Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE 8 and desktop icons locking up. [Solved]

Started by helpme1962 , Apr 25 2012 02:40 PM

  • This topic is locked This topic is locked

#121
helpme1962
Posted 30 April 2012 - 08:11 AM

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
It does not say sp1. When I call dell, am I working with them to validate or should I get something from them and continue to work with you?
  • 0

Advertisements

#122
CompCav
Posted 30 April 2012 - 08:15 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts

When I call dell, am I working with them to validate or should I get something from them and continue to work with you?

Please let Dell or Microsoft know the results of your scan with the tampered files so that they can clear it up.

After you have windows validation solved, if you are getting help from Dell that is free and you are happy with them continue, if not I am here to help!

Either way please post back to give me an update on where you are because there is a step or two we need to do after validation.

Regards,

CompCav
  • 0

#123
helpme1962
Posted 30 April 2012 - 08:18 AM

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
I was never informed during the validation of any tampered files so I'm not sure what you are referring to there.

Also, I have not gotten the pop up again. Perhaps it was a latent message?

I rebooted the system,I don't have any messages indicating this is not a genuine copy.

Is there a validation scan I can do to see if it's genuine?

I don't want to call dell yet with this problem until I am absolutely sure its not validated.
  • 0

#124
helpme1962
Posted 30 April 2012 - 08:26 AM

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
When I run the validation from microsoft website, http://www.microsoft...nuine/validate/ I get this message, Install genuine Windows.
Files that Windows needs to work properly have been modified, removed, or disabled. To resolve, you need to install genuine Windows. Not to worry, we can help you with that.

When I go to troubleshoot, this is the directions,

How could Windows files have been modified, removed or disabled?You may have:

•Downloaded software that attempts to bypass Windows activation, commonly called an activation exploit
•Downloaded malware that has infected your PC and modified, removed, or disabled essential Windows files
•Inadvertently purchased counterfeit Windows from an unreliable source (how can I tell?)
To fix this, install genuine Windows and activate with a valid product key.
.How do I install genuine Windows?If you have a genuine Windows DVD along with a valid product key, you just need to install and activate Windows. However, if you do not have genuine Windows already (for instance, if you inadvertently acquired counterfeit software, or you do not have a valid product key), you will need to purchase genuine Windows first. Click on the “Buy genuine Windows” tab to view offers from Microsoft. Once you have purchased genuine Windows, you can use the instructions below to install it.

To perform a clean installation of Windows 7, follow these steps:

(Important note: In a clean installation, existing data on your computer is deleted. This data includes personal data, settings, hardware driver information, and software programs. After you install the operating system, you must also reinstall all programs. Make sure that you back up personal data to disks or other external storage devices before you perform a clean installation.)

1.Start the computer and make sure that Windows has started.
2.Insert the genuine Windows 7 DVD into the DVD drive and then close the drive tray. Wait a moment for the Setup program to start automatically.
3.If the Setup program does not start automatically, follow these steps:
a.Click Start and then click Run.
b.Type Drive:\setup.exe and then click OK. Note: Drive is the drive letter of the computer's DVD drive.
4.When the Setup program starts and the Install now screen appears, click Install now.
5.When the Which type of installation do you want? screen appears, click Custom (advanced). Then follow the instructions to install Windows 7.
6.During installation, you will be prompted to activate Windows with your product key. Follow the instructions to activate Windows.
.None of these suggestions have worked. What else can I try?•If you do not have a product key, then you need to buy genuine Windows. Click on the “Buy genuine Windows” tab to view offers from Microsoft.
•If you need additional support, we are here to help. Get in touch with a local support professional.
Click here for support.
.Report counterfeit software and learn more about qualifying for a complimentary software replacement kit for Windows (available in selected countries). Get started now.
.
  • 0

#125
CompCav
Posted 30 April 2012 - 08:39 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Call Microsoft it is a free call, 1-866-530-6364 for Windows 7.
  • 0

#126
helpme1962
Posted 30 April 2012 - 08:41 AM

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
ok, i'll get back to you.
  • 0

#127
CompCav
Posted 30 April 2012 - 08:47 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
I'll be here.
  • 0

#128
helpme1962
Posted 30 April 2012 - 11:28 AM

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
Looks like I will be reintalling windows 7. Yippeee. In the process of backing everything up my personal and work docs and settings to the seagate. Not sure how much I want to bring all those files back from seagate after reinstallation. Chances are there is something bad lurking on that seagate.

Any advice before I start this?
  • 0

#129
CompCav
Posted 30 April 2012 - 12:56 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Yes I believe we should scan for malware on the backup drive before doing the reinstall.

  • Hold down the Shift key and keep it down while you connect the backup drive.
  • Keep holding the Shift key until the drive lights settle down.
  • Then Start MalwareBytes'
  • Click the Update tab and then Check for updates.
  • Click the Scanner tab and click Perform full Scan
  • Make sure the external drive is checked and then click Scan
Make sure you quarantine/delete anything MalwareBytes' finds on the external drive.


Then once it is cleaned, disconnect the external drive and follow the reinstall process that Microsoft gave you.

Regards,

CompCav
  • 0

#130
helpme1962
Posted 01 May 2012 - 04:28 AM

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
Im going to do the scan of the external hard drive and reinstall the OS tomorrow as I'm out and about today. I'll update you tomorrow.
  • 0

Advertisements

#131
CompCav
Posted 01 May 2012 - 05:52 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Thanks for the update, I will be here!

CompCav
  • 0

#132
helpme1962
Posted 02 May 2012 - 09:13 AM

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
Windows 7 professional reinstalled. Awaiting your next recommendation.

Thanks,

Chris
  • 0

#133
CompCav
Posted 02 May 2012 - 09:27 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
OK we will see how it looks with our regular scans!

Step 1.

Download aswMBR.exe ( 1.8mb ) to your desktop.
or if you still have it go on to run it.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 2.

Download OTL
 to your Desktop
or if you still have it go on with instructions here:
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\windows\*. /RP /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 3.

Please post:

aswMBR log
OTL.txt
Extras.txt

Tell me how the computer is performing and any issues you still have
  • 0

#134
helpme1962
Posted 02 May 2012 - 10:12 AM

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
MBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-02 11:55:19
-----------------------------
11:55:19.954 OS Version: Windows 6.1.7600
11:55:19.954 Number of processors: 4 586 0x2502
11:55:19.954 ComputerName: CHRIS-LAPTOP UserName: Chris
11:55:23.074 Initialize success
11:55:23.480 AVAST engine defs: 12050200
11:56:02.199 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:56:02.214 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 8
11:56:02.230 Disk 0 MBR read successfully
11:56:02.230 Disk 0 MBR scan
11:56:02.230 Disk 0 Windows 7 default MBR code
11:56:02.230 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:56:02.246 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12890 MB offset 81920
11:56:02.261 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225544 MB offset 26480640
11:56:02.261 Disk 0 scanning sectors +488394752
11:56:02.324 Disk 0 scanning C:\Windows\system32\drivers
11:56:05.085 Service scanning
11:56:14.273 Modules scanning
11:56:21.824 Disk 0 trace - called modules:
11:56:21.839 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStorV.sys halmacpi.dll
11:56:21.855 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a9f8a8]
11:56:21.855 3 CLASSPNP.SYS[8c38b59e] -> nt!IofCallDriver -> [0x86a9fe00]
11:56:21.855 5 stdcfltn.sys[8c5f3854] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85bd9028]
11:56:22.635 AVAST engine scan C:\Windows
11:56:24.117 AVAST engine scan C:\Windows\system32
11:57:04.973 AVAST engine scan C:\Windows\system32\drivers
11:57:09.029 AVAST engine scan C:\Users\Chris
11:58:58.495 AVAST engine scan C:\ProgramData
11:59:29.773 Scan finished successfully
12:00:10.957 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
12:00:10.972 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"


OTL log

OTL logfile created on: 5/2/2012 12:04:29 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Chris\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.43 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 66.83% Memory free
6.85 Gb Paging File | 5.74 Gb Available in Paging File | 83.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.26 Gb Total Space | 191.71 Gb Free Space | 87.04% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 1071.32 Gb Free Space | 76.67% Space Free | Partition Type: NTFS

Computer Name: CHRIS-LAPTOP | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/02 11:37:58 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012/04/27 21:56:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/07/28 14:43:26 | 001,459,056 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
PRC - [2011/07/28 14:39:42 | 000,390,000 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
PRC - [2011/07/25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/07/19 17:42:16 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/07/19 17:23:28 | 000,477,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/10 21:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011/07/25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/02 11:38:00 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/02 10:12:08 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/07/28 14:39:42 | 000,390,000 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2010/07/19 17:42:16 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2010/07/19 17:23:28 | 000,477,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Chris\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Unknown] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 12:28:26 | 000,044,144 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\accelern.sys -- (Acceler)
DRV - [2011/07/15 21:30:50 | 000,017,904 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2011/07/05 18:48:30 | 000,039,656 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2010/07/14 04:42:24 | 006,814,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel®
DRV - [2010/04/05 23:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3884233150-1639396949-4101722923-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3884233150-1639396949-4101722923-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3884233150-1639396949-4101722923-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3884233150-1639396949-4101722923-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 3F 0A 07 6D 28 CD 01 [binary data]
IE - HKU\S-1-5-21-3884233150-1639396949-4101722923-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3884233150-1639396949-4101722923-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3884233150-1639396949-4101722923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\RunOnce: [LogiSPSetupNeedReboot] rundll32.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAC7FE92-3480-4FC7-86C8-5AE752C44648}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/09/01 14:17:40 | 000,000,067 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/02 13:28:32 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/05/02 13:28:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2012/05/02 12:29:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/05/02 12:29:07 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/05/02 11:43:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Logitech
[2012/05/02 11:43:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Leadertech
[2012/05/02 11:41:10 | 000,301,656 | ---- | C] (Broadcom Corporation.) -- C:\Windows\System32\BtCoreIf.dll
[2012/05/02 11:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/05/02 11:41:04 | 000,170,512 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\kemutb.dll
[2012/05/02 11:41:04 | 000,145,936 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\KemUtil.dll
[2012/05/02 11:41:04 | 000,117,264 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\KemWnd.dll
[2012/05/02 11:41:04 | 000,084,496 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\KemXML.dll
[2012/05/02 11:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012/05/02 11:38:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2012/05/02 11:38:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Adobe
[2012/05/02 11:38:00 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/02 11:38:00 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/02 11:37:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/05/02 11:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/05/02 11:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/05/02 11:35:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/05/02 11:34:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2012/05/02 11:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/05/02 11:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012/05/02 11:28:31 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/05/02 11:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/05/02 11:28:30 | 000,337,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/05/02 11:28:27 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/05/02 11:28:26 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/05/02 11:28:24 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/05/02 11:28:22 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/05/02 11:28:03 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/05/02 11:28:02 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/05/02 11:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/05/02 11:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/05/02 11:26:16 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Chris\Desktop\MGADiag.exe
[2012/05/02 11:26:16 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012/05/02 11:26:14 | 051,052,264 | ---- | C] (Logitech, Inc.) -- C:\Users\Chris\Desktop\lws110.exe
[2012/05/02 11:26:13 | 021,052,880 | ---- | C] (Oracle Corporation) -- C:\Users\Chris\Desktop\jre-7u4-windows-i586.exe
[2012/05/02 11:26:13 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2012/05/02 11:26:13 | 004,478,092 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
[2012/05/02 11:26:13 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2012/05/02 11:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/05/02 11:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/05/02 11:09:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/05/02 11:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/05/02 11:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/05/02 11:07:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Microsoft Help
[2012/05/02 11:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/05/02 11:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/05/02 11:07:39 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/05/02 11:02:51 | 987,942,848 | ---- | C] (Microsoft Corporation) -- C:\Users\Chris\Desktop\X17-75058.exe
[2012/05/02 11:02:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Personal
[2012/05/02 10:54:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\IST Files
[2012/05/02 10:46:31 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2012/05/02 10:46:31 | 000,039,656 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\cvusbdrv.sys
[2012/05/02 10:44:49 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/05/02 10:38:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ElevatedDiagnostics
[2012/05/02 10:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell System Manager
[2012/05/02 10:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2012/05/02 10:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2012/05/02 10:23:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Dell
[2012/05/02 10:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/05/02 10:20:22 | 000,017,904 | ---- | C] (ST Microelectronics) -- C:\Windows\System32\drivers\stdcfltn.sys
[2012/05/02 10:20:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/05/02 10:20:16 | 000,081,520 | ---- | C] (ST Microelectronics) -- C:\Windows\System32\accelernco01.dll
[2012/05/02 10:20:16 | 000,044,144 | ---- | C] (ST Microelectronics) -- C:\Windows\System32\drivers\accelern.sys
[2012/05/02 10:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\STMicroelectronics
[2012/05/02 10:20:14 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/05/02 10:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2012/05/02 10:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2012/05/02 10:12:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Citrix
[2012/05/02 10:11:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Deployment
[2012/05/02 10:11:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apps
[2012/05/02 10:10:25 | 000,000,000 | ---D | C] -- C:\Intel
[2012/05/02 10:09:09 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/05/02 10:09:09 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/05/02 10:09:09 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/05/02 10:09:09 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/05/02 10:07:04 | 000,256,712 | ---- | C] (Intel Corporation) -- C:\Windows\System32\PROUnstl.exe
[2012/05/02 10:06:54 | 000,224,424 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\e1k6232.sys
[2012/05/02 10:06:54 | 000,074,944 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NicInstK.dll
[2012/05/02 10:06:54 | 000,068,264 | ---- | C] (Intel Corporation) -- C:\Windows\System32\e1kmsg.dll
[2012/05/02 10:06:54 | 000,028,792 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NicCo36.dll
[2012/05/02 10:06:54 | 000,000,000 | ---D | C] -- C:\drvrtmp
[2012/05/02 10:00:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Intel
[2012/05/02 09:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2012/05/02 09:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/05/02 09:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2012/05/02 09:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012/05/02 09:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/05/02 09:59:07 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/05/02 09:59:03 | 000,000,000 | ---D | C] -- C:\dell
[2012/05/02 09:36:03 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/05/02 09:36:03 | 000,000,000 | R--D | C] -- C:\Users\Chris\Searches
[2012/05/02 09:36:03 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/05/02 09:36:03 | 000,000,000 | -H-D | C] -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/05/02 09:35:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Identities
[2012/05/02 09:35:54 | 000,000,000 | R--D | C] -- C:\Users\Chris\Contacts
[2012/05/02 09:35:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\VirtualStore
[2012/05/02 09:35:47 | 000,000,000 | --SD | C] -- C:\Users\Chris\AppData\Roaming\Microsoft
[2012/05/02 09:35:47 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/05/02 09:35:47 | 000,000,000 | R--D | C] -- C:\Users\Chris\Favorites
[2012/05/02 09:35:47 | 000,000,000 | R--D | C] -- C:\Users\Chris\Downloads
[2012/05/02 09:35:47 | 000,000,000 | R--D | C] -- C:\Users\Chris\Documents
[2012/05/02 09:35:47 | 000,000,000 | R--D | C] -- C:\Users\Chris\Desktop
[2012/05/02 09:35:47 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Temporary Internet Files
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Templates
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Start Menu
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\SendTo
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Recent
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\PrintHood
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\NetHood
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Videos
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Pictures
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Music
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\My Documents
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Local Settings
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\History
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Cookies
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Application Data
[2012/05/02 09:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Application Data
[2012/05/02 09:35:47 | 000,000,000 | -H-D | C] -- C:\Users\Chris\AppData
[2012/05/02 09:35:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Temp
[2012/05/02 09:35:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Microsoft
[2012/05/02 09:35:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Media Center Programs
[2012/05/02 09:35:46 | 000,000,000 | R--D | C] -- C:\Users\Chris\Videos
[2012/05/02 09:35:46 | 000,000,000 | R--D | C] -- C:\Users\Chris\Saved Games
[2012/05/02 09:35:46 | 000,000,000 | R--D | C] -- C:\Users\Chris\Pictures
[2012/05/02 09:35:46 | 000,000,000 | R--D | C] -- C:\Users\Chris\Music
[2012/05/02 09:35:46 | 000,000,000 | R--D | C] -- C:\Users\Chris\Links
[2012/05/02 09:35:39 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/05/02 09:35:35 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[2012/05/02 12:32:19 | 000,040,833 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/05/02 12:31:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2012/05/02 12:00:10 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
[2012/05/02 11:59:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/02 11:45:01 | 000,002,014 | ---- | M] () -- C:\Users\Chris\Desktop\Mouse and Keyboard Settings.lnk
[2012/05/02 11:43:11 | 000,001,328 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2012/05/02 11:41:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2012/05/02 11:41:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2012/05/02 11:41:10 | 000,002,002 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012/05/02 11:41:10 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2012/05/02 11:38:00 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/02 11:38:00 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/02 11:35:46 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/05/02 11:30:44 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/02 11:30:44 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/02 11:28:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/05/02 11:23:15 | 000,003,483 | ---- | M] () -- C:\Users\Chris\Desktop\My Documents - Shortcut.lnk
[2012/05/02 11:22:37 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/02 11:22:37 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/02 11:22:17 | 000,013,880 | ---- | M] () -- C:\Users\Chris\Desktop\excel - Shortcut.lnk
[2012/05/02 11:21:05 | 000,003,041 | ---- | M] () -- C:\Users\Chris\Desktop\Microsoft Publisher 2010.lnk
[2012/05/02 11:18:13 | 000,406,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/02 11:18:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/02 11:17:52 | 2760,241,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/02 11:10:20 | 000,003,029 | ---- | M] () -- C:\Users\Chris\Desktop\Microsoft Outlook 2010.lnk
[2012/05/02 11:10:20 | 000,003,021 | ---- | M] () -- C:\Users\Chris\Desktop\Microsoft Word 2010.lnk
[2012/05/02 11:03:28 | 987,942,848 | ---- | M] (Microsoft Corporation) -- C:\Users\Chris\Desktop\X17-75058.exe
[2012/05/02 10:58:30 | 000,000,355 | ---- | M] () -- C:\Users\Chris\Desktop\Computer - Shortcut.lnk
[2012/05/02 10:47:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_cvusbdrv_01009.Wdf
[2012/05/02 10:24:23 | 000,002,024 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
[2012/05/02 10:12:05 | 000,103,784 | ---- | M] () -- C:\Users\Chris\GoToAssistDownloadHelper.exe
[2012/05/02 10:08:16 | 000,001,411 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/02 09:58:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/05/02 09:36:04 | 000,001,417 | ---- | M] () -- C:\Users\Chris\Desktop\Internet Explorer.lnk
[2012/04/30 12:28:45 | 000,002,016 | ---- | M] () -- C:\Users\Chris\Desktop\Belarc Advisor.lnk
[2012/04/30 08:38:09 | 021,052,880 | ---- | M] (Oracle Corporation) -- C:\Users\Chris\Desktop\jre-7u4-windows-i586.exe
[2012/04/29 22:18:45 | 000,879,714 | ---- | M] () -- C:\Users\Chris\Desktop\SecurityCheck.exe
[2012/04/29 20:57:33 | 000,001,073 | ---- | M] () -- C:\Users\Chris\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/29 18:07:12 | 000,002,000 | ---- | M] () -- C:\Users\Chris\Desktop\avast! Free Antivirus.lnk
[2012/04/29 18:03:42 | 074,761,776 | ---- | M] () -- C:\Users\Chris\Desktop\setup_av_free.exe
[2012/04/29 15:19:06 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Chris\Desktop\MGADiag.exe
[2012/04/29 09:27:44 | 000,396,041 | ---- | M] () -- C:\Users\Chris\Desktop\MiniToolBox.exe
[2012/04/28 23:55:06 | 003,514,358 | ---- | M] () -- C:\Users\Chris\Desktop\WVCheck.exe
[2012/04/28 14:29:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2012/04/28 13:54:26 | 000,337,321 | ---- | M] () -- C:\Users\Chris\Desktop\FSS.exe
[2012/04/28 09:39:08 | 000,154,624 | ---- | M] () -- C:\Users\Chris\Desktop\TDSSQlook.exe
[2012/04/27 21:56:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012/04/27 15:27:32 | 004,478,092 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
[2012/04/27 13:45:45 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2012/04/27 12:46:36 | 001,280,512 | ---- | M] () -- C:\Users\Chris\Desktop\RogueKiller.exe

========== Files Created - No Company Name ==========

[2012/05/02 12:32:16 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/05/02 12:32:10 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/05/02 12:31:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2012/05/02 12:29:07 | 2760,241,152 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/02 12:00:10 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
[2012/05/02 11:45:01 | 000,002,014 | ---- | C] () -- C:\Users\Chris\Desktop\Mouse and Keyboard Settings.lnk
[2012/05/02 11:43:11 | 000,001,328 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2012/05/02 11:41:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2012/05/02 11:41:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2012/05/02 11:41:10 | 000,002,002 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012/05/02 11:41:10 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2012/05/02 11:38:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/02 11:35:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/02 11:35:46 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/05/02 11:26:16 | 000,396,041 | ---- | C] () -- C:\Users\Chris\Desktop\MiniToolBox.exe
[2012/05/02 11:26:16 | 000,001,073 | ---- | C] () -- C:\Users\Chris\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/02 11:26:13 | 003,514,358 | ---- | C] () -- C:\Users\Chris\Desktop\WVCheck.exe
[2012/05/02 11:26:13 | 000,337,321 | ---- | C] () -- C:\Users\Chris\Desktop\FSS.exe
[2012/05/02 11:26:13 | 000,154,624 | ---- | C] () -- C:\Users\Chris\Desktop\TDSSQlook.exe
[2012/05/02 11:26:13 | 000,002,569 | ---- | C] () -- C:\Users\Chris\Desktop\Dell Backup and Recovery Manager.lnk
[2012/05/02 11:26:13 | 000,002,503 | ---- | C] () -- C:\Users\Chris\Desktop\Skype.lnk
[2012/05/02 11:26:13 | 000,002,147 | ---- | C] () -- C:\Users\Chris\Desktop\Dell Webcam Central.lnk
[2012/05/02 11:26:13 | 000,002,101 | ---- | C] () -- C:\Users\Chris\Desktop\DWG TrueView 2012.lnk
[2012/05/02 11:26:13 | 000,002,016 | ---- | C] () -- C:\Users\Chris\Desktop\Belarc Advisor.lnk
[2012/05/02 11:26:13 | 000,002,000 | ---- | C] () -- C:\Users\Chris\Desktop\avast! Free Antivirus.lnk
[2012/05/02 11:26:13 | 000,001,991 | ---- | C] () -- C:\Users\Chris\Desktop\Adobe Reader X.lnk
[2012/05/02 11:26:13 | 000,001,193 | ---- | C] () -- C:\Users\Chris\Desktop\All Tasks.lnk
[2012/05/02 11:26:13 | 000,001,113 | ---- | C] () -- C:\Users\Chris\Desktop\Yahoo! Messenger.lnk
[2012/05/02 11:26:13 | 000,000,990 | ---- | C] () -- C:\Users\Chris\Desktop\FLV Player.lnk
[2012/05/02 11:26:13 | 000,000,242 | ---- | C] () -- C:\Users\Chris\Desktop\Industrial Info Resources - The Leading Provider of Global Industrial Project Reports (PEC Reports).url
[2012/05/02 11:26:13 | 000,000,183 | ---- | C] () -- C:\Users\Chris\Desktop\Contractor and Supplier Safety Management ISNetworld.url
[2012/05/02 11:26:10 | 074,761,776 | ---- | C] () -- C:\Users\Chris\Desktop\setup_av_free.exe
[2012/05/02 11:26:10 | 001,280,512 | ---- | C] () -- C:\Users\Chris\Desktop\RogueKiller.exe
[2012/05/02 11:26:10 | 000,879,714 | ---- | C] () -- C:\Users\Chris\Desktop\SecurityCheck.exe
[2012/05/02 11:26:10 | 000,002,190 | ---- | C] () -- C:\Users\Chris\Desktop\Roxio Creator Home.lnk
[2012/05/02 11:26:10 | 000,002,120 | ---- | C] () -- C:\Users\Chris\Desktop\Seagate Manager.lnk
[2012/05/02 11:23:15 | 000,003,483 | ---- | C] () -- C:\Users\Chris\Desktop\My Documents - Shortcut.lnk
[2012/05/02 11:22:17 | 000,013,880 | ---- | C] () -- C:\Users\Chris\Desktop\excel - Shortcut.lnk
[2012/05/02 11:21:05 | 000,003,041 | ---- | C] () -- C:\Users\Chris\Desktop\Microsoft Publisher 2010.lnk
[2012/05/02 11:10:20 | 000,003,029 | ---- | C] () -- C:\Users\Chris\Desktop\Microsoft Outlook 2010.lnk
[2012/05/02 11:10:20 | 000,003,021 | ---- | C] () -- C:\Users\Chris\Desktop\Microsoft Word 2010.lnk
[2012/05/02 10:58:30 | 000,000,355 | ---- | C] () -- C:\Users\Chris\Desktop\Computer - Shortcut.lnk
[2012/05/02 10:47:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_cvusbdrv_01009.Wdf
[2012/05/02 10:24:23 | 000,002,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
[2012/05/02 10:12:05 | 000,103,784 | ---- | C] () -- C:\Users\Chris\GoToAssistDownloadHelper.exe
[2012/05/02 10:08:16 | 000,001,411 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/02 10:07:04 | 000,001,904 | ---- | C] () -- C:\Windows\System32\SetupBD.din
[2012/05/02 10:06:54 | 000,003,138 | ---- | C] () -- C:\Windows\System32\e1k6232.din
[2012/05/02 09:58:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/05/02 09:36:04 | 000,001,417 | ---- | C] () -- C:\Users\Chris\Desktop\Internet Explorer.lnk
[2012/05/02 09:35:47 | 000,000,290 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/02 09:35:47 | 000,000,272 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/01/10 22:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012/01/10 22:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012/01/10 22:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012/01/10 21:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/01/10 21:12:34 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012/01/10 21:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll

========== LOP Check ==========

[2012/05/02 11:43:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leadertech
[2009/07/14 00:53:46 | 000,001,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/07/13 19:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{1343B712-2CAB-4783-B44B-16CD3B20F089}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{BAC7FE92-3480-4FC7-86C8-5AE752C44648}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{E5C8C4E9-18A5-462B-8828-9181FB4812A9}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2009/07/13 19:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 06 01 03 01 01 01 09 01 08 01 07 01 05 01 04 01 00 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 9
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2009/07/13 21:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7600
Copyright © 1999-2008 Microsoft Corporation.
On computer: CHRIS-LAPTOP
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 RECOVERY NTFS Partition 12 GB Healthy System
Volume 2 C NTFS Partition 220 GB Healthy Boot
Volume 3 E FreeAgent D NTFS Partition 1397 GB Healthy

< End of report >


Extras Log

OTL Extras logfile created on: 5/2/2012 12:04:29 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Chris\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.43 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 66.83% Memory free
6.85 Gb Paging File | 5.74 Gb Available in Paging File | 83.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.26 Gb Total Space | 191.71 Gb Free Space | 87.04% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 1071.32 Gb Free Space | 76.67% Space Free | Partition Type: NTFS

Computer Name: CHRIS-LAPTOP | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22C944E8-CCDD-4627-A10B-DCE462229BAD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D6B93B53-39ED-4CB8-82D3-5612BDB0A83A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{ED89F21B-C861-4F5F-97CF-3D9DB2461D45}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3EC64C00-4BBC-4C0A-9F95-40E3EDA72837}" = Dell System Manager
"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel® PROSet/Wireless WiFi Software
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"GoToAssist" = GoToAssist Corporate
"Office14.SingleImage" = Microsoft Office Professional 2010
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/2/2012 10:24:39 AM | Computer Name = Chris-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Dell\Dell
System Manager\DCPSysMgr.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/2/2012 11:35:45 AM | Computer Name = Chris-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Logitech\SetPoint\SetPoint.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/2/2012 12:04:03 PM | Computer Name = Chris-Laptop | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.42.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 508 Start Time:
01cd287ce87493dc Termination Time: 31 Application Path: C:\Users\Chris\Desktop\OTL.exe

Report
Id: 6cbb4f3e-9470-11e1-a9c5-70f1a19b6f2a


< End of report >
  • 0

#135
helpme1962
Posted 02 May 2012 - 10:21 AM

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
Something just happened. I now had 2 desktop.ini ghosted icons on my desktop. If I open them they open in notepad

Icon one

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799

Icon two


[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

What are these. I noticed them prior to reinstalling windows 7. They just magically appeared again. I don't like them.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP