Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dell 620 boots to blue Windows screen and stops


  • Please log in to reply

#1
brigg

brigg

    Member

  • Member
  • PipPip
  • 26 posts
On the 29th, on my Del Latitude 620, I accidentally clicked on a generic download link and downloaded a bunch of little aps like We Care ASPCA, and ZZip. I cancelled as soon as I saw, and managed to download and use Color Cop last night.
This morning I went to uninstall them from the Add/Remove programs menu option, and it locked up while I was
doing it. Well, to be clear, I could click around, but nothing would respond.

I powered off and back on and it just came up to the blue screen with "Windows" on it (no users).
Powered off again, same thing.
Control Alt Delete doesnt work.

I powered off into Safe Mode with Networking and it comes up to the same screen.
I tried that again, same thing.
  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
:welcome:

Lets give this a try throughout an External Environment. You will need a CD to burn and a flash drive to move information from the troubled computer to a working computer. If you prefer to boot from a USB flash drive, let me know to provide you with the instructions.

Here is what you need to do.

  • Download OTLPEStd.exe to your desktop. NOTE: This file is 93.5MB in size so it may take some time to download.
  • Once downloaded, insert a blank CD in your burner and click on OTLPEStd.exe.The executable includes the OTLPE_New_Std.iso and a copy of imgburn, a program to burn .iso files. When executed, the application will extract both and start the burning process automatically.
  • Once the CD is burned, boot the Non working computer using the boot CD you just created.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive in the root directory of your hard drive, usually C:\.
  • Copy this file to your USB drive.
  • Please post the contents of this file in your reply.

  • 0

#3
brigg

brigg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi there!

It did not ask me the first question you said it would.
I manually saved it to the flash drive although it gave me the option to save it to the hard drive and showed me what was there.

OTL logfile created on: 1/29/2013 2:22:38 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 813.00 Mb Available Physical Memory | 80.00% Memory free
902.00 Mb Paging File | 846.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 20.71 Gb Free Space | 37.06% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2012/12/28 23:57:26 | 000,107,520 | ---- | M] () [Auto] -- C:\Documents and Settings\Dell User\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/11/29 03:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/14 01:04:22 | 000,568,832 | ---- | M] () [Auto] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (PCASp50)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2012/07/04 09:05:18 | 000,139,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2011/10/01 09:30:42 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,209,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,584,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2011/08/17 08:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/15 08:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/08 09:02:00 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2011/04/21 08:37:43 | 000,105,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2011/02/17 08:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2010/11/02 10:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2009/10/20 11:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/24 06:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/06/13 06:05:51 | 000,272,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT)
DRV - [2008/04/13 19:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 19:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 19:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 14:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 14:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 14:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 14:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 14:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 14:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 14:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 13:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 13:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 13:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 13:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 13:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 13:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 13:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 13:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 13:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 13:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 13:51:34 | 000,101,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV - [2008/04/13 13:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 13:46:33 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum)
DRV - [2008/04/13 13:46:32 | 000,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV - [2008/04/13 13:46:29 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB)
DRV - [2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2008/04/13 13:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 13:45:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 13:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 13:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 13:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 13:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 13:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 13:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 13:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 13:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 13:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 13:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 13:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 13:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 13:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 13:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 13:36:38 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008/04/13 13:36:37 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt)
DRV - [2008/04/13 13:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/04/13 13:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 13:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 13:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 13:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 13:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 13:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 13:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 13:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 13:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 13:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 13:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 12:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 12:45:38 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 12:45:36 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 12:45:36 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 12:45:14 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 12:45:10 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 12:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 12:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 12:45:02 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 12:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2008/04/13 12:39:52 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2008/04/13 12:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2008/04/13 12:39:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 12:36:44 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 12:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 12:36:42 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 11:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 10:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2007/12/23 17:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/09/26 02:01:00 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/30 21:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/11/03 14:33:46 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/09/28 19:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 18:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006/06/14 11:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/28 20:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/21 20:48:30 | 000,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/08/04 07:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/04 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/04 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2004/08/04 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)
DRV - [2004/03/17 11:04:14 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2001/08/17 14:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 13:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Dell_User_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Dell_User_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\Dell_User_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\Dell_User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKU\Dell_User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\Dell_User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Dell_User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 10 30 38 3D 90 CD 01 [binary data]
IE - HKU\Dell_User_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Dell_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/08/18 15:27:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/26 16:02:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/12/26 16:03:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dell User\Application Data\Mozilla\Extensions
[2012/12/28 23:57:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\t6yzf0ql.default\extensions
[2012/12/28 23:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\t6yzf0ql.default\extensions\staged
[2012/12/26 16:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/26 16:02:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
[2012/11/29 03:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 03:27:12 | 000,001,607 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 03:27:12 | 000,001,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/11/29 03:27:12 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/11/29 03:27:12 | 000,001,391 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/11/29 03:27:12 | 000,001,309 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - No CLSID value found.
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O2 - BHO: (no name) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Dell_User_ON_C\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\Dell_User_ON_C\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\Dell_User_ON_C\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMessaging] C:\Documents and Settings\Dell User\Local Settings\Application Data\Strongvault Online Backup\SMessaging.exe (Stronghold Online Backup)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Dell_User_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Dell_User_ON_C..\Run: [GenieoSystemTray] C:\Documents and Settings\Dell User\Application Data\Genieo\Application\TrayUi\bin\gentray.exe ()
O4 - HKU\Dell_User_ON_C..\Run: [GenieoUpdaterService] C:\Documents and Settings\Dell User\Application Data\Genieo\Application\Updater\bin\genupdater.exe ()
O4 - HKU\Dell_User_ON_C..\Run: [Messenger] C:\Program Files\Strongvault Online Backup\SMessenger.exe (Stronghold LLC)
O4 - HKU\Dell_User_ON_C..\Run: [Spotify] C:\Documents and Settings\Dell User\Application Data\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\Dell_User_ON_C..\Run: [Spotify Web Helper] C:\Documents and Settings\Dell User\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\Dell_User_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\StrongVaultApp.exe.lnk ()
O4 - Startup: C:\Documents and Settings\Dell User\Start Menu\Programs\Startup\Dropbox.lnk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Dell_User_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Dell_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1175635257156 (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - Reg Error: Key error. File not found
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - Reg Error: Key error. File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - Reg Error: Key error. File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - Reg Error: Key error. File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - Reg Error: Key error. File not found
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - CLSID or File not found.
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - CLSID or File not found.
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - Reg Error: Key error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/20 10:56:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/01/04 13:45:23 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2011/11/12 15:26:16 | 004,529,299 | ---- | C] (FileZilla Project) -- C:\Program Files\FileZilla_3.5.2_win32-setup.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Dell User\Desktop\*.tmp files -> C:\Documents and Settings\Dell User\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/28 11:54:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/28 11:54:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/16 23:37:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Dell User\Desktop\*.tmp files -> C:\Documents and Settings\Dell User\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/20 22:55:08 | 000,061,984 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/02 15:31:52 | 000,010,756 | ---- | C] () -- C:\Documents and Settings\Dell User\recording.aup.bak
[2012/03/02 15:31:52 | 000,008,932 | ---- | C] () -- C:\Documents and Settings\Dell User\recording.aup
[2012/02/14 21:39:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/17 08:45:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/11 13:21:05 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/04 00:18:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/17 09:33:40 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Dell User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/20 11:50:26 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/20 11:50:26 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/20 11:50:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/03/20 11:50:23 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/03/20 10:59:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2009/03/20 10:59:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/20 10:53:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/20 04:47:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/20 04:46:04 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/08 15:15:26 | 002,284,108 | ---- | C] () -- C:\Program Files\office.reg
[2005/03/21 20:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 20:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,445,496 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,072,948 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2012/03/14 16:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Flip Video
[2010/06/16 16:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/03/14 16:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/08/19 16:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2012/12/29 00:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Strongvault Online Backup
[2012/03/21 16:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2012/04/04 18:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2012/12/28 23:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2012/07/15 14:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/12/29 10:56:41 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========


< End of report >
  • 0

#4
brigg

brigg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
P.S. File Scans File Age was left at 30 days.
  • 0

#5
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
I see some errors in the registry. Lets go back to xPUD.

Restore Point Scanning

Download http://noahdfear.net/downloads/rst.sh to the USB drive
  • Boot the Sick computer to xPUD again
  • Press File
  • Expand mnt
  • Expand your USB (sdb1)
  • Confirm that you see rst.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive (sdb1) named enum.log
  • Plug that USB back into the clean computer and open it

Copy and paste the enum.log for my review
  • 0

#6
brigg

brigg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hello!

Here it is!

37.0M Jan 30 2013 /mnt/sda1/WINDOWS/system32/config/software
7.8M Jan 28 16:54 /mnt/sda1/WINDOWS/system32/config/system

32.8M Jul 15 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(90)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
33.4M Jul 15 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(91)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
35.3M Jul 16 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(92)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
35.3M Jul 17 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(93)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
35.3M Jul 18 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(94)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
35.3M Jul 19 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(95)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
29.2M Sep 25 2010 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(11)/~SOFTWARE
29.2M Sep 29 2010 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(12)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
29.2M Oct 1 2010 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(13)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
29.2M Oct 2 2010 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(14)/~SOFTWARE
29.2M Oct 3 2010 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(15)/~SOFTWARE
29.4M Oct 4 2010 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(16)/~SOFTWARE
29.4M Oct 10 2010 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(17)/~SOFTWARE
30.8M Dec 4 2011 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(18)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
30.8M Dec 5 2011 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(19)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
30.8M Dec 6 2011 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(20)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
30.8M Dec 31 2011 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(21)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
30.8M Jan 2 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(22)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
30.8M Jan 4 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(23)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
30.8M Jan 5 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(24)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
30.8M Jan 6 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(25)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
30.8M Jan 7 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(26)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
30.8M Jan 8 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(27)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
30.8M Jan 10 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(28)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
29.2M Sep 24 2010 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(10)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
30.8M Jan 11 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(29)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.0M Jan 30 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(47)/~SOFTWARE
31.1M Feb 20 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(65)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
29.2M Sep 5 2010 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(9)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
36.3M Nov 26 17:37 /sda1/~/RP547/~SOFTWARE
36.3M Nov 28 04:41 /sda1/~/RP548/~SOFTWARE
36.3M Nov 29 05:26 /sda1/~/RP549/~SOFTWARE
36.3M Nov 30 05:40 /sda1/~/RP550/~SOFTWARE
36.3M Dec 1 06:11 /sda1/~/RP551/~SOFTWARE
36.3M Dec 2 08:10 /sda1/~/RP552/~SOFTWARE
36.3M Dec 3 08:14 /sda1/~/RP553/~SOFTWARE
36.3M Dec 4 08:31 /sda1/~/RP554/~SOFTWARE
36.3M Dec 5 09:16 /sda1/~/RP555/~SOFTWARE
36.3M Dec 6 09:37 /sda1/~/RP556/~SOFTWARE
36.3M Dec 7 09:52 /sda1/~/RP557/~SOFTWARE
36.3M Dec 8 10:37 /sda1/~/RP558/~SOFTWARE
36.3M Dec 9 11:37 /sda1/~/RP559/~SOFTWARE
36.3M Dec 10 12:37 /sda1/~/RP560/~SOFTWARE
36.3M Dec 11 13:03 /sda1/~/RP561/~SOFTWARE
36.3M Dec 12 09:00 /sda1/~/RP562/~SOFTWARE
36.3M Dec 13 09:46 /sda1/~/RP563/~SOFTWARE
36.3M Dec 14 10:46 /sda1/~/RP564/~SOFTWARE
36.3M Dec 15 11:20 /sda1/~/RP565/~SOFTWARE
36.3M Dec 16 12:20 /sda1/~/RP566/~SOFTWARE
36.3M Dec 17 12:51 /sda1/~/RP567/~SOFTWARE
36.3M Dec 18 15:53 /sda1/~/RP568/~SOFTWARE
36.3M Dec 19 16:36 /sda1/~/RP569/~SOFTWARE
36.3M Dec 20 16:15 /sda1/~/RP570/~SOFTWARE
36.3M Dec 21 09:00 /sda1/~/RP571/~SOFTWARE
36.3M Dec 22 09:47 /sda1/~/RP572/~SOFTWARE
36.3M Dec 23 09:51 /sda1/~/RP573/~SOFTWARE
36.3M Dec 24 10:51 /sda1/~/RP574/~SOFTWARE
36.3M Dec 25 11:51 /sda1/~/RP575/~SOFTWARE
36.3M Dec 26 04:21 /sda1/~/RP576/~SOFTWARE
36.4M Dec 27 05:04 /sda1/~/RP577/~SOFTWARE
36.4M Dec 28 05:38 /sda1/~/RP578/~SOFTWARE
36.4M Dec 28 14:29 /sda1/~/RP579/~SOFTWARE
36.4M Dec 28 14:31 /sda1/~/RP580/~SOFTWARE
36.4M Dec 28 14:32 /sda1/~/RP581/~SOFTWARE
36.4M Dec 28 14:39 /sda1/~/RP582/~SOFTWARE
37.0M Dec 29 15:05 /sda1/~/RP583/~SOFTWARE
37.0M Jan 16 23:51 /sda1/~/RP584/~SOFTWARE
28.9M Aug 19 2010 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(3)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
30.8M Jan 11 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(30)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.0M Jan 12 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(31)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.0M Jan 13 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(32)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.0M Jan 15 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(33)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.0M Jan 16 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(34)/~SOFTWARE
31.0M Jan 17 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(35)/~SOFTWARE
31.0M Jan 18 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(36)/~SOFTWARE
31.0M Jan 19 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(37)/~SOFTWARE
31.0M Jan 20 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(38)/~SOFTWARE
31.0M Jan 21 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(39)/~SOFTWARE
28.9M Aug 19 2010 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(4)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.0M Jan 22 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(40)/~SOFTWARE
31.0M Jan 24 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(41)/~SOFTWARE
31.0M Jan 25 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(42)/~SOFTWARE
31.0M Jan 26 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(43)/~SOFTWARE
31.0M Jan 27 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(44)/~SOFTWARE
31.0M Jan 28 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(45)/~SOFTWARE
31.0M Jan 29 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(46)/~SOFTWARE
31.0M Jan 31 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(48)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.0M Feb 2 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(49)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
28.9M Aug 19 2010 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(5)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.0M Feb 3 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(50)/~SOFTWARE
31.0M Feb 4 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(51)/~SOFTWARE
31.0M Feb 5 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(52)/~SOFTWARE
31.0M Feb 7 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(53)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.0M Feb 9 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(54)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.0M Feb 10 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(55)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.0M Feb 11 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(56)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.0M Feb 12 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(57)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.0M Feb 13 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(58)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
29.0M Aug 20 2010 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(6)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.0M Feb 15 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(60)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.1M Feb 16 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(61)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.1M Feb 17 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(62)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.1M Feb 18 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(63)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.1M Feb 19 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(64)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.1M Feb 22 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(66)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.1M Feb 23 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(67)/~SOFTWARE
31.1M Feb 24 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(68)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.1M Feb 25 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(69)/~SOFTWARE
29.2M Aug 22 2010 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(7)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.1M Feb 27 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(70)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
31.1M Feb 28 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(71)/~SOFTWARE
31.1M Feb 29 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(72)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
32.8M Jun 24 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(73)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
32.8M Jun 25 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(74)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
32.8M Jun 26 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(75)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
32.8M Jul 1 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(79)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
32.8M Jul 4 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(80)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
32.8M Jul 5 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(81)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
32.8M Jul 6 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(82)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
32.8M Jul 7 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(83)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
32.8M Jul 8 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(84)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
32.8M Jul 10 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(85)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
32.8M Jul 11 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(86)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
32.8M Jul 13 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(88)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
32.8M Jul 14 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(89)/snapshot(2)/_REGISTRY_MACHINE_SOFTWARE
36.3M Nov 6 18:50 /sda1/~/RP528/~SOFTWARE
36.3M Nov 7 18:58 /sda1/~/RP529/~SOFTWARE
36.3M Nov 8 19:34 /sda1/~/RP530/~SOFTWARE
36.3M Nov 10 03:30 /sda1/~/RP531/~SOFTWARE
36.3M Nov 11 04:14 /sda1/~/RP532/~SOFTWARE
36.3M Nov 12 04:41 /sda1/~/RP533/~SOFTWARE
36.3M Nov 13 05:23 /sda1/~/RP534/~SOFTWARE
36.3M Nov 14 06:15 /sda1/~/RP535/~SOFTWARE
36.3M Nov 15 06:28 /sda1/~/RP536/~SOFTWARE
36.3M Nov 16 06:49 /sda1/~/RP537/~SOFTWARE
36.3M Nov 16 09:00 /sda1/~/RP538/~SOFTWARE
36.3M Nov 17 23:22 /sda1/~/RP539/~SOFTWARE
36.3M Nov 19 04:54 /sda1/~/RP540/~SOFTWARE
36.3M Nov 20 14:05 /sda1/~/RP541/~SOFTWARE
36.3M Nov 21 15:28 /sda1/~/RP542/~SOFTWARE
36.3M Nov 22 15:47 /sda1/~/RP543/~SOFTWARE
36.3M Nov 23 16:07 /sda1/~/RP544/~SOFTWARE
36.3M Nov 24 16:16 /sda1/~/RP545/~SOFTWARE
36.3M Nov 25 16:47 /sda1/~/RP546/~SOFTWARE
4.7M Sep 25 2010 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(11)/~SYSTEM
4.7M Oct 2 2010 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(14)/~SYSTEM
4.7M Oct 3 2010 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(15)/~SYSTEM
4.7M Oct 4 2010 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(16)/~SYSTEM
4.7M Oct 10 2010 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(17)/~SYSTEM
4.7M Jan 30 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(47)/~SYSTEM
5.1M Nov 26 17:37 /sda1/~/RP547/~SYSTEM
5.1M Nov 28 04:41 /sda1/~/RP548/~SYSTEM
5.1M Nov 29 05:26 /sda1/~/RP549/~SYSTEM
5.1M Nov 30 05:40 /sda1/~/RP550/~SYSTEM
5.1M Dec 1 06:11 /sda1/~/RP551/~SYSTEM
5.1M Dec 2 08:10 /sda1/~/RP552/~SYSTEM
5.1M Dec 3 08:14 /sda1/~/RP553/~SYSTEM
5.1M Dec 4 08:31 /sda1/~/RP554/~SYSTEM
5.1M Dec 5 09:16 /sda1/~/RP555/~SYSTEM
5.1M Dec 6 09:37 /sda1/~/RP556/~SYSTEM
5.1M Dec 7 09:52 /sda1/~/RP557/~SYSTEM
5.1M Dec 8 10:37 /sda1/~/RP558/~SYSTEM
5.1M Dec 9 11:37 /sda1/~/RP559/~SYSTEM
5.1M Dec 10 12:37 /sda1/~/RP560/~SYSTEM
5.1M Dec 11 13:03 /sda1/~/RP561/~SYSTEM
5.1M Dec 12 09:00 /sda1/~/RP562/~SYSTEM
5.1M Dec 13 09:46 /sda1/~/RP563/~SYSTEM
5.1M Dec 14 10:46 /sda1/~/RP564/~SYSTEM
5.1M Dec 15 11:20 /sda1/~/RP565/~SYSTEM
5.1M Dec 16 12:20 /sda1/~/RP566/~SYSTEM
5.1M Dec 17 12:51 /sda1/~/RP567/~SYSTEM
5.1M Dec 18 15:53 /sda1/~/RP568/~SYSTEM
5.1M Dec 19 16:36 /sda1/~/RP569/~SYSTEM
5.1M Dec 20 16:15 /sda1/~/RP570/~SYSTEM
5.1M Dec 21 09:00 /sda1/~/RP571/~SYSTEM
5.1M Dec 22 09:47 /sda1/~/RP572/~SYSTEM
5.1M Dec 23 09:51 /sda1/~/RP573/~SYSTEM
5.1M Dec 24 10:51 /sda1/~/RP574/~SYSTEM
5.1M Dec 25 11:51 /sda1/~/RP575/~SYSTEM
5.1M Dec 26 04:21 /sda1/~/RP576/~SYSTEM
5.1M Dec 27 05:04 /sda1/~/RP577/~SYSTEM
5.1M Dec 28 05:38 /sda1/~/RP578/~SYSTEM
5.1M Dec 28 14:29 /sda1/~/RP579/~SYSTEM
5.1M Dec 28 14:31 /sda1/~/RP580/~SYSTEM
5.1M Dec 28 14:32 /sda1/~/RP581/~SYSTEM
5.1M Dec 28 14:39 /sda1/~/RP582/~SYSTEM
5.1M Dec 29 15:05 /sda1/~/RP583/~SYSTEM
7.5M Jan 16 23:51 /sda1/~/RP584/~SYSTEM
4.7M Jan 16 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(34)/~SYSTEM
4.7M Jan 17 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(35)/~SYSTEM
4.7M Jan 18 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(36)/~SYSTEM
4.7M Jan 19 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(37)/~SYSTEM
4.7M Jan 20 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(38)/~SYSTEM
4.7M Jan 21 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(39)/~SYSTEM
4.7M Jan 22 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(40)/~SYSTEM
4.7M Jan 24 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(41)/~SYSTEM
4.7M Jan 25 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(42)/~SYSTEM
4.7M Jan 26 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(43)/~SYSTEM
4.7M Jan 27 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(44)/~SYSTEM
4.7M Jan 28 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(45)/~SYSTEM
4.7M Jan 29 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(46)/~SYSTEM
4.8M Feb 3 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(50)/~SYSTEM
4.8M Feb 4 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(51)/~SYSTEM
4.8M Feb 5 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(52)/~SYSTEM
4.8M Feb 23 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(67)/~SYSTEM
4.8M Feb 25 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(69)/~SYSTEM
4.8M Feb 27 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(70)/snapshot(2)/_REGISTRY_MACHINE_SYSTEM
4.8M Feb 28 2012 /sda1/System Volume Information/_restore{A432CF4F-7936-4D25-9E6B-1BDE48D0EFC2}/Fifoed(71)/~SYSTEM
5.1M Nov 6 18:50 /sda1/~/RP528/~SYSTEM
5.1M Nov 7 18:58 /sda1/~/RP529/~SYSTEM
5.1M Nov 8 19:34 /sda1/~/RP530/~SYSTEM
5.1M Nov 10 03:30 /sda1/~/RP531/~SYSTEM
5.1M Nov 11 04:14 /sda1/~/RP532/~SYSTEM
5.1M Nov 12 04:41 /sda1/~/RP533/~SYSTEM
5.1M Nov 13 05:23 /sda1/~/RP534/~SYSTEM
5.1M Nov 14 06:15 /sda1/~/RP535/~SYSTEM
5.1M Nov 15 06:28 /sda1/~/RP536/~SYSTEM
5.1M Nov 16 06:49 /sda1/~/RP537/~SYSTEM
5.1M Nov 16 09:00 /sda1/~/RP538/~SYSTEM
5.1M Nov 17 23:22 /sda1/~/RP539/~SYSTEM
5.1M Nov 19 04:54 /sda1/~/RP540/~SYSTEM
5.1M Nov 20 14:05 /sda1/~/RP541/~SYSTEM
5.1M Nov 21 15:28 /sda1/~/RP542/~SYSTEM
5.1M Nov 22 15:47 /sda1/~/RP543/~SYSTEM
5.1M Nov 23 16:07 /sda1/~/RP544/~SYSTEM
5.1M Nov 24 16:16 /sda1/~/RP545/~SYSTEM
5.1M Nov 25 16:47 /sda1/~/RP546/~SYSTEM
  • 0

#7
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Let's see use a registry backup in an attempt to help get your computer booting properly

  • Boot the Sick computer with the USB drive again
  • Press File
  • Expand mnt
  • Expand your USB (sdb1)
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh -r
  • Type 583
  • Press Enter
  • After it has finished a report will be located at sdb1 named restore.log
  • Please try to boot into normal Windows now and indicate if you were successful
  • If unsuccessful, run OTLPE once again as previously suggested and post its report.

  • 0

#8
brigg

brigg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Good morning.
I followed your instructions.
It wasn't indicated what to do between Type bash rst.sh -r and
Type 583 so I just made a space on the one line.
after pressing enter after than line, I could put in the 583 again.

I booted up fine, however the internet wasn't working because I recently got a new solution.
I configured that and was trying to get online.
Then I got:

Windows Explorer has encountered a problem and needs to close.

then 30 seconds later I got:
DrWatson Postmortem Debugger has encountered a problem and needs to close.

Then 30 seconds later I saw that Super Anti Spyware was trying to oepn.

I closed one Crome window but the other one wouldn't close.

I opened task manager and saw one folder open that I didn't open called Strong Vault and it wasn't responding. I ended it, and the other errors that were now all jacked up and not accessible to click on OK, disappeared and everything cleared up.

I opened Chrome a different way this time and it opened two windows instead of one.
I turned on a video on Hulu - two minutes in, screen got all jambled.

I think all my protection has been disabled.

PROGRESS!

Thanks!!
Brigid

Edited by brigg, 30 January 2013 - 09:35 AM.

  • 0

#9
brigg

brigg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
It's been about an hour and has been working fine. I'm getting lots of popup ads. Not sure how to block those. Also, I ran a quick Malware scan - nothing found.
  • 0

#10
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner.
  • Select the option YES, I accept the Terms of Use then click on Start.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

Advertisements


#11
brigg

brigg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I'll do this now.
I don't have any protection running now. I need something not resource heavy.
Also, I'm getting a lot of pop-ups.

Nothing found:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.30.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dell User :: D620 [administrator]

Protection: Enabled

1/30/2013 2:58:58 PM
mbam-log-2013-01-30 (14-58-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209145
Time elapsed: 8 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by brigg, 30 January 2013 - 03:12 PM.

  • 0

#12
brigg

brigg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Three items found, nothing addressed.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=e3e42e0df9ea1f41a1b18462651813dc
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-01-30 10:55:13
# local_time=2013-01-30 04:55:13 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=69932
# found=3
# cleaned=0
# scan_time=3484
C:\Documents and Settings\Dell User\Local Settings\Temporary Internet Files\Content.IE5\NAPJH5H5\Flash_Player_Pro_Setup[1].exe a variant of Win32/Adware.iBryte.D application 9E4C5304FCF7FC94A6A6012F1E4FECB9CD5A0791 I
C:\RECYCLER\S-1-5-21-1004336348-515967899-839522115-1003\Dc104.exe probably a variant of Win32/InstallIQ application 4E8E690AC2FD3437C4AFC3B597D4CFCB037F20EA I
C:\RECYCLER\S-1-5-21-1004336348-515967899-839522115-1003\Dc11.exe a variant of Win32/InstallIQ application 43A997AE673527375FEB5D9FBEF4A7CBE7038C09 I
  • 0

#13
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Download OTL to your Desktop

  • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:\RECYCLER\S-1-5-21-1004336348-515967899-839522115-1003\Dc11.exe
    C:\RECYCLER\S-1-5-21-1004336348-515967899-839522115-1003\Dc104.exe
    C:\Documents and Settings\Dell User\Local Settings\Temporary Internet Files\Content.IE5\NAPJH5H5\Flash_Player_Pro_Setup[1].exe

    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]
    [EMPTYJAVA]
    [REBOOT]

  • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

  • 0

#14
brigg

brigg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here you go!

All processes killed
========== FILES ==========
C:\RECYCLER\S-1-5-21-1004336348-515967899-839522115-1003\Dc11.exe moved successfully.
C:\RECYCLER\S-1-5-21-1004336348-515967899-839522115-1003\Dc104.exe moved successfully.
C:\Documents and Settings\Dell User\Local Settings\Temporary Internet Files\Content.IE5\NAPJH5H5\Flash_Player_Pro_Setup[1].exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Dell User
->Temp folder emptied: 333856362 bytes
->Temporary Internet Files folder emptied: 109758686 bytes
->Java cache emptied: 14510 bytes
->FireFox cache emptied: 13714735 bytes
->Google Chrome cache emptied: 290829549 bytes
->Flash cache emptied: 32646 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 15364773 bytes

User: NetworkService
->Temp folder emptied: 12918 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37717152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 250065223 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2592185176 bytes

Total Files Cleaned = 3,477.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: Default User

User: Dell User
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01302013_195609
  • 0

#15
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
It is zzzzzzzz........... time. Once done above, run Combofix as follows:

Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP