Dell Inspiron 1545, Win 7 64 bit
Friend opened an email attachment (from her father!) last night, computer immediately blackscreened. Re-booted and fake scanner hijacked all operation.
I was able to run RKILL successfully, it killed several malicious processes, then ran SAS Portable. SAS found 6 instances of Fake Alert and disabled Task Manager. Re-booted to quarantine and/or delete and computer won't re-boot. Goes to Win 7 start screen, "something" flashes on top line of screen leaving the top row of pixels 1/3 multi-colored and no boot.
Help!
2
[RESOLVED] Tough One - System Check infection
Started By drmsucks, Jan 26 2012 10:24 PM
59 replies to this topic
#1
-
-
- 581 posts
- Joined: May 10, 2009
- 82 topics
- Skin: IP.Board
- Local time: 01:34 PM
$ Supporting Member
-
Zodiac:
Aquarius
- Gender:Male
- Location:McKinney, TX
- Interests:Gardening, computers
- OS:Windows 7
-
Country:
- Time Online: 13h 27m 3s
Posted 26 January 2012 - 10:24 PM
If you don't have time to do it right
...when will you have time to do it over?
...when will you have time to do it over?
#2 Re: [RESOLVED] Tough One - System Check infection
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 11:34 AM
Malware Annihilator
-
Zodiac:
Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 12h 18m 57s
#3 Re: [RESOLVED] Tough One - System Check infection
-
-
- 581 posts
- Joined: May 10, 2009
- 82 topics
- Skin: IP.Board
- Local time: 01:34 PM
$ Supporting Member
-
Zodiac:Aquarius
- Gender:Male
- Location:McKinney, TX
- Interests:Gardening, computers
- OS:Windows 7
-
Country:
- Time Online: 13h 27m 3s
Posted 26 January 2012 - 10:42 PM
Sorry, meant to mention...Safe Boot doesn't work.
If you don't have time to do it right
...when will you have time to do it over?
...when will you have time to do it over?
#4 Re: [RESOLVED] Tough One - System Check infection
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 11:34 AM
Malware Annihilator
-
Zodiac:Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 12h 18m 57s
Posted 26 January 2012 - 10:43 PM
I assume you're talking about Safe Mode?
Safe Boot is a different thing.
Let's see, if we can look at your computer booting from an external source.
Please download OTLPE (filesize 120,9 MB)
Safe Boot is a different thing.
Let's see, if we can look at your computer booting from an external source.
Please download OTLPE (filesize 120,9 MB)
- When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
- Reboot your system using the boot CD you just created.
- Note : If you do not know how to set your computer to boot from CD follow the steps HERE
- Your system should now display a REATOGO-X-PE desktop.
- Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
- Double-click on the OTLPE icon.
- When asked Do you wish to load the remote registry, select Yes
- When asked Do you wish to load remote user profile(s) for scanning, select Yes
- Ensure the box Automatically Load All Remaining Users" is checked and press OK
- OTL should now start.
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\OTL.txt
- Copy this file to your USB drive if you do not have internet connection on this system
- Please post the contents of the OTL.txt file in your reply.
#5 Re: [RESOLVED] Tough One - System Check infection
-
-
- 581 posts
- Joined: May 10, 2009
- 82 topics
- Skin: IP.Board
- Local time: 01:34 PM
$ Supporting Member
-
Zodiac:Aquarius
- Gender:Male
- Location:McKinney, TX
- Interests:Gardening, computers
- OS:Windows 7
-
Country:
- Time Online: 13h 27m 3s
Posted 26 January 2012 - 10:46 PM
I mean Safe Mode...but, Repair doesn't work either, just hangs at the Windows is loading files screen with no activity.
Safe Mode lists 3 files (instead of the normal many, many) and stops.
Safe Mode lists 3 files (instead of the normal many, many) and stops.
If you don't have time to do it right
...when will you have time to do it over?
...when will you have time to do it over?
#6 Re: [RESOLVED] Tough One - System Check infection
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 11:34 AM
Malware Annihilator
-
Zodiac:Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 12h 18m 57s
#7 Re: [RESOLVED] Tough One - System Check infection
-
-
- 581 posts
- Joined: May 10, 2009
- 82 topics
- Skin: IP.Board
- Local time: 01:34 PM
$ Supporting Member
-
Zodiac:Aquarius
- Gender:Male
- Location:McKinney, TX
- Interests:Gardening, computers
- OS:Windows 7
-
Country:
- Time Online: 13h 27m 3s
Posted 26 January 2012 - 10:47 PM
I'll do it now...
If you don't have time to do it right
...when will you have time to do it over?
...when will you have time to do it over?
#8 Re: [RESOLVED] Tough One - System Check infection
-
-
- 581 posts
- Joined: May 10, 2009
- 82 topics
- Skin: IP.Board
- Local time: 01:34 PM
$ Supporting Member
-
Zodiac:Aquarius
- Gender:Male
- Location:McKinney, TX
- Interests:Gardening, computers
- OS:Windows 7
-
Country:
- Time Online: 13h 27m 3s
Posted 26 January 2012 - 11:17 PM
OTL logfile created on: 1/26/2012 6:09:31 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 14.65 Gb Total Space | 8.32 Gb Free Space | 56.80% Space Free | Partition Type: NTFS
Drive E: | 14.90 Gb Total Space | 14.62 Gb Free Space | 98.12% Space Free | Partition Type: FAT32
Drive F: | 218.20 Gb Total Space | 157.09 Gb Free Space | 71.99% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/11/30 20:51:11 | 001,436,424 | -H-- | M] (Acresso Software Inc.) [On_Demand] -- F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/16 20:06:22 | 000,033,280 | -H-- | M] () [Auto] -- F:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/28 23:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto] -- F:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 11:11:14 | 000,155,648 | -H-- | M] (Stardock Corporation) [Auto] -- F:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | -H-- | M] (Microsoft Corporation) [Disabled] -- F:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012/01/23 09:33:38 | 000,909,152 | -H-- | M] () [Auto] -- F:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/10 08:17:31 | 000,167,264 | -H-- | M] () [On_Demand] -- F:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/21 09:39:58 | 000,921,952 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- F:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 08:49:56 | 000,308,136 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- F:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/20 18:36:54 | 000,079,360 | -H-- | M] (Autodesk) [On_Demand] -- F:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 12:45:57 | 000,016,680 | -H-- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand] -- F:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/04 12:28:08 | 000,658,656 | -H-- | M] (SoftThinks) [Auto] -- F:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/07/21 17:06:26 | 000,554,224 | -H-- | M] (Dell Inc.) [Auto] -- F:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 19:07:28 | 000,250,616 | -H-- | M] (WildTangent, Inc.) [On_Demand] -- F:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 20:03:06 | 000,354,840 | -H-- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/21 09:59:08 | 000,206,064 | -H-- | M] (SupportSoft, Inc.) [Auto] -- F:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/04 11:15:26 | 000,279,960 | -H-- | M] (Eastman Kodak Company) [Auto] -- F:\Program Files (x86)\Kodak\AiO\Center\EKDiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/04/17 11:08:26 | 000,032,768 | -H-- | M] (Eastman Kodak Company) [Auto] -- F:\Program Files (x86)\Kodak\AiO\center\KodakSvc.exe -- (KodakSvc)
SRV - [2008/06/13 04:05:48 | 001,539,224 | -H-- | M] (Autodesk, Inc.) [On_Demand] -- F:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/09/13 08:30:29 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- F:\Windows\System32\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011/05/12 09:57:21 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- F:\Windows\System32\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/07/15 08:49:27 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- F:\Windows\System32\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/07/16 20:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 20:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- F:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 23:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 17:22:14 | 000,034,640 | ---- | M] (SingleClick Systems) [Kernel | Auto] -- F:\Windows\System32\drivers\packet.sys -- (Packet)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 22:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/19 22:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand] -- F:\Windows\System32\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/08 03:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/02/05 06:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- F:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- F:\Users\Chrissie\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- F:\Users\Chrissie\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys -- (SASKUTIL)
DRV - [2009/06/10 17:21:26 | 000,027,472 | -H-- | M] (SingleClick Systems) [Kernel | Auto] -- F:\Windows\SysWOW64\drivers\packet.sys -- (Packet)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Chrissie_ON_F\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
IE - HKU\Chrissie_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Chrissie_ON_F\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\Chrissie_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Chrissie_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/23 09:33:44 | 000,000,000 | -H-D | M]
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\Chrissie_ON_F\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] F:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] F:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] F:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [IAAnotif] F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] F:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] F:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] F:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] File not found
O4 - HKLM..\Run: [Dell Webcam Central] F:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] F:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] F:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] File not found
O4 - HKLM..\Run: [PDVDDXSrv] F:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ROC_roc_dec12] F:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] F:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\Chrissie_ON_F..\Run: [eyeBeam SIP Client] File not found
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] F:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] File not found
O4 - Startup: F:\Users\Chrissie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ()
O4 - Startup: F:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Chrissie_ON_F\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\LocalService_ON_F\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\NetworkService_ON_F\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\systemprofile_ON_F\Software\Policies\Microsoft\Internet Explorer\Recovery present
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - F:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - F:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - F:\Windows\System32\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - File not found - -- [ NTFS ]
O32 - AutoRun File - [2010/11/05 23:47:47 | 000,000,000 | -H-D | M] - F:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{82207380-9012-11df-a4e7-a4badbab5143}\Shell - "" = AutoRun
O33 - MountPoints2\{82207380-9012-11df-a4e7-a4badbab5143}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/01/26 16:36:46 | 000,000,000 | ---D | C] -- F:\Users\Chrissie\AppData\Roaming\Malwarebytes
[2012/01/26 16:31:46 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/26 16:31:46 | 000,000,000 | ---D | C] -- F:\ProgramData\Malwarebytes
[2012/01/26 16:31:45 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\System32\drivers\mbam.sys
[2012/01/26 16:31:45 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/26 15:31:22 | 000,000,000 | -H-D | C] -- F:\Windows\Microsoft Antimalware
[2012/01/26 15:30:48 | 000,000,000 | -H-D | C] -- F:\Windows\Windows Defender Offline
[2012/01/26 15:27:37 | 000,000,000 | -H-D | C] -- F:\Users\Chrissie\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/26 15:27:37 | 000,000,000 | -H-D | C] -- F:\ProgramData\SUPERAntiSpyware.com
[2012/01/25 17:36:09 | 000,000,000 | -H-D | C] -- F:\Users\Chrissie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
========== Files - Modified Within 30 Days ==========
[2012/01/26 17:02:58 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012/01/26 16:53:19 | 000,000,898 | -H-- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/26 16:32:54 | 000,014,240 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 16:32:53 | 000,014,240 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 16:31:47 | 000,001,111 | ---- | M] () -- F:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/26 16:31:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/26 16:29:05 | 000,628,874 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2012/01/26 16:29:05 | 000,111,026 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2012/01/26 16:21:26 | 2384,744,448 | -HS- | M] () -- F:\hiberfil.sys
[2012/01/26 15:13:53 | 000,343,552 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
[2012/01/25 17:37:52 | 000,000,456 | -H-- | M] () -- F:\ProgramData\kE2uTKhWFNiX5x
[2012/01/25 17:36:11 | 000,000,280 | -H-- | M] () -- F:\ProgramData\~kE2uTKhWFNiX5x
[2012/01/25 17:36:11 | 000,000,192 | -H-- | M] () -- F:\ProgramData\~kE2uTKhWFNiX5xr
[2012/01/25 17:36:10 | 000,000,679 | -H-- | M] () -- F:\Users\Chrissie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/25 17:35:40 | 000,000,000 | RH-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/01/25 17:35:40 | 000,000,000 | RH-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\The KCL CADalog
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software995
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Converter 9
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/01/25 17:35:39 | 000,000,000 | RH-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/01/25 17:35:39 | 000,000,000 | RH-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless
[2012/01/25 17:35:39 | 000,000,000 | RH-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/01/25 17:35:39 | 000,000,000 | RH-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Web Start
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Remote Access
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Free 9.0
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2012/01/25 17:32:46 | 092,077,918 | ---- | M] () -- F:\Windows\System32\drivers\Avg\incavi.avm
[2012/01/18 09:52:28 | 000,044,420 | -H-- | M] () -- F:\Users\Chrissie\Desktop\xid-336898_1.pdf
[2012/01/18 09:52:26 | 000,000,059 | -H-- | M] () -- F:\Windows\wpd99.drv
[2012/01/18 09:51:58 | 000,653,644 | -H-- | M] () -- F:\Users\Chrissie\Desktop\xid-336897_1.pdf
[2012/01/18 09:45:19 | 000,430,282 | -H-- | M] () -- F:\Users\Chrissie\Desktop\xid-473550_1.pdf
[2012/01/09 15:29:54 | 021,827,607 | -H-- | M] () -- F:\Users\Chrissie\Documents\GH - M - Drawings Issued for Tender[1].pdf
[2012/01/09 15:04:41 | 000,000,223 | -H-- | M] () -- F:\Users\Chrissie\Desktop\GH - M - Drawings Issued for Tender.pdf.url
[2012/01/08 20:35:25 | 000,000,229 | -H-- | M] () -- F:\Users\Chrissie\Desktop\show_month.php-i=1945247&date=2012-01-02.url
========== Files Created - No Company Name ==========
[2012/01/26 16:31:47 | 000,001,111 | ---- | C] () -- F:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/25 17:36:11 | 000,000,280 | -H-- | C] () -- F:\ProgramData\~kE2uTKhWFNiX5x
[2012/01/25 17:36:11 | 000,000,192 | -H-- | C] () -- F:\ProgramData\~kE2uTKhWFNiX5xr
[2012/01/25 17:36:10 | 000,000,679 | -H-- | C] () -- F:\Users\Chrissie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/25 17:36:04 | 000,000,456 | -H-- | C] () -- F:\ProgramData\kE2uTKhWFNiX5x
[2012/01/18 09:52:25 | 000,044,420 | -H-- | C] () -- F:\Users\Chrissie\Desktop\xid-336898_1.pdf
[2012/01/18 09:51:51 | 000,653,644 | -H-- | C] () -- F:\Users\Chrissie\Desktop\xid-336897_1.pdf
[2012/01/18 09:45:07 | 000,430,282 | -H-- | C] () -- F:\Users\Chrissie\Desktop\xid-473550_1.pdf
[2012/01/09 15:29:48 | 021,827,607 | -H-- | C] () -- F:\Users\Chrissie\Documents\GH - M - Drawings Issued for Tender[1].pdf
[2012/01/09 15:04:41 | 000,000,223 | -H-- | C] () -- F:\Users\Chrissie\Desktop\GH - M - Drawings Issued for Tender.pdf.url
[2012/01/08 12:29:59 | 000,000,229 | -H-- | C] () -- F:\Users\Chrissie\Desktop\show_month.php-i=1945247&date=2012-01-02.url
[2011/10/17 15:00:37 | 000,144,384 | -H-- | C] () -- F:\Windows\SysWow64\mlfcache.dat
[2011/07/06 14:29:15 | 000,000,056 | -H-- | C] () -- F:\Windows\SysWow64\ezsidmv.dat
[2010/12/08 08:49:28 | 000,000,028 | -H-- | C] () -- F:\Windows\pdf995.ini
[2010/10/12 12:07:52 | 000,000,000 | -H-- | C] () -- F:\Users\Chrissie\AppData\Roaming\wklnhst.dat
[2010/05/09 15:45:48 | 000,012,800 | -H-- | C] () -- F:\Windows\SysWow64\EKDeviceServices.dll
[2010/05/05 20:17:39 | 000,005,080 | -H-- | C] () -- F:\ProgramData\kbkwknay.ayh
[2010/05/05 19:44:23 | 000,003,584 | -H-- | C] () -- F:\Users\Chrissie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/28 14:50:50 | 000,047,616 | -H-- | C] () -- F:\Windows\SysWow64\pdf995mon64.dll
[2010/04/28 14:50:50 | 000,000,059 | -H-- | C] () -- F:\Windows\wpd99.drv
[2010/03/08 13:01:34 | 000,000,075 | RHS- | C] () -- F:\Windows\CT4CET.bin
[2010/02/01 10:33:48 | 000,982,220 | -H-- | C] () -- F:\Windows\SysWow64\igkrng500.bin
[2010/02/01 10:33:47 | 000,134,592 | -H-- | C] () -- F:\Windows\SysWow64\igfcg500.bin
[2010/02/01 10:33:47 | 000,092,216 | -H-- | C] () -- F:\Windows\SysWow64\igfcg500m.bin
[2010/02/01 10:33:45 | 000,433,024 | -H-- | C] () -- F:\Windows\SysWow64\igcompkrng500.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | -H-- | C] () -- F:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | -H-- | C] () -- F:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2010/11/30 20:49:23 | 000,000,000 | -H-D | M] -- F:\ProgramData\Autodesk
[2012/01/23 09:33:44 | 000,000,000 | -H-D | M] -- F:\ProgramData\AVG Secure Search
[2010/12/10 22:43:08 | 000,000,000 | -H-D | M] -- F:\ProgramData\AVG Security Toolbar
[2010/04/27 10:38:21 | 000,000,000 | -H-D | M] -- F:\ProgramData\avg9
[2011/03/23 07:14:27 | 000,000,000 | -H-D | M] -- F:\ProgramData\Common Files
[2010/06/16 09:47:14 | 000,000,000 | -H-D | M] -- F:\ProgramData\CounterPath
[2010/03/08 12:52:47 | 000,000,000 | -H-D | M] -- F:\ProgramData\Cozi
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2010/05/09 15:46:10 | 000,000,000 | -H-D | M] -- F:\ProgramData\Eastman Kodak Company
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2010/05/10 16:20:23 | 000,000,000 | -H-D | M] -- F:\ProgramData\kds_kodak
[2010/03/08 12:53:08 | 000,000,000 | -H-D | M] -- F:\ProgramData\PCDr
[2012/01/18 09:52:26 | 000,000,000 | -H-D | M] -- F:\ProgramData\pdf995
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2010/03/08 12:53:10 | 000,000,000 | -H-D | M] -- F:\ProgramData\SupportSoft
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2010/03/08 13:04:13 | 000,000,000 | -H-D | M] -- F:\ProgramData\Uninstall
[2010/03/31 11:04:55 | 000,000,000 | -H-D | M] -- F:\ProgramData\Wild Tangent
[2010/04/12 22:30:14 | 000,000,000 | -H-D | M] -- F:\ProgramData\WildTangent
[2010/03/22 21:38:45 | 000,000,000 | -H-D | M] -- F:\ProgramData\Zylom
[2011/10/06 14:29:44 | 000,000,000 | -H-D | M] -- F:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/06/02 13:02:37 | 000,032,642 | -H-- | M] () -- F:\Windows\Tasks\SCHEDLGU(31).TXT
[2010/08/30 08:38:19 | 000,032,610 | -H-- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 14.65 Gb Total Space | 8.32 Gb Free Space | 56.80% Space Free | Partition Type: NTFS
Drive E: | 14.90 Gb Total Space | 14.62 Gb Free Space | 98.12% Space Free | Partition Type: FAT32
Drive F: | 218.20 Gb Total Space | 157.09 Gb Free Space | 71.99% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/11/30 20:51:11 | 001,436,424 | -H-- | M] (Acresso Software Inc.) [On_Demand] -- F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/16 20:06:22 | 000,033,280 | -H-- | M] () [Auto] -- F:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/28 23:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto] -- F:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 11:11:14 | 000,155,648 | -H-- | M] (Stardock Corporation) [Auto] -- F:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | -H-- | M] (Microsoft Corporation) [Disabled] -- F:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012/01/23 09:33:38 | 000,909,152 | -H-- | M] () [Auto] -- F:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/10 08:17:31 | 000,167,264 | -H-- | M] () [On_Demand] -- F:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/21 09:39:58 | 000,921,952 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- F:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 08:49:56 | 000,308,136 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- F:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/20 18:36:54 | 000,079,360 | -H-- | M] (Autodesk) [On_Demand] -- F:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 12:45:57 | 000,016,680 | -H-- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand] -- F:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/04 12:28:08 | 000,658,656 | -H-- | M] (SoftThinks) [Auto] -- F:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/07/21 17:06:26 | 000,554,224 | -H-- | M] (Dell Inc.) [Auto] -- F:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 19:07:28 | 000,250,616 | -H-- | M] (WildTangent, Inc.) [On_Demand] -- F:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 20:03:06 | 000,354,840 | -H-- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/21 09:59:08 | 000,206,064 | -H-- | M] (SupportSoft, Inc.) [Auto] -- F:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/04 11:15:26 | 000,279,960 | -H-- | M] (Eastman Kodak Company) [Auto] -- F:\Program Files (x86)\Kodak\AiO\Center\EKDiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/04/17 11:08:26 | 000,032,768 | -H-- | M] (Eastman Kodak Company) [Auto] -- F:\Program Files (x86)\Kodak\AiO\center\KodakSvc.exe -- (KodakSvc)
SRV - [2008/06/13 04:05:48 | 001,539,224 | -H-- | M] (Autodesk, Inc.) [On_Demand] -- F:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/09/13 08:30:29 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- F:\Windows\System32\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011/05/12 09:57:21 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- F:\Windows\System32\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/07/15 08:49:27 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- F:\Windows\System32\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/07/16 20:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 20:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- F:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 23:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 17:22:14 | 000,034,640 | ---- | M] (SingleClick Systems) [Kernel | Auto] -- F:\Windows\System32\drivers\packet.sys -- (Packet)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 22:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/19 22:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand] -- F:\Windows\System32\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/08 03:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/02/05 06:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- F:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- F:\Users\Chrissie\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- F:\Users\Chrissie\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys -- (SASKUTIL)
DRV - [2009/06/10 17:21:26 | 000,027,472 | -H-- | M] (SingleClick Systems) [Kernel | Auto] -- F:\Windows\SysWOW64\drivers\packet.sys -- (Packet)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Chrissie_ON_F\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
IE - HKU\Chrissie_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Chrissie_ON_F\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\Chrissie_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Chrissie_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/23 09:33:44 | 000,000,000 | -H-D | M]
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\Chrissie_ON_F\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] F:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] F:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] F:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [IAAnotif] F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] F:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] F:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] F:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] File not found
O4 - HKLM..\Run: [Dell Webcam Central] F:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] F:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] F:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] File not found
O4 - HKLM..\Run: [PDVDDXSrv] F:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ROC_roc_dec12] F:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] F:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\Chrissie_ON_F..\Run: [eyeBeam SIP Client] File not found
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] F:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] File not found
O4 - Startup: F:\Users\Chrissie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ()
O4 - Startup: F:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Chrissie_ON_F\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\LocalService_ON_F\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\NetworkService_ON_F\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\systemprofile_ON_F\Software\Policies\Microsoft\Internet Explorer\Recovery present
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - F:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - F:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - F:\Windows\System32\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - File not found - -- [ NTFS ]
O32 - AutoRun File - [2010/11/05 23:47:47 | 000,000,000 | -H-D | M] - F:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{82207380-9012-11df-a4e7-a4badbab5143}\Shell - "" = AutoRun
O33 - MountPoints2\{82207380-9012-11df-a4e7-a4badbab5143}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/01/26 16:36:46 | 000,000,000 | ---D | C] -- F:\Users\Chrissie\AppData\Roaming\Malwarebytes
[2012/01/26 16:31:46 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/26 16:31:46 | 000,000,000 | ---D | C] -- F:\ProgramData\Malwarebytes
[2012/01/26 16:31:45 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\System32\drivers\mbam.sys
[2012/01/26 16:31:45 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/26 15:31:22 | 000,000,000 | -H-D | C] -- F:\Windows\Microsoft Antimalware
[2012/01/26 15:30:48 | 000,000,000 | -H-D | C] -- F:\Windows\Windows Defender Offline
[2012/01/26 15:27:37 | 000,000,000 | -H-D | C] -- F:\Users\Chrissie\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/26 15:27:37 | 000,000,000 | -H-D | C] -- F:\ProgramData\SUPERAntiSpyware.com
[2012/01/25 17:36:09 | 000,000,000 | -H-D | C] -- F:\Users\Chrissie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
========== Files - Modified Within 30 Days ==========
[2012/01/26 17:02:58 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012/01/26 16:53:19 | 000,000,898 | -H-- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/26 16:32:54 | 000,014,240 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 16:32:53 | 000,014,240 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 16:31:47 | 000,001,111 | ---- | M] () -- F:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/26 16:31:47 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/26 16:29:05 | 000,628,874 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2012/01/26 16:29:05 | 000,111,026 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2012/01/26 16:21:26 | 2384,744,448 | -HS- | M] () -- F:\hiberfil.sys
[2012/01/26 15:13:53 | 000,343,552 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
[2012/01/25 17:37:52 | 000,000,456 | -H-- | M] () -- F:\ProgramData\kE2uTKhWFNiX5x
[2012/01/25 17:36:11 | 000,000,280 | -H-- | M] () -- F:\ProgramData\~kE2uTKhWFNiX5x
[2012/01/25 17:36:11 | 000,000,192 | -H-- | M] () -- F:\ProgramData\~kE2uTKhWFNiX5xr
[2012/01/25 17:36:10 | 000,000,679 | -H-- | M] () -- F:\Users\Chrissie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/25 17:35:40 | 000,000,000 | RH-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/01/25 17:35:40 | 000,000,000 | RH-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\The KCL CADalog
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software995
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Converter 9
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/01/25 17:35:40 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/01/25 17:35:39 | 000,000,000 | RH-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/01/25 17:35:39 | 000,000,000 | RH-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless
[2012/01/25 17:35:39 | 000,000,000 | RH-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/01/25 17:35:39 | 000,000,000 | RH-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Web Start
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Remote Access
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Free 9.0
[2012/01/25 17:35:39 | 000,000,000 | -H-D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2012/01/25 17:32:46 | 092,077,918 | ---- | M] () -- F:\Windows\System32\drivers\Avg\incavi.avm
[2012/01/18 09:52:28 | 000,044,420 | -H-- | M] () -- F:\Users\Chrissie\Desktop\xid-336898_1.pdf
[2012/01/18 09:52:26 | 000,000,059 | -H-- | M] () -- F:\Windows\wpd99.drv
[2012/01/18 09:51:58 | 000,653,644 | -H-- | M] () -- F:\Users\Chrissie\Desktop\xid-336897_1.pdf
[2012/01/18 09:45:19 | 000,430,282 | -H-- | M] () -- F:\Users\Chrissie\Desktop\xid-473550_1.pdf
[2012/01/09 15:29:54 | 021,827,607 | -H-- | M] () -- F:\Users\Chrissie\Documents\GH - M - Drawings Issued for Tender[1].pdf
[2012/01/09 15:04:41 | 000,000,223 | -H-- | M] () -- F:\Users\Chrissie\Desktop\GH - M - Drawings Issued for Tender.pdf.url
[2012/01/08 20:35:25 | 000,000,229 | -H-- | M] () -- F:\Users\Chrissie\Desktop\show_month.php-i=1945247&date=2012-01-02.url
========== Files Created - No Company Name ==========
[2012/01/26 16:31:47 | 000,001,111 | ---- | C] () -- F:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/25 17:36:11 | 000,000,280 | -H-- | C] () -- F:\ProgramData\~kE2uTKhWFNiX5x
[2012/01/25 17:36:11 | 000,000,192 | -H-- | C] () -- F:\ProgramData\~kE2uTKhWFNiX5xr
[2012/01/25 17:36:10 | 000,000,679 | -H-- | C] () -- F:\Users\Chrissie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/25 17:36:04 | 000,000,456 | -H-- | C] () -- F:\ProgramData\kE2uTKhWFNiX5x
[2012/01/18 09:52:25 | 000,044,420 | -H-- | C] () -- F:\Users\Chrissie\Desktop\xid-336898_1.pdf
[2012/01/18 09:51:51 | 000,653,644 | -H-- | C] () -- F:\Users\Chrissie\Desktop\xid-336897_1.pdf
[2012/01/18 09:45:07 | 000,430,282 | -H-- | C] () -- F:\Users\Chrissie\Desktop\xid-473550_1.pdf
[2012/01/09 15:29:48 | 021,827,607 | -H-- | C] () -- F:\Users\Chrissie\Documents\GH - M - Drawings Issued for Tender[1].pdf
[2012/01/09 15:04:41 | 000,000,223 | -H-- | C] () -- F:\Users\Chrissie\Desktop\GH - M - Drawings Issued for Tender.pdf.url
[2012/01/08 12:29:59 | 000,000,229 | -H-- | C] () -- F:\Users\Chrissie\Desktop\show_month.php-i=1945247&date=2012-01-02.url
[2011/10/17 15:00:37 | 000,144,384 | -H-- | C] () -- F:\Windows\SysWow64\mlfcache.dat
[2011/07/06 14:29:15 | 000,000,056 | -H-- | C] () -- F:\Windows\SysWow64\ezsidmv.dat
[2010/12/08 08:49:28 | 000,000,028 | -H-- | C] () -- F:\Windows\pdf995.ini
[2010/10/12 12:07:52 | 000,000,000 | -H-- | C] () -- F:\Users\Chrissie\AppData\Roaming\wklnhst.dat
[2010/05/09 15:45:48 | 000,012,800 | -H-- | C] () -- F:\Windows\SysWow64\EKDeviceServices.dll
[2010/05/05 20:17:39 | 000,005,080 | -H-- | C] () -- F:\ProgramData\kbkwknay.ayh
[2010/05/05 19:44:23 | 000,003,584 | -H-- | C] () -- F:\Users\Chrissie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/28 14:50:50 | 000,047,616 | -H-- | C] () -- F:\Windows\SysWow64\pdf995mon64.dll
[2010/04/28 14:50:50 | 000,000,059 | -H-- | C] () -- F:\Windows\wpd99.drv
[2010/03/08 13:01:34 | 000,000,075 | RHS- | C] () -- F:\Windows\CT4CET.bin
[2010/02/01 10:33:48 | 000,982,220 | -H-- | C] () -- F:\Windows\SysWow64\igkrng500.bin
[2010/02/01 10:33:47 | 000,134,592 | -H-- | C] () -- F:\Windows\SysWow64\igfcg500.bin
[2010/02/01 10:33:47 | 000,092,216 | -H-- | C] () -- F:\Windows\SysWow64\igfcg500m.bin
[2010/02/01 10:33:45 | 000,433,024 | -H-- | C] () -- F:\Windows\SysWow64\igcompkrng500.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | -H-- | C] () -- F:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | -H-- | C] () -- F:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2010/11/30 20:49:23 | 000,000,000 | -H-D | M] -- F:\ProgramData\Autodesk
[2012/01/23 09:33:44 | 000,000,000 | -H-D | M] -- F:\ProgramData\AVG Secure Search
[2010/12/10 22:43:08 | 000,000,000 | -H-D | M] -- F:\ProgramData\AVG Security Toolbar
[2010/04/27 10:38:21 | 000,000,000 | -H-D | M] -- F:\ProgramData\avg9
[2011/03/23 07:14:27 | 000,000,000 | -H-D | M] -- F:\ProgramData\Common Files
[2010/06/16 09:47:14 | 000,000,000 | -H-D | M] -- F:\ProgramData\CounterPath
[2010/03/08 12:52:47 | 000,000,000 | -H-D | M] -- F:\ProgramData\Cozi
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2010/05/09 15:46:10 | 000,000,000 | -H-D | M] -- F:\ProgramData\Eastman Kodak Company
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2010/05/10 16:20:23 | 000,000,000 | -H-D | M] -- F:\ProgramData\kds_kodak
[2010/03/08 12:53:08 | 000,000,000 | -H-D | M] -- F:\ProgramData\PCDr
[2012/01/18 09:52:26 | 000,000,000 | -H-D | M] -- F:\ProgramData\pdf995
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2010/03/08 12:53:10 | 000,000,000 | -H-D | M] -- F:\ProgramData\SupportSoft
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2010/03/08 13:04:13 | 000,000,000 | -H-D | M] -- F:\ProgramData\Uninstall
[2010/03/31 11:04:55 | 000,000,000 | -H-D | M] -- F:\ProgramData\Wild Tangent
[2010/04/12 22:30:14 | 000,000,000 | -H-D | M] -- F:\ProgramData\WildTangent
[2010/03/22 21:38:45 | 000,000,000 | -H-D | M] -- F:\ProgramData\Zylom
[2011/10/06 14:29:44 | 000,000,000 | -H-D | M] -- F:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/06/02 13:02:37 | 000,032,642 | -H-- | M] () -- F:\Windows\Tasks\SCHEDLGU(31).TXT
[2010/08/30 08:38:19 | 000,032,610 | -H-- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
If you don't have time to do it right
...when will you have time to do it over?
...when will you have time to do it over?
#9 Re: [RESOLVED] Tough One - System Check infection
-
-
- 581 posts
- Joined: May 10, 2009
- 82 topics
- Skin: IP.Board
- Local time: 01:34 PM
$ Supporting Member
-
Zodiac:Aquarius
- Gender:Male
- Location:McKinney, TX
- Interests:Gardening, computers
- OS:Windows 7
-
Country:
- Time Online: 13h 27m 3s
Posted 26 January 2012 - 11:42 PM
FWIW - Here's the RKILL log (RKILL was run twice)
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 26/01/2012 at 15:24:31.
Operating System: Windows 7 Home Premium
Processes terminated by Rkill or while it was running:
C:\ProgramData\hiPNlASulbl.exe
C:\ProgramData\kE2uTKhWFNiX5x.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\SetMUILanguage.exe
Rkill completed on 26/01/2012 at 15:26:04.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 26/01/2012 at 16:26:48.
Operating System: Windows 7 Home Premium
Processes terminated by Rkill or while it was running:
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\ProgramData\hiPNlASulbl.exe
C:\ProgramData\kE2uTKhWFNiX5x.exe
C:\Windows\SysWOW64\grpconv.exe
Rkill completed on 26/01/2012 at 16:28:13.
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 26/01/2012 at 15:24:31.
Operating System: Windows 7 Home Premium
Processes terminated by Rkill or while it was running:
C:\ProgramData\hiPNlASulbl.exe
C:\ProgramData\kE2uTKhWFNiX5x.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\SetMUILanguage.exe
Rkill completed on 26/01/2012 at 15:26:04.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 26/01/2012 at 16:26:48.
Operating System: Windows 7 Home Premium
Processes terminated by Rkill or while it was running:
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\ProgramData\hiPNlASulbl.exe
C:\ProgramData\kE2uTKhWFNiX5x.exe
C:\Windows\SysWOW64\grpconv.exe
Rkill completed on 26/01/2012 at 16:28:13.
If you don't have time to do it right
...when will you have time to do it over?
...when will you have time to do it over?
#10 Re: [RESOLVED] Tough One - System Check infection
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 11:34 AM
Malware Annihilator
-
Zodiac:Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 12h 18m 57s
Posted 27 January 2012 - 12:03 AM
Do this on the computer you are posting from:
Copy the text in the codebox below:
Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive
On the infected computer the following...
Run OTLPE
Copy the text in the codebox below:
:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\Chrissie_ON_F\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Conime] File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] File not found
O4 - HKU\Chrissie_ON_F..\Run: [eyeBeam SIP Client] File not found
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] File not found
O33 - MountPoints2\{82207380-9012-11df-a4e7-a4badbab5143}\Shell - "" = AutoRun
O33 - MountPoints2\{82207380-9012-11df-a4e7-a4badbab5143}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
[2012/01/25 17:37:52 | 000,000,456 | -H-- | M] () -- F:\ProgramData\kE2uTKhWFNiX5x
[2012/01/25 17:36:11 | 000,000,280 | -H-- | M] () -- F:\ProgramData\~kE2uTKhWFNiX5x
[2012/01/25 17:36:11 | 000,000,192 | -H-- | M] () -- F:\ProgramData\~kE2uTKhWFNiX5xr
[2012/01/25 17:36:10 | 000,000,679 | -H-- | M] () -- F:\Users\Chrissie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/25 17:36:09 | 000,000,000 | -H-D | C] -- F:\Users\Chrissie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
:Services
:Reg
:Files
:Commands
[purity]
Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive
On the infected computer the following...
Run OTLPE
- Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post the log produced (you'll need to transfer it with USB stick)
- Remove the CD and shut down computer manually.
- Attempt to reboot normally into Windows.
#11 Re: [RESOLVED] Tough One - System Check infection
-
-
- 581 posts
- Joined: May 10, 2009
- 82 topics
- Skin: IP.Board
- Local time: 01:34 PM
$ Supporting Member
-
Zodiac:Aquarius
- Gender:Male
- Location:McKinney, TX
- Interests:Gardening, computers
- OS:Windows 7
-
Country:
- Time Online: 13h 27m 3s
Posted 27 January 2012 - 12:14 AM
Re-booting now - here's the log:
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\Chrissie_ON_F\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Conime deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\EKIJ5000StatusMonitor deleted successfully.
Registry key HKEY_USERS\Chrissie_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\LocalService_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82207380-9012-11df-a4e7-a4badbab5143}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82207380-9012-11df-a4e7-a4badbab5143}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82207380-9012-11df-a4e7-a4badbab5143}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82207380-9012-11df-a4e7-a4badbab5143}\ not found.
File "E:\WD SmartWare.exe" autoplay=true not found.
F:\ProgramData\kE2uTKhWFNiX5x moved successfully.
F:\ProgramData\~kE2uTKhWFNiX5x moved successfully.
F:\ProgramData\~kE2uTKhWFNiX5xr moved successfully.
F:\Users\Chrissie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
F:\Users\Chrissie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
OTLPE by OldTimer - Version 3.1.48.0 log created on 01262012_191214
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\Chrissie_ON_F\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Conime deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\EKIJ5000StatusMonitor deleted successfully.
Registry key HKEY_USERS\Chrissie_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\LocalService_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82207380-9012-11df-a4e7-a4badbab5143}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82207380-9012-11df-a4e7-a4badbab5143}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82207380-9012-11df-a4e7-a4badbab5143}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82207380-9012-11df-a4e7-a4badbab5143}\ not found.
File "E:\WD SmartWare.exe" autoplay=true not found.
F:\ProgramData\kE2uTKhWFNiX5x moved successfully.
F:\ProgramData\~kE2uTKhWFNiX5x moved successfully.
F:\ProgramData\~kE2uTKhWFNiX5xr moved successfully.
F:\Users\Chrissie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
F:\Users\Chrissie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
OTLPE by OldTimer - Version 3.1.48.0 log created on 01262012_191214
If you don't have time to do it right
...when will you have time to do it over?
...when will you have time to do it over?
#12 Re: [RESOLVED] Tough One - System Check infection
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 11:34 AM
Malware Annihilator
-
Zodiac:Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 12h 18m 57s
#13 Re: [RESOLVED] Tough One - System Check infection
-
-
- 581 posts
- Joined: May 10, 2009
- 82 topics
- Skin: IP.Board
- Local time: 01:34 PM
$ Supporting Member
-
Zodiac:Aquarius
- Gender:Male
- Location:McKinney, TX
- Interests:Gardening, computers
- OS:Windows 7
-
Country:
- Time Online: 13h 27m 3s
Posted 27 January 2012 - 12:19 AM
Booted ok, no fake scanners running! Okay to connect to internet?
If you don't have time to do it right
...when will you have time to do it over?
...when will you have time to do it over?
#14 Re: [RESOLVED] Tough One - System Check infection
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 11:34 AM
Malware Annihilator
-
Zodiac:Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 12h 18m 57s
Posted 27 January 2012 - 12:22 AM
Good news :)
Try to connect, update MBAM and run it first.
Then follow with other steps from here: http://www.smartestc...ease-read-this/
Try to connect, update MBAM and run it first.
Then follow with other steps from here: http://www.smartestc...ease-read-this/
#15 Re: [RESOLVED] Tough One - System Check infection
-
-
- 581 posts
- Joined: May 10, 2009
- 82 topics
- Skin: IP.Board
- Local time: 01:34 PM
$ Supporting Member
-
Zodiac:Aquarius
- Gender:Male
- Location:McKinney, TX
- Interests:Gardening, computers
- OS:Windows 7
-
Country:
- Time Online: 13h 27m 3s
Posted 27 January 2012 - 12:28 AM
Connected fine, MBAM running.
Thanks...back in a bit.
Thanks...back in a bit.
If you don't have time to do it right
...when will you have time to do it over?
...when will you have time to do it over?
#16 Re: [RESOLVED] Tough One - System Check infection
-
-
- 581 posts
- Joined: May 10, 2009
- 82 topics
- Skin: IP.Board
- Local time: 01:34 PM
$ Supporting Member
-
Zodiac:Aquarius
- Gender:Male
- Location:McKinney, TX
- Interests:Gardening, computers
- OS:Windows 7
-
Country:
- Time Online: 13h 27m 3s
Posted 27 January 2012 - 02:06 AM
Removed AVG (with AppRemover) so that it wouldn't interfere with the GMER scan. On the AVG removal re-boot, same problem as before - quick blip across the top row of the "Starting Windows" screen, about 1/3 of the row (1 pixel high) changes to multi color, and the system hangs there. No Windows Orb lights up...just hangs.
If you don't have time to do it right
...when will you have time to do it over?
...when will you have time to do it over?
#17 Re: [RESOLVED] Tough One - System Check infection
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 11:34 AM
Malware Annihilator
-
Zodiac:Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 12h 18m 57s
#18 Re: [RESOLVED] Tough One - System Check infection
-
-
- 581 posts
- Joined: May 10, 2009
- 82 topics
- Skin: IP.Board
- Local time: 01:34 PM
$ Supporting Member
-
Zodiac:Aquarius
- Gender:Male
- Location:McKinney, TX
- Interests:Gardening, computers
- OS:Windows 7
-
Country:
- Time Online: 13h 27m 3s
Posted 27 January 2012 - 02:31 AM
Sorry about that. I thought that you wanted me to run MBAM then proceed with the standard procedure...
Same issue with Safe Mode as before - won't boot. Here's MBAM log. Doesn't show on this log (EDIT - yes, it does) but MBAM "fixed" the issues (but, did not re-boot.)
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.26.06
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Chrissie :: CDESROCHE [administrator]
26/01/2012 7:27:16 PM
mbam-log-2012-01-26 (19-27-16).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188600
Time elapsed: 16 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Same issue with Safe Mode as before - won't boot. Here's MBAM log. Doesn't show on this log (EDIT - yes, it does) but MBAM "fixed" the issues (but, did not re-boot.)
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.26.06
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Chrissie :: CDESROCHE [administrator]
26/01/2012 7:27:16 PM
mbam-log-2012-01-26 (19-27-16).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188600
Time elapsed: 16 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
If you don't have time to do it right
...when will you have time to do it over?
...when will you have time to do it over?
#19 Re: [RESOLVED] Tough One - System Check infection
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 11:34 AM
Malware Annihilator
-
Zodiac:Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 12h 18m 57s
Posted 27 January 2012 - 02:47 AM
Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...
NOTE. If none of the above apply you can create System Repair Disc (link in "Option two") and boot from it.
On the System Recovery Options menu you will get the following options:
Choose Command Prompt
You should see X:\SOURCES>...
Execute the following commands in bold.
Press Enter after every one of them.
bootrec /fixmbr (<--- there is a "space" after "bootrec")
bootrec /fixboot (<--- there is a "space" after "bootrec")
exit
Restart computer.
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...
NOTE. If none of the above apply you can create System Repair Disc (link in "Option two") and boot from it.
On the System Recovery Options menu you will get the following options:
- Startup Repair
- System Restore
- Windows Complete PC Restore
- Windows Memory Diagnostic Tool
- Command Prompt
Choose Command Prompt
You should see X:\SOURCES>...
Execute the following commands in bold.
Press Enter after every one of them.
bootrec /fixmbr (<--- there is a "space" after "bootrec")
bootrec /fixboot (<--- there is a "space" after "bootrec")
exit
Restart computer.
#20 Re: [RESOLVED] Tough One - System Check infection
-
-
- 581 posts
- Joined: May 10, 2009
- 82 topics
- Skin: IP.Board
- Local time: 01:34 PM
$ Supporting Member
-
Zodiac:Aquarius
- Gender:Male
- Location:McKinney, TX
- Interests:Gardening, computers
- OS:Windows 7
-
Country:
- Time Online: 13h 27m 3s
Posted 27 January 2012 - 03:02 AM
Okay - Fixboot gave an error but machine booted.
What next?
What next?
If you don't have time to do it right
...when will you have time to do it over?
...when will you have time to do it over?
