[Buddierdl]

Hi Jhackofalltrades,

Your boot drive is not marked as active and we have been unsuccessful so far in changing it. I want to try this one more time, and if it doesn't work, we will try another method.

Please delete all the fix.txt and fixlist.txt files that are on your flash drive, then download the fix.txt file below so that it is the only one on your flash drive. Please boot from the CD again, run ListParts, and click fix. Then post the log that results.

If you can boot normally now:

Step 2: Run OTL.
Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Please check the box next to Scan All Users.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.[list]
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step 3: Run TDSSKiller. Please do not delete anything.

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
• Click the Start Scan button.
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Attached Files

•  fix.txt   27bytes   466 downloads

[Advertisements]

Removed all fix.txt and fixlist.txt
Downloaded fix.txt, ran listparts, log is as follows

Script used: "Disk=0 Partition=1 active"

Computer still refuses to boot as normal with no CD or USB in the box.

[Jhackofalltrades]

Removed all fix.txt and fixlist.txt
Downloaded fix.txt, ran listparts, log is as follows

Script used: "Disk=0 Partition=1 active"

Computer still refuses to boot as normal with no CD or USB in the box.

[Buddierdl]

Script used: "Disk=0 Partition=1 active"

Is this all there was to the log?

[Buddierdl]

Hi Jhackofalltrades,

ListParts is not working for us. Let's try another tool. You USB drive will be formatted in this process, so please remove any files from it that you want to keep first.

Download Tuxbot to your desktop
Run Tuxboot
On the first screen in the dropdown box select Gparted Live - stable

Select USB Drive from the Type drop-down.
Select the correct USB device from the Drive drop-down.
Click OK. This will start the process of creating the bootable USB device.

Now boot off of the newly created Gparted USB. You need to configure your BIOS to boot from USB.

You should be here... Press ENTER



By default, "do not touch keymap" is highlighted.



Leave this setting alone and just press ENTER.



Choose your language and press ENTER. English is default [33]

At the mode prompt enter 0, press ENTER

You will now be taken to the main GUI screen below. You should only have one partition shown on your computer. If you see more than one partition, please take a picture of the screen and attach it to your next reply. Do not continue until you hear back from me.



Please right click on the one partition and select Manage Flags


In the menu that pops up, place a checkmark in boot like the picture below, then close :




Under File select Quit


You will see this small Popup




Choose shutdown. and then press OK.

If your computer will now boot to normal mode:

Step 2: Run OTL.Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Please check the box next to Scan All Users.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.[list]
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step 3: Run TDSSKiller. Please do not delete anything.

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
• Click the Start Scan button.
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[Jhackofalltrades]

That was all to the log that came from running listparts

I downloaded tuxboot 0.4 and ran it from whichever folder that it dropped into, it failed to run with gparted live stable. specifically, it crashed into the 'has encountered a problem and needs to close' and 'send error report / don't send' message box. it does this if I try to run gparted live or if i try to hit the update button. i moved it to the desktop, same results. i deleted it and downloaded it again, moving it to desktop first this time, same results.

I went to the http://gparted.sourceforge.net/ (got the addy from tuxboot) and went to the usb setup with windows page. looked at the options there. tuxboot had failed me already. i didn't understand the manual one since i wasn't sure which zip file to get and the zip file i thought might be it was just an .iso file. i choose the unetbootini option and was able to use the .iso file for gpart live. it did the deed and installed stuff to the USB.

I'm not sure how to make my computer boot from a USB, nor am I sure that the iso image is done properly. The instructions above suggested that it would format the flash drive and none of the previous data would be left, but I can still see the old files on the flash drive. I don't know what other steps to take now.

I was trying to get to the picture that was shown where Gnome partition was running and then detail the actions that I took to get there, asking if it was okay to proceed first. but that failed badly and I'm rather lost.

[Buddierdl]

Hi Jhackofalltrades,

I believe you have placed the files on the USB correctly. I included the part about saving any important files on the USB just as a precautionary measure. Now, you need to boot from the USB. You can find instructions here. If you run into any problems, stop and ask. My instructions and screenshots may be outdated; I will check them later today if necessary. Stop and let me know if things look different. Make sure that you don't delete anything.

[Jhackofalltrades]

Errr, <expletive deleted>.

I followed the instructions and got it to boot from the USB (didn't think it would happen, but yay!). Under GParted Live, default settings, I pressed enter and, after a tense moment b/c I wasn't quite sure if I should have done that, that led me to the next screen which looked correct. Selected english, then selected 0. Got the single partition, forged ahead. Right click, check the box marked 'boot', closed, and shut down. Removed USB, booted the computer. Stopped the post, checked the BIOS, it had already been changed, exited without saving, booted and got 'invalid partition table'. Rebooted, stopped it, entered BIOS, loaded default settings, saved, exited, let the post continual normally, again got 'invalid partition table'

[Buddierdl]

Hi Jhackofalltrades,

We are actually getting closer, because it is at least trying to boot. Now, I need you to go into the recovery console like you described in your initial post. Then type "fixmbr" at the command prompt and press enter. See if the computer will boot now.

[Jhackofalltrades]

The computer still refuses to boot normally. No change in the error message though. Still says invalid partition table. I used the oem XP SP2 disk for the fixmbr command.

[Buddierdl]

Hi Jhackofalltrades,

Let's try one more command before we get more advanced.

Please go to the recovery console again and type "fixboot" and press enter at the prompt. See if your computer will boot now.

[Jhackofalltrades]

The computer still refuses to boot normally. No change in the error message though. Still says invalid partition table. I used the oem XP SP2 disk for the fixboot command.

As Darkwing Duck used to say, "Let's get dangerous..."

[Buddierdl]

As Darkwing Duck used to say, "Let's get dangerous..."

Hi Jhackofalltrades,

Let's dump your MBR so we can have a look at it.

Copy the "scan.txt" attached below to your flash drive.

• Boot your computer from the CD again.
• Insert your USB drive with fix.txt on it
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Drag and drop this attached scan.txt into the Custom scans and fixes box
• Click the "None" button.
• Press Run Scan to start the scan.
• When finished, a file will be saved to the root of your system drive named "PhysicalMBR.bin"
• Copy this file to your USB drive by right-clicking the file and selecting send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please attach the file "PhysicalMBR.bin" to your next post. Do not open it or copy/paste it. It is a hexadecimal file and will not look like text.

Attached Files

•  scan.txt   9bytes   487 downloads

[Jhackofalltrades]

I wasn't given the option for "load remote user profile(s) for scanning" but the others showed up and I selected yes. I was unable to simply drag and drop the scan.txt into the listed box. I did open it and copy/pasta the contents

saveMBR:0

into the field. I changed none of the radio button choices. Use SafeList was checked for services, drivers, and standard registry. extra registry was selected none. LOP and Purity checks were checked. File Age was set at 30 Days. use No-Company-Namme WhiteList. Files created and modified within File Age are selected for scans. Standard output was selected. Ran scan, process got hung up. killed it with whatever ctrl alt del is called, ran it again with copy/pasta in the box.

The forum hates me and says I'm not permitted to upload this kind of file. I'm PM'ing you the link to where I uploaded it on google docs.

This also printed out at the end of the run. Don't know if you need it or not.

OTL logfile created on: 1/9/2013 8:42:44 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 241.16 Gb Free Space | 51.78% Space Free | Partition Type: NTFS
Drive D: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.90 Gb Total Space | 1.62 Gb Free Space | 85.09% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (zzquasiif)
SRV - File not found [Auto] -- -- (znsvfc)
SRV - File not found [Auto] -- -- (jkndrponl)
SRV - File not found [Auto] -- -- (gmgbkn)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - File not found [Auto] -- -- (AGWinService)
SRV - File not found [Auto] -- -- (AGCoreService)
SRV - [2012/12/05 04:15:58 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/15 05:27:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/06 03:08:21 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/05/28 13:46:56 | 000,353,168 | ---- | M] (IObit) [Auto] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/07 11:56:11 | 000,138,192 | ---- | M] () [Auto] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [On_Demand] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/12/11 16:58:44 | 000,146,800 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2004/10/20 09:40:04 | 000,010,328 | ---- | M] (America Online) [On_Demand] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [On_Demand] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/24 16:12:14 | 000,057,344 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\slserv.exe -- (SLService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Unknown (0) | On_Demand] -- -- (TfKbMon)
DRV - File not found [Kernel | System] -- -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand] -- -- (MBAMSwissArmy)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot] -- -- (Lbd)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2012/07/05 13:54:18 | 000,016,248 | ---- | M] (IObit.com) [Kernel | On_Demand] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:54:16 | 000,030,408 | ---- | M] (IObit.com) [Kernel | On_Demand] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2012/03/02 15:03:00 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2012/03/02 15:03:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2012/03/02 15:03:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2012/01/05 18:07:40 | 000,246,816 | ---- | M] (IObit) [File_System | On_Demand] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/10/25 22:01:40 | 007,412,736 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/05/28 06:04:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/27 15:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/04/27 15:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/04/27 15:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/04/27 13:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/13 05:17:21 | 000,073,840 | ---- | M] (PC Tools) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/05/13 05:16:41 | 000,095,640 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2008/12/11 08:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/09/22 12:29:18 | 000,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctfw.sys -- (SFilter)
DRV - [2008/08/01 17:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 17:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/07/03 16:03:14 | 004,745,216 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/20 18:53:36 | 000,093,696 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/25 19:01:00 | 000,132,096 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2007/09/28 13:30:57 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/09/28 13:30:49 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006/12/28 11:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/24 15:51:26 | 000,650,632 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/08/24 15:43:18 | 000,014,520 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent)
DRV - [2004/08/24 15:40:28 | 000,229,720 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/08/24 15:35:14 | 000,100,240 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/08/24 15:33:32 | 001,395,376 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/08/24 15:24:14 | 000,013,216 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.DILBERT.000_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\Karen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Karen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Karen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\Philip_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Philip_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Philip_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\systemprofile_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Karen\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/05 04:15:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/05 04:15:54 | 000,000,000 | ---D | M]

[2012/12/05 04:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/05 04:15:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/12/05 04:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/12/05 04:15:58 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/03/20 03:55:06 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2012/08/29 11:26:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/12 10:36:07 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/15 03:33:52 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\Karen_ON_C\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\Karen_ON_C\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\Karen_ON_C\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKU\Administrator.DILBERT.000_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - HKU\Administrator.DILBERT.000_ON_C..\RunOnce: [nltide_2] File not found
O4 - Startup: C:\Documents and Settings\Karen\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk = C:\Program Files\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe ()
O4 - Startup: C:\Documents and Settings\Karen\Start Menu\Programs\Startup\Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe (Rainy)
O4 - Startup: C:\Documents and Settings\Philip\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk = C:\Program Files\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator.DILBERT.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.DILBERT.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\Karen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Karen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\Karen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\Philip_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Philip_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\Philip_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Philip_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyds...t Installer.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1274685273609 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1352878580937 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://3979.mcdtt.co...hecker_8000.cab (OCXDownloadChecker Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} http://3979.mcdtt.co...adFile_8100.cab (DownloadFile Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/22 09:36:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/02/12 14:53:42 | 000,000,277 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
PhysicalDisk0 MBR saved to C:\Physical0MBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012/12/18 06:11:33 | 000,000,000 | ---D | C] -- C:\FRST
[2012/12/12 02:39:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Philip\Recent
[2012/12/12 02:39:08 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\75266986.sys
[2012/12/12 02:34:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Desktop\RK_Quarantine
[2012/12/12 01:47:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Karen\Recent
[2012/12/12 01:19:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp1
[2012/12/11 04:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Application Data\JLAdventCalendarAlpine2012
[2008/07/22 14:36:56 | 000,650,632 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2008/07/22 14:36:56 | 000,100,240 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2008/07/22 14:36:56 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\slserv.exe
[2008/07/22 14:36:56 | 000,014,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2008/07/22 14:36:56 | 000,013,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2008/07/22 14:36:55 | 001,395,376 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2008/07/22 14:36:55 | 000,229,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/09 08:43:21 | 000,000,512 | ---- | M] () -- C:\Physical0MBR.bin
[2012/12/12 02:39:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/12 02:39:08 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\75266986.sys
[2012/12/12 02:36:31 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/12/12 02:11:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/12 01:58:16 | 000,000,344 | RHS- | M] () -- C:\boot.ini
[2012/12/12 01:47:23 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Philip\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk
[2012/12/12 01:47:18 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd92c7b49420c3.job
[2012/12/12 01:47:18 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2012/12/12 01:47:18 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2012/12/12 01:47:18 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2012/12/12 01:39:20 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Karen\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk
[2012/12/12 00:31:37 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/12 00:24:50 | 000,000,319 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/12/12 00:24:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/11 05:34:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-861567501-1801674531-1005Core1cc03f46f882a40.job
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/09 08:43:21 | 000,000,512 | ---- | C] () -- C:\Physical0MBR.bin
[2012/12/12 02:34:29 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/12/11 04:35:20 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Philip\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk
[2012/08/15 03:45:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/07/30 05:58:24 | 000,000,063 | ---- | C] () -- C:\Documents and Settings\Philip\jagex_cl_runescape_LIVE1.dat
[2012/07/30 04:28:41 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\Philip\jagex_cl_runescape_LIVE.dat
[2011/12/24 21:18:49 | 000,038,399 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2011/10/25 21:21:48 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OVDecoder.dll
[2011/08/19 19:18:49 | 000,000,010 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/07/15 20:16:23 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fz
[2011/07/15 20:16:23 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fzr
[2011/07/15 20:16:20 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz
[2011/05/23 05:42:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/05/04 16:28:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/04 16:28:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/04 16:28:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/04 16:28:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/04 16:28:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/22 14:50:57 | 000,093,396 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/29 22:29:10 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\mp3Media2.dll
[2011/03/21 18:56:22 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2010/12/11 06:22:33 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gnuxexobeditex.dat
[2010/12/11 06:22:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tnorof.bin
[2010/12/10 04:41:04 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/20 04:48:18 | 000,823,296 | ---- | C] () -- C:\WINDOWS\j3dcore-d3d.dll
[2010/11/20 04:48:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\j3dcore-ogl.dll
[2010/11/20 04:48:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\j3dcore-ogl-chk.dll
[2010/11/20 04:48:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\j3dcore-ogl-cg.dll
[2010/10/20 06:26:31 | 000,962,560 | ---- | C] () -- C:\WINDOWS\tesseract.exe
[2010/10/14 00:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/08/07 00:28:34 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/08/02 07:18:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Philip\Local Settings\Application Data\prvlcl.dat
[2010/06/22 19:57:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/04/07 05:42:37 | 000,000,495 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2010/03/23 01:06:08 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Philip\Local Settings\Application Data\fusioncache.dat
[2010/01/27 13:21:39 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\f9t.dat
[2009/11/14 00:25:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/26 11:31:43 | 000,000,064 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2009/09/26 11:31:30 | 000,000,250 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/09/26 11:31:17 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/09/26 01:12:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/08/30 13:33:31 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/10 06:28:31 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/04/10 06:28:31 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/04/10 06:28:31 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/10/26 12:51:37 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/10/26 12:51:37 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2008/10/23 18:28:21 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Karen\Untitled.zor
[2008/10/19 21:14:44 | 000,029,794 | ---- | C] () -- C:\Documents and Settings\Philip\1.zor
[2008/10/19 19:30:51 | 000,001,913 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/10/19 18:00:44 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Philip\Untitled.zor
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/10/07 00:24:14 | 000,000,115 | ---- | C] () -- C:\WINDOWS\multiview.ini
[2008/07/27 18:27:19 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/27 15:10:15 | 000,072,192 | ---- | C] () -- C:\Documents and Settings\Karen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/24 05:21:50 | 000,236,032 | ---- | C] () -- C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/24 00:01:03 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2008/07/23 23:56:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/23 22:00:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\PSEWIN.INI
[2008/07/23 21:56:27 | 000,000,144 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/23 21:55:21 | 000,000,287 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2008/07/22 14:41:44 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/07/22 14:41:42 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/22 14:41:42 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/22 14:41:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/22 14:41:41 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/07/22 14:36:56 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2008/07/22 14:36:56 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2008/07/22 14:36:56 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2008/07/22 14:36:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\slrundll.exe
[2008/07/22 11:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/07/22 10:51:37 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/07/22 10:22:42 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/07/22 10:16:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/07/22 09:38:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/22 09:32:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/07/22 05:25:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/22 05:24:09 | 000,403,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/07/03 21:48:42 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/07/03 21:48:42 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/07/03 21:48:42 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/06/10 16:50:17 | 000,242,430 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,491,394 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,092,298 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/03 19:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/01/21 15:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\agi
[2010/11/14 06:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\.minecraft
[2008/10/26 13:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\agi
[2009/02/01 20:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Artweaver
[2011/10/16 13:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Big Fish Games
[2012/09/17 11:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Canon
[2010/12/03 16:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\FireShot
[2011/12/18 13:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\FreeFileViewer
[2010/10/27 10:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\GrabPro
[2010/10/27 10:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\IEPro
[2012/06/07 04:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\IObit
[2010/11/21 03:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\JacquieLawsonAdventCalendar
[2012/11/30 04:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\JLAdventCalendarAlpine2012
[2011/12/01 00:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\JLAdventCalendarLondon2011
[2011/10/06 22:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\JoyBits
[2012/05/01 17:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Meridian93
[2012/10/31 14:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Mp3tag
[2010/01/27 13:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Mysteryville2
[2008/07/24 17:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\PCToolsFirewallPlus
[2011/10/09 16:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\PlayPond
[2009/10/27 12:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Rainlendar
[2009/12/02 10:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Rainmeter
[2010/02/27 13:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\runic games
[2012/08/09 14:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Sony Online Entertainment
[2010/01/27 13:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Stamps.com Internet Postage
[2010/12/27 04:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\SuperNZB
[2010/08/08 17:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\TitanicMystery
[2010/10/26 18:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\TomTom
[2012/09/14 15:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\UDP Software
[2011/07/16 23:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\uTorrent
[2008/07/31 19:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Viewpoint
[2008/12/21 00:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Wal-Mart Digital Photo Manager
[2008/12/21 00:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Wal-Mart Digital Photo Viewer
[2008/10/26 13:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Webshots
[2010/05/28 16:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\Windows Desktop Search
[2010/02/14 03:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen\Application Data\yoclient
[2012/08/10 19:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\.minecraft
[2009/03/03 07:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\agi
[2012/05/30 01:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Amazon
[2012/06/28 05:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Artweaver
[2012/10/02 01:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Canon
[2011/10/08 01:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\dingogames
[2010/01/04 04:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\eMusic
[2010/10/20 03:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\FireShot
[2011/07/19 05:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Free Download Manager
[2012/02/18 00:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\IObit
[2010/12/10 21:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\JacquieLawsonAdventCalendar
[2012/12/11 04:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\JLAdventCalendarAlpine2012
[2011/12/03 08:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\JLAdventCalendarLondon2011
[2012/10/06 02:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Kongregate
[2010/07/28 20:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\LolClient
[2010/09/26 07:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Maxisoft
[2011/05/23 05:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\MinMaxGames
[2011/08/31 06:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Mp3tag
[2012/05/17 04:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Oracle
[2008/07/24 02:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\PCToolsFirewallPlus
[2010/02/12 18:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\runic games
[2012/12/10 05:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\SecondLife
[2012/08/07 04:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Sony Online Entertainment
[2012/10/06 20:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\splitscreen
[2008/12/24 06:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Stardock
[2008/10/28 08:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\SuperNZB
[2010/03/23 01:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Turbine
[2012/09/01 18:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\UDP Software
[2012/08/06 07:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Unity
[2012/07/21 06:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\uTorrent
[2008/08/01 01:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Viewpoint
[2011/05/04 16:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\vol_toolbar
[2010/05/28 15:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Windows Desktop Search
[2010/05/24 03:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Windows Search
[2009/05/24 01:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\yess
[2012/11/17 05:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/06/18 18:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/06 04:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/10/09 15:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/11/26 11:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brainiversity2
[2012/09/17 02:26:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/09/17 03:18:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2012/09/17 11:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2012/09/17 10:36:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2012/09/17 13:25:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2012/09/17 03:18:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2012/09/17 03:18:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2012/12/03 01:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2012/09/17 11:17:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/09/17 03:18:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2012/09/17 02:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2009/10/12 05:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCP
[2011/10/08 01:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dingogames
[2012/03/24 04:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012/03/24 04:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/10/01 05:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2011/05/04 17:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2011/11/03 00:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2012/11/19 03:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/01/27 13:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2011/08/17 06:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2008/07/23 18:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/12/20 18:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/10/21 05:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2011/10/15 16:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2010/07/26 03:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/03/03 00:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rising
[2008/12/24 06:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2011/02/12 10:23:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
[2010/10/26 18:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/07/23 23:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/05/04 22:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/10/08 04:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YNAB
[2011/05/04 17:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019}
[2011/04/22 14:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/24 04:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2012/12/12 01:47:18 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2012/12/12 01:47:18 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job
[2012/12/12 01:47:18 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\ProgramUpdateCheck.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB4262DE
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
< End of report >

[Buddierdl]

Thank you. I forgot to ask you to zip the file first, but it doesn't matter because I received your PM. Instructions coming soon.

[Buddierdl]

Hi Jhackofalltrades,

We're going to replace your MBR now with a clean copy. Please read the instructions very carefully and stop and ask if you have any troubles or questions. This must be done just right or we risk losing all your data. If the computer at any time boots to a recovery or restore partition, make sure you stop and shut down the computer and don't allow it to restore your computer to the factory state. This would erase all your data. (I don't think your computer has such a partition, but I have included the warning just in case.)

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Please download the following files to your flash drive. Make sure you delete all of the fix.txt and fixlist.txt files from before.

MBRFix
newMBR.bin
fixlist.txt

Please print these instruction out so that you know what you are doing

• Boot your system using the boot CD that we have been using.
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Insert the flash drive with FRST on it
• Locate the flash drive and run FSRT
• The tool will start to run.
  
• When the tool opens click Yes to disclaimer.
• Press Fix button.
• It will make a log (fixlog.txt) on the flash drive. Please copy and paste it to your reply.

Try to boot your computer normally now. Remember, if it boots to a restore or recovery partition, be sure to exit out of it.