n )

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ I E X P L O R E . E X E \ s h e l l \ o p e n \ c o m m a n d \ \ : " % p r o g r a m f i l e s % \ I n t e r n e t E x p l o r e r \ i e x p l o r e . e x e " [ 2 0 0 8 / 0 4 / 1 3 1 9 : 1 2 : 2 2 | 0 0 0 , 0 9 3 , 1 8 4 | - H S - | M ] ( M i c r o s o f t C o r p o r a t i o n )



[ c o l o r = # A 2 3 B E C ] < h k l m \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t | c o m m a n d / 6 4 / r s > [ / c o l o r ]

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ a o l . e x e \ I n s t a l l I n f o \ \ R e i n s t a l l C o m m a n d : C : \ P R O G R A ~ 1 \ A M E R I C ~ 1 . 0 \ a c c d e f . e x e - r b

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ a o l . e x e \ I n s t a l l I n f o \ \ H i d e I c o n s C o m m a n d : C : \ P R O G R A ~ 1 \ A M E R I C ~ 1 . 0 \ a c c d e f . e x e - h b

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ a o l . e x e \ I n s t a l l I n f o \ \ S h o w I c o n s C o m m a n d : C : \ P R O G R A ~ 1 \ A M E R I C ~ 1 . 0 \ a c c d e f . e x e - s b

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ a o l . e x e \ s h e l l \ o p e n \ c o m m a n d \ \ : C : \ P R O G R A ~ 1 \ A M E R I C ~ 1 . 0 \ a o l . e x e

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ F I R E F O X . E X E \ I n s t a l l I n f o \ \ H i d e I c o n s C o m m a n d : " C : \ P r o g r a m F i l e s \ M o z i l l a F i r e f o x \ u n i n s t a l l \ h e l p e r . e x e " / H i d e S h o r t c u t s [ 2 0 1 2 / 0 2 / 1 7 1 2 : 4 2 : 1 6 | 0 0 0 , 8 3 4 , 8 4 0 | - - - - | M ] ( M o z i l l a C o r p o r a t i o n )

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ F I R E F O X . E X E \ I n s t a l l I n f o \ \ S h o w I c o n s C o m m a n d : " C : \ P r o g r a m F i l e s \ M o z i l l a F i r e f o x \ u n i n s t a l l \ h e l p e r . e x e " / S h o w S h o r t c u t s [ 2 0 1 2 / 0 2 / 1 7 1 2 : 4 2 : 1 6 | 0 0 0 , 8 3 4 , 8 4 0 | - - - - | M ] ( M o z i l l a C o r p o r a t i o n )

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ F I R E F O X . E X E \ I n s t a l l I n f o \ \ R e i n s t a l l C o m m a n d : " C : \ P r o g r a m F i l e s \ M o z i l l a F i r e f o x \ u n i n s t a l l \ h e l p e r . e x e " / S e t A s D e f a u l t A p p G l o b a l [ 2 0 1 2 / 0 2 / 1 7 1 2 : 4 2 : 1 6 | 0 0 0 , 8 3 4 , 8 4 0 | - - - - | M ] ( M o z i l l a C o r p o r a t i o n )

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ F I R E F O X . E X E \ s h e l l \ o p e n \ c o m m a n d \ \ : C : \ P r o g r a m F i l e s \ M o z i l l a F i r e f o x \ f i r e f o x . e x e [ 2 0 1 2 / 0 2 / 1 7 1 2 : 4 2 : 3 7 | 0 0 0 , 9 2 4 , 6 3 2 | - - - - | M ] ( M o z i l l a C o r p o r a t i o n )

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ F I R E F O X . E X E \ s h e l l \ p r o p e r t i e s \ c o m m a n d \ \ : " C : \ P r o g r a m F i l e s \ M o z i l l a F i r e f o x \ f i r e f o x . e x e " - p r e f e r e n c e s [ 2 0 1 2 / 0 2 / 1 7 1 2 : 4 2 : 3 7 | 0 0 0 , 9 2 4 , 6 3 2 | - - - - | M ] ( M o z i l l a C o r p o r a t i o n )

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ F I R E F O X . E X E \ s h e l l \ s a f e m o d e \ c o m m a n d \ \ : " C : \ P r o g r a m F i l e s \ M o z i l l a F i r e f o x \ f i r e f o x . e x e " - s a f e - m o d e [ 2 0 1 2 / 0 2 / 1 7 1 2 : 4 2 : 3 7 | 0 0 0 , 9 2 4 , 6 3 2 | - - - - | M ] ( M o z i l l a C o r p o r a t i o n )

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ I E X P L O R E . E X E \ I n s t a l l I n f o \ \ R e i n s t a l l C o m m a n d : % s y s t e m r o o t % \ s y s t e m 3 2 \ s h m g r a t e . e x e O C I n s t a l l R e i n s t a l l I E [ 2 0 0 8 / 0 4 / 1 3 1 9 : 1 2 : 3 5 | 0 0 0 , 0 4 5 , 0 5 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n )

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ I E X P L O R E . E X E \ I n s t a l l I n f o \ \ H i d e I c o n s C o m m a n d : % s y s t e m r o o t % \ s y s t e m 3 2 \ s h m g r a t e . e x e O C I n s t a l l H i d e I E [ 2 0 0 8 / 0 4 / 1 3 1 9 : 1 2 : 3 5 | 0 0 0 , 0 4 5 , 0 5 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n )

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ I E X P L O R E . E X E \ I n s t a l l I n f o \ \ S h o w I c o n s C o m m a n d : % s y s t e m r o o t % \ s y s t e m 3 2 \ s h m g r a t e . e x e O C I n s t a l l S h o w I E [ 2 0 0 8 / 0 4 / 1 3 1 9 : 1 2 : 3 5 | 0 0 0 , 0 4 5 , 0 5 6 | - - - - | M ] ( M i c r o s o f t C o r p o r a t i o n )

H K E Y _ L O C A L _ M A C H I N E \ s o f t w a r e \ c l i e n t s \ s t a r t m e n u i n t e r n e t \ I E X P L O R E . E X E \ s h e l l \ o p e n \ c o m m a n d \ \ : " % p r o g r a m f i l e s % \ I n t e r n e t E x p l o r e r \ i e x p l o r e . e x e " [ 2 0 0 8 / 0 4 / 1 3 1 9 : 1 2 : 2 2 | 0 0 0 , 0 9 3 , 1 8 4 | - H S - | M ] ( M i c r o s o f t C o r p o r a t i o n )



< E n d o f r e p o r t >
  • 0

Advertisements

#2
Essexboy
Posted 04 March 2012 - 10:20 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there we will get a fresh OTL log next, after we recover your desktop and icons

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

NEXT

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

FINALLY

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
waitingforhelp
Posted 04 March 2012 - 12:39 PM

waitingforhelp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you for your prompt attention.

I am posting logs, but let me comment first that I did not seem to get an extras.log file from OTL. What settings do I need to get that?

RogueKiller V7.2.1 [02/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Engineer1 [Admin rights]
Mode: Scan -- Date: 03/04/2012 11:35:56

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 9 ¤¤¤
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM160HC +++++
--- User ---
[MBR] aa2dd2e29211d48a54c2315bc40e434a
[BSP] 7fe52d7fe465e0e6005b0ba19f807eb1 : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 15 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32130 | Size: 149478 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


RogueKiller V7.2.1 [02/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Engineer1 [Admin rights]
Mode: Remove -- Date: 03/04/2012 11:36:34

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 9 ¤¤¤
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Documents and Settings\Engineer1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp)
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM160HC +++++
--- User ---
[MBR] aa2dd2e29211d48a54c2315bc40e434a
[BSP] 7fe52d7fe465e0e6005b0ba19f807eb1 : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 15 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32130 | Size: 149478 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt




OTL logfile created on: 3/4/2012 11:51:50 AM - Run 3
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Engineer1\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 82.70% Memory free
3.84 Gb Paging File | 3.72 Gb Available in Paging File | 96.93% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.98 Gb Total Space | 78.12 Gb Free Space | 53.52% Space Free | Partition Type: NTFS

Computer Name: LYONS_LAPTOP_1 | User Name: Engineer1 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/04 11:38:37 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Engineer1\Desktop\OTL.exe
PRC - [2012/02/23 11:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2012/02/23 11:23:21 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [On_Demand | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006/07/18 11:02:58 | 001,205,784 | ---- | M] (Sunbelt Software) [Auto | Stopped] -- C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe -- (KPF4)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aswMBR)
DRV - [2012/02/23 11:12:28 | 000,610,648 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/02/23 11:12:16 | 000,337,112 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/02/23 11:10:46 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/02/23 11:10:39 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/02/23 11:10:25 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/02/23 11:10:16 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/23 11:07:33 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/01/06 17:21:00 | 000,594,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2008/09/11 13:46:35 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/09/23 23:00:00 | 000,037,488 | ---- | M] (www.winchiphead.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CH341SER.SYS -- (CH341SER)
DRV - [2007/09/05 19:35:46 | 000,377,920 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/18 11:02:52 | 000,091,672 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\khips.sys -- (khips)
DRV - [2006/07/18 11:02:50 | 000,284,184 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv)
DRV - [2006/06/06 08:45:14 | 000,329,452 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2005/12/11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/08/05 03:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/22 03:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 03:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 03:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/07/04 06:35:02 | 000,140,930 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rdwm1057.sys -- (RDID1057)
DRV - [2005/03/15 20:11:00 | 000,043,392 | R--- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Athfmwdl.sys -- (ATHFMWDL)
DRV - [2004/08/18 15:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002/10/15 13:59:24 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-818032530-2858578603-2249262156-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-818032530-2858578603-2249262156-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-818032530-2858578603-2249262156-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {c1970c0d-dbe6-4d91-804f-c9c0de643a57}:1.3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/02 16:06:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 12:42:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/22 17:04:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2008/02/01 17:14:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/03/03 10:44:35 | 000,000,000 | ---D | M]

[2008/09/11 12:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Engineer1\Application Data\Mozilla\Extensions
[2012/02/28 16:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Engineer1\Application Data\Mozilla\Firefox\Profiles\6x85gzsb.default\extensions
[2011/02/04 15:57:59 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Engineer1\Application Data\Mozilla\Firefox\Profiles\6x85gzsb.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011/12/25 09:56:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Engineer1\Application Data\Mozilla\Firefox\Profiles\6x85gzsb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/01/04 20:03:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/02 11:18:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ENGINEER1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6X85GZSB.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ENGINEER1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6X85GZSB.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ENGINEER1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6X85GZSB.DEFAULT\EXTENSIONS\{C1970C0D-DBE6-4D91-804F-C9C0DE643A57}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ENGINEER1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6X85GZSB.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ENGINEER1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6X85GZSB.DEFAULT\EXTENSIONS\[email protected]
[2012/02/17 12:42:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/17 14:56:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 13:01:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 09:57:20 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-818032530-2858578603-2249262156-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-818032530-2858578603-2249262156-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_27.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Instant Messenger ™ - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} http://www.sidestep....42037/sb02b.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1138922431975 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01709191-3716-48F3-8645-5C95A714C58E}: DhcpNameServer = 192.168.3.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Engineer1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Engineer1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/15 13:12:10 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/03/04 11:35:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Engineer1\Desktop\RK_Quarantine
[2012/03/04 08:43:34 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Engineer1\Desktop\OTL.exe
[2012/03/04 08:30:21 | 000,147,456 | ---- | C] (Eric_71) -- C:\Documents and Settings\Engineer1\Desktop\MbrScan.exe
[2012/03/03 10:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Engineer1\Application Data\Malwarebytes
[2012/03/03 10:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/03 10:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/03 10:25:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/03 10:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/03 10:24:08 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Engineer1\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/03 07:54:54 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Engineer1\Desktop\aswMBR.exe
[2012/03/02 21:22:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Engineer1\Recent
[2012/03/01 22:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Engineer1\Local Settings\Application Data\DOSBox
[2012/03/01 10:53:13 | 000,000,000 | ---D | C] -- C:\lathe
[2012/02/18 09:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Engineer1\My Documents\Cropper Captures
[2012/02/10 19:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Engineer1\Application Data\Cropper
[2012/02/10 19:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Fusion8Design
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/04 11:38:37 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Engineer1\Desktop\OTL.exe
[2012/03/04 11:28:18 | 001,339,904 | ---- | M] () -- C:\Documents and Settings\Engineer1\Desktop\RogueKiller.exe
[2012/03/04 08:33:21 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/03/04 08:30:18 | 000,147,456 | ---- | M] (Eric_71) -- C:\Documents and Settings\Engineer1\Desktop\MbrScan.exe
[2012/03/03 20:39:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/03 20:38:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/03 10:25:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/03 10:25:18 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Engineer1\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/03 10:15:24 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Engineer1\Desktop\MBRCheck.exe
[2012/03/03 09:10:30 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Engineer1\Desktop\MBR.dat
[2012/03/03 07:55:24 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Engineer1\Desktop\aswMBR.exe
[2012/03/02 21:58:22 | 2138,435,584 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2012/03/02 21:23:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/02/26 08:38:43 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/02/25 20:54:42 | 000,195,072 | ---- | M] () -- C:\Documents and Settings\Engineer1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/23 11:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/02/23 11:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/02/23 11:12:28 | 000,610,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/02/23 11:12:16 | 000,337,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/02/23 11:10:46 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/02/23 11:10:39 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/02/23 11:10:25 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/02/23 11:10:22 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/02/23 11:10:16 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/02/23 11:07:33 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/02/18 08:29:01 | 000,127,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/17 16:52:45 | 000,435,208 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/17 16:52:45 | 000,068,946 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/17 10:55:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Engineer1\.gtk-bookmarks
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/04 11:28:17 | 001,339,904 | ---- | C] () -- C:\Documents and Settings\Engineer1\Desktop\RogueKiller.exe
[2012/03/03 10:25:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/03 10:15:26 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Engineer1\Desktop\MBRCheck.exe
[2012/03/03 09:10:30 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Engineer1\Desktop\MBR.dat
[2012/02/16 10:47:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 10:47:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/10 19:30:27 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\Engineer1\Start Menu\Programs\Cropper.lnk
[2011/06/22 11:49:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\MPMapTrace.dll
[2011/06/22 11:03:44 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\mpPathan.dll
[2011/02/05 07:28:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/06 09:27:32 | 000,000,010 | ---- | C] () -- C:\WINDOWS\libsf.dll
[2010/08/18 20:27:56 | 000,585,760 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/11 09:08:43 | 000,000,067 | ---- | C] () -- C:\WINDOWS\pmacalc.INI

========== LOP Check ==========

[2010/12/21 12:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/08/15 13:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012/01/21 09:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dassault Systemes
[2007/11/06 19:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IMSIDesign
[2006/02/12 16:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Movielink
[2010/10/06 09:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2006/01/29 02:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zero Knowledge
[2009/03/03 18:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{684D1E7F-CC04-42E3-97EC-EFFAB750AA58}
[2011/08/15 13:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Engineer1\Application Data\Autodesk
[2009/03/20 20:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Engineer1\Application Data\CadSoft
[2012/02/10 19:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Engineer1\Application Data\Cropper
[2011/05/17 07:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Engineer1\Application Data\Digital Confidence
[2012/01/21 09:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Engineer1\Application Data\DraftSight
[2011/07/21 15:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Engineer1\Application Data\EDrawings
[2008/09/18 10:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Engineer1\Application Data\Leadertech
[2011/10/30 13:09:17 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Engineer1\Application Data\Microchip
[2006/09/01 18:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Engineer1\Application Data\MSNInstaller
[2009/07/08 12:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Engineer1\Application Data\OpenOffice.org
[2009/06/18 14:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Engineer1\Application Data\PGP
[2006/08/15 13:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Engineer1\Application Data\RibbonSoft
[2006/08/08 20:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Engineer1\Application Data\Thunderbird
[2010/02/22 12:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Engineer1\Application Data\VirtualStore
[2007/11/29 20:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Autodesk
[2010/01/24 05:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\GetRightToGo
[2011/01/14 19:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Leadertech
[2010/08/25 07:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\SuperUtils.com
[2007/10/09 18:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Thunderbird

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/02/11 11:04:05 | 000,049,152 | ---- | M] () -- C:\md5sum.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
"DhcpNodeType" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{01709191-3716-48F3-8645-5C95A714C58E}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{111D78E0-6B13-4C38-ABC1-0E3CAC01E9DD}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{864BE0D6-B174-404C-9D4A-70979969D9B0}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{C423A096-C6C5-47ED-87A7-268FE2B0784A}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{E29019BC-AF14-4104-9F62-5FE16143BFD5}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 04 01 07 01 03 01 00 00 01 00 02 00 05 00 06 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 05:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/17 12:42:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/17 12:42:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/17 12:42:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/17 12:42:37 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/17 12:42:37 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/17 12:42:37 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/13 19:12:22 | 000,093,184 | --S- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/17 12:42:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/17 12:42:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/17 12:42:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/17 12:42:37 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/17 12:42:37 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/17 12:42:37 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/13 19:12:22 | 000,093,184 | --S- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< %SYSTEMDRIVE%\*.exe >
[2010/02/11 11:04:05 | 000,049,152 | ---- | M] () -- C:\md5sum.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
"DhcpNodeType" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{01709191-3716-48F3-8645-5C95A714C58E}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{111D78E0-6B13-4C38-ABC1-0E3CAC01E9DD}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{864BE0D6-B174-404C-9D4A-70979969D9B0}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{C423A096-C6C5-47ED-87A7-268FE2B0784A}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{E29019BC-AF14-4104-9F62-5FE16143BFD5}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 04 01 07 01 03 01 00 00 01 00 02 00 05 00 06 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 05:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/17 12:42:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/17 12:42:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/17 12:42:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/17 12:42:37 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/17 12:42:37 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/17 12:42:37 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/13 19:12:22 | 000,093,184 | --S- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/17 12:42:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/17 12:42:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/17 12:42:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/17 12:42:37 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/17 12:42:37 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/17 12:42:37 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/13 19:12:22 | 000,093,184 | --S- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-04 13:11:44
-----------------------------
13:11:44.046 OS Version: Windows 5.1.2600 Service Pack 3
13:11:44.046 Number of processors: 1 586 0xD08
13:11:44.046 ComputerName: LYONS_LAPTOP_1 UserName: Engineer1
13:11:44.671 Initialize success
13:11:45.312 AVAST engine defs: 12030400
13:11:50.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
13:11:50.375 Disk 0 Vendor: SAMSUNG_HM160HC LQ100-10 Size: 152627MB BusType: 3
13:11:50.437 Disk 0 MBR read successfully
13:11:50.453 Disk 0 MBR scan
13:11:50.484 Disk 0 unknown MBR code
13:11:50.500 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 15 MB offset 63
13:11:50.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 149478 MB offset 32130
13:11:50.546 Disk 0 scanning sectors +306164880
13:11:50.671 Disk 0 scanning C:\WINDOWS\system32\drivers
13:12:02.953 Service scanning
13:12:26.625 Modules scanning
13:12:31.625 Disk 0 trace - called modules:
13:12:31.703 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
13:12:31.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8e8ab8]
13:12:31.796 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a86e940]
13:12:32.453 AVAST engine scan C:\WINDOWS
13:12:38.828 AVAST engine scan C:\WINDOWS\system32
13:14:56.796 AVAST engine scan C:\WINDOWS\system32\drivers
13:15:14.046 AVAST engine scan C:\Documents and Settings\Engineer1
13:38:35.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Engineer1\Desktop\MBR.dat"
13:38:35.234 The log file has been saved successfully to "C:\Documents and Settings\Engineer1\Desktop\0304_aswMBR.txt"
  • 0

#4
Essexboy
Posted 04 March 2012 - 03:11 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
An extra txt will only be generated on the first run unless it is asked for

Looking at the logs it appears to be history now :happy:

Do you have the desktop, icons and programmes folders back now ?

The MBR checks out ok

What problems remain ?
  • 0

#5
waitingforhelp
Posted 04 March 2012 - 05:20 PM

waitingforhelp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
So the messages regarding:

+++++ PhysicalDrive0: SAMSUNG HM160HC +++++
--- User ---
[MBR] aa2dd2e29211d48a54c2315bc40e434a
[BSP] 7fe52d7fe465e0e6005b0ba19f807eb1 : MBR Code unknown

"MBR unknown" are not an issue?

Thank would be very nice!
  • 0

#6
waitingforhelp
Posted 04 March 2012 - 05:23 PM

waitingforhelp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
If I run MBRcheck now it says: found non-standard or infected MBR

I took that to be a bad thing, but maybe it is just a non-standard (i.e. Dell) MBR?

pg
  • 0

#7
Essexboy
Posted 05 March 2012 - 12:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes it is the Dell one - but as you have removed that partion then you can replace it with the standard XP

Do you have any problems at all ?

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:



Enter 2 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):



Enter 0 and press Enter

The following dialog will be presented:

Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive:



Enter 1 and press Enter

The following dialog will be presented:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:



Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!

And last the following dialog will be presented:

Done! Press ENTER to exit...



Press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#8
waitingforhelp
Posted 06 March 2012 - 11:39 AM

waitingforhelp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks! Things seem to be working ok without replacing the MBR, so apparently it is still the valid Dell one.

I have updated Malwarebytes and Avast and run multiple scans... all appears clean!

Thanks SO VERY MUCH for your help! I will be sending a contribution. Keep up the great work!
  • 0

#9
Essexboy
Posted 06 March 2012 - 02:32 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thank you for the donation :thumbsup:

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#10
Essexboy
Posted 10 March 2012 - 08:07 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP