Inactive BSOD and Chrome redirecting

Status
Not open for further replies.
Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

Choose Command Prompt
You should see X:\SOURCES>...

Execute the following commands in bold.
Press Enter after every one of them.

bootrec /fixmbr (<--- there is a "space" after "bootrec")

bootrec /fixboot

exit

Restart computer.

See if you can boot normally.
 
I don't have a Windows 7 disk I'm afraid and trying the command prompt didn't work either.

This is what my command prompt looked like

X:\windows\system32>bootrec /fixmbr
The operation completed successfully

X:\windows\system32> bootrec /fixboot
The operation completed successfully

X:\windows\system32>exit
 
Always read my instructions carefully.
If you don't have Windows 7 DVD...in such a case use a method one
Read at my link carefully.
 
I'm afraid I don't quinte understand. Isn't method one the command prompt option?

The method I used was to get into the system recovery options and then choose command prompt from there.
 
I didn't see your reply #27.
Sorry about it.

Did you restart computer after those commands ran successfully?
If so what happens?
 
Yes if I restart my computer after executing those commands I still get a blue screen (whether normal or safe mode). It feels pretty bleak to me now, how optimistic are you that I'll be able to get my computer up and running again?
 
If I had a crystal ball....hehehe...we'll try....

Does STOP: 0x0000007B error mention any file?

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
It doesn't have a file mentioned no. I'll try that boot from CD now.

If we're not successful and I have to reinstall windows, will I be able to copy my files beforehand?
 
Turns out the computer I'm on now doesn't actually have a cd writer. I'll see if one of the others in the house does.
 
After the reatogo-x-pe loading screen I got the Windows XP splash screen and then another BSOD.

A problem has been detected and windows has been shut down to prevent damage to your computer.

SESSIONS_INITIALIZATION_FAILED

STOP: 0x00000071 (0x00000000, 0x000000000, 0x00000000, 0x00000000)
 
I'm afraid you may have more issues than just an infection.

To double check I suggest you locate a computer with CD writer and try to boot from a CD.
 
I'll need to wake up the person who's got one! It's 6am here in the UK.

Will there be any way to get my files back?

It was working perfectly for those 5 minutes before it froze.
 
I'm about to go to bed so you don't have to hurry :)

If you can boot to that CD you can recover any files through it so let's see how it goes.
 
It's my bed time and you need to create the CD.
I'll check on you in the morning.
 
Ok I have sucessfully booted into REATOGO-X-PE using the boot disc. I also have an internet connection via LAN.

1) See below for the log file from OTLPE

2) I can access all of my files through the explorer. Would it be wise to back them up to an external hard drive before going any further?

3) As you can see, there are other executables on the desktop such as MBRFix. Please advise as to whether I should use this.

4) When I first installed Windows 7, it was from a downloaded setup file as my University were giving away copies of the OS. I don't think that I still have a copy of this installation file, and I'm not sure that I can re-download it. If it comes that I have to reinstall Windows 7 I could do with some help.

Thanks so much for your patience, I really appreciate it.

OTL logfile created on: 12/23/2011 9:54:59 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 74.35 Mb Free Space | 74.35% Space Free | Partition Type: NTFS
Drive D: | 60.80 Gb Total Space | 9.36 Gb Free Space | 15.39% Space Free | Partition Type: NTFS
Drive E: | 47.64 Gb Total Space | 6.86 Gb Free Space | 14.41% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/07 16:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto] -- D:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/08/01 04:11:38 | 001,091,984 | ---- | M] (Western Digital ) [Disabled] -- D:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2011/08/01 04:11:36 | 001,592,208 | ---- | M] (Western Digital ) [Disabled] -- D:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV - [2011/08/01 04:11:32 | 000,263,056 | ---- | M] (WDC) [Disabled] -- D:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/31 15:12:19 | 000,815,104 | ---- | M] (Epitiro Ltd.) [Auto] -- D:\Program Files\Broadband Test Application\BroadbandTestApp.exe -- (bbtest_svc)
SRV - [2011/04/27 09:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 09:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/12/08 08:31:06 | 000,628,736 | ---- | M] (Nokia) [Disabled] -- D:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/05/24 14:13:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/18 03:56:41 | 000,079,360 | ---- | M] (SolidWorks) [Disabled] -- D:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/07/16 11:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled] -- D:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/29 06:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto] -- D:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/01/26 10:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2005/09/23 02:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System] -- -- (MpKslfc67b542)
DRV - File not found [Kernel | System] -- -- (MpKslef033d16)
DRV - File not found [Kernel | System] -- -- (MpKsled5d616f)
DRV - File not found [Kernel | System] -- -- (MpKsle7f82450)
DRV - File not found [Kernel | System] -- -- (MpKsle0966d4b)
DRV - File not found [Kernel | System] -- -- (MpKslcd24449b)
DRV - File not found [Kernel | System] -- -- (MpKslca68fed9)
DRV - File not found [Kernel | System] -- -- (MpKslc0de43cf)
DRV - File not found [Kernel | System] -- -- (MpKslb37c3aed)
DRV - File not found [Kernel | System] -- -- (MpKslad2aecf6)
DRV - File not found [Kernel | System] -- -- (MpKsla2f9d444)
DRV - File not found [Kernel | System] -- -- (MpKsl9a7a58ed)
DRV - File not found [Kernel | System] -- -- (MpKsl97a191b1)
DRV - File not found [Kernel | System] -- -- (MpKsl8ad51963)
DRV - File not found [Kernel | System] -- -- (MpKsl88aaaf86)
DRV - File not found [Kernel | System] -- -- (MpKsl85107fea)
DRV - File not found [Kernel | System] -- -- (MpKsl837763df)
DRV - File not found [Kernel | System] -- -- (MpKsl7ed798a4)
DRV - File not found [Kernel | System] -- -- (MpKsl7cda8f8b)
DRV - File not found [Kernel | System] -- -- (MpKsl73b312e8)
DRV - File not found [Kernel | System] -- -- (MpKsl6ed097b8)
DRV - File not found [Kernel | System] -- -- (MpKsl54313b3e)
DRV - File not found [Kernel | System] -- -- (MpKsl53b3ea4c)
DRV - File not found [Kernel | System] -- -- (MpKsl3d1dd100)
DRV - File not found [Kernel | System] -- -- (MpKsl38467449)
DRV - File not found [Kernel | System] -- -- (MpKsl33fe2233)
DRV - File not found [Kernel | System] -- -- (MpKsl27d5bf1a)
DRV - File not found [Kernel | System] -- -- (MpKsl26029bf4)
DRV - File not found [Kernel | System] -- -- (MpKsl19c41689)
DRV - File not found [Kernel | System] -- -- (MpKsl1680758b)
DRV - File not found [Kernel | System] -- -- (MpKsl0bd91f7b)
DRV - File not found [Kernel | System] -- -- (MpKsl04f51367)
DRV - File not found [Kernel | System] -- -- (MpKsl007aaa51)
DRV - File not found [Kernel | System] -- -- (DritekPortIO)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/12/22 22:36:55 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl9c48e07d.sys -- (MpKsl9c48e07d)
DRV - [2011/12/22 07:12:21 | 000,029,904 | ---- | M] () [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsled63dee5.sys -- (MpKsled63dee5)
DRV - [2011/12/22 06:59:18 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsld073d578.sys -- (MpKsld073d578)
DRV - [2011/12/22 02:57:58 | 000,029,904 | ---- | M] () [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl41129145.sys -- (MpKsl41129145)
DRV - [2011/12/22 01:14:07 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsle179b900.sys -- (MpKsle179b900)
DRV - [2011/12/21 22:23:32 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsla6392b7c.sys -- (MpKsla6392b7c)
DRV - [2011/12/21 15:49:32 | 000,029,904 | ---- | M] () [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl1f357395.sys -- (MpKsl1f357395)
DRV - [2011/12/21 10:02:15 | 000,029,904 | ---- | M] () [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl866aae3c.sys -- (MpKsl866aae3c)
DRV - [2011/12/21 09:51:08 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl61a736c7.sys -- (MpKsl61a736c7)
DRV - [2011/12/21 03:25:34 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl7fcfbf72.sys -- (MpKsl7fcfbf72)
DRV - [2011/12/20 19:22:13 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl0cc7ce2e.sys -- (MpKsl0cc7ce2e)
DRV - [2011/12/20 12:11:36 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKslead9003b.sys -- (MpKslead9003b)
DRV - [2011/12/20 12:07:52 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKslccd16cc5.sys -- (MpKslccd16cc5)
DRV - [2011/12/15 12:02:16 | 000,228,208 | ---- | M] () [Kernel | System] -- D:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System] -- D:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System] -- D:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System] -- D:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System] -- D:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/07 16:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- D:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 16:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- D:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 16:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot] -- D:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/08/07 08:27:04 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand] -- D:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/04/27 09:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 07:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/30 09:53:12 | 000,296,160 | ---- | M] () [File_System | System] -- D:\Windows\System32\drivers\ExpanDrive.sys -- (ExpanDrive)
DRV - [2011/02/16 10:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- D:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/12/07 09:39:30 | 000,158,600 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/30 08:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 08:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 08:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 08:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/07/26 06:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/07/26 06:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/04/07 13:42:24 | 006,630,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/10/02 09:14:42 | 000,042,248 | ---- | M] (M-Audio) [Kernel | On_Demand] -- D:\Windows\System32\drivers\MAudioConectiv_DFU.sys -- (MADFUCONECTIV)
DRV - [2009/10/02 09:14:38 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\MAudioConectiv.sys -- (MAUSBCONECTIV)
DRV - [2009/06/25 11:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 11:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/06/25 06:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/04/29 06:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/08/26 03:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/20 21:03:06 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2007/11/14 11:20:06 | 000,020,168 | ---- | M] (MIDIMAN) [Kernel | On_Demand] -- D:\Windows\System32\drivers\uks11ldr.sys -- (UKS11LDR)
DRV - [2007/11/14 11:20:04 | 000,031,752 | ---- | M] (M-Audio) [Kernel | On_Demand] -- D:\Windows\System32\drivers\MA_CMIDI.SYS -- (MA_CMIDI)
DRV - [2007/08/28 09:05:38 | 000,016,512 | ---- | M] (M-Audio) [Kernel | On_Demand] -- D:\Windows\System32\drivers\MADFU.sys -- (MADFU)
DRV - [2007/03/28 02:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2004/08/01 13:18:30 | 000,012,800 | ---- | M] (Beijing WiseGrup.,Ltd (gamepad.yeah.net)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Xpad.sys -- (XPAD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Ben_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\Ben_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\Ben_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 3E 7A 96 5B C0 CC 01 [binary data]
IE - HKU\Ben_ON_D\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\Ben_ON_D\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Ben_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Ben_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>




========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig"
FF - prefs.js..extension.gacela.network.proxy.autoconfig_url: ""
FF - prefs.js..extension.gacela.network.proxy.type: 5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.google.co.uk/search?btnI=I%27m+Feeling+Lucky&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: D:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: D:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: D:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Users\Ben\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Users\Ben\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/04/06 16:21:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 18:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 18:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 18:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 18:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 18:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 18:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 18:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 18:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 18:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 18:44:40 | 000,000,000 | ---D | M]

[2009/12/27 18:43:06 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Ben\AppData\Roaming\Mozilla\Extensions
[2009/12/27 18:43:06 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Ben\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2010/06/25 06:17:11 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\0n2l19cn.default\extensions
[2010/03/25 16:00:32 | 000,002,371 | ---- | M] () -- D:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\0n2l19cn.default\searchplugins\google-dictionary.xml
[2011/08/09 03:58:19 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2011/10/18 16:41:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/06/07 12:44:33 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/05 10:47:12 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 15:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/21 05:20:26 | 000,001,538 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/21 05:20:26 | 000,000,947 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/21 05:20:26 | 000,000,769 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/21 05:20:26 | 000,001,135 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LManager] D:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] D:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\RunOnce: [*Restore] D:\Windows\System32\rstrui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Ben_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Ben_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Ben_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/23 09:46:27 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2011/12/22 22:56:37 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{2680C0CF-EEBF-4940-BECC-F3B46416D84F}
[2011/12/22 22:56:19 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{C667637A-7710-4361-908F-CB3DE3276DB9}
[2011/12/22 22:22:03 | 001,932,256 | ---- | C] (Symantec Corporation) -- D:\Users\Ben\Desktop\FixTDSS.exe
[2011/12/22 20:47:04 | 000,000,000 | ---D | C] -- D:\Users\Ben\Desktop\bootkit_remover
[2011/12/22 08:17:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- D:\Users\Ben\Desktop\OTL.exe
[2011/12/22 00:28:22 | 000,000,000 | -HSD | C] -- D:\$RECYCLE.BIN
[2011/12/22 00:28:18 | 000,000,000 | ---D | C] -- D:\Windows\temp
[2011/12/22 00:28:18 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\temp
[2011/12/21 22:48:00 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Roaming\Help
[2011/12/21 03:19:47 | 000,518,144 | ---- | C] (SteelWerX) -- D:\Windows\SWREG.exe
[2011/12/21 03:19:47 | 000,406,528 | ---- | C] (SteelWerX) -- D:\Windows\SWSC.exe
[2011/12/21 03:19:47 | 000,060,416 | ---- | C] (NirSoft) -- D:\Windows\NIRCMD.exe
[2011/12/21 02:58:56 | 000,000,000 | ---D | C] -- D:\Windows\ERDNT
[2011/12/21 02:57:59 | 000,000,000 | ---D | C] -- D:\Qoobox
[2011/12/21 02:12:51 | 004,347,226 | R--- | C] (Swearware) -- D:\Users\Ben\Desktop\ComboFix.exe
[2011/12/21 02:11:40 | 001,916,416 | ---- | C] (AVAST Software) -- D:\Users\Ben\Desktop\aswMBR.exe
[2011/12/20 14:27:30 | 000,607,260 | R--- | C] (Swearware) -- D:\Users\Ben\Desktop\dds.scr
[2011/12/20 13:17:44 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/12/20 13:17:43 | 000,314,456 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswSP.sys
[2011/12/20 13:17:43 | 000,020,568 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswFsBlk.sys
[2011/12/20 13:17:38 | 000,034,392 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswRdr.sys
[2011/12/20 13:17:36 | 000,052,952 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswTdi.sys
[2011/12/20 13:17:34 | 000,435,032 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswSnx.sys
[2011/12/20 13:17:33 | 000,055,128 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswMonFlt.sys
[2011/12/20 13:17:21 | 000,199,816 | ---- | C] (AVAST Software) -- D:\Windows\System32\aswBoot.exe
[2011/12/20 13:17:21 | 000,041,184 | ---- | C] (AVAST Software) -- D:\Windows\avastSS.scr
[2011/12/20 13:17:14 | 000,000,000 | ---D | C] -- D:\ProgramData\AVAST Software
[2011/12/20 13:17:14 | 000,000,000 | ---D | C] -- D:\Program Files\AVAST Software
[2011/12/20 12:48:43 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Roaming\Malwarebytes
[2011/12/20 12:47:59 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/20 12:47:58 | 000,000,000 | ---D | C] -- D:\ProgramData\Malwarebytes
[2011/12/20 12:47:55 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbam.sys
[2011/12/20 12:47:54 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2011/12/20 12:46:59 | 000,000,000 | -H-D | C] -- D:\ProgramData\Common Files
[2011/12/20 12:35:52 | 000,000,000 | ---D | C] -- D:\ProgramData\MFAData
[2011/12/20 11:50:59 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\ElevatedDiagnostics
[2011/12/20 10:19:59 | 000,000,000 | ---D | C] -- D:\ProgramData\fC21800EiCoN21800
[2011/12/20 07:28:14 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{672CD27C-AF7A-4B2E-8233-6CC144871A9C}
[2011/12/20 07:27:49 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{C1075773-BDD6-4B63-82D1-7EDBA18D5324}
[2011/12/19 18:54:37 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{FAAC8CA4-7962-414D-9453-4F0AAA473DFA}
[2011/12/19 18:54:25 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{75FD431F-D8FA-4B81-AC3E-2D3D6385D308}
[2011/12/19 06:32:50 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{B6A5A649-58F7-4ADD-B644-4A1FA6439EC9}
[2011/12/19 06:32:29 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{E3E99457-A35C-47AA-BD2D-77C83FC1C759}
[2011/12/18 11:42:28 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{5379847D-F775-410B-9DAE-B35BD1F027D2}
[2011/12/18 11:42:17 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{2AC9097A-3443-4F55-BAB4-068AE965CD76}
[2011/12/17 20:47:37 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{3C025360-8BE8-48A8-B75B-CC90D6F5E914}
[2011/12/17 20:47:23 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{A5CE6AFB-707E-4E0B-BFF4-A1FC65A3776C}
[2011/12/17 08:32:27 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{D0BCDCFC-5A00-4EE4-B6DB-7AC140C4C477}
[2011/12/17 08:32:16 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{A8D4EEFC-E20F-4908-98CE-6C0FE53522D8}
[2011/12/17 06:10:10 | 002,106,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_43.dll
[2011/12/17 06:10:09 | 001,998,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DX9_43.dll
[2011/12/17 06:10:05 | 000,062,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xinput1_2.dll
[2011/12/16 20:04:31 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{3D943811-8AF0-45E9-8CE9-31545ED6DDE8}
[2011/12/16 20:04:14 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{F59D4F2B-E525-45B6-88D6-FEBBBD06F76C}
[2011/12/16 03:54:46 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{5D9CCA52-9764-48E8-9672-1D9397358BAD}
[2011/12/16 03:54:22 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{D4D325EE-6F5C-40BA-A2D0-BCFA5A2BA1F6}
[2011/12/15 18:31:50 | 001,974,616 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_42.dll
[2011/12/15 18:31:50 | 000,528,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAudio2_6.dll
[2011/12/15 18:31:50 | 000,074,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAPOFX1_4.dll
[2011/12/15 10:21:03 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\BIT.TRIP RUNNER
[2011/12/15 10:20:42 | 000,000,000 | ---D | C] -- D:\Program Files\OpenAL
[2011/12/15 10:20:40 | 000,000,000 | ---D | C] -- D:\Windows\System32\directx
[2011/12/15 07:29:00 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{51643631-E46C-482D-95DF-B1EF1F523436}
[2011/12/15 07:28:45 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{11E8EE0D-E0EB-4E40-8BA8-4089C276A338}
[2011/12/14 19:07:50 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{93AE6F5C-E026-442C-B555-76C05C06C581}
[2011/12/14 19:07:36 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{B6E3DA19-9C32-495A-A2B7-26FAB88B513E}
[2011/12/14 05:50:08 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{46C3C79E-B54A-4BB4-8D58-22F69E906F5C}
[2011/12/14 05:49:54 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{843D2918-B2D8-4B6F-B0D8-E4D254120A0A}
[2011/12/14 05:47:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb
[2011/12/14 05:47:17 | 001,798,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2011/12/14 05:47:17 | 000,716,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2011/12/14 05:47:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll
[2011/12/14 05:47:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2011/12/14 05:47:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2011/12/14 05:47:12 | 001,427,456 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2011/12/14 05:39:49 | 003,912,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntoskrnl.exe
[2011/12/14 05:39:48 | 003,967,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntkrnlpa.exe
[2011/12/14 05:39:42 | 000,038,912 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\csrsrv.dll
[2011/12/14 05:39:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tzres.dll
[2011/12/14 05:38:53 | 002,342,912 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\win32k.sys
[2011/12/14 05:38:51 | 000,534,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\EncDec.dll
[2011/12/13 18:16:49 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Roaming\Nicalis
[2011/12/13 17:49:23 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{7DA3FA2C-6682-4CD4-B21C-DBE567C896C0}
[2011/12/13 17:49:11 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{A9F60859-2909-4CEB-87A2-CA39F5D45235}
[2011/12/13 05:48:40 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{D7D14D3B-A9F1-42B7-AEDD-A0A617F087FC}
[2011/12/13 05:48:27 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{924745E3-E092-41F5-8711-3B0254683755}
[2011/12/12 17:47:58 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{E4944595-14B9-48BC-A9CA-3A731524C2F6}
[2011/12/12 17:47:47 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{0825F1C0-56E0-4AC7-8D25-C95CEA81435D}
[2011/12/12 05:01:32 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{21EB6B7C-4E47-4FE3-AF2A-253F797B499E}
[2011/12/12 05:01:20 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{AC035030-27B8-4505-AE96-0566E731B166}
[2011/12/11 17:00:52 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{5475B409-A69F-4C0B-96BE-794790FB0C98}
[2011/12/11 17:00:40 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{FE0A422C-237D-4F16-8116-D281B5ABFC5D}
[2011/12/11 03:34:41 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{B614988F-1082-4EB4-B72E-257CA93158B1}
[2011/12/11 03:34:25 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{F8F48DA0-20F7-4AB6-ACBD-0E0F0A90350D}
[2011/12/10 08:47:28 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{AF92EEFF-0D54-413A-9394-F13F9AF8F691}
[2011/12/10 08:47:12 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{E6E8CFC1-11CC-4302-A65C-14F59F5E21E8}
[2011/12/09 19:06:21 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{CA0C595B-DC9A-4784-9ED2-248F2CA31BC1}
[2011/12/09 19:06:09 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{310DC244-D4C5-42AE-BED4-189081E0C4C1}
[2011/12/09 03:24:36 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{53858B48-540A-4CD1-9843-8E4DD085DF38}
[2011/12/09 03:24:18 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{57DF3087-1F3C-4E5C-A75F-FC12AACEF1B5}
[2011/12/08 14:50:41 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{C9D3B3FA-6400-47BE-932A-E21C76BE4B83}
[2011/12/08 14:50:26 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{F42709AD-8233-4777-8E6A-FD5033560F0D}
[2011/12/08 02:50:12 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{8BB2F21E-6E3B-4811-9F81-6370D63AB9A3}
[2011/12/08 02:50:00 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{DA33F845-BD1C-4A1C-B72A-DC8FB5050C4A}
[2011/12/07 07:09:58 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{7EFFD364-771F-4B8A-B7E7-A23F70D0C5CF}
[2011/12/07 07:09:42 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{5280DCE5-0127-4D4F-9D7E-538C0726284C}
[2011/12/06 19:09:20 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{F17D9644-1243-4D15-AC78-26378E4359CE}
[2011/12/06 19:09:03 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{C7CC0663-3BFD-4F97-9CA4-5A2159E48971}
[2011/12/06 07:08:43 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{11859002-2603-461E-855E-D7253BC878B9}
[2011/12/06 07:08:30 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{366F0933-2700-41F3-95FA-68BFDAB27590}
[2011/12/05 19:00:47 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{4197B00C-E09D-4778-AB73-60DD15C072AD}
[2011/12/05 19:00:35 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{148FEB33-956B-45C8-89FD-31D5CDA6815E}
[2011/12/05 04:52:33 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{E97A037B-5629-4CDE-91B0-114EFDBF9A34}
[2011/12/05 04:52:21 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{28C65178-28B2-4F2A-9BF4-329A47E96060}
[2011/12/04 16:51:44 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{518D9D90-2D48-4FCC-BB2F-6B8CF1100873}
[2011/12/04 16:51:26 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{83015F9C-9CDA-46E0-885F-96B8E3A48DB3}
[2011/12/04 03:19:43 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{50D48658-AC30-49AA-9F3A-482A72D00521}
[2011/12/04 03:19:30 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{8AD0DBC8-B8DF-46BC-A245-9CE740F27CD5}
[2011/12/03 07:27:44 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{DDD5C263-4AAE-4D10-B8FA-E008AAFB2DD0}
[2011/12/03 07:27:26 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{4E8E9DAD-E65C-4FB2-AC2F-9D36606C5EED}
[2011/12/02 07:55:09 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{BA332EAD-151A-428B-B229-DE8ACC367DF8}
[2011/12/02 07:54:38 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{DC79F90D-0D47-40FB-B360-7518337C7F9F}
[2011/12/01 17:42:02 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{5267DFA1-DC71-4449-A584-26543DD445B1}
[2011/12/01 17:41:47 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{B3F2E9CA-7ABF-4744-95A0-EB6EE9E69E12}
[2011/12/01 03:51:26 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{EBC56919-E2FE-4466-AD67-ECAE3DD3E54C}
[2011/12/01 03:50:53 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{D30BB0F8-A029-41C4-AA5E-EE9A7D4E3F00}
[2011/11/30 07:47:19 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{E0F1F83C-A962-4594-821C-E1D3DBC11B84}
[2011/11/30 07:47:07 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{756E8175-A0AC-4FCC-8A41-6FB06E0C8215}
[2011/11/29 19:46:34 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{7658A37D-1992-4C1B-821A-2C8FF298E087}
[2011/11/29 19:46:21 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{895155CF-9466-4B75-B3C5-2046C9E7E2C9}
[2011/11/29 07:46:03 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{ADD342C4-CE91-46E4-9D58-22D18C7FB898}
[2011/11/29 07:45:52 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{721CEC5C-23CF-46AB-B09F-5D397AE18C1D}
[2011/11/28 17:33:33 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{B494823A-8A03-44BD-AC71-3EAC2E5BE892}
[2011/11/28 17:33:21 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{6F07B8D3-D42E-4460-A750-7061A85ABCD5}
[2011/11/28 05:32:51 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{847D45CB-E974-4DF5-B9BE-62FC0090D6EE}
[2011/11/28 05:32:39 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{0F744427-8A01-4FD2-9AB9-4543CCCCD683}
[2011/11/27 17:32:09 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{6E1FA911-BF7B-4C79-9996-613DB49DDED4}
[2011/11/27 17:31:56 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{726FEE5F-965E-4138-98C9-ADA078833AA5}
[2011/11/26 16:47:48 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{3EDED7F1-4E96-40F4-8908-5CB301D16333}
[2011/11/26 16:47:35 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{4062B435-42A2-4C2C-A60F-13BD7F44463E}
[2011/11/26 04:47:12 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{A5B00411-2B4C-48CF-ACF9-0719A7EA4AD8}
[2011/11/26 04:46:46 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{84577B8A-FA8D-4A19-92B6-8571FBEDAD9B}
[2011/11/25 10:06:06 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{988594A4-DCBA-4EE0-847B-1AC6D654ECD2}
[2011/11/25 10:05:53 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{1BBFFE03-1A1B-4D39-8A27-5DD13BDFC731}
[2011/11/24 18:29:26 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{2C5F5EB4-AB87-4A7C-8128-BBC861D07F9C}
[2011/11/24 18:29:14 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{FB2B6471-D584-4554-9253-CC9A446CDA89}
[2011/11/24 02:44:26 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{C01B22C5-1E9E-4D86-8D47-9A528D99C6F3}
[2011/11/24 02:44:12 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{1F08A376-2566-43DE-81A5-52FE4C0C4316}
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
 

Attachments

  • Screen.JPG
    Screen.JPG
    76 KB · Views: 2
========== Files - Modified Within 30 Days ==========

[2011/12/23 08:11:13 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2011/12/22 22:53:19 | 000,013,792 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 22:53:19 | 000,013,792 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 22:45:13 | 000,000,876 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/22 22:45:11 | 000,000,438 | ---- | M] () -- D:\Windows\tasks\IsposureAgent.job
[2011/12/22 22:35:11 | 1603,072,000 | -HS- | M] () -- D:\hiberfil.sys
[2011/12/22 22:22:02 | 001,932,256 | ---- | M] (Symantec Corporation) -- D:\Users\Ben\Desktop\FixTDSS.exe
[2011/12/22 08:16:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Users\Ben\Desktop\OTL.exe
[2011/12/21 22:09:45 | 004,347,226 | R--- | M] (Swearware) -- D:\Users\Ben\Desktop\ComboFix.exe
[2011/12/21 03:51:44 | 000,080,474 | ---- | M] () -- D:\Users\Ben\Desktop\Logs 2.rtf
[2011/12/21 02:55:51 | 000,000,512 | ---- | M] () -- D:\Users\Ben\Desktop\MBR.dat
[2011/12/21 02:11:38 | 001,916,416 | ---- | M] (AVAST Software) -- D:\Users\Ben\Desktop\aswMBR.exe
[2011/12/20 15:07:20 | 000,181,089 | ---- | M] () -- D:\Users\Ben\Desktop\Logs.rtf
[2011/12/20 14:27:31 | 000,607,260 | R--- | M] (Swearware) -- D:\Users\Ben\Desktop\dds.scr
[2011/12/20 13:17:44 | 000,001,994 | ---- | M] () -- D:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/20 13:17:44 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/12/20 13:17:33 | 000,002,577 | ---- | M] () -- D:\Windows\System32\config.nt
[2011/12/20 13:05:34 | 000,302,592 | ---- | M] () -- D:\Users\Ben\Desktop\i33ofei6.exe
[2011/12/20 12:48:00 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/20 12:41:38 | 000,201,637 | ---- | M] () -- D:\Users\Ben\AppData\Local\census.cache
[2011/12/20 12:40:10 | 000,114,345 | ---- | M] () -- D:\Users\Ben\AppData\Local\ars.cache
[2011/12/18 07:22:58 | 000,000,848 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-526593293-1210194780-548715179-1001Core.job
[2011/12/18 07:13:25 | 000,000,900 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-526593293-1210194780-548715179-1001UA.job
[2011/12/18 07:13:25 | 000,000,880 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/15 10:20:42 | 000,444,952 | ---- | M] (Creative Labs) -- D:\Windows\System32\wrap_oal.dll
[2011/12/15 10:20:42 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- D:\Windows\System32\OpenAL32.dll
[2011/12/14 07:08:23 | 000,458,704 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2011/12/13 17:16:18 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/12/08 08:51:29 | 000,010,752 | ---- | M] () -- D:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- D:\Windows\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- D:\Windows\System32\aswBoot.exe
[2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- D:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- D:\Windows\System32\drivers\aswSP.sys
[2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- D:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- D:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- D:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- D:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/25 10:16:10 | 000,624,646 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2011/11/25 10:16:10 | 000,109,636 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2011/11/23 23:25:27 | 002,342,912 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\win32k.sys
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/21 03:19:47 | 000,256,000 | ---- | C] () -- D:\Windows\PEV.exe
[2011/12/21 03:19:47 | 000,208,896 | ---- | C] () -- D:\Windows\MBR.exe
[2011/12/21 03:19:47 | 000,098,816 | ---- | C] () -- D:\Windows\sed.exe
[2011/12/21 03:19:47 | 000,080,412 | ---- | C] () -- D:\Windows\grep.exe
[2011/12/21 03:19:47 | 000,068,096 | ---- | C] () -- D:\Windows\zip.exe
[2011/12/21 02:57:07 | 000,080,474 | ---- | C] () -- D:\Users\Ben\Desktop\Logs 2.rtf
[2011/12/21 02:55:51 | 000,000,512 | ---- | C] () -- D:\Users\Ben\Desktop\MBR.dat
[2011/12/20 13:17:44 | 000,001,994 | ---- | C] () -- D:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/20 13:16:13 | 000,181,089 | ---- | C] () -- D:\Users\Ben\Desktop\Logs.rtf
[2011/12/20 13:05:43 | 000,302,592 | ---- | C] () -- D:\Users\Ben\Desktop\i33ofei6.exe
[2011/12/20 12:41:38 | 000,201,637 | ---- | C] () -- D:\Users\Ben\AppData\Local\census.cache
[2011/12/20 12:40:10 | 000,114,345 | ---- | C] () -- D:\Users\Ben\AppData\Local\ars.cache
[2011/10/15 13:31:11 | 000,087,552 | ---- | C] () -- D:\Windows\System32\cpwmon2k.dll
[2011/08/03 13:18:19 | 000,094,208 | ---- | C] () -- D:\Windows\System32\zmbv.dll
[2011/06/08 01:17:15 | 000,252,928 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll
[2011/06/08 01:16:06 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2011/04/27 03:12:30 | 000,004,096 | -H-- | C] () -- D:\Users\Ben\AppData\Local\keyfile3.drm
[2011/04/19 12:55:24 | 000,000,296 | ---- | C] () -- D:\Windows\{FC0C329F-2851-4859-A2EC-4DCF4874E5D6}_WiseFW.ini
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- D:\Windows\System32\xlive.dll.cat
[2011/04/06 07:14:51 | 000,000,036 | ---- | C] () -- D:\Users\Ben\AppData\Local\housecall.guid.cache
[2011/03/30 09:53:12 | 000,296,160 | ---- | C] () -- D:\Windows\System32\drivers\ExpanDrive.sys
[2011/03/14 14:31:17 | 000,647,335 | ---- | C] () -- D:\Windows\System32\BlockifyService.exe
[2010/10/01 05:49:50 | 000,010,752 | ---- | C] () -- D:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/27 14:40:40 | 000,004,096 | ---- | C] () -- D:\Windows\d3dx.dat
[2010/03/06 14:08:18 | 000,000,028 | ---- | C] () -- D:\Windows\ODBC.INI
[2010/01/07 11:03:37 | 000,000,080 | ---- | C] () -- D:\Users\Ben\AppData\Roaming\tintsnft.sys
[2009/12/27 19:30:19 | 000,000,008 | ---- | C] () -- D:\Windows\System32\drivers\RtkHDAud.dat
[2009/12/19 09:11:34 | 000,178,176 | ---- | C] () -- D:\Windows\System32\unrar.dll
[2009/12/02 05:24:47 | 000,007,600 | ---- | C] () -- D:\Users\Ben\AppData\Local\Resmon.ResmonCfg
[2009/11/20 19:36:51 | 000,047,104 | ---- | C] () -- D:\Windows\System32\KMVIDC32.DLL
[2009/11/19 18:46:26 | 000,000,000 | ---- | C] () -- D:\Users\Ben\AppData\Local\Temptable.xml
[2009/11/18 04:01:58 | 000,000,000 | ---- | C] () -- D:\Windows\eDrawingOfficeAutomator.INI
[2009/11/17 19:36:18 | 000,000,056 | -H-- | C] () -- D:\Windows\System32\ezsidmv.dat
[2009/09/11 11:58:52 | 002,050,952 | ---- | C] () -- D:\Windows\System32\igkrng400.bin
[2009/08/03 10:07:42 | 000,403,816 | ---- | C] () -- D:\Windows\System32\OGACheckControl.dll
[2009/08/03 10:07:42 | 000,230,768 | ---- | C] () -- D:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,458,704 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,624,646 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,109,636 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- D:\Windows\System32\WdfCoInstaller01000.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- D:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/05/09 15:28:27 | 000,000,000 | ---D | M] -- D:\ProgramData\2DBoy
[2010/12/15 13:18:49 | 000,000,000 | ---D | M] -- D:\ProgramData\Ableton
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2011/12/20 13:17:14 | 000,000,000 | ---D | M] -- D:\ProgramData\AVAST Software
[2011/07/17 15:36:41 | 000,000,000 | ---D | M] -- D:\ProgramData\Camel Audio
[2009/11/19 03:38:07 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonBJ
[2011/12/20 12:46:59 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2011/12/22 22:45:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Epitiro
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/12/20 10:20:17 | 000,000,000 | ---D | M] -- D:\ProgramData\fC21800EiCoN21800
[2009/12/30 17:34:19 | 000,000,000 | ---D | M] -- D:\ProgramData\Innovative Solutions
[2011/04/06 16:19:46 | 000,000,000 | ---D | M] -- D:\ProgramData\Installations
[2011/07/27 16:12:15 | 000,000,000 | ---D | M] -- D:\ProgramData\IsolatedStorage
[2009/11/17 19:40:43 | 000,000,000 | ---D | M] -- D:\ProgramData\Last.fm
[2011/12/20 13:06:05 | 000,000,000 | ---D | M] -- D:\ProgramData\MFAData
[2010/06/23 04:47:48 | 000,000,000 | ---D | M] -- D:\ProgramData\Napster
[2009/11/17 19:47:29 | 000,000,000 | ---D | M] -- D:\ProgramData\NCH Swift Sound
[2011/04/06 15:57:14 | 000,000,000 | ---D | M] -- D:\ProgramData\Nokia
[2011/04/06 15:45:49 | 000,000,000 | ---D | M] -- D:\ProgramData\NokiaInstallerCache
[2009/11/24 16:07:28 | 000,000,000 | ---D | M] -- D:\ProgramData\NokiaMusic
[2009/12/01 14:53:21 | 000,000,000 | ---D | M] -- D:\ProgramData\PC Suite
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/08/06 05:00:08 | 000,000,000 | ---D | M] -- D:\ProgramData\Trusteer
[2011/10/12 11:00:50 | 000,000,000 | ---D | M] -- D:\ProgramData\Western Digital
[2010/07/15 04:33:28 | 000,000,000 | ---D | M] -- D:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/16 08:10:00 | 000,000,000 | ---D | M] -- D:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/12/22 22:45:11 | 000,000,438 | ---- | M] () -- D:\Windows\Tasks\IsposureAgent.job
[2011/12/21 03:26:51 | 000,032,608 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
 
Unfortunately I don't see anything malicious there so if this issue is not caused by some hardware problem I'd assume Windows installation got corrupted.

I suggest you back up your data and you reinstall Windows.
 
Is there any way I can try to fix this from inside REATOGO-X-PE? How about MBRFix?

Is there anyone else on this forum who may be able to help me with this problem or identify and fix the corrupt files?

Do you know how to enable USB ports in REATOGO-X-PE so I can transfer my files?

If I could borrow an installation disc with the same version of Windows 7 (i.e. Professional) from someone then could I use that to repair the boot without reinstalling window?
 
I don't think we have any MBR problem there as the commands ran successfully.

All you can do using that CD is to backup your files.

At this point I really don't see any other option but to reinstall Windows.
 
Ok, thanks for the help anyway. Do you know how to activate my USB ports within reatogo? I can't seem to load them. I have tried using 'Enable Communication Ports (COM & LPT)' but that application froze.
 
Normally USB should work but...

Remember your previous issue when you couldn't get OTLPE to work while booting from USB flash drive?
Possibly something wrong with the port itself.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
796
uber_beetle
uber_beetle
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back