[Inactive] BSOD and Chrome redirecting

Broni · Dec 23, 2011

I'm about to go to bed so you don't have to hurry

If you can boot to that CD you can recover any files through it so let's see how it goes.

Flumple · Dec 23, 2011

Would really appreciate a reply here as I'm really quite distraught.

Broni · Dec 23, 2011

It's my bed time and you need to create the CD.
I'll check on you in the morning.

Flumple · Dec 23, 2011

Ok I have sucessfully booted into REATOGO-X-PE using the boot disc. I also have an internet connection via LAN.

1) See below for the log file from OTLPE

2) I can access all of my files through the explorer. Would it be wise to back them up to an external hard drive before going any further?

3) As you can see, there are other executables on the desktop such as MBRFix. Please advise as to whether I should use this.

4) When I first installed Windows 7, it was from a downloaded setup file as my University were giving away copies of the OS. I don't think that I still have a copy of this installation file, and I'm not sure that I can re-download it. If it comes that I have to reinstall Windows 7 I could do with some help.

Thanks so much for your patience, I really appreciate it.

OTL logfile created on: 12/23/2011 9:54:59 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 74.35 Mb Free Space | 74.35% Space Free | Partition Type: NTFS
Drive D: | 60.80 Gb Total Space | 9.36 Gb Free Space | 15.39% Space Free | Partition Type: NTFS
Drive E: | 47.64 Gb Total Space | 6.86 Gb Free Space | 14.41% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/07 16:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto] -- D:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/08/01 04:11:38 | 001,091,984 | ---- | M] (Western Digital ) [Disabled] -- D:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2011/08/01 04:11:36 | 001,592,208 | ---- | M] (Western Digital ) [Disabled] -- D:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV - [2011/08/01 04:11:32 | 000,263,056 | ---- | M] (WDC) [Disabled] -- D:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/31 15:12:19 | 000,815,104 | ---- | M] (Epitiro Ltd.) [Auto] -- D:\Program Files\Broadband Test Application\BroadbandTestApp.exe -- (bbtest_svc)
SRV - [2011/04/27 09:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 09:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/12/08 08:31:06 | 000,628,736 | ---- | M] (Nokia) [Disabled] -- D:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/05/24 14:13:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/18 03:56:41 | 000,079,360 | ---- | M] (SolidWorks) [Disabled] -- D:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/07/16 11:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled] -- D:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/29 06:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto] -- D:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/01/26 10:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2005/09/23 02:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System] -- -- (MpKslfc67b542)
DRV - File not found [Kernel | System] -- -- (MpKslef033d16)
DRV - File not found [Kernel | System] -- -- (MpKsled5d616f)
DRV - File not found [Kernel | System] -- -- (MpKsle7f82450)
DRV - File not found [Kernel | System] -- -- (MpKsle0966d4b)
DRV - File not found [Kernel | System] -- -- (MpKslcd24449b)
DRV - File not found [Kernel | System] -- -- (MpKslca68fed9)
DRV - File not found [Kernel | System] -- -- (MpKslc0de43cf)
DRV - File not found [Kernel | System] -- -- (MpKslb37c3aed)
DRV - File not found [Kernel | System] -- -- (MpKslad2aecf6)
DRV - File not found [Kernel | System] -- -- (MpKsla2f9d444)
DRV - File not found [Kernel | System] -- -- (MpKsl9a7a58ed)
DRV - File not found [Kernel | System] -- -- (MpKsl97a191b1)
DRV - File not found [Kernel | System] -- -- (MpKsl8ad51963)
DRV - File not found [Kernel | System] -- -- (MpKsl88aaaf86)
DRV - File not found [Kernel | System] -- -- (MpKsl85107fea)
DRV - File not found [Kernel | System] -- -- (MpKsl837763df)
DRV - File not found [Kernel | System] -- -- (MpKsl7ed798a4)
DRV - File not found [Kernel | System] -- -- (MpKsl7cda8f8b)
DRV - File not found [Kernel | System] -- -- (MpKsl73b312e8)
DRV - File not found [Kernel | System] -- -- (MpKsl6ed097b8)
DRV - File not found [Kernel | System] -- -- (MpKsl54313b3e)
DRV - File not found [Kernel | System] -- -- (MpKsl53b3ea4c)
DRV - File not found [Kernel | System] -- -- (MpKsl3d1dd100)
DRV - File not found [Kernel | System] -- -- (MpKsl38467449)
DRV - File not found [Kernel | System] -- -- (MpKsl33fe2233)
DRV - File not found [Kernel | System] -- -- (MpKsl27d5bf1a)
DRV - File not found [Kernel | System] -- -- (MpKsl26029bf4)
DRV - File not found [Kernel | System] -- -- (MpKsl19c41689)
DRV - File not found [Kernel | System] -- -- (MpKsl1680758b)
DRV - File not found [Kernel | System] -- -- (MpKsl0bd91f7b)
DRV - File not found [Kernel | System] -- -- (MpKsl04f51367)
DRV - File not found [Kernel | System] -- -- (MpKsl007aaa51)
DRV - File not found [Kernel | System] -- -- (DritekPortIO)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/12/22 22:36:55 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl9c48e07d.sys -- (MpKsl9c48e07d)
DRV - [2011/12/22 07:12:21 | 000,029,904 | ---- | M] () [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsled63dee5.sys -- (MpKsled63dee5)
DRV - [2011/12/22 06:59:18 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsld073d578.sys -- (MpKsld073d578)
DRV - [2011/12/22 02:57:58 | 000,029,904 | ---- | M] () [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl41129145.sys -- (MpKsl41129145)
DRV - [2011/12/22 01:14:07 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsle179b900.sys -- (MpKsle179b900)
DRV - [2011/12/21 22:23:32 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsla6392b7c.sys -- (MpKsla6392b7c)
DRV - [2011/12/21 15:49:32 | 000,029,904 | ---- | M] () [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl1f357395.sys -- (MpKsl1f357395)
DRV - [2011/12/21 10:02:15 | 000,029,904 | ---- | M] () [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl866aae3c.sys -- (MpKsl866aae3c)
DRV - [2011/12/21 09:51:08 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl61a736c7.sys -- (MpKsl61a736c7)
DRV - [2011/12/21 03:25:34 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl7fcfbf72.sys -- (MpKsl7fcfbf72)
DRV - [2011/12/20 19:22:13 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl0cc7ce2e.sys -- (MpKsl0cc7ce2e)
DRV - [2011/12/20 12:11:36 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKslead9003b.sys -- (MpKslead9003b)
DRV - [2011/12/20 12:07:52 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKslccd16cc5.sys -- (MpKslccd16cc5)
DRV - [2011/12/15 12:02:16 | 000,228,208 | ---- | M] () [Kernel | System] -- D:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System] -- D:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System] -- D:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System] -- D:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System] -- D:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/07 16:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- D:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 16:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- D:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 16:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot] -- D:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/08/07 08:27:04 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand] -- D:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/04/27 09:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 07:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/30 09:53:12 | 000,296,160 | ---- | M] () [File_System | System] -- D:\Windows\System32\drivers\ExpanDrive.sys -- (ExpanDrive)
DRV - [2011/02/16 10:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- D:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/12/07 09:39:30 | 000,158,600 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/30 08:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 08:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 08:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 08:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/07/26 06:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/07/26 06:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/04/07 13:42:24 | 006,630,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/10/02 09:14:42 | 000,042,248 | ---- | M] (M-Audio) [Kernel | On_Demand] -- D:\Windows\System32\drivers\MAudioConectiv_DFU.sys -- (MADFUCONECTIV)
DRV - [2009/10/02 09:14:38 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\MAudioConectiv.sys -- (MAUSBCONECTIV)
DRV - [2009/06/25 11:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 11:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/06/25 06:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/04/29 06:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/08/26 03:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/20 21:03:06 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- D:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2007/11/14 11:20:06 | 000,020,168 | ---- | M] (MIDIMAN) [Kernel | On_Demand] -- D:\Windows\System32\drivers\uks11ldr.sys -- (UKS11LDR)
DRV - [2007/11/14 11:20:04 | 000,031,752 | ---- | M] (M-Audio) [Kernel | On_Demand] -- D:\Windows\System32\drivers\MA_CMIDI.SYS -- (MA_CMIDI)
DRV - [2007/08/28 09:05:38 | 000,016,512 | ---- | M] (M-Audio) [Kernel | On_Demand] -- D:\Windows\System32\drivers\MADFU.sys -- (MADFU)
DRV - [2007/03/28 02:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2004/08/01 13:18:30 | 000,012,800 | ---- | M] (Beijing WiseGrup.,Ltd (gamepad.yeah.net)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Xpad.sys -- (XPAD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Ben_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\Ben_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\Ben_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 3E 7A 96 5B C0 CC 01 [binary data]
IE - HKU\Ben_ON_D\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\Ben_ON_D\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Ben_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Ben_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig"
FF - prefs.js..extension.gacela.network.proxy.autoconfig_url: ""
FF - prefs.js..extension.gacela.network.proxy.type: 5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.google.co.uk/search?btnI=I%27m+Feeling+Lucky&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: D:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: D:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: D:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Users\Ben\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Users\Ben\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/04/06 16:21:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 18:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 18:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 18:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 18:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 18:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 18:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 18:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 18:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 18:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 18:44:40 | 000,000,000 | ---D | M]

[2009/12/27 18:43:06 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Ben\AppData\Roaming\Mozilla\Extensions
[2009/12/27 18:43:06 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Ben\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2010/06/25 06:17:11 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\0n2l19cn.default\extensions
[2010/03/25 16:00:32 | 000,002,371 | ---- | M] () -- D:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\0n2l19cn.default\searchplugins\google-dictionary.xml
[2011/08/09 03:58:19 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2011/10/18 16:41:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/06/07 12:44:33 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/05 10:47:12 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 15:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/21 05:20:26 | 000,001,538 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/21 05:20:26 | 000,000,947 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/21 05:20:26 | 000,000,769 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/21 05:20:26 | 000,001,135 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LManager] D:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] D:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\RunOnce: [*Restore] D:\Windows\System32\rstrui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Ben_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Ben_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Ben_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/23 09:46:27 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2011/12/22 22:56:37 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{2680C0CF-EEBF-4940-BECC-F3B46416D84F}
[2011/12/22 22:56:19 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{C667637A-7710-4361-908F-CB3DE3276DB9}
[2011/12/22 22:22:03 | 001,932,256 | ---- | C] (Symantec Corporation) -- D:\Users\Ben\Desktop\FixTDSS.exe
[2011/12/22 20:47:04 | 000,000,000 | ---D | C] -- D:\Users\Ben\Desktop\bootkit_remover
[2011/12/22 08:17:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- D:\Users\Ben\Desktop\OTL.exe
[2011/12/22 00:28:22 | 000,000,000 | -HSD | C] -- D:\$RECYCLE.BIN
[2011/12/22 00:28:18 | 000,000,000 | ---D | C] -- D:\Windows\temp
[2011/12/22 00:28:18 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\temp
[2011/12/21 22:48:00 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Roaming\Help
[2011/12/21 03:19:47 | 000,518,144 | ---- | C] (SteelWerX) -- D:\Windows\SWREG.exe
[2011/12/21 03:19:47 | 000,406,528 | ---- | C] (SteelWerX) -- D:\Windows\SWSC.exe
[2011/12/21 03:19:47 | 000,060,416 | ---- | C] (NirSoft) -- D:\Windows\NIRCMD.exe
[2011/12/21 02:58:56 | 000,000,000 | ---D | C] -- D:\Windows\ERDNT
[2011/12/21 02:57:59 | 000,000,000 | ---D | C] -- D:\Qoobox
[2011/12/21 02:12:51 | 004,347,226 | R--- | C] (Swearware) -- D:\Users\Ben\Desktop\ComboFix.exe
[2011/12/21 02:11:40 | 001,916,416 | ---- | C] (AVAST Software) -- D:\Users\Ben\Desktop\aswMBR.exe
[2011/12/20 14:27:30 | 000,607,260 | R--- | C] (Swearware) -- D:\Users\Ben\Desktop\dds.scr
[2011/12/20 13:17:44 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/12/20 13:17:43 | 000,314,456 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswSP.sys
[2011/12/20 13:17:43 | 000,020,568 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswFsBlk.sys
[2011/12/20 13:17:38 | 000,034,392 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswRdr.sys
[2011/12/20 13:17:36 | 000,052,952 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswTdi.sys
[2011/12/20 13:17:34 | 000,435,032 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswSnx.sys
[2011/12/20 13:17:33 | 000,055,128 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswMonFlt.sys
[2011/12/20 13:17:21 | 000,199,816 | ---- | C] (AVAST Software) -- D:\Windows\System32\aswBoot.exe
[2011/12/20 13:17:21 | 000,041,184 | ---- | C] (AVAST Software) -- D:\Windows\avastSS.scr
[2011/12/20 13:17:14 | 000,000,000 | ---D | C] -- D:\ProgramData\AVAST Software
[2011/12/20 13:17:14 | 000,000,000 | ---D | C] -- D:\Program Files\AVAST Software
[2011/12/20 12:48:43 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Roaming\Malwarebytes
[2011/12/20 12:47:59 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/20 12:47:58 | 000,000,000 | ---D | C] -- D:\ProgramData\Malwarebytes
[2011/12/20 12:47:55 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbam.sys
[2011/12/20 12:47:54 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2011/12/20 12:46:59 | 000,000,000 | -H-D | C] -- D:\ProgramData\Common Files
[2011/12/20 12:35:52 | 000,000,000 | ---D | C] -- D:\ProgramData\MFAData
[2011/12/20 11:50:59 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\ElevatedDiagnostics
[2011/12/20 10:19:59 | 000,000,000 | ---D | C] -- D:\ProgramData\fC21800EiCoN21800
[2011/12/20 07:28:14 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{672CD27C-AF7A-4B2E-8233-6CC144871A9C}
[2011/12/20 07:27:49 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{C1075773-BDD6-4B63-82D1-7EDBA18D5324}
[2011/12/19 18:54:37 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{FAAC8CA4-7962-414D-9453-4F0AAA473DFA}
[2011/12/19 18:54:25 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{75FD431F-D8FA-4B81-AC3E-2D3D6385D308}
[2011/12/19 06:32:50 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{B6A5A649-58F7-4ADD-B644-4A1FA6439EC9}
[2011/12/19 06:32:29 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{E3E99457-A35C-47AA-BD2D-77C83FC1C759}
[2011/12/18 11:42:28 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{5379847D-F775-410B-9DAE-B35BD1F027D2}
[2011/12/18 11:42:17 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{2AC9097A-3443-4F55-BAB4-068AE965CD76}
[2011/12/17 20:47:37 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{3C025360-8BE8-48A8-B75B-CC90D6F5E914}
[2011/12/17 20:47:23 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{A5CE6AFB-707E-4E0B-BFF4-A1FC65A3776C}
[2011/12/17 08:32:27 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{D0BCDCFC-5A00-4EE4-B6DB-7AC140C4C477}
[2011/12/17 08:32:16 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{A8D4EEFC-E20F-4908-98CE-6C0FE53522D8}
[2011/12/17 06:10:10 | 002,106,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_43.dll
[2011/12/17 06:10:09 | 001,998,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DX9_43.dll
[2011/12/17 06:10:05 | 000,062,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xinput1_2.dll
[2011/12/16 20:04:31 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{3D943811-8AF0-45E9-8CE9-31545ED6DDE8}
[2011/12/16 20:04:14 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{F59D4F2B-E525-45B6-88D6-FEBBBD06F76C}
[2011/12/16 03:54:46 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{5D9CCA52-9764-48E8-9672-1D9397358BAD}
[2011/12/16 03:54:22 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{D4D325EE-6F5C-40BA-A2D0-BCFA5A2BA1F6}
[2011/12/15 18:31:50 | 001,974,616 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_42.dll
[2011/12/15 18:31:50 | 000,528,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAudio2_6.dll
[2011/12/15 18:31:50 | 000,074,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAPOFX1_4.dll
[2011/12/15 10:21:03 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\BIT.TRIP RUNNER
[2011/12/15 10:20:42 | 000,000,000 | ---D | C] -- D:\Program Files\OpenAL
[2011/12/15 10:20:40 | 000,000,000 | ---D | C] -- D:\Windows\System32\directx
[2011/12/15 07:29:00 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{51643631-E46C-482D-95DF-B1EF1F523436}
[2011/12/15 07:28:45 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{11E8EE0D-E0EB-4E40-8BA8-4089C276A338}
[2011/12/14 19:07:50 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{93AE6F5C-E026-442C-B555-76C05C06C581}
[2011/12/14 19:07:36 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{B6E3DA19-9C32-495A-A2B7-26FAB88B513E}
[2011/12/14 05:50:08 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{46C3C79E-B54A-4BB4-8D58-22F69E906F5C}
[2011/12/14 05:49:54 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{843D2918-B2D8-4B6F-B0D8-E4D254120A0A}
[2011/12/14 05:47:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb
[2011/12/14 05:47:17 | 001,798,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2011/12/14 05:47:17 | 000,716,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2011/12/14 05:47:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll
[2011/12/14 05:47:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2011/12/14 05:47:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2011/12/14 05:47:12 | 001,427,456 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2011/12/14 05:39:49 | 003,912,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntoskrnl.exe
[2011/12/14 05:39:48 | 003,967,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntkrnlpa.exe
[2011/12/14 05:39:42 | 000,038,912 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\csrsrv.dll
[2011/12/14 05:39:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tzres.dll
[2011/12/14 05:38:53 | 002,342,912 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\win32k.sys
[2011/12/14 05:38:51 | 000,534,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\EncDec.dll
[2011/12/13 18:16:49 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Roaming\Nicalis
[2011/12/13 17:49:23 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{7DA3FA2C-6682-4CD4-B21C-DBE567C896C0}
[2011/12/13 17:49:11 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{A9F60859-2909-4CEB-87A2-CA39F5D45235}
[2011/12/13 05:48:40 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{D7D14D3B-A9F1-42B7-AEDD-A0A617F087FC}
[2011/12/13 05:48:27 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{924745E3-E092-41F5-8711-3B0254683755}
[2011/12/12 17:47:58 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{E4944595-14B9-48BC-A9CA-3A731524C2F6}
[2011/12/12 17:47:47 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{0825F1C0-56E0-4AC7-8D25-C95CEA81435D}
[2011/12/12 05:01:32 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{21EB6B7C-4E47-4FE3-AF2A-253F797B499E}
[2011/12/12 05:01:20 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{AC035030-27B8-4505-AE96-0566E731B166}
[2011/12/11 17:00:52 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{5475B409-A69F-4C0B-96BE-794790FB0C98}
[2011/12/11 17:00:40 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{FE0A422C-237D-4F16-8116-D281B5ABFC5D}
[2011/12/11 03:34:41 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{B614988F-1082-4EB4-B72E-257CA93158B1}
[2011/12/11 03:34:25 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{F8F48DA0-20F7-4AB6-ACBD-0E0F0A90350D}
[2011/12/10 08:47:28 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{AF92EEFF-0D54-413A-9394-F13F9AF8F691}
[2011/12/10 08:47:12 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{E6E8CFC1-11CC-4302-A65C-14F59F5E21E8}
[2011/12/09 19:06:21 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{CA0C595B-DC9A-4784-9ED2-248F2CA31BC1}
[2011/12/09 19:06:09 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{310DC244-D4C5-42AE-BED4-189081E0C4C1}
[2011/12/09 03:24:36 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{53858B48-540A-4CD1-9843-8E4DD085DF38}
[2011/12/09 03:24:18 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{57DF3087-1F3C-4E5C-A75F-FC12AACEF1B5}
[2011/12/08 14:50:41 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{C9D3B3FA-6400-47BE-932A-E21C76BE4B83}
[2011/12/08 14:50:26 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{F42709AD-8233-4777-8E6A-FD5033560F0D}
[2011/12/08 02:50:12 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{8BB2F21E-6E3B-4811-9F81-6370D63AB9A3}
[2011/12/08 02:50:00 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{DA33F845-BD1C-4A1C-B72A-DC8FB5050C4A}
[2011/12/07 07:09:58 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{7EFFD364-771F-4B8A-B7E7-A23F70D0C5CF}
[2011/12/07 07:09:42 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{5280DCE5-0127-4D4F-9D7E-538C0726284C}
[2011/12/06 19:09:20 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{F17D9644-1243-4D15-AC78-26378E4359CE}
[2011/12/06 19:09:03 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{C7CC0663-3BFD-4F97-9CA4-5A2159E48971}
[2011/12/06 07:08:43 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{11859002-2603-461E-855E-D7253BC878B9}
[2011/12/06 07:08:30 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{366F0933-2700-41F3-95FA-68BFDAB27590}
[2011/12/05 19:00:47 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{4197B00C-E09D-4778-AB73-60DD15C072AD}
[2011/12/05 19:00:35 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{148FEB33-956B-45C8-89FD-31D5CDA6815E}
[2011/12/05 04:52:33 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{E97A037B-5629-4CDE-91B0-114EFDBF9A34}
[2011/12/05 04:52:21 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{28C65178-28B2-4F2A-9BF4-329A47E96060}
[2011/12/04 16:51:44 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{518D9D90-2D48-4FCC-BB2F-6B8CF1100873}
[2011/12/04 16:51:26 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{83015F9C-9CDA-46E0-885F-96B8E3A48DB3}
[2011/12/04 03:19:43 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{50D48658-AC30-49AA-9F3A-482A72D00521}
[2011/12/04 03:19:30 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{8AD0DBC8-B8DF-46BC-A245-9CE740F27CD5}
[2011/12/03 07:27:44 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{DDD5C263-4AAE-4D10-B8FA-E008AAFB2DD0}
[2011/12/03 07:27:26 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{4E8E9DAD-E65C-4FB2-AC2F-9D36606C5EED}
[2011/12/02 07:55:09 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{BA332EAD-151A-428B-B229-DE8ACC367DF8}
[2011/12/02 07:54:38 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{DC79F90D-0D47-40FB-B360-7518337C7F9F}
[2011/12/01 17:42:02 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{5267DFA1-DC71-4449-A584-26543DD445B1}
[2011/12/01 17:41:47 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{B3F2E9CA-7ABF-4744-95A0-EB6EE9E69E12}
[2011/12/01 03:51:26 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{EBC56919-E2FE-4466-AD67-ECAE3DD3E54C}
[2011/12/01 03:50:53 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{D30BB0F8-A029-41C4-AA5E-EE9A7D4E3F00}
[2011/11/30 07:47:19 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{E0F1F83C-A962-4594-821C-E1D3DBC11B84}
[2011/11/30 07:47:07 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{756E8175-A0AC-4FCC-8A41-6FB06E0C8215}
[2011/11/29 19:46:34 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{7658A37D-1992-4C1B-821A-2C8FF298E087}
[2011/11/29 19:46:21 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{895155CF-9466-4B75-B3C5-2046C9E7E2C9}
[2011/11/29 07:46:03 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{ADD342C4-CE91-46E4-9D58-22D18C7FB898}
[2011/11/29 07:45:52 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{721CEC5C-23CF-46AB-B09F-5D397AE18C1D}
[2011/11/28 17:33:33 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{B494823A-8A03-44BD-AC71-3EAC2E5BE892}
[2011/11/28 17:33:21 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{6F07B8D3-D42E-4460-A750-7061A85ABCD5}
[2011/11/28 05:32:51 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{847D45CB-E974-4DF5-B9BE-62FC0090D6EE}
[2011/11/28 05:32:39 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{0F744427-8A01-4FD2-9AB9-4543CCCCD683}
[2011/11/27 17:32:09 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{6E1FA911-BF7B-4C79-9996-613DB49DDED4}
[2011/11/27 17:31:56 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{726FEE5F-965E-4138-98C9-ADA078833AA5}
[2011/11/26 16:47:48 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{3EDED7F1-4E96-40F4-8908-5CB301D16333}
[2011/11/26 16:47:35 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{4062B435-42A2-4C2C-A60F-13BD7F44463E}
[2011/11/26 04:47:12 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{A5B00411-2B4C-48CF-ACF9-0719A7EA4AD8}
[2011/11/26 04:46:46 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{84577B8A-FA8D-4A19-92B6-8571FBEDAD9B}
[2011/11/25 10:06:06 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{988594A4-DCBA-4EE0-847B-1AC6D654ECD2}
[2011/11/25 10:05:53 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{1BBFFE03-1A1B-4D39-8A27-5DD13BDFC731}
[2011/11/24 18:29:26 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{2C5F5EB4-AB87-4A7C-8128-BBC861D07F9C}
[2011/11/24 18:29:14 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{FB2B6471-D584-4554-9253-CC9A446CDA89}
[2011/11/24 02:44:26 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{C01B22C5-1E9E-4D86-8D47-9A528D99C6F3}
[2011/11/24 02:44:12 | 000,000,000 | ---D | C] -- D:\Users\Ben\AppData\Local\{1F08A376-2566-43DE-81A5-52FE4C0C4316}
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]

Flumple · Dec 23, 2011

========== Files - Modified Within 30 Days ==========

[2011/12/23 08:11:13 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2011/12/22 22:53:19 | 000,013,792 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 22:53:19 | 000,013,792 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 22:45:13 | 000,000,876 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/22 22:45:11 | 000,000,438 | ---- | M] () -- D:\Windows\tasks\IsposureAgent.job
[2011/12/22 22:35:11 | 1603,072,000 | -HS- | M] () -- D:\hiberfil.sys
[2011/12/22 22:22:02 | 001,932,256 | ---- | M] (Symantec Corporation) -- D:\Users\Ben\Desktop\FixTDSS.exe
[2011/12/22 08:16:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Users\Ben\Desktop\OTL.exe
[2011/12/21 22:09:45 | 004,347,226 | R--- | M] (Swearware) -- D:\Users\Ben\Desktop\ComboFix.exe
[2011/12/21 03:51:44 | 000,080,474 | ---- | M] () -- D:\Users\Ben\Desktop\Logs 2.rtf
[2011/12/21 02:55:51 | 000,000,512 | ---- | M] () -- D:\Users\Ben\Desktop\MBR.dat
[2011/12/21 02:11:38 | 001,916,416 | ---- | M] (AVAST Software) -- D:\Users\Ben\Desktop\aswMBR.exe
[2011/12/20 15:07:20 | 000,181,089 | ---- | M] () -- D:\Users\Ben\Desktop\Logs.rtf
[2011/12/20 14:27:31 | 000,607,260 | R--- | M] (Swearware) -- D:\Users\Ben\Desktop\dds.scr
[2011/12/20 13:17:44 | 000,001,994 | ---- | M] () -- D:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/20 13:17:44 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/12/20 13:17:33 | 000,002,577 | ---- | M] () -- D:\Windows\System32\config.nt
[2011/12/20 13:05:34 | 000,302,592 | ---- | M] () -- D:\Users\Ben\Desktop\i33ofei6.exe
[2011/12/20 12:48:00 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/20 12:41:38 | 000,201,637 | ---- | M] () -- D:\Users\Ben\AppData\Local\census.cache
[2011/12/20 12:40:10 | 000,114,345 | ---- | M] () -- D:\Users\Ben\AppData\Local\ars.cache
[2011/12/18 07:22:58 | 000,000,848 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-526593293-1210194780-548715179-1001Core.job
[2011/12/18 07:13:25 | 000,000,900 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-526593293-1210194780-548715179-1001UA.job
[2011/12/18 07:13:25 | 000,000,880 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/15 10:20:42 | 000,444,952 | ---- | M] (Creative Labs) -- D:\Windows\System32\wrap_oal.dll
[2011/12/15 10:20:42 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- D:\Windows\System32\OpenAL32.dll
[2011/12/14 07:08:23 | 000,458,704 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2011/12/13 17:16:18 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/12/08 08:51:29 | 000,010,752 | ---- | M] () -- D:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- D:\Windows\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- D:\Windows\System32\aswBoot.exe
[2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- D:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- D:\Windows\System32\drivers\aswSP.sys
[2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- D:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- D:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- D:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- D:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/25 10:16:10 | 000,624,646 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2011/11/25 10:16:10 | 000,109,636 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2011/11/23 23:25:27 | 002,342,912 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\win32k.sys
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/21 03:19:47 | 000,256,000 | ---- | C] () -- D:\Windows\PEV.exe
[2011/12/21 03:19:47 | 000,208,896 | ---- | C] () -- D:\Windows\MBR.exe
[2011/12/21 03:19:47 | 000,098,816 | ---- | C] () -- D:\Windows\sed.exe
[2011/12/21 03:19:47 | 000,080,412 | ---- | C] () -- D:\Windows\grep.exe
[2011/12/21 03:19:47 | 000,068,096 | ---- | C] () -- D:\Windows\zip.exe
[2011/12/21 02:57:07 | 000,080,474 | ---- | C] () -- D:\Users\Ben\Desktop\Logs 2.rtf
[2011/12/21 02:55:51 | 000,000,512 | ---- | C] () -- D:\Users\Ben\Desktop\MBR.dat
[2011/12/20 13:17:44 | 000,001,994 | ---- | C] () -- D:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/20 13:16:13 | 000,181,089 | ---- | C] () -- D:\Users\Ben\Desktop\Logs.rtf
[2011/12/20 13:05:43 | 000,302,592 | ---- | C] () -- D:\Users\Ben\Desktop\i33ofei6.exe
[2011/12/20 12:41:38 | 000,201,637 | ---- | C] () -- D:\Users\Ben\AppData\Local\census.cache
[2011/12/20 12:40:10 | 000,114,345 | ---- | C] () -- D:\Users\Ben\AppData\Local\ars.cache
[2011/10/15 13:31:11 | 000,087,552 | ---- | C] () -- D:\Windows\System32\cpwmon2k.dll
[2011/08/03 13:18:19 | 000,094,208 | ---- | C] () -- D:\Windows\System32\zmbv.dll
[2011/06/08 01:17:15 | 000,252,928 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll
[2011/06/08 01:16:06 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2011/04/27 03:12:30 | 000,004,096 | -H-- | C] () -- D:\Users\Ben\AppData\Local\keyfile3.drm
[2011/04/19 12:55:24 | 000,000,296 | ---- | C] () -- D:\Windows\{FC0C329F-2851-4859-A2EC-4DCF4874E5D6}_WiseFW.ini
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- D:\Windows\System32\xlive.dll.cat
[2011/04/06 07:14:51 | 000,000,036 | ---- | C] () -- D:\Users\Ben\AppData\Local\housecall.guid.cache
[2011/03/30 09:53:12 | 000,296,160 | ---- | C] () -- D:\Windows\System32\drivers\ExpanDrive.sys
[2011/03/14 14:31:17 | 000,647,335 | ---- | C] () -- D:\Windows\System32\BlockifyService.exe
[2010/10/01 05:49:50 | 000,010,752 | ---- | C] () -- D:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/27 14:40:40 | 000,004,096 | ---- | C] () -- D:\Windows\d3dx.dat
[2010/03/06 14:08:18 | 000,000,028 | ---- | C] () -- D:\Windows\ODBC.INI
[2010/01/07 11:03:37 | 000,000,080 | ---- | C] () -- D:\Users\Ben\AppData\Roaming\tintsnft.sys
[2009/12/27 19:30:19 | 000,000,008 | ---- | C] () -- D:\Windows\System32\drivers\RtkHDAud.dat
[2009/12/19 09:11:34 | 000,178,176 | ---- | C] () -- D:\Windows\System32\unrar.dll
[2009/12/02 05:24:47 | 000,007,600 | ---- | C] () -- D:\Users\Ben\AppData\Local\Resmon.ResmonCfg
[2009/11/20 19:36:51 | 000,047,104 | ---- | C] () -- D:\Windows\System32\KMVIDC32.DLL
[2009/11/19 18:46:26 | 000,000,000 | ---- | C] () -- D:\Users\Ben\AppData\Local\Temptable.xml
[2009/11/18 04:01:58 | 000,000,000 | ---- | C] () -- D:\Windows\eDrawingOfficeAutomator.INI
[2009/11/17 19:36:18 | 000,000,056 | -H-- | C] () -- D:\Windows\System32\ezsidmv.dat
[2009/09/11 11:58:52 | 002,050,952 | ---- | C] () -- D:\Windows\System32\igkrng400.bin
[2009/08/03 10:07:42 | 000,403,816 | ---- | C] () -- D:\Windows\System32\OGACheckControl.dll
[2009/08/03 10:07:42 | 000,230,768 | ---- | C] () -- D:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,458,704 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,624,646 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,109,636 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- D:\Windows\System32\WdfCoInstaller01000.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- D:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/05/09 15:28:27 | 000,000,000 | ---D | M] -- D:\ProgramData\2DBoy
[2010/12/15 13:18:49 | 000,000,000 | ---D | M] -- D:\ProgramData\Ableton
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2011/12/20 13:17:14 | 000,000,000 | ---D | M] -- D:\ProgramData\AVAST Software
[2011/07/17 15:36:41 | 000,000,000 | ---D | M] -- D:\ProgramData\Camel Audio
[2009/11/19 03:38:07 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonBJ
[2011/12/20 12:46:59 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2011/12/22 22:45:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Epitiro
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/12/20 10:20:17 | 000,000,000 | ---D | M] -- D:\ProgramData\fC21800EiCoN21800
[2009/12/30 17:34:19 | 000,000,000 | ---D | M] -- D:\ProgramData\Innovative Solutions
[2011/04/06 16:19:46 | 000,000,000 | ---D | M] -- D:\ProgramData\Installations
[2011/07/27 16:12:15 | 000,000,000 | ---D | M] -- D:\ProgramData\IsolatedStorage
[2009/11/17 19:40:43 | 000,000,000 | ---D | M] -- D:\ProgramData\Last.fm
[2011/12/20 13:06:05 | 000,000,000 | ---D | M] -- D:\ProgramData\MFAData
[2010/06/23 04:47:48 | 000,000,000 | ---D | M] -- D:\ProgramData\Napster
[2009/11/17 19:47:29 | 000,000,000 | ---D | M] -- D:\ProgramData\NCH Swift Sound
[2011/04/06 15:57:14 | 000,000,000 | ---D | M] -- D:\ProgramData\Nokia
[2011/04/06 15:45:49 | 000,000,000 | ---D | M] -- D:\ProgramData\NokiaInstallerCache
[2009/11/24 16:07:28 | 000,000,000 | ---D | M] -- D:\ProgramData\NokiaMusic
[2009/12/01 14:53:21 | 000,000,000 | ---D | M] -- D:\ProgramData\PC Suite
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/08/06 05:00:08 | 000,000,000 | ---D | M] -- D:\ProgramData\Trusteer
[2011/10/12 11:00:50 | 000,000,000 | ---D | M] -- D:\ProgramData\Western Digital
[2010/07/15 04:33:28 | 000,000,000 | ---D | M] -- D:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/16 08:10:00 | 000,000,000 | ---D | M] -- D:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/12/22 22:45:11 | 000,000,438 | ---- | M] () -- D:\Windows\Tasks\IsposureAgent.job
[2011/12/21 03:26:51 | 000,032,608 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Broni · Dec 23, 2011

Unfortunately I don't see anything malicious there so if this issue is not caused by some hardware problem I'd assume Windows installation got corrupted.

I suggest you back up your data and you reinstall Windows.

Flumple · Dec 23, 2011

Is there any way I can try to fix this from inside REATOGO-X-PE? How about MBRFix?

Is there anyone else on this forum who may be able to help me with this problem or identify and fix the corrupt files?

Do you know how to enable USB ports in REATOGO-X-PE so I can transfer my files?

If I could borrow an installation disc with the same version of Windows 7 (i.e. Professional) from someone then could I use that to repair the boot without reinstalling window?

Broni · Dec 23, 2011

I don't think we have any MBR problem there as the commands ran successfully.

All you can do using that CD is to backup your files.

At this point I really don't see any other option but to reinstall Windows.

Flumple · Dec 23, 2011

Ok, thanks for the help anyway. Do you know how to activate my USB ports within reatogo? I can't seem to load them. I have tried using 'Enable Communication Ports (COM & LPT)' but that application froze.

Broni · Dec 23, 2011

Normally USB should work but...

Remember your previous issue when you couldn't get OTLPE to work while booting from USB flash drive?
Possibly something wrong with the port itself.

TechSpot

[Inactive] BSOD and Chrome redirecting

Broni Malware Annihilator

Flumple Newcomer, in training

Broni Malware Annihilator

Flumple Newcomer, in training

Attached Files:

Screen.JPG

Flumple Newcomer, in training

Broni Malware Annihilator

Flumple Newcomer, in training

Broni Malware Annihilator

Flumple Newcomer, in training

Broni Malware Annihilator