Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BSOD every time PC boots

Started by Gwendolyn85 , May 01 2011 12:31 AM

  • This topic is locked This topic is locked

#16
Gwendolyn85
Posted 10 May 2011 - 06:13 AM

Gwendolyn85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Essexboy, I have run into a problem while following the final steps to defrag my pc! I used Puran Disc Defragmenter (I chose restart-defrag-restart+full disk check) and let it run overnight; but when Windows restarted a pop up appeared that said "microsoft visual c++ runtime library" (there weren't any icons on the desktop, only three). I tried choosing "last known configuration" when I had the option but the same happens. Right now I'm in safe mode, so I was wondering if you could help me one last time; I'm afraid I might have done something wrong in the process...

Update: I have taken a couple of photos since I can't explain the pop ups that well:

Here is how the desktop looks, this time with no icons:
Posted Image

And this is a close up of the pop up I get:
Posted Image

Trying to open up anything from the start menu leads me to a black screen (last time I tried).

Update: I have fixed the c++ error (I disabled my adobe updater) but my desktop still looks bare. A pop up that says "desktop not accessible" appears and I only have a four icons on the background.

Edited by Gwendolyn85, 10 May 2011 - 10:51 AM.

  • 0

Advertisements

#17
Essexboy
Posted 10 May 2011 - 11:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you right click on the desktop - does that cause a menu to popup
Could you check that show icons is selected..

P.S. The desktop picture is for the wife not I :)

If you still have Malwarebytes could you run a quick scan with that as well please
  • 0

#18
Gwendolyn85
Posted 10 May 2011 - 11:54 AM

Gwendolyn85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I'm sorry... I thought using system restore would turn it back to normal and made things worse D:

Now it's only a black screen with the mouse cursor (either safe or normal mode). I can't do anything else but move it around, so I can't use any programs. I tried ctrl+alt+del but nothing works except the cursor moving.
  • 0

#19
Essexboy
Posted 10 May 2011 - 12:28 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem - life is about learning :unsure:

OK what we will do is access your computer from outside of windows. This tool will allow you full internet access from the affected machine. Using your other computer to burn the disc

Please print these instruction out so that you know what you are doing

Latest version: v3.1.46.0

OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB

  • Download the attached scan.txt to a USB drive
  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Double click the Custom scans and fixes box
  • In the dialogue locate the scan.txt you have on the USB
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#20
Gwendolyn85
Posted 10 May 2011 - 05:01 PM

Gwendolyn85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Ok I made the CD and booted it in my PC and I click the OTLPE icon, but whenever I choose a folder or disk a pop up appears that says "Runscanner Error" and "Target is not windows 2000 or later". If I choose 'computer' a pop up that says "no windows installations found" appears. I tried choosing subfolders but the first pop up always comes out.
  • 0

#21
Essexboy
Posted 11 May 2011 - 11:07 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Runscanner error indicates that you have a corrupted burn/or download - Could you redownload and burn a fresh version please
  • 0

#22
Gwendolyn85
Posted 11 May 2011 - 03:53 PM

Gwendolyn85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I have downloaded it three times (one more time from another thread, just in case) and I let it download with nothing running and burn the CD like that too, but it keeps on saying the same error messages; maybe it's not reading my hard disks correctly? I'm using my laptop's cd reader by the way.
  • 0

#23
Essexboy
Posted 12 May 2011 - 10:20 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm this is curious - do you have a spare USB drive ?

We will use an mobile operating system called xPUD, and a script called rst.sh to restore your computer.

On the clean computer.

Creating a bootable USB using xPUD
  • Please download the following files and save it to the desktop
  • Insert the USB device to make bootable to the computer. (Make sure that no other USB's are inserted)
  • Double-click on unetbootin.exe to run
  • Select Disk Image, ISO and in the space provided, enter the path location of xpud-0.9.2.iso (ex. C:\Documents and Settings\yourusername\Desktop\xpud-0.9.2.iso)
  • Select USB Drive type and the drive letter assigned to your USB stick.
  • Click "OK" and wait until the program finishes. You now have a bootable xPUD.
  • Download the following tool and save it inside the bootable USB

Please note: if you prefer to create a bootable CD using xPUD, you may download the ISO image found here and burn it to a CD.



On the infected computer.
  • Reboot your system using the xPUD bootable USB you just created.
    Note : If you do not know how to set your computer to boot from USB follow the steps here
  • Your system should now display a xPUD desktop.
  • Select on the File icon; on the right pane click on the "mnt" folder and highlight "sdb1" - this is your USB device.

    sda1,2...usually corresponds to your HDD
    sdb1 is likely your USB

  • Click on the "Tool" menu and select Open Terminal
    Posted Image
  • In the open terminal window, type in the following:

    bash rst.sh
  • Press "Enter" and let it run uninterrupted.
    (The program lists available Restore Points and will save a report enum.log located in the USB drive.)
  • The program is finished when it say's "Done".
  • Type "Exit" to close the terminal window.
  • Please attached the enum.log file in your reply. (You may remove your USB drive when transferring log to a clean computer).

Please note: If you have an ethernet connection you can access the internet by way of xPUD (Firefox). You can perform all these steps on your sick computer. When you download the download will reside in the Download folder. It can be found under the File tab also. You can similarly access our thread by way of this OS too so you can send the logs that way.
  • 0

#24
Gwendolyn85
Posted 12 May 2011 - 11:39 AM

Gwendolyn85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I tried using the USB as a bootable xPUD but I couldn't make it work out (the screen would say boot error_, so I made a CD and inserted the rst.sh file in the USB. I hope that was ok. This is what I got in the enum log:

3.8M Feb 23 2008 /mnt/sda2/Windows/System32/config/SOFTWARE
38.0M May 10 17:50 /mnt/sda3/Windows/System32/config/software
1.8M May 1 06:02 /mnt/sda2/Windows/System32/config/SYSTEM
35.5M May 10 17:50 /mnt/sda3/Windows/System32/config/system
  • 0

#25
Essexboy
Posted 12 May 2011 - 11:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This is intriguing - could you re-run OTLPE (ignore the runscanner error) and select the windows folder on your computer
Does that produce an OTL log ?
  • 0

Advertisements

#26
Gwendolyn85
Posted 12 May 2011 - 04:15 PM

Gwendolyn85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Oh my god I must have chosen something wrong because now it works -_-U I'm so dumb... I'm sorry; here's the log:

OTL logfile created on: 5/12/2011 5:38:59 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Basic (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 174.88 Gb Free Space | 60.71% Space Free |

Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.45 Gb Free Space | 44.50% Space Free | Partition

Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.73 Gb Free Space | 100.00% Space Free | Partition

Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition

Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist:

On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (stllssvr)
SRV - [2011/04/24 17:56:40 | 000,655,624 | ---- | M] (Acresso Software Inc.)

[On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher

\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto] -- C:

\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/20 19:45:58 | 004,767,600 | ---- | M] (Wacom Technology, Corp.) [Auto]

-- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2010/02/19 17:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated)

[On_Demand] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe --

(SwitchBoard)
SRV - [2009/09/27 19:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto] --

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008/02/15 12:36:06 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto] --

C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/11 10:49:46 | 000,076,016 | ---- | M] () [On_Demand] -- C:\Program

Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto] --

C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2006/11/03 00:40:12 | 000,174,656 | ---- | M] () [Auto] -- C:\Windows

\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System] -- -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System |

System] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel |

System] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel |

System] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel |

System] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System |

Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System |

Auto] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/15 15:36:06 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel |

On_Demand] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/09/27 19:12:21 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel |

On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/21 18:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel |

On_Demand] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/01/20 03:07:58 | 000,033,292 | ---- | M] (PowerISO Computing, Inc.)

[Kernel | System] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/08/23 19:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] --

C:\Windows\System32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/06/21 02:09:08 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel |

On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/03/11 15:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel

| On_Demand] -- C:\Windows\System32\drivers\WUSB54GCx86.sys -- (netr73)
DRV - [2007/02/16 14:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel |

On_Demand] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/08 09:45:00 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel

| On_Demand] -- C:\Windows\System32\drivers\ActionReplayDS.sys -- (ActionReplayDS)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel |

Auto] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel |

On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.)

[Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand]

-- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%

\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:

"ProxyEnable" = 0




IE - HKU\Ecristy85_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://partnerpage.g...en&client=dell-

usuk&channel=us-smb&ibd=2080215
IE - HKU\Ecristy85_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page =

http://partnerpage.g...en&client=dell-

usuk&channel=us-smb&ibd=2080215
IE - HKU\Ecristy85_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Ecristy85_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings:

"ProxyEnable" = 0
IE - HKU\Ecristy85_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings:

"ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-

200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program

Files\Mozilla Firefox\components [2011/03/25 07:00:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program

Files\Mozilla Firefox\plugins [2011/05/09 22:05:29 | 000,000,000 | ---D | M]

[2011/03/25 07:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users

\Ecristy85\AppData\Roaming\Mozilla\Extensions
[2011/05/09 22:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users

\Ecristy85\AppData\Roaming\Mozilla\Firefox\Profiles\b1avgx15.default\extensions
[2011/05/10 13:42:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) --

C:\Users\Ecristy85\AppData\Roaming\Mozilla\Firefox\Profiles\b1avgx15.default

\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/10 13:42:29 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users

\Ecristy85\AppData\Roaming\Mozilla\Firefox\Profiles\b1avgx15.default\extensions

\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/05/10 13:42:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users

\Ecristy85\AppData\Roaming\Mozilla\Firefox\Profiles\b1avgx15.default\extensions

\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/10 13:42:30 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users

\Ecristy85\AppData\Roaming\Mozilla\Firefox\Profiles\b1avgx15.default\extensions

\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/05/10 12:28:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files

\Mozilla Firefox\extensions
[2011/05/09 22:05:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files

\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/03/25 07:35:50 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program

Files\Mozilla Firefox\extensions\[email protected]
[2008/10/02 15:58:00 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:

\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2008/01/23 02:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla

Firefox\plugins\npBitCometAgent.dll
[2011/04/14 08:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program

Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/09 21:55:08 | 000,000,098 | ---- | M]) - C:\Windows

\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems

Incorporated)
O2 - BHO: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files

\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:

\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-

585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh

Networks Inc)
O3 - HKLM\..\Toolbar: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:

\Program Files\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp

\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST

Software)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom

\dsca.exe ( )
O4 - HKLM..\Run: [ISUSScheduler] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes'

Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes'

Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard

\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows

\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows

\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Ecristy85_ON_C..\Run: [AdobeBridge] File not found
O4 - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation)
O8 - Extra context menu item: &Translate with ATLAS - C:\Program Files\ATLAS

V14\atlscript.html ()
O8 - Extra context menu item: ATLAS Translation &Editor - C:\Program Files\ATLAS

V14\AtlscriptEdit.html ()
O9 - Extra Button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:

\Program Files\ATLAS V14\atlscript.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour

\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}

http://java.sun.com/...indows-i586.cab (Java Plug-in

1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

http://java.sun.com/...indows-i586.cab (Java Plug-in

1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

http://java.sun.com/...indows-i586.cab (Java Plug-in

1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

http://java.sun.com/...indows-i586.cab (Java Plug-in

1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not

found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program

Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft

Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:

\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:

\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0361f604-e32e-11dc-8407-001d09847d6b}\Shell - "" = AutoRun
O33 - MountPoints2\{0361f604-e32e-11dc-8407-001d09847d6b}\Shell\AutoRun\command - "" =

G:\LaunchU3.exe
O33 - MountPoints2\{43b4ec25-0936-11e0-9e8d-001d09847d6b}\Shell\AutoRun\command - "" =

Setup.exe
O33 - MountPoints2\{4dcf11b5-90bd-11dd-85dc-001d09847d6b}\Shell\AutoRun\command - "" =

G:\wd_windows_tools\setup.exe
O33 - MountPoints2\{67246a36-141c-11de-a134-001d09847d6b}\Shell\Auto\command - "" =

Start.exe
O33 - MountPoints2\{67246a36-141c-11de-a134-001d09847d6b}\Shell\AutoRun\command - "" =

C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
O33 - MountPoints2\{6ed0d415-25ab-11e0-a2cd-001d09847d6b}\Shell\AutoRun\command - "" =

H:\SecureII\Windows\SecureII.exe
O33 - MountPoints2\{a89d5780-e527-11df-a7aa-001d09847d6b}\Shell\AutoRun\command - "" =

J:\wd_windows_tools\WDEULA.exe
O33 - MountPoints2\{bc2488d1-7c27-11de-ba5a-001d09847d6b}\Shell\Auto\command - "" =

Start.exe
O33 - MountPoints2\{bc2488d1-7c27-11de-ba5a-001d09847d6b}\Shell\AutoRun\command - "" =

C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
O33 - MountPoints2\{e0a424b3-eb2d-11dc-af41-001d09847d6b}\Shell\AutoRun\command - "" =

bi
O33 - MountPoints2\H\Shell\AutoRun\command - "" = Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/10 13:48:11 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2011/05/10 12:41:48 | 000,000,000 | ---D | C] -- C:\Users\Ecristy85\AppData\Local

\Temp(23)
[2011/05/10 12:41:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/10 12:33:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/10 09:04:42 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/05/09 22:37:14 | 000,000,000 | ---D | C] -- C:\found.000
[2011/05/09 22:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows

\Start Menu\Programs\Puran Defrag
[2011/05/09 22:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/05/09 22:27:46 | 002,733,484 | ---- | C] (Puran Software

) -- C:\Users\Ecristy85\Desktop\PuranDefragSetup.exe
[2011/05/09 22:05:29 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows

\System32\deployJava1.dll
[2011/05/09 22:05:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows

\System32\javaws.exe
[2011/05/09 22:05:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows

\System32\javaw.exe
[2011/05/09 22:05:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows

\System32\java.exe
[2011/05/09 21:54:43 | 000,886,560 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users

\Ecristy85\Desktop\jxpiinstall.exe
[2011/05/09 21:53:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users

\Ecristy85\Desktop\OTL.exe
[2011/05/09 19:08:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/05/08 04:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Project64 1.6
[2011/05/07 21:14:45 | 000,000,000 | ---D | C] -- C:\Users\Ecristy85\AppData\Roaming

\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/05/07 21:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck
[2011/05/07 17:46:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/07 16:52:58 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows

\System32\drivers\aswSnx.sys
[2011/05/06 12:19:16 | 000,100,480 | ---- | C] (GMER) -- C:\uxlyapog.sys
[2011/04/29 00:45:15 | 000,000,000 | ---D | C] -- C:\Users\Ecristy85\Documents\Adobe

Scripts
[2011/04/24 17:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2011/04/21 01:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\ScummVM
[2011/04/13 21:52:29 | 000,000,000 | ---D | C] -- C:\Users\Ecristy85\Desktop\Legend of

Zelda, The - The Minish Cap

========== Files - Modified Within 30 Days ==========

[2011/05/11 14:55:07 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-

376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/11 14:55:07 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-

376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/11 14:54:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/11 14:54:37 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/10 13:45:46 | 000,162,058 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/10 13:45:44 | 000,162,058 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/10 13:42:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows

\Start Menu\Programs\Puran Defrag
[2011/05/10 11:33:19 | 000,009,160 | ---- | M] () -- C:\Users\Ecristy85\AppData\Local

\d3d9caps.dat
[2011/05/10 00:33:48 | 000,000,017 | ---- | M] () -- C:\Windows\System32\npd6.d
[2011/05/09 22:29:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/09 22:28:13 | 002,733,484 | ---- | M] (Puran Software

) -- C:\Users\Ecristy85\Desktop\PuranDefragSetup.exe
[2011/05/09 22:06:35 | 000,627,090 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/09 22:06:35 | 000,110,236 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/09 21:55:08 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc

\Hosts
[2011/05/09 21:54:49 | 000,886,560 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users

\Ecristy85\Desktop\jxpiinstall.exe
[2011/05/09 21:53:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users

\Ecristy85\Desktop\OTL.exe
[2011/05/08 20:05:11 | 000,079,360 | ---- | M] () -- C:\Users\Ecristy85\AppData\Local

\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 21:14:42 | 000,000,776 | ---- | M] () -- C:\ProgramData\Microsoft\Windows

\Start Menu\Programs\TweetDeck.lnk
[2011/05/07 16:52:58 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/07 14:45:22 | 003,834,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/07 14:41:56 | 416,964,112 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/06 12:19:16 | 000,100,480 | ---- | M] (GMER) -- C:\uxlyapog.sys
[2011/04/21 01:14:41 | 000,000,296 | ---- | M] () -- C:\Windows\scummvm.ini
[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows

\avastSS.scr
[2011/04/18 13:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows

\System32\aswBoot.exe
[2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows

\System32\drivers\aswSnx.sys
[2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows

\System32\drivers\aswSP.sys
[2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows

\System32\drivers\aswTdi.sys
[2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows

\System32\drivers\aswRdr.sys
[2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows

\System32\drivers\aswMonFlt.sys
[2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows

\System32\drivers\aswFsBlk.sys
[2011/04/14 08:08:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows

\System32\javaws.exe
[2011/04/14 08:08:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows

\System32\javaw.exe
[2011/04/14 08:08:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows

\System32\java.exe
[2011/04/14 08:07:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows

\System32\deployJava1.dll

========== Files Created - No Company Name ==========

[2011/05/11 14:54:37 | 2145,570,816 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/09 22:28:55 | 000,000,017 | ---- | C] () -- C:\Windows\System32\npd6.d
[2011/05/07 21:14:42 | 000,000,776 | ---- | C] () -- C:\ProgramData\Microsoft\Windows

\Start Menu\Programs\TweetDeck.lnk
[2011/04/21 01:05:40 | 000,000,296 | ---- | C] () -- C:\Windows\scummvm.ini
[2011/04/10 02:31:26 | 000,005,394 | -HS- | C] () -- C:\Users\Ecristy85\AppData\Local

\ir806823nm0e02u0748c4iw4onj73w34x6m56pw625
[2010/12/15 04:04:37 | 000,000,000 | ---- | C] () -- C:\Windows\FlipBook.INI
[2010/12/08 04:22:46 | 000,015,802 | ---- | C] () -- C:\Users\Ecristy85\AppData

\Roaming\9998.D5C
[2010/10/01 21:24:52 | 000,162,058 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/10/01 21:24:52 | 000,162,058 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/09/23 02:50:03 | 000,000,600 | ---- | C] () -- C:\Users\Ecristy85\AppData\Local

\PUTTY.RND
[2010/09/02 00:12:17 | 000,000,256 | -H-- | C] () -- C:\Windows\System32\LTAW14FN.BIN
[2010/09/02 00:12:17 | 000,000,256 | -H-- | C] () -- C:\Windows\System32\FJLTAFOU.BIN
[2010/07/10 02:54:04 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/07/10 02:54:03 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/07/10 02:54:01 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/07/10 02:54:01 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/07/10 02:54:00 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/03 03:21:54 | 000,197,912 | ---- | C] () -- C:\Windows

\System32\physxcudart_20.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows

\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows

\System32\AgCPanelSwedish.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows

\System32\AgCPanelSpanish.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows

\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows

\System32\AgCPanelPortugese.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows

\System32\AgCPanelKorean.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows

\System32\AgCPanelJapanese.dll
[2009/08/03 03:21:52 | 000,058,648 | ---- | C] () -- C:\Windows

\System32\AgCPanelGerman.dll
[2009/08/03 03:21:52 | 000,058,648 | ---- | C] () -- C:\Windows

\System32\AgCPanelFrench.dll
[2009/04/25 00:15:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/03/31 02:10:56 | 000,395,776 | ---- | C] () -- C:\Windows

\System32\libmplayer.dll
[2009/03/31 02:10:56 | 000,262,144 | ---- | C] () -- C:\Windows

\System32\TomsMoComp_ff.dll
[2009/03/31 02:10:56 | 000,112,640 | ---- | C] () -- C:\Windows

\System32\libmpeg2_ff.dll
[2009/03/31 02:10:55 | 002,255,360 | ---- | C] () -- C:\Windows

\System32\libavcodec.dll
[2009/03/17 02:47:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/03/17 02:05:06 | 000,000,022 | ---- | C] () -- C:\Windows\pspvc_path.ini
[2009/01/27 02:32:49 | 000,000,094 | ---- | C] () -- C:\Users\Ecristy85\AppData\Local

\fusioncache.dat
[2008/09/23 00:56:25 | 000,127,767 | ---- | C] () -- C:\Windows\hpgins24.dat.temp
[2008/09/23 00:56:25 | 000,000,308 | ---- | C] () -- C:\Windows\hpgmdl24.dat.temp
[2008/09/22 23:42:08 | 000,127,762 | ---- | C] () -- C:\Windows\hpgins24.dat
[2008/09/22 23:42:08 | 000,000,308 | ---- | C] () -- C:\Windows\hpgmdl24.dat
[2008/08/23 02:32:45 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2008/08/23 02:32:45 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2008/08/23 02:32:45 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2008/08/23 02:32:45 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2008/07/26 01:55:06 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/05/12 21:53:16 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/12 21:50:08 | 000,831,488 | ---- | C] () -- C:\Windows\System32\divx_xx0a.dll
[2008/05/12 21:49:02 | 000,012,288 | ---- | C] () -- C:\Windows

\System32\DivXWMPExtType.dll
[2008/04/19 02:11:21 | 000,022,328 | ---- | C] () -- C:\Users\Ecristy85\AppData

\Roaming\PnkBstrK.sys
[2008/03/23 17:51:51 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2008/03/07 14:30:02 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/03/07 14:30:02 | 000,000,088 | RHS- | C] () -- C:\Windows

\System32\B23C669194.sys
[2008/02/26 02:50:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/26 01:09:41 | 000,001,361 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2008/02/24 19:23:54 | 000,009,160 | ---- | C] () -- C:\Users\Ecristy85\AppData\Local

\d3d9caps.dat
[2008/02/23 16:54:00 | 000,079,360 | ---- | C] () -- C:\Users\Ecristy85\AppData\Local

\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/15 12:41:57 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/02/15 12:41:57 | 000,147,456 | ---- | C] () -- C:\Windows

\System32\igfxCoIn_v1322.dll
[2008/02/15 12:41:57 | 000,104,636 | ---- | C] () -- C:\Windows

\System32\igmedcompkrn.dll
[2008/02/15 12:41:56 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/02/15 04:58:58 | 000,000,859 | ---- | C] () -- C:\Windows\{0240BDFB-2995-4A3F-

8C96-18D41282B716}_WiseFW.ini
[2006/11/10 18:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/03 00:40:12 | 000,174,656 | ---- | C] () -- C:\Windows

\System32\PSIService.exe
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 003,834,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,627,090 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,110,236 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows

\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows

\System32\StructuredQuerySchemaTrivial.bin
[2006/03/18 09:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\System32\x264vfw.dll

========== LOP Check ==========

[2008/02/24 19:33:04 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\ACD Systems
[2010/02/23 02:44:18 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\calibre
[2010/09/15 03:50:35 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/10 13:42:26 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\DAEMON Tools
[2010/05/15 00:54:52 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\Downloaded Installations
[2010/12/08 03:51:06 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\FileZilla
[2010/09/02 00:12:41 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\Fujitsu
[2011/05/10 13:42:26 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\GetRightToGo
[2008/09/26 14:22:54 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\Image Zone Express
[2011/03/12 20:08:46 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\Leawo
[2008/06/11 15:53:57 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\Lost Marble
[2010/05/07 01:05:49 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\LucasArts
[2011/01/07 16:30:28 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\mkvtoolnix
[2011/03/12 20:08:49 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\Moyea
[2011/05/10 13:42:30 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\Mp3tag
[2010/07/31 02:10:22 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\ONScripter-En
[2009/02/09 03:58:47 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\OpenOffice.org
[2011/03/25 04:24:33 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\Opera
[2008/09/22 23:56:53 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\Printer Info Cache
[2011/03/08 04:17:59 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\REMEMBER11
[2009/04/29 19:21:48 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\RenPy
[2011/05/10 13:42:30 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\ScummVM
[2010/09/22 00:11:15 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/09/05 22:13:38 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\TAGIRI
[2011/05/07 21:14:45 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/05/10 13:42:30 | 000,000,000 | ---D | M] -- C:\Users\Ecristy85\AppData\Roaming

\uTorrent
[2008/02/24 19:32:34 | 000,000,000 | ---D | M] -- C:\ProgramData\ACD Systems
[2010/12/03 19:24:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Alwil Software
[2008/02/23 16:48:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/02/27 16:11:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2008/02/23 16:48:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2008/02/23 16:48:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/02/23 16:48:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/08/20 02:38:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Higurashi-demo
[2011/02/28 22:03:19 | 000,000,000 | ---D | M] -- C:\ProgramData\hJnFcPi05200
[2011/03/12 20:08:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Leawo
[2011/02/23 02:32:57 | 000,000,000 | ---D | M] -- C:\ProgramData\ONScripter-828a2b
[2009/08/20 01:38:46 | 000,000,000 | ---D | M] -- C:\ProgramData\ONScripter-En
[2010/08/10 14:18:27 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2010/09/15 03:42:47 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-

12.com.adobe
[2011/04/29 16:21:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Rosetta Stone
[2008/02/15 04:59:00 | 000,000,000 | ---D | M] -- C:\ProgramData\SingleClick Systems
[2008/02/23 16:48:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/02/15 05:00:45 | 000,000,000 | ---D | M] -- C:\ProgramData\SupportSoft
[2011/02/27 17:34:26 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2008/02/23 16:48:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/04/19 02:11:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2011/02/23 02:34:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Umineko4final
[2011/01/28 15:49:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Umineko6
[2011/05/09 22:29:21 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)

MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation)

MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-

explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)

MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-

explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation)

MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-

explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/02/15 12:35:43 | 002,923,520 | ---- | M] (Microsoft Corporation)

MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-

explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/02/15 12:35:43 | 002,923,520 | ---- | M] (Microsoft Corporation)

MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-

explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation)

MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-

explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation)

MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-

explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation)

MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download

\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-

explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation)

MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation)

MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-

services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)

MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download

\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-services-

svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation)

MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download

\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-

userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation)

MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation)

MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-

userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: VOLSNAP.INF >
[2006/11/02 06:25:18 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580

-- C:\Windows\inf\volsnap.inf
[2006/11/02 02:35:04 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580

-- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.inf

< MD5 for: VOLSNAP.INF_LOC >
[2006/11/02 08:38:54 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D

-- C:\Windows\System32\DriverStore\en-US\volsnap.inf_loc
[2006/11/02 08:38:54 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D

-- C:\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-

us_112c68f98452eff6\volsnap.inf_loc

< MD5 for: VOLSNAP.PNF >
[2008/02/15 04:49:52 | 000,004,940 | ---- | M] () MD5=D798A5AB52391B0379BF9362C830216D

-- C:\Windows\inf\volsnap.PNF
[2008/02/15 04:49:52 | 000,004,940 | ---- | M] () MD5=EC59A0A78096C0FC3DA8BB653D1FE54D

-- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.PNF

< MD5 for: VOLSNAP.SYS >
[2006/11/02 05:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation)

MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore

\FileRepository\volume.inf_9320b452\volsnap.sys
[2008/02/26 18:29:01 | 000,211,000 | ---- | M] (Microsoft Corporation)

MD5=327639D2EC931B057F3826A51ADC73E9 -- C:\Windows\winsxs

\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
[2008/02/26 18:29:01 | 000,211,000 | ---- | M] (Microsoft Corporation)

MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\System32\drivers\volsnap.sys
[2008/02/26 18:29:01 | 000,211,000 | ---- | M] (Microsoft Corporation)

MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\System32\DriverStore

\FileRepository\volume.inf_f47b2c78\volsnap.sys
[2008/02/26 18:29:01 | 000,211,000 | ---- | M] (Microsoft Corporation)

MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\winsxs

\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
[2008/01/19 03:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation)

MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\SoftwareDistribution\Download

\b2ee164db645e6bc8d77bb51f082e3b3\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_

15b6b780fc14facd\volsnap.sys

< MD5 for: VOLSNAP.SYS.MUI >
[2008/01/19 03:36:32 | 000,032,768 | ---- | M] (Microsoft Corporation)

MD5=2A3DEAD70397152006B4E3CED20B41C4 -- C:\Windows\SoftwareDistribution\Download

\b2ee164db645e6bc8d77bb51f082e3b3\x86_volume.inf.resources_31bf3856ad364e35_6.0.6001.1

8000_en-us_7b264a38bff55d35\volsnap.sys.mui
[2006/11/02 08:38:59 | 000,014,848 | ---- | M] (Microsoft Corporation)

MD5=F9B09F7E31E49004666C9B3EB0BEBD94 -- C:\Windows\System32\drivers\en-US

\volsnap.sys.mui
[2006/11/02 08:38:59 | 000,014,848 | ---- | M] (Microsoft Corporation)

MD5=F9B09F7E31E49004666C9B3EB0BEBD94 -- C:\Windows\winsxs

\x86_volume.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-

us_78ef883cc30a4c61\volsnap.sys.mui

< MD5 for: WINLOGON.EXE >
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation)

MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation)

MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-

winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation)

MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download

\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-

winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\

\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

/HideShortcuts [2011/03/19 19:27:03 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\

\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

/ShowShortcuts [2011/03/19 19:27:03 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\

\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

/SetAsDefaultAppGlobal [2011/03/19 19:27:03 | 000,552,376 | ---- | M] (Mozilla

Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\

\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/19 19:27:07 | 000,912,344 |

---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties

\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/19

19:27:07 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode

\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/19

19:27:07 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\

\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/03/09 10:17:37 |

000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\

\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/03/09 10:17:37 |

000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\

\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/03/09 10:17:37

| 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command

\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/03/09 12:56:18 | 000,634,648

| ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\

\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/03/25

07:15:57 | 000,943,472 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\

\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/03/25

07:15:57 | 000,943,472 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\

\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/03/25

07:15:57 | 000,943,472 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\:

"C:\Program Files\Opera\Opera.exe" [2011/03/25 07:15:57 | 000,943,472 | ---- | M]

(Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\

\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

/HideShortcuts [2011/03/19 19:27:03 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\

\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

/ShowShortcuts [2011/03/19 19:27:03 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\

\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

/SetAsDefaultAppGlobal [2011/03/19 19:27:03 | 000,552,376 | ---- | M] (Mozilla

Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\

\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/19 19:27:07 | 000,912,344 |

---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties

\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/19

19:27:07 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode

\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/19

19:27:07 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\

\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/03/09 10:17:37 |

000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\

\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/03/09 10:17:37 |

000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\

\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/03/09 10:17:37

| 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command

\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/03/09 12:56:18 | 000,634,648

| ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\

\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/03/25

07:15:57 | 000,943,472 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\

\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/03/25

07:15:57 | 000,943,472 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\

\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/03/25

07:15:57 | 000,943,472 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\:

"C:\Program Files\Opera\Opera.exe" [2011/03/25 07:15:57 | 000,943,472 | ---- | M]

(Opera Software)

< CREATERESTOREPOINT >

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:62E2D794
< End of report >
  • 0

#27
Essexboy
Posted 13 May 2011 - 10:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try this first - do you have access to a vista disc in case we need to use it ?

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

  • 0

#28
Gwendolyn85
Posted 13 May 2011 - 11:01 AM

Gwendolyn85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Unfortunately I don't have a vista disc (the windows CD right?), it probably is with all my stored stuff >_<

Should I just go with it?
  • 0

#29
Essexboy
Posted 13 May 2011 - 11:08 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes we might not need it - but I do know where we can download an ISO copy of the recovery console (which is what I was after)
  • 0

#30
Gwendolyn85
Posted 13 May 2011 - 12:00 PM

Gwendolyn85

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Alright so I opened OTLPE, chose the "windows" folder, dropped the file in the custom box and got this:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore not found.
Invalid CLSID key: *Restore
File C:\Windows\System32\rstrui.exe not found.

OTLPE by OldTimer - Version 3.1.46.0 log created on 05132011_200041
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP