Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

IE 8 and desktop icons locking up. [Solved]

Started by helpme1962 , Apr 25 2012 02:40 PM

This topic is locked

#136
CompCav

Posted 02 May 2012 - 10:27 AM

Member 5k

Expert
12,454 posts

We will hide them in the final post they are normal files, just normally hidden!

#137
helpme1962

Posted 02 May 2012 - 10:32 AM

Member

Topic Starter
Member
154 posts

I can't believe this. I was just downloading flv player from cnet and other BS downloaded at the same time, changed my browser, all kinds of stuff, avast caught it and put it somewhere. How do I find this?

#138
CompCav

Posted 02 May 2012 - 10:35 AM

Member 5k

Expert
12,454 posts

You need SP1 so we need to run Windows update.

Open Windows Update by clicking the Start button. In the search box, type Update, and then, in the list of results, click Windows Update.

In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your computer.

If you see a message telling you that important updates are available, or telling you to review important updates, click the message to view and select the important updates to install. (Install just SP1 first)

Then come back to the list, click the important updates for more information. Select the check boxes for three or four updates per time that you want to install, and then click OK. Continue until all critical, important, and recommended updates are installed.

Click Install updates.

#139
CompCav

Posted 02 May 2012 - 10:36 AM

Member 5k

Expert
12,454 posts

We will get to flv later do updates to protect you first. Do not install the "BS" and we will get it after updates.

#140
helpme1962

Posted 02 May 2012 - 10:57 AM

Member

Topic Starter
Member
154 posts

im installing the windows updates, might take a bit.

As for the flv on cnet, its already done. I unchecked any additional stuff they were trying to get my to download, but it downloaded anyway. I had to uninstall some bs toolbar and also change my browser back to google. I seriously hope avast caught that stuff. It did give me a pop up, Im just not that familiar with avast. I want to view the log to see what file it was but I cant locate the avast user interface that lets me look at the log.

#141
CompCav

Posted 02 May 2012 - 11:02 AM

Member 5k

Expert
12,454 posts

Don't worry we will clean it up after the updates!

#142
helpme1962

Posted 02 May 2012 - 11:35 AM

Member

Topic Starter
Member
154 posts

It was the ALOT tool bar, also some freewarezone Sh*T. I uninstalled both from the add remove progranms. Windows is updating. I did the SP1 update, there are about 100 others and they are updating now. I will advise when complete.

#143
CompCav

Posted 02 May 2012 - 12:00 PM

Member 5k

Expert
12,454 posts

Glad you got the "stuff" and we will clean up the remnants later!!!!

#144
helpme1962

Posted 02 May 2012 - 12:02 PM

Member

Topic Starter
Member
154 posts

All windows updates installed.

#145
CompCav

Posted 02 May 2012 - 12:05 PM

Member 5k

Expert
12,454 posts

OK let's do a quick scan with OTL:

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select Scan All Users
Select Lop Check and Purity Check
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
C:\windows\*. /RP /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt
Post OTL.txt

#146
helpme1962

Posted 02 May 2012 - 12:16 PM

Member

Topic Starter
Member
154 posts

OTL logfile created on: 5/2/2012 2:10:16 PM - Run 2
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Chris\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.43 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 71.66% Memory free
6.85 Gb Paging File | 5.85 Gb Available in Paging File | 85.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.26 Gb Total Space | 181.49 Gb Free Space | 82.40% Space Free | Partition Type: NTFS

Computer Name: CHRIS-LAPTOP | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/02 11:37:58 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012/04/27 21:56:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/17 10:37:46 | 015,963,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2011/07/28 14:43:26 | 001,459,056 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
PRC - [2011/07/28 14:39:42 | 000,390,000 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
PRC - [2011/07/25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2011/07/16 00:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/07/19 17:42:16 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/07/19 17:23:28 | 000,477,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/13 21:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/07/08 17:08:30 | 000,413,827 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/06 18:46:58 | 000,603,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswOtl.dll
MOD - [2012/01/10 21:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011/07/25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/05/02 13:26:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/05/02 11:38:00 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/02 10:12:08 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/07/28 14:39:42 | 000,390,000 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2010/07/19 17:42:16 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2010/07/19 17:23:28 | 000,477,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 12:28:26 | 000,044,144 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\accelern.sys -- (Acceler)
DRV - [2011/07/15 21:30:50 | 000,017,904 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2011/07/05 18:48:30 | 000,039,656 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2010/07/14 04:42:24 | 006,814,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel®
DRV - [2010/04/05 23:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/15 13:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/05/28 10:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3884233150-1639396949-4101722923-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3884233150-1639396949-4101722923-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3884233150-1639396949-4101722923-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3884233150-1639396949-4101722923-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 3F 0A 07 6D 28 CD 01 [binary data]
IE - HKU\S-1-5-21-3884233150-1639396949-4101722923-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3884233150-1639396949-4101722923-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3884233150-1639396949-4101722923-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3884233150-1639396949-4101722923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2012/05/02 12:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FreeWorkz Games) - {D1ECD019-8423-43de-98D1-7892AF2DA309} - C:\Program Files\FreeWorkz\FreeWorkzIE.dll (FreeWorkz)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAC7FE92-3480-4FC7-86C8-5AE752C44648}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/02 13:55:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012/05/02 13:29:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/02 13:28:32 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/05/02 13:28:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2012/05/02 12:39:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Outlook Files
[2012/05/02 12:29:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/05/02 12:29:07 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/05/02 12:28:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Applian FLV and Media Player
[2012/05/02 12:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
[2012/05/02 12:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2012/05/02 12:25:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Mozilla
[2012/05/02 12:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\FreeWorkz
[2012/05/02 12:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2012/05/02 12:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2012/05/02 12:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Webcam
[2012/05/02 12:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/05/02 11:43:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Logitech
[2012/05/02 11:43:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Leadertech
[2012/05/02 11:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/05/02 11:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012/05/02 11:38:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2012/05/02 11:38:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Adobe
[2012/05/02 11:37:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/05/02 11:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/05/02 11:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/05/02 11:35:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/05/02 11:34:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2012/05/02 11:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/05/02 11:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012/05/02 11:28:31 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/05/02 11:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/05/02 11:28:30 | 000,337,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/05/02 11:28:27 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/05/02 11:28:26 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/05/02 11:28:24 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/05/02 11:28:22 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/05/02 11:28:03 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/05/02 11:28:02 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/05/02 11:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/05/02 11:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/05/02 11:26:16 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012/05/02 11:26:13 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2012/05/02 11:26:13 | 004,478,092 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
[2012/05/02 11:26:13 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2012/05/02 11:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/05/02 11:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/05/02 11:09:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/05/02 11:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/05/02 11:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/05/02 11:07:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Microsoft Help
[2012/05/02 11:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/05/02 11:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/05/02 11:07:39 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/05/02 11:02:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Personal
[2012/05/02 10:54:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\IST Files
[2012/05/02 10:38:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ElevatedDiagnostics
[2012/05/02 10:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell System Manager
[2012/05/02 10:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2012/05/02 10:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2012/05/02 10:23:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Dell
[2012/05/02 10:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/05/02 10:20:22 | 000,017,904 | ---- | C] (ST Microelectronics) -- C:\Windows\System32\drivers\stdcfltn.sys
[2012/05/02 10:20:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/05/02 10:20:16 | 000,081,520 | ---- | C] (ST Microelectronics) -- C:\Windows\System32\accelernco01.dll
[2012/05/02 10:20:16 | 000,044,144 | ---- | C] (ST Microelectronics) -- C:\Windows\System32\drivers\accelern.sys
[2012/05/02 10:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\STMicroelectronics
[2012/05/02 10:20:14 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/05/02 10:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2012/05/02 10:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2012/05/02 10:12:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Citrix
[2012/05/02 10:11:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Deployment
[2012/05/02 10:11:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apps
[2012/05/02 10:10:25 | 000,000,000 | ---D | C] -- C:\Intel
[2012/05/02 10:06:54 | 000,000,000 | ---D | C] -- C:\drvrtmp
[2012/05/02 10:00:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Intel
[2012/05/02 09:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2012/05/02 09:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/05/02 09:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2012/05/02 09:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012/05/02 09:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/05/02 09:59:07 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/05/02 09:59:03 | 000,000,000 | ---D | C] -- C:\dell
[2012/05/02 09:36:03 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/05/02 09:36:03 | 000,000,000 | R--D | C] -- C:\Users\Chris\Searches
[2012/05/02 09:36:03 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/05/02 09:36:03 | 000,000,000 | -H-D | C] -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/05/02 09:35:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Identities
[2012/05/02 09:35:54 | 000,000,000 | R--D | C] -- C:\Users\Chris\Contacts
[2012/05/02 09:35:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\VirtualStore
[2012/05/02 09:35:47 | 000,000,000 | --SD | C] -- C:\Users\Chris\AppData\Roaming\Microsoft
[2012/05/02 09:35:47 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/05/02 09:35:47 | 000,000,000 | R--D | C] -- C:\Users\Chris\Favorites
[2012/05/02 09:35:47 | 000,000,000 | R--D | C] -- C:\Users\Chris\Downloads
[2012/05/02 09:35:47 | 000,000,000 | R--D | C] -- C:\Users\Chris\Documents
[2012/05/02 09:35:47 | 000,000,000 | R--D | C] -- C:\Users\Chris\Desktop
[2012/05/02 09:35:47 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Temporary Internet Files
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Templates
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Start Menu
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\SendTo
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Recent
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\PrintHood
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\NetHood
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Videos
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Pictures
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Music
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\My Documents
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Local Settings
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\History
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Cookies
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Application Data
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Application Data
[2012/05/02 09:35:47 | 000,000,000 | -H-D | C] -- C:\Users\Chris\AppData
[2012/05/02 09:35:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Temp
[2012/05/02 09:35:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Microsoft
[2012/05/02 09:35:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Media Center Programs
[2012/05/02 09:35:46 | 000,000,000 | R--D | C] -- C:\Users\Chris\Videos
[2012/05/02 09:35:46 | 000,000,000 | R--D | C] -- C:\Users\Chris\Saved Games
[2012/05/02 09:35:46 | 000,000,000 | R--D | C] -- C:\Users\Chris\Pictures
[2012/05/02 09:35:46 | 000,000,000 | R--D | C] -- C:\Users\Chris\Music
[2012/05/02 09:35:46 | 000,000,000 | R--D | C] -- C:\Users\Chris\Links
[2012/05/02 09:35:39 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/05/02 09:35:35 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[2012/05/02 14:12:38 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/02 14:12:38 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/02 14:10:16 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/02 14:10:16 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/02 14:05:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/02 14:05:04 | 2760,241,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/02 13:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/02 13:57:06 | 000,406,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/02 13:49:56 | 000,001,105 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/05/02 12:32:19 | 000,040,833 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/05/02 12:31:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2012/05/02 12:25:59 | 000,001,343 | ---- | M] () -- C:\Users\Public\Desktop\Applian FLV and Media Player.lnk
[2012/05/02 12:00:10 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
[2012/05/02 11:45:01 | 000,002,014 | ---- | M] () -- C:\Users\Chris\Desktop\Mouse and Keyboard Settings.lnk
[2012/05/02 11:43:11 | 000,001,328 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2012/05/02 11:41:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2012/05/02 11:41:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2012/05/02 11:41:10 | 000,002,002 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012/05/02 11:41:10 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2012/05/02 11:35:46 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/05/02 11:28:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/05/02 11:23:15 | 000,003,483 | ---- | M] () -- C:\Users\Chris\Desktop\My Documents - Shortcut.lnk
[2012/05/02 11:22:17 | 000,013,880 | ---- | M] () -- C:\Users\Chris\Desktop\excel - Shortcut.lnk
[2012/05/02 11:21:05 | 000,003,041 | ---- | M] () -- C:\Users\Chris\Desktop\Microsoft Publisher 2010.lnk
[2012/05/02 11:10:20 | 000,003,029 | ---- | M] () -- C:\Users\Chris\Desktop\Microsoft Outlook 2010.lnk
[2012/05/02 11:10:20 | 000,003,021 | ---- | M] () -- C:\Users\Chris\Desktop\Microsoft Word 2010.lnk
[2012/05/02 10:58:30 | 000,000,355 | ---- | M] () -- C:\Users\Chris\Desktop\Computer - Shortcut.lnk
[2012/05/02 10:47:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_cvusbdrv_01009.Wdf
[2012/05/02 10:24:23 | 000,002,024 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
[2012/05/02 10:12:05 | 000,103,784 | ---- | M] () -- C:\Users\Chris\GoToAssistDownloadHelper.exe
[2012/05/02 10:08:16 | 000,001,411 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/02 09:58:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/05/02 09:36:04 | 000,001,417 | ---- | M] () -- C:\Users\Chris\Desktop\Internet Explorer.lnk
[2012/04/30 12:28:45 | 000,002,016 | ---- | M] () -- C:\Users\Chris\Desktop\Belarc Advisor.lnk
[2012/04/29 22:18:45 | 000,879,714 | ---- | M] () -- C:\Users\Chris\Desktop\SecurityCheck.exe
[2012/04/29 20:57:33 | 000,001,073 | ---- | M] () -- C:\Users\Chris\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/29 18:07:12 | 000,002,000 | ---- | M] () -- C:\Users\Chris\Desktop\avast! Free Antivirus.lnk
[2012/04/29 18:03:42 | 074,761,776 | ---- | M] () -- C:\Users\Chris\Desktop\setup_av_free.exe
[2012/04/29 09:27:44 | 000,396,041 | ---- | M] () -- C:\Users\Chris\Desktop\MiniToolBox.exe
[2012/04/28 23:55:06 | 003,514,358 | ---- | M] () -- C:\Users\Chris\Desktop\WVCheck.exe
[2012/04/28 14:29:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2012/04/28 13:54:26 | 000,337,321 | ---- | M] () -- C:\Users\Chris\Desktop\FSS.exe
[2012/04/28 09:39:08 | 000,154,624 | ---- | M] () -- C:\Users\Chris\Desktop\TDSSQlook.exe
[2012/04/27 21:56:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012/04/27 15:27:32 | 004,478,092 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
[2012/04/27 13:45:45 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2012/04/27 12:46:36 | 001,280,512 | ---- | M] () -- C:\Users\Chris\Desktop\RogueKiller.exe

========== Files Created - No Company Name ==========

[2012/05/02 12:39:16 | 000,001,105 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/05/02 12:32:16 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/05/02 12:32:10 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/05/02 12:31:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2012/05/02 12:29:07 | 2760,241,152 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/02 12:25:59 | 000,001,343 | ---- | C] () -- C:\Users\Public\Desktop\Applian FLV and Media Player.lnk
[2012/05/02 12:14:45 | 000,057,656 | ---- | C] () -- C:\Windows\System32\drivers\FilterPC.bmp
[2012/05/02 12:14:45 | 000,024,995 | ---- | C] () -- C:\Windows\System32\drivers\FilterPC.jpg
[2012/05/02 12:00:10 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
[2012/05/02 11:45:01 | 000,002,014 | ---- | C] () -- C:\Users\Chris\Desktop\Mouse and Keyboard Settings.lnk
[2012/05/02 11:43:11 | 000,001,328 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2012/05/02 11:41:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2012/05/02 11:41:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2012/05/02 11:41:10 | 000,002,002 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012/05/02 11:41:10 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2012/05/02 11:38:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/02 11:35:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/02 11:35:46 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/05/02 11:26:16 | 000,396,041 | ---- | C] () -- C:\Users\Chris\Desktop\MiniToolBox.exe
[2012/05/02 11:26:16 | 000,001,073 | ---- | C] () -- C:\Users\Chris\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/02 11:26:13 | 003,514,358 | ---- | C] () -- C:\Users\Chris\Desktop\WVCheck.exe
[2012/05/02 11:26:13 | 000,337,321 | ---- | C] () -- C:\Users\Chris\Desktop\FSS.exe
[2012/05/02 11:26:13 | 000,154,624 | ---- | C] () -- C:\Users\Chris\Desktop\TDSSQlook.exe
[2012/05/02 11:26:13 | 000,002,569 | ---- | C] () -- C:\Users\Chris\Desktop\Dell Backup and Recovery Manager.lnk
[2012/05/02 11:26:13 | 000,002,503 | ---- | C] () -- C:\Users\Chris\Desktop\Skype.lnk
[2012/05/02 11:26:13 | 000,002,147 | ---- | C] () -- C:\Users\Chris\Desktop\Dell Webcam Central.lnk
[2012/05/02 11:26:13 | 000,002,101 | ---- | C] () -- C:\Users\Chris\Desktop\DWG TrueView 2012.lnk
[2012/05/02 11:26:13 | 000,002,016 | ---- | C] () -- C:\Users\Chris\Desktop\Belarc Advisor.lnk
[2012/05/02 11:26:13 | 000,002,000 | ---- | C] () -- C:\Users\Chris\Desktop\avast! Free Antivirus.lnk
[2012/05/02 11:26:13 | 000,001,991 | ---- | C] () -- C:\Users\Chris\Desktop\Adobe Reader X.lnk
[2012/05/02 11:26:13 | 000,001,193 | ---- | C] () -- C:\Users\Chris\Desktop\All Tasks.lnk
[2012/05/02 11:26:13 | 000,001,113 | ---- | C] () -- C:\Users\Chris\Desktop\Yahoo! Messenger.lnk
[2012/05/02 11:26:13 | 000,000,242 | ---- | C] () -- C:\Users\Chris\Desktop\Industrial Info Resources - The Leading Provider of Global Industrial Project Reports (PEC Reports).url
[2012/05/02 11:26:13 | 000,000,183 | ---- | C] () -- C:\Users\Chris\Desktop\Contractor and Supplier Safety Management ISNetworld.url
[2012/05/02 11:26:10 | 074,761,776 | ---- | C] () -- C:\Users\Chris\Desktop\setup_av_free.exe
[2012/05/02 11:26:10 | 001,280,512 | ---- | C] () -- C:\Users\Chris\Desktop\RogueKiller.exe
[2012/05/02 11:26:10 | 000,879,714 | ---- | C] () -- C:\Users\Chris\Desktop\SecurityCheck.exe
[2012/05/02 11:26:10 | 000,002,190 | ---- | C] () -- C:\Users\Chris\Desktop\Roxio Creator Home.lnk
[2012/05/02 11:26:10 | 000,002,120 | ---- | C] () -- C:\Users\Chris\Desktop\Seagate Manager.lnk
[2012/05/02 11:23:15 | 000,003,483 | ---- | C] () -- C:\Users\Chris\Desktop\My Documents - Shortcut.lnk
[2012/05/02 11:22:17 | 000,013,880 | ---- | C] () -- C:\Users\Chris\Desktop\excel - Shortcut.lnk
[2012/05/02 11:21:05 | 000,003,041 | ---- | C] () -- C:\Users\Chris\Desktop\Microsoft Publisher 2010.lnk
[2012/05/02 11:10:20 | 000,003,029 | ---- | C] () -- C:\Users\Chris\Desktop\Microsoft Outlook 2010.lnk
[2012/05/02 11:10:20 | 000,003,021 | ---- | C] () -- C:\Users\Chris\Desktop\Microsoft Word 2010.lnk
[2012/05/02 10:58:30 | 000,000,355 | ---- | C] () -- C:\Users\Chris\Desktop\Computer - Shortcut.lnk
[2012/05/02 10:47:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_cvusbdrv_01009.Wdf
[2012/05/02 10:24:23 | 000,002,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
[2012/05/02 10:12:05 | 000,103,784 | ---- | C] () -- C:\Users\Chris\GoToAssistDownloadHelper.exe
[2012/05/02 10:08:16 | 000,001,411 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/02 10:07:04 | 000,001,904 | ---- | C] () -- C:\Windows\System32\SetupBD.din
[2012/05/02 10:06:54 | 000,003,138 | ---- | C] () -- C:\Windows\System32\e1k6232.din
[2012/05/02 09:58:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/05/02 09:36:04 | 000,001,417 | ---- | C] () -- C:\Users\Chris\Desktop\Internet Explorer.lnk
[2012/05/02 09:35:47 | 000,000,290 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/02 09:35:47 | 000,000,272 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/01/10 22:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012/01/10 22:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012/01/10 22:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012/01/10 21:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/01/10 21:12:34 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012/01/10 21:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll

========== LOP Check ==========

[2012/05/02 13:00:47 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Applian FLV and Media Player
[2012/05/02 11:43:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leadertech
[2009/07/14 00:53:46 | 000,002,850 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/07/13 19:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{1343B712-2CAB-4783-B44B-16CD3B20F089}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{BAC7FE92-3480-4FC7-86C8-5AE752C44648}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{E5C8C4E9-18A5-462B-8828-9181FB4812A9}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2009/07/13 19:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 06 01 03 01 01 01 09 01 08 01 07 01 05 01 04 01 00 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 9
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2009/07/13 21:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/02/28 01:42:27 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/02/28 01:42:27 | 000,673,048 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/02/28 01:42:27 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/02/28 01:42:27 | 000,673,048 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7600
Copyright © 1999-2008 Microsoft Corporation.
On computer: CHRIS-LAPTOP
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 RECOVERY NTFS Partition 12 GB Healthy System
Volume 2 C NTFS Partition 220 GB Healthy Boot

< >

< End of report >

#147
helpme1962

Posted 02 May 2012 - 12:20 PM

Member

Topic Starter
Member
154 posts

Just an FYI, from the log above, this is some of that BS software that was downloaded.

O2 - BHO: (FreeWorkz Games) - {D1ECD019-8423-43de-98D1-7892AF2DA309} - C:\Program Files\FreeWorkz\FreeWorkzIE.dll (FreeWorkz)

#148
CompCav

Posted 02 May 2012 - 12:43 PM

Member 5k

Expert
12,454 posts

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:OTL
O2 - BHO: (FreeWorkz Games) - {D1ECD019-8423-43de-98D1-7892AF2DA309} - C:\Program Files\FreeWorkz\FreeWorkzIE.dll (FreeWorkz)
[2012/05/02 12:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\FreeWorkz


:files
ipconfig /flushdns /c


:reg


:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Please post the OTL log and let me know of any current issues.

#149
helpme1962

Posted 02 May 2012 - 12:52 PM

Member

Topic Starter
Member
154 posts

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1ECD019-8423-43de-98D1-7892AF2DA309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1ECD019-8423-43de-98D1-7892AF2DA309}\ deleted successfully.
C:\Program Files\FreeWorkz\FreeWorkzIE.dll moved successfully.
C:\Program Files\FreeWorkz folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Chris\Desktop\cmd.bat deleted successfully.
C:\Users\Chris\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 44487873 bytes
->Temporary Internet Files folder emptied: 92624792 bytes
->Flash cache emptied: 844 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22718760 bytes
RecycleBin emptied: 68740569 bytes

Total Files Cleaned = 218.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.1 log created on 05022012_144723

Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VKAYWSIX\fastbutton[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\40D6129I\page__pid__2152196__st__135[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\40D6129I\search[3].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...