Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hitman Pro 3 BSOD


  • This topic is locked This topic is locked

#1
rmuddana

rmuddana

    Member

  • Member
  • PipPip
  • 16 posts
I recently ran Hitman pro 3 as my browsers were redirecting the links and wanted to get rid of this virus. I restarted the computer after running hitman and i started getting BSOD at the login screen. It gets to the login where it shows all the users and within 5-6 seconds the BSOD appears with the STOP error code 0x000008E. I tried following the steps mentioned in draken1198's issue but cannot get my laptop boot through USB.
The data on my laptop is extremely important and cannot afford to lose and would like to fix this without reinstalling the OS.

Computer: Sony VAIO
OS : Vista SP1

I dont have the CD pack for VISTA. Appreciate a quick reply.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Please print these instruction out so that you know what you are doing

Latest version: v3.1.46.0

OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB

  • Download the attached scan.txt to a USB
  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Double click the Custom scans and fixes box
  • In the dialogue locate the scan.txt you have on the USB
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#3
rmuddana

rmuddana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I just tried following the above steps. The cd burning went well. when i rebooted it, i pressed F2 and changed the boot priority list so the CD-ROM is first on the list. Exit bios and restarted the machine. The computer waited at the boot phase and the cd-rom made some noise like its trying to read. The noise went on for 10-15 seconds and the computer started loading from its own hard drive. It couldn't boot from the cd.

Please let me know your suggestions.

Thanks
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you able to get to the safe mode menu

If so is there an option for repair my computer ?
  • 0

#5
rmuddana

rmuddana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sorry for the late reply.

I am able to get into Safe mode with networking/command prompt.

Following are the trouble shooting steps i did so far without success.

1)Restored the computer to an earlier restore point but BSOD remains. (which makes me wonder if some of the system files required to boot have been permanently lost)

2) Tried system repair while booting up and it tried and gave a message it could not repair.

Regarding the CD not being able to boot, i realized the CD has not been burnt properly as i am using Matshita CD ROM which i believe is notorious for not recognizing certain CD's. I will try to burn the CD again with a different brand of CD's this time or possibly a DVD. Shall let you know in 1-2 hrs if i could do it.

Please do let me know if there is any other trouble shooting i could do apart from the OLTPE steps above.

Thank you.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As you can get the safe mode menu can you access safe mode ?
  • 0

#7
rmuddana

rmuddana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Yes i can access safe mode, if by access you mean being able to login and browse internet and do everything that we can do in safe mode.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ah I thought it was totally unbootable - from safe mode do the following

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#9
rmuddana

rmuddana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Please find the logs attached. This was run in Safe mode with networking mode.

Await your observations.

Thanks.

OTL logfile created on: 6/6/2011 6:40:08 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Alexandra\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 69.82% Memory free
3.13 Gb Paging File | 2.51 Gb Available in Paging File | 80.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.94 Gb Total Space | 62.67 Gb Free Space | 28.11% Space Free | Partition Type: NTFS
Drive D: | 9.94 Gb Total Space | 0.84 Gb Free Space | 8.50% Space Free | Partition Type: NTFS

Computer Name: ALEXANDRA-PC | User Name: Alexandra | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/06 18:33:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Alexandra\Desktop\OTL.exe
PRC - [2008/12/11 04:49:07 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/06 18:33:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Alexandra\Desktop\OTL.exe
MOD - [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/17 20:17:31 | 003,275,864 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/05/03 16:40:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/06 18:39:04 | 003,039,536 | ---- | M] (HideMyIP) [On_Demand | Stopped] -- C:\Program Files\Hide My IP\HideMyIpSrv.exe -- (HideMyIpSRV)
SRV - [2010/01/26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/03/18 07:04:44 | 001,685,024 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 03:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 03:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008/01/11 05:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/10/31 12:40:08 | 000,125,440 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/09/29 00:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/09/23 14:36:38 | 002,818,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/09/20 21:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/08/28 19:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/08/28 19:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/08/15 00:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/08/09 03:51:32 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/08/09 03:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/08/09 03:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/08/09 03:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/08/09 03:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/06/28 11:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 11:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/14 22:07:44 | 000,075,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe -- (ICScsiSV)
SRV - [2007/06/14 22:07:36 | 000,059,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 3\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2007/04/19 08:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2007/01/10 19:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/14 05:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 05:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 04:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - [2010/03/10 08:17:26 | 000,024,216 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/01/21 15:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/01/21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/01/21 01:59:58 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbgps.sys -- (UsbGps)
DRV - [2010/01/21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010/01/21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/12/30 12:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/12/30 12:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/12/30 12:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/12/30 12:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/12/30 12:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/08/07 12:47:40 | 000,033,728 | ---- | M] (Cambridge Silicon Radio Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jabradfuxp.sys -- (JabraDFU)
DRV - [2008/10/29 09:46:46 | 000,018,448 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fcdabus.sys -- (fcdabus)
DRV - [2008/10/21 14:54:08 | 000,086,800 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\fvxscsi.sys -- (FVXSCSI)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/04 04:20:12 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WPN111v.sys -- (WPN111)
DRV - [2008/01/19 02:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/19 01:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007/11/15 20:29:22 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/10/29 22:30:30 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/10/18 20:22:07 | 002,930,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/10/16 20:01:59 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/10/16 20:01:59 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/10/15 23:57:24 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/26 01:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/09/19 17:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/04 20:02:46 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/04 20:02:11 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/08/28 21:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/08/24 07:44:54 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/05/26 04:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/02/27 14:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2004/09/08 06:37:56 | 000,072,478 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fvdscsi.sys -- (FVDSCSI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKLM\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
IE - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Start Searcher"
FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "PageRage Customized Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.startsearcher.com"
FF - prefs.js..extensions.enabledItems: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {EB132DB0-A4CA-11DF-9732-0E29E0D72085}:1.3
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22
FF - prefs.js..extensions.enabledItems: {c2f463d5-3b9b-43f7-b099-82fdcd01962f}:2.4.0.4
FF - prefs.js..extensions.enabledItems: {F16F8660-32CC-4255-8631-B5D6064B49BF}:1.9.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..keyword.URL: "http://toolbar.ask.c...1&gct=&gc=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/12/12 21:49:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/12/30 05:32:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/02/21 18:30:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2010/10/23 02:13:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 16:32:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/04 23:37:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\ProgramData\Mozilla Firefox\components [2010/09/21 12:30:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\ProgramData\Mozilla Firefox\plugins [2011/05/03 16:35:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/02/21 18:30:30 | 000,000,000 | ---D | M]

[2008/12/09 10:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Extensions
[2011/06/03 23:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\extensions
[2010/01/28 13:45:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/06 00:09:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(127)
[2010/01/28 13:45:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/19 13:43:02 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/01/28 13:45:19 | 000,000,000 | ---D | M] (Softonic-Eng12 Toolbar) -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\extensions\{c2f463d5-3b9b-43f7-b099-82fdcd01962f}
[2010/03/11 06:16:45 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010/01/28 13:45:17 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\extensions\[email protected]
[2009/03/29 08:26:55 | 000,000,682 | ---- | M] () -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\searchplugins\ask.xml
[2010/12/30 18:15:20 | 000,000,919 | ---- | M] () -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\searchplugins\conduit.xml
[2009/05/07 04:58:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/21 18:30:29 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2010/10/23 02:13:36 | 000,000,000 | ---D | M] (FaceTheme - Change your Facebook layout!) -- C:\PROGRAM FILES\OBJECT\FACETHEME
[2010/07/24 15:42:20 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ALEXANDRA\APPDATA\LOCAL\{F16F8660-32CC-4255-8631-B5D6064B49BF}
File not found (No name found) -- C:\USERS\ALEXANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0ZBVEV68.DEFAULT\EXTENSIONS\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}
[2011/06/04 23:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\ALEXANDRA\PROGRAM FILES\DNA
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2011/05/28 13:06:29 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003\..\Toolbar\WebBrowser: (4shared.com Toolbar) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - C:\Program Files\4shared.com\tb4sha.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [HotKeysCmds] File not found
O4 - HKLM..\Run: [iCall Internet Phone] C:\Program Files\iCall\iCall.exe ()
O4 - HKLM..\Run: [IgfxTray] File not found
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\ramsddd.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe (Bastea, Inc.)
O4 - HKLM..\Run: [Persistence] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe (Oracle Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UDC Integration] File not found
O4 - HKLM..\Run: [VirtualDrive Network Server] C:\vdn\Files\SqlServerIpconfig.exe (FarStone Technology Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003..\Run: [] File not found
O4 - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe (Thomas Ascher)
O4 - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003..\Run: [BitTorrent DNA] C:\Users\Alexandra\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003..\Run: [googletalk] C:\Users\Alexandra\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe (Nokia)
O4 - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - Startup: C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alexandra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
O4 - Startup: C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YPOPs.lnk = File not found
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alexandra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 64
O7 - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\Program Files\Sony\Image Converter 3\menu.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.tvucricke...cx-en-black.cab (VodClient Control Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129 0.0.0.0
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/04/30 01:47:13 | 000,000,000 | ---D | M] - D:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2008/09/11 19:55:41 | 000,000,065 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{39840357-c820-11dd-926b-001e3de12acf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\system.exe
O33 - MountPoints2\{39840357-c820-11dd-926b-001e3de12acf}\Shell\Explore\command - "" = G:\system.exe
O33 - MountPoints2\{39840357-c820-11dd-926b-001e3de12acf}\Shell\Open\command - "" = G:\system.exe
O33 - MountPoints2\{3984035d-c820-11dd-926b-001e3de12acf}\Shell\Auto\command - "" = J:\syslog.exe
O33 - MountPoints2\{3984035d-c820-11dd-926b-001e3de12acf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\syslog.exe
O33 - MountPoints2\{42a7ad61-c7ed-11dd-8fe8-001e3de12acf}\Shell - "" = AutoRun
O33 - MountPoints2\{42a7ad61-c7ed-11dd-8fe8-001e3de12acf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{42a7ad63-c7ed-11dd-8fe8-001e3de12acf}\Shell - "" = AutoRun
O33 - MountPoints2\{42a7ad63-c7ed-11dd-8fe8-001e3de12acf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{60a85bbb-c5f5-11dd-85ee-001dba3bac0c}\Shell - "" = AutoRun
O33 - MountPoints2\{60a85bbb-c5f5-11dd-85ee-001dba3bac0c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{60a85bcf-c5f5-11dd-85ee-001dba3bac0c}\Shell - "" = AutoRun
O33 - MountPoints2\{60a85bcf-c5f5-11dd-85ee-001dba3bac0c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{77e8631c-c7e8-11dd-8084-001dba3bac0c}\Shell - "" = AutoRun
O33 - MountPoints2\{77e8631c-c7e8-11dd-8084-001dba3bac0c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{824b9ac9-dd4d-11dd-ae53-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{824b9ac9-dd4d-11dd-ae53-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{924f15fd-e31d-11dd-8ba0-001e3de12acf}\Shell\Auto\command - "" = syslog.exe
O33 - MountPoints2\{924f15fd-e31d-11dd-8ba0-001e3de12acf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL syslog.exe
O33 - MountPoints2\{92ebd65b-6d75-11de-8cf5-9aea29d44e13}\Shell\Auto\command - "" = G:\syslog.exe
O33 - MountPoints2\{92ebd65b-6d75-11de-8cf5-9aea29d44e13}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\syslog.exe
O33 - MountPoints2\{acb3ca78-d81a-11dd-821d-001e3de12acf}\Shell - "" = AutoRun
O33 - MountPoints2\{acb3ca78-d81a-11dd-821d-001e3de12acf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ad792206-dadc-11dd-aa4c-001e3de12acf}\Shell - "" = AutoRun
O33 - MountPoints2\{ad792206-dadc-11dd-aa4c-001e3de12acf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{bdf0caaa-cca9-11dd-83b4-001dba3bac0c}\Shell - "" = AutoRun
O33 - MountPoints2\{bdf0caaa-cca9-11dd-83b4-001dba3bac0c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell\Auto\command - "" = syslog.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL syslog.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 18:33:26 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Alexandra\Desktop\OTL.exe
[2011/06/04 18:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/06/04 14:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/06/04 14:52:05 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Opera
[2011/06/04 14:52:05 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Local\Opera
[2011/06/04 14:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/06/04 14:49:06 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Avant Profiles
[2011/06/04 14:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avant Browser
[2011/05/29 16:56:53 | 000,000,000 | ---D | C] -- C:\xmldm
[2011/05/29 16:56:53 | 000,000,000 | ---D | C] -- C:\kock
[2011/05/28 19:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/05/28 19:03:53 | 000,000,000 | ---D | C] -- C:\Adobe
[2011/05/28 17:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\bM28601KcLfD28601
[2011/05/28 17:39:35 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/05/27 02:40:30 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\Desktop\New Folder
[2011/05/20 23:48:22 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\Desktop\Desktop1
[2011/05/16 00:15:58 | 000,000,000 | ---D | C] -- C:\hp12c-Classic-v4.2
[2011/05/14 00:18:08 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\HpUpdate
[2011/05/14 00:18:04 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2009/05/30 13:54:38 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2009/05/30 13:54:38 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2009/05/30 13:54:38 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2009/05/30 13:54:38 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2009/05/30 13:54:38 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2009/05/30 13:54:38 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2009/05/30 13:54:38 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxczcoms.exe
[2009/05/30 13:54:38 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2009/05/30 13:54:38 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2009/05/30 13:54:38 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2009/05/30 13:54:38 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxczih.exe
[2009/05/30 13:54:38 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxczcfg.exe
[2009/05/30 13:54:38 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2009/05/30 13:54:38 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2009/05/30 13:54:38 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/06/06 18:41:17 | 000,766,464 | ---- | M] () -- C:\Windows\System32\drivers\httjdbi.sys
[2011/06/06 18:33:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Alexandra\Desktop\OTL.exe
[2011/06/06 17:51:08 | 000,700,288 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/06 17:51:08 | 000,140,988 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/06 17:43:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/06 17:43:05 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/06/06 02:56:07 | 000,001,356 | ---- | M] () -- C:\Users\Alexandra\AppData\Local\d3d9caps.dat
[2011/06/04 19:40:51 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7E7E64CB-B714-44CB-8064-85D510E98309}.job
[2011/06/04 00:43:50 | 000,202,097 | ---- | M] () -- C:\Users\Alexandra\Desktop\ravi dad cake order.jpg
[2011/05/29 20:35:14 | 000,010,510 | -HS- | M] () -- C:\Users\Alexandra\AppData\Local\wpn60l13bbhlk20wox0f64cp3tw63145r
[2011/05/29 19:27:23 | 000,010,518 | -HS- | M] () -- C:\ProgramData\wpn60l13bbhlk20wox0f64cp3tw63145r
[2011/05/29 15:36:26 | 000,010,408 | -HS- | M] () -- C:\ProgramData\1579423775
[2011/05/27 13:58:00 | 140,771,328 | ---- | M] () -- C:\Windows\ocsetup_install_XPS-Viewer.etl
[2011/05/27 13:52:15 | 000,268,806 | ---- | M] () -- C:\Users\Alexandra\Desktop\credit scores.xps
[2011/05/27 13:51:11 | 000,291,887 | ---- | M] () -- C:\Users\Alexandra\Desktop\credit report.xps
[2011/05/23 17:30:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2496002819-1112554539-2415406514-1003UA.job
[2011/05/23 17:28:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/23 16:47:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 16:47:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 14:28:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/23 01:30:23 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/23 00:03:22 | 000,000,911 | ---- | M] () -- C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/21 22:30:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2496002819-1112554539-2415406514-1003Core.job
[2011/05/20 15:17:19 | 000,105,472 | ---- | M] () -- C:\Users\Alexandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/13 18:58:28 | 000,582,563 | ---- | M] () -- C:\Users\Alexandra\Documents\100_4083.jpg

========== Files Created - No Company Name ==========

[2011/06/04 19:40:47 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/06/04 00:43:49 | 000,202,097 | ---- | C] () -- C:\Users\Alexandra\Desktop\ravi dad cake order.jpg
[2011/05/29 15:36:25 | 000,010,510 | -HS- | C] () -- C:\Users\Alexandra\AppData\Local\wpn60l13bbhlk20wox0f64cp3tw63145r
[2011/05/29 15:36:25 | 000,010,408 | -HS- | C] () -- C:\ProgramData\1579423775
[2011/05/28 18:31:35 | 000,010,518 | -HS- | C] () -- C:\ProgramData\wpn60l13bbhlk20wox0f64cp3tw63145r
[2011/05/27 13:52:13 | 000,268,806 | ---- | C] () -- C:\Users\Alexandra\Desktop\credit scores.xps
[2011/05/27 13:51:09 | 000,291,887 | ---- | C] () -- C:\Users\Alexandra\Desktop\credit report.xps
[2011/05/13 18:58:45 | 000,582,563 | ---- | C] () -- C:\Users\Alexandra\Documents\100_4083.jpg
[2010/08/19 01:09:42 | 000,177,699 | ---- | C] () -- C:\Windows\hpwins20.dat
[2010/08/19 01:09:42 | 000,002,428 | ---- | C] () -- C:\Windows\hpwmdl20.dat
[2010/07/24 18:03:39 | 000,002,774 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\ewafevoridoz.dll
[2010/07/24 17:43:16 | 000,002,774 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\ifuwogil.dll
[2010/07/24 15:42:20 | 000,002,774 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\Wmarahemilek.dat
[2010/07/24 15:42:20 | 000,000,000 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\Fzanuzageyab.bin
[2010/07/24 15:40:56 | 000,766,464 | ---- | C] () -- C:\Windows\System32\drivers\httjdbi.sys
[2010/02/06 18:13:02 | 000,040,960 | ---- | C] () -- C:\Windows\IsWow64.dll
[2010/02/06 18:11:07 | 000,118,784 | ---- | C] () -- C:\Windows\System32\DVC.dll
[2010/02/06 18:11:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Fsinst32.dll
[2010/02/06 18:11:07 | 000,005,120 | ---- | C] () -- C:\Windows\System32\Fsinst16.DLL
[2010/02/06 17:58:01 | 000,073,728 | ---- | C] () -- C:\Windows\XpIcfOpt.dll
[2010/02/06 17:47:42 | 000,000,010 | ---- | C] () -- C:\Windows\Wininit.ini
[2010/02/05 23:17:55 | 000,065,536 | ---- | C] () -- C:\Windows\System32\VDPersns.dat
[2010/02/05 23:16:26 | 000,014,496 | ---- | C] () -- C:\Windows\System32\VDI08X.dat
[2010/02/05 23:15:15 | 000,077,824 | ---- | C] () -- C:\Windows\System32\RDrv2KInterface.dll
[2010/02/05 23:15:15 | 000,053,248 | ---- | C] () -- C:\Windows\System32\RDrvNTInterface.dll
[2010/02/05 23:15:15 | 000,036,864 | ---- | C] () -- C:\Windows\System32\unVHDDrvExe.exe
[2010/02/05 23:15:15 | 000,036,864 | ---- | C] () -- C:\Windows\System32\inVHDDrvExe.exe
[2010/02/05 23:15:15 | 000,032,768 | ---- | C] () -- C:\Windows\System32\RDrv9xInterface.dll
[2010/02/05 23:15:15 | 000,028,672 | ---- | C] () -- C:\Windows\System32\RDrvInterface.dll
[2009/12/31 05:20:57 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/10/25 23:21:05 | 000,012,054 | R--- | C] () -- C:\Windows\hpwscr20.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/30 13:56:25 | 000,000,186 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009/05/30 13:54:38 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
[2009/05/30 13:54:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
[2009/05/10 07:11:56 | 000,121,305 | ---- | C] () -- C:\Windows\HPHins15.dat
[2009/05/10 07:11:56 | 000,002,885 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2009/01/11 15:20:53 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2009/01/11 15:20:53 | 000,000,025 | ---- | C] () -- C:\Windows\wpd99.drv
[2009/01/01 00:14:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/12/29 23:51:13 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/12/29 23:51:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/09 10:15:25 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008/12/09 09:50:06 | 000,105,472 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/09 08:03:23 | 000,001,356 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\d3d9caps.dat
[2008/04/30 02:33:18 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/04/30 02:14:56 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2008/04/30 02:13:51 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2008/03/04 12:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2007/12/20 18:17:28 | 000,000,836 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/12/20 16:59:41 | 000,000,034 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2007/12/20 15:53:57 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2007/12/20 15:53:56 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/12/20 15:53:56 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/12/20 15:53:56 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/12/19 22:32:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/10/31 03:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/10/30 14:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/05/17 07:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2007/04/16 07:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2007/02/07 11:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 02:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,401,872 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,700,288 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,140,988 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/07 07:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006/03/27 05:19:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
[2006/03/07 05:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006/01/10 11:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006/01/10 11:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
[2001/11/14 17:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/07/27 12:13:51 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\A7E4693D4C44B747BEBCADA266E14B8F
[2010/10/27 02:36:35 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\acccore
[2009/01/11 14:43:57 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\ACD Systems
[2011/03/04 08:34:44 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\AntiVirus AntiSpyware 2011
[2011/06/05 16:36:15 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\BitTorrent
[2010/12/17 22:48:33 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Dev-Cpp
[2010/07/14 05:59:51 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\DiskAid
[2011/06/04 23:37:18 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\DNA
[2011/06/03 16:17:52 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Dropbox
[2010/02/06 18:18:10 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\FarStone
[2011/02/18 22:33:28 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Image Zone Express
[2009/10/12 20:16:27 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Jabra
[2011/04/16 18:43:23 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\LimeWire
[2011/04/16 18:12:34 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\MusicNet
[2010/03/10 20:28:13 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Nokia
[2011/06/04 14:52:05 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Opera
[2009/09/19 21:27:49 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\PC Suite
[2009/07/24 07:50:50 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Printer Info Cache
[2011/06/04 23:37:18 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Qlock
[2010/03/13 16:26:20 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Research In Motion
[2011/02/26 10:39:41 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\WindSolutions
[2010/01/28 13:45:19 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\zweitgeist
[2011/02/27 09:00:02 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\BitTorrent
[2011/04/30 02:10:12 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Dev-Cpp
[2011/06/04 11:03:09 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Dropbox
[2010/12/18 13:36:04 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\NCH Swift Sound
[2010/02/22 22:45:06 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PC Suite
[2010/05/04 20:57:38 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Research In Motion
[2011/05/23 01:30:23 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/04 19:40:51 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7E7E64CB-B714-44CB-8064-85D510E98309}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: EXPLORER.EXE >
[2008/12/11 04:49:08 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/12/11 04:49:07 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/12/11 04:49:07 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/12/11 04:49:07 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/12/09 11:51:50 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/12/09 11:51:50 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/12/11 04:49:08 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Users\Alexandra\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Users\Alexandra\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Users\Alexandra\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Users\Alexandra\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/05 16:31:58 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/05 16:31:58 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/05 16:31:58 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/05 16:31:55 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/05 16:31:55 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/05 16:31:55 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Guest\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Guest\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Guest\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Guest\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Alexandra\InstallInfo\\ShowIconsCommand: "C:\Users\Alexandra\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Alexandra\InstallInfo\\HideIconsCommand: "C:\Users\Alexandra\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Alexandra\InstallInfo\\ReinstallCommand: "C:\Users\Alexandra\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Alexandra\shell\open\command\\: "C:\Users\Alexandra\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/02/23 00:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/02/23 00:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/02/23 00:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/02/23 02:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/02/23 02:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Users\Alexandra\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Users\Alexandra\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Users\Alexandra\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Users\Alexandra\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/05 16:31:58 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/05 16:31:58 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/05 16:31:58 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/05 16:31:55 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/05 16:31:55 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/05 16:31:55 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Guest\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Guest\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Guest\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Guest\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Alexandra\InstallInfo\\ShowIconsCommand: "C:\Users\Alexandra\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Alexandra\InstallInfo\\HideIconsCommand: "C:\Users\Alexandra\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Alexandra\InstallInfo\\ReinstallCommand: "C:\Users\Alexandra\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Alexandra\shell\open\command\\: "C:\Users\Alexandra\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/05/07 07:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/02/23 00:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/02/23 00:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/02/23 00:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/02/23 02:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/02/23 02:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation)

< End of report >

Attached Files


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this retry a normal boot, if it fails let me know what error you get

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
    IE - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
    IE - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - Reg Error: Key error. File not found
    FF - prefs.js..browser.search.defaultenginename: "Start Searcher"
    FF - prefs.js..browser.startup.homepage: "http://www.startsearcher.com"
    [2010/07/24 15:42:20 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ALEXANDRA\APPDATA\LOCAL\{F16F8660-32CC-4255-8631-B5D6064B49BF}
    File not found (No name found) -- C:\USERS\ALEXANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0ZBVEV68.DEFAULT\EXTENSIONS\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [HotKeysCmds] File not found
    O4 - HKLM..\Run: [IgfxTray] File not found
    O4 - HKLM..\Run: [Persistence] File not found
    O4 - HKLM..\Run: [UDC Integration] File not found
    O4 - HKU\S-1-5-21-2496002819-1112554539-2415406514-1003..\Run: [] File not found
    O33 - MountPoints2\{39840357-c820-11dd-926b-001e3de12acf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\system.exe
    O33 - MountPoints2\{39840357-c820-11dd-926b-001e3de12acf}\Shell\Explore\command - "" = G:\system.exe
    O33 - MountPoints2\{39840357-c820-11dd-926b-001e3de12acf}\Shell\Open\command - "" = G:\system.exe
    O33 - MountPoints2\{3984035d-c820-11dd-926b-001e3de12acf}\Shell\Auto\command - "" = J:\syslog.exe
    O33 - MountPoints2\{3984035d-c820-11dd-926b-001e3de12acf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\syslog.exe
    O33 - MountPoints2\{924f15fd-e31d-11dd-8ba0-001e3de12acf}\Shell\Auto\command - "" = syslog.exe
    O33 - MountPoints2\{924f15fd-e31d-11dd-8ba0-001e3de12acf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL syslog.exe
    O33 - MountPoints2\{92ebd65b-6d75-11de-8cf5-9aea29d44e13}\Shell\Auto\command - "" = G:\syslog.exe
    O33 - MountPoints2\{92ebd65b-6d75-11de-8cf5-9aea29d44e13}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\syslog.exe
    O33 - MountPoints2\G\Shell\Auto\command - "" = syslog.exe
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL syslog.exe
    [2011/05/28 17:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\bM28601KcLfD28601
    [2011/05/29 16:56:53 | 000,000,000 | ---D | C] -- C:\xmldm
    [2011/05/29 16:56:53 | 000,000,000 | ---D | C] -- C:\kock
    [2011/06/06 18:41:17 | 000,766,464 | ---- | M] () -- C:\Windows\System32\drivers\httjdbi.sys
    [2011/05/29 20:35:14 | 000,010,510 | -HS- | M] () -- C:\Users\Alexandra\AppData\Local\wpn60l13bbhlk20wox0f64cp3tw63145r
    [2011/05/29 19:27:23 | 000,010,518 | -HS- | M] () -- C:\ProgramData\wpn60l13bbhlk20wox0f64cp3tw63145r
    [2011/05/29 15:36:26 | 000,010,408 | -HS- | M] () -- C:\ProgramData\1579423775
    [2010/07/24 18:03:39 | 000,002,774 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\ewafevoridoz.dll
    [2010/07/24 17:43:16 | 000,002,774 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\ifuwogil.dll
    [2010/07/24 15:42:20 | 000,002,774 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\Wmarahemilek.dat
    [2010/07/24 15:42:20 | 000,000,000 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\Fzanuzageyab.bin
    [2010/07/24 15:40:56 | 000,766,464 | ---- | C] () -- C:\Windows\System32\drivers\httjdbi.sys
    [2011/03/04 08:34:44 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\AntiVirus AntiSpyware 2011

    :Files
    ipconfig /flushdns /c
    C:\Users\Alexandra\AppData\Local\wpn60l13bbhlk20wox0f64cp3tw63145r
    C:\ProgramData\1579423775
    C:\ProgramData\wpn60l13bbhlk20wox0f64cp3tw63145r

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

:files
attrib -H c:\*.* /s /d /c
  • 0

Advertisements


#11
rmuddana

rmuddana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I am running the fix for almost 10 min now. The moment i started running it, the screen went blank except for the OTLPE window. Is this normal? How long approximately this run should take?

Thanks
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The screen will go blank as OTL will stop all processes - and the time to run will be dependant on how much is in your temp files

What stage has it reached (it will state this on the status bar at the bottom )
  • 0

#13
rmuddana

rmuddana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ok, the fix has finished running. Restarted the computer and i let it boot normally to check if BSOD comes. And it did. Now restarted the machine to enter Safe mode with networking and running the quick scan now. Shall post logs soon.

Thanks
  • 0

#14
rmuddana

rmuddana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Please find attached the log for quick scan. Eagerly waiting for next steps.

Appreciate all the quick replies so far.

Thanks.

OTL logfile created on: 6/7/2011 1:10:45 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Alexandra\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 83.71% Memory free
3.13 Gb Paging File | 2.83 Gb Available in Paging File | 90.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.94 Gb Total Space | 66.80 Gb Free Space | 29.96% Space Free | Partition Type: NTFS
Drive D: | 9.94 Gb Total Space | 0.84 Gb Free Space | 8.50% Space Free | Partition Type: NTFS

Computer Name: ALEXANDRA-PC | User Name: Alexandra | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/06 18:33:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Alexandra\Desktop\OTL.exe
PRC - [2008/12/11 04:49:07 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/06 18:33:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Alexandra\Desktop\OTL.exe
MOD - [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/17 20:17:31 | 003,275,864 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/05/03 16:40:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/06 18:39:04 | 003,039,536 | ---- | M] (HideMyIP) [On_Demand | Stopped] -- C:\Program Files\Hide My IP\HideMyIpSrv.exe -- (HideMyIpSRV)
SRV - [2010/01/26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/03/18 07:04:44 | 001,685,024 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 03:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 03:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008/01/11 05:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/10/31 12:40:08 | 000,125,440 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/09/29 00:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/09/23 14:36:38 | 002,818,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/09/20 21:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/08/28 19:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/08/28 19:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/08/15 00:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/08/09 03:51:32 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/08/09 03:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/08/09 03:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/08/09 03:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/08/09 03:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/06/28 11:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 11:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/14 22:07:44 | 000,075,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe -- (ICScsiSV)
SRV - [2007/06/14 22:07:36 | 000,059,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 3\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2007/04/19 08:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2007/01/10 19:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/14 05:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 05:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 04:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - [2010/03/10 08:17:26 | 000,024,216 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/01/21 15:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/01/21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/01/21 01:59:58 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbgps.sys -- (UsbGps)
DRV - [2010/01/21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010/01/21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/12/30 12:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/12/30 12:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/12/30 12:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/12/30 12:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/12/30 12:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/08/07 12:47:40 | 000,033,728 | ---- | M] (Cambridge Silicon Radio Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jabradfuxp.sys -- (JabraDFU)
DRV - [2008/10/29 09:46:46 | 000,018,448 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fcdabus.sys -- (fcdabus)
DRV - [2008/10/21 14:54:08 | 000,086,800 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\fvxscsi.sys -- (FVXSCSI)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/04 04:20:12 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WPN111v.sys -- (WPN111)
DRV - [2008/01/19 02:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/19 01:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007/11/15 20:29:22 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/10/29 22:30:30 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/10/18 20:22:07 | 002,930,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/10/16 20:01:59 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/10/16 20:01:59 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/10/15 23:57:24 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/26 01:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/09/19 17:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/04 20:02:46 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/04 20:02:11 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/08/28 21:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/08/24 07:44:54 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/05/26 04:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/02/27 14:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2004/09/08 06:37:56 | 000,072,478 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fvdscsi.sys -- (FVDSCSI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKLM\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "PageRage Customized Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {EB132DB0-A4CA-11DF-9732-0E29E0D72085}:1.3
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22
FF - prefs.js..extensions.enabledItems: {c2f463d5-3b9b-43f7-b099-82fdcd01962f}:2.4.0.4
FF - prefs.js..extensions.enabledItems: {F16F8660-32CC-4255-8631-B5D6064B49BF}:1.9.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..keyword.URL: "http://toolbar.ask.c...1&gct=&gc=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/12/12 21:49:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/12/30 05:32:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/02/21 18:30:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2010/10/23 02:13:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 16:32:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/04 23:37:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\ProgramData\Mozilla Firefox\components [2010/09/21 12:30:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\ProgramData\Mozilla Firefox\plugins [2011/05/03 16:35:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/02/21 18:30:30 | 000,000,000 | ---D | M]

[2008/12/09 10:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Extensions
[2011/06/03 23:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\extensions
[2010/01/28 13:45:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/06 00:09:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(127)
[2010/01/28 13:45:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/19 13:43:02 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/01/28 13:45:19 | 000,000,000 | ---D | M] (Softonic-Eng12 Toolbar) -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\extensions\{c2f463d5-3b9b-43f7-b099-82fdcd01962f}
[2010/03/11 06:16:45 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010/01/28 13:45:17 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\extensions\[email protected]
[2009/03/29 08:26:55 | 000,000,682 | ---- | M] () -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\searchplugins\ask.xml
[2010/12/30 18:15:20 | 000,000,919 | ---- | M] () -- C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\0zbvev68.default\searchplugins\conduit.xml
[2009/05/07 04:58:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/21 18:30:29 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2010/10/23 02:13:36 | 000,000,000 | ---D | M] (FaceTheme - Change your Facebook layout!) -- C:\PROGRAM FILES\OBJECT\FACETHEME
File not found (No name found) -- C:\USERS\ALEXANDRA\APPDATA\LOCAL\{F16F8660-32CC-4255-8631-B5D6064B49BF}
File not found (No name found) -- C:\USERS\ALEXANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0ZBVEV68.DEFAULT\EXTENSIONS\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}
[2011/06/04 23:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\ALEXANDRA\PROGRAM FILES\DNA
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2011/05/28 13:06:29 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2011/06/07 12:38:23 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (4shared.com Toolbar) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - C:\Program Files\4shared.com\tb4sha.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [HotKeysCmds] File not found
O4 - HKLM..\Run: [iCall Internet Phone] C:\Program Files\iCall\iCall.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\ramsddd.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe (Bastea, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe (Oracle Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UDC Integration] File not found
O4 - HKLM..\Run: [VirtualDrive Network Server] C:\vdn\Files\SqlServerIpconfig.exe (FarStone Technology Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe (Thomas Ascher)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Alexandra\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\Alexandra\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe (Nokia)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - Startup: C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alexandra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
O4 - Startup: C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YPOPs.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 64
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\Program Files\Sony\Image Converter 3\menu.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.tvucricke...cx-en-black.cab (VodClient Control Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129 0.0.0.0
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/04/30 01:47:13 | 000,000,000 | ---D | M] - D:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2008/09/11 19:55:41 | 000,000,065 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{42a7ad61-c7ed-11dd-8fe8-001e3de12acf}\Shell - "" = AutoRun
O33 - MountPoints2\{42a7ad61-c7ed-11dd-8fe8-001e3de12acf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{42a7ad63-c7ed-11dd-8fe8-001e3de12acf}\Shell - "" = AutoRun
O33 - MountPoints2\{42a7ad63-c7ed-11dd-8fe8-001e3de12acf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{60a85bbb-c5f5-11dd-85ee-001dba3bac0c}\Shell - "" = AutoRun
O33 - MountPoints2\{60a85bbb-c5f5-11dd-85ee-001dba3bac0c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{60a85bcf-c5f5-11dd-85ee-001dba3bac0c}\Shell - "" = AutoRun
O33 - MountPoints2\{60a85bcf-c5f5-11dd-85ee-001dba3bac0c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{77e8631c-c7e8-11dd-8084-001dba3bac0c}\Shell - "" = AutoRun
O33 - MountPoints2\{77e8631c-c7e8-11dd-8084-001dba3bac0c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{824b9ac9-dd4d-11dd-ae53-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{824b9ac9-dd4d-11dd-ae53-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{acb3ca78-d81a-11dd-821d-001e3de12acf}\Shell - "" = AutoRun
O33 - MountPoints2\{acb3ca78-d81a-11dd-821d-001e3de12acf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ad792206-dadc-11dd-aa4c-001e3de12acf}\Shell - "" = AutoRun
O33 - MountPoints2\{ad792206-dadc-11dd-aa4c-001e3de12acf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{bdf0caaa-cca9-11dd-83b4-001dba3bac0c}\Shell - "" = AutoRun
O33 - MountPoints2\{bdf0caaa-cca9-11dd-83b4-001dba3bac0c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/07 12:38:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/06 21:02:01 | 002,643,968 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpdx32.dll
[2011/06/06 21:02:01 | 000,920,088 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
[2011/06/06 21:02:01 | 000,530,968 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcfg.exe
[2011/06/06 21:02:01 | 000,170,520 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxzoom.exe
[2011/06/06 21:02:01 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc
[2011/06/06 21:02:01 | 000,151,040 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpgd32.dll
[2011/06/06 21:02:01 | 000,110,592 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc
[2011/06/06 21:02:01 | 000,110,592 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc
[2011/06/06 21:02:01 | 000,057,344 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxprd32.dll
[2011/06/06 21:02:00 | 003,293,184 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxress.dll
[2011/06/06 21:02:00 | 002,334,720 | ---- | C] (Intel Corporation) -- C:\Windows\System32\iglicd32.dll
[2011/06/06 21:02:00 | 001,670,144 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpdv32.dll
[2011/06/06 21:02:00 | 000,294,912 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igldev32.dll
[2011/06/06 21:02:00 | 000,204,800 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxpph.dll
[2011/06/06 21:02:00 | 000,192,512 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc
[2011/06/06 21:02:00 | 000,192,512 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc
[2011/06/06 21:02:00 | 000,188,416 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc
[2011/06/06 21:02:00 | 000,188,416 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc
[2011/06/06 21:02:00 | 000,188,416 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxresp.lrc
[2011/06/06 21:02:00 | 000,184,320 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2011/06/06 21:02:00 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc
[2011/06/06 21:02:00 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc
[2011/06/06 21:02:00 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc
[2011/06/06 21:02:00 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc
[2011/06/06 21:02:00 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc
[2011/06/06 21:02:00 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc
[2011/06/06 21:02:00 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc
[2011/06/06 21:02:00 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc
[2011/06/06 21:02:00 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc
[2011/06/06 21:02:00 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc
[2011/06/06 21:02:00 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc
[2011/06/06 21:02:00 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc
[2011/06/06 21:02:00 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrenu.lrc
[2011/06/06 21:02:00 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc
[2011/06/06 21:02:00 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc
[2011/06/06 21:02:00 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc
[2011/06/06 21:02:00 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll
[2011/06/06 21:02:00 | 000,131,072 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc
[2011/06/06 21:02:00 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc
[2011/06/06 21:02:00 | 000,122,880 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl
[2011/06/06 21:02:00 | 000,048,128 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.dll
[2011/06/06 21:02:00 | 000,024,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxexps.dll
[2011/06/06 21:02:00 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\igmpagnt.dll
[2011/06/06 18:33:26 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Alexandra\Desktop\OTL.exe
[2011/06/04 18:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/06/04 14:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/06/04 14:52:05 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Opera
[2011/06/04 14:52:05 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Local\Opera
[2011/06/04 14:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/06/04 14:49:06 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\Avant Profiles
[2011/06/04 14:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avant Browser
[2011/05/28 19:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/05/28 19:03:53 | 000,000,000 | ---D | C] -- C:\Adobe
[2011/05/28 17:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\bM28601KcLfD28601
[2011/05/28 17:39:35 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/05/27 02:40:30 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\Desktop\New Folder
[2011/05/20 23:48:22 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\Desktop\Desktop1
[2011/05/16 00:15:58 | 000,000,000 | ---D | C] -- C:\hp12c-Classic-v4.2
[2011/05/14 00:18:08 | 000,000,000 | ---D | C] -- C:\Users\Alexandra\AppData\Roaming\HpUpdate
[2011/05/14 00:18:04 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2009/05/30 13:54:38 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2009/05/30 13:54:38 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2009/05/30 13:54:38 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2009/05/30 13:54:38 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2009/05/30 13:54:38 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2009/05/30 13:54:38 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2009/05/30 13:54:38 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxczcoms.exe
[2009/05/30 13:54:38 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2009/05/30 13:54:38 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2009/05/30 13:54:38 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2009/05/30 13:54:38 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxczih.exe
[2009/05/30 13:54:38 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxczcfg.exe
[2009/05/30 13:54:38 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2009/05/30 13:54:38 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2009/05/30 13:54:38 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/06/07 13:15:28 | 000,766,464 | ---- | M] () -- C:\Windows\System32\drivers\httjdbi.sys
[2011/06/07 13:08:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/07 13:07:57 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/06/07 12:38:23 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/06/07 12:29:26 | 000,001,356 | ---- | M] () -- C:\Users\Alexandra\AppData\Local\d3d9caps.dat
[2011/06/06 21:02:17 | 000,700,288 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/06 21:02:17 | 000,140,988 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/06 18:33:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Alexandra\Desktop\OTL.exe
[2011/06/04 19:40:51 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7E7E64CB-B714-44CB-8064-85D510E98309}.job
[2011/06/04 00:43:50 | 000,202,097 | ---- | M] () -- C:\Users\Alexandra\Desktop\ravi dad cake order.jpg
[2011/05/27 13:58:00 | 140,771,328 | ---- | M] () -- C:\Windows\ocsetup_install_XPS-Viewer.etl
[2011/05/27 13:52:15 | 000,268,806 | ---- | M] () -- C:\Users\Alexandra\Desktop\credit scores.xps
[2011/05/27 13:51:11 | 000,291,887 | ---- | M] () -- C:\Users\Alexandra\Desktop\credit report.xps
[2011/05/23 17:30:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2496002819-1112554539-2415406514-1003UA.job
[2011/05/23 17:28:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/23 16:47:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 16:47:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 14:28:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/23 01:30:23 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/23 00:03:22 | 000,000,911 | ---- | M] () -- C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/21 22:30:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2496002819-1112554539-2415406514-1003Core.job
[2011/05/20 15:17:19 | 000,105,472 | ---- | M] () -- C:\Users\Alexandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/13 18:58:28 | 000,582,563 | ---- | M] () -- C:\Users\Alexandra\Documents\100_4083.jpg

========== Files Created - No Company Name ==========

[2011/06/06 21:02:01 | 000,027,024 | ---- | C] () -- C:\Windows\System32\igxpxs32.vp
[2011/06/06 21:02:01 | 000,002,096 | ---- | C] () -- C:\Windows\System32\igxpxk32.vp
[2011/06/04 19:40:47 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/06/04 00:43:49 | 000,202,097 | ---- | C] () -- C:\Users\Alexandra\Desktop\ravi dad cake order.jpg
[2011/05/27 13:52:13 | 000,268,806 | ---- | C] () -- C:\Users\Alexandra\Desktop\credit scores.xps
[2011/05/27 13:51:09 | 000,291,887 | ---- | C] () -- C:\Users\Alexandra\Desktop\credit report.xps
[2011/05/13 18:58:45 | 000,582,563 | ---- | C] () -- C:\Users\Alexandra\Documents\100_4083.jpg
[2010/08/19 01:09:42 | 000,177,699 | ---- | C] () -- C:\Windows\hpwins20.dat
[2010/08/19 01:09:42 | 000,002,428 | ---- | C] () -- C:\Windows\hpwmdl20.dat
[2010/07/24 15:40:56 | 000,766,464 | ---- | C] () -- C:\Windows\System32\drivers\httjdbi.sys
[2010/02/06 18:13:02 | 000,040,960 | ---- | C] () -- C:\Windows\IsWow64.dll
[2010/02/06 18:11:07 | 000,118,784 | ---- | C] () -- C:\Windows\System32\DVC.dll
[2010/02/06 18:11:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Fsinst32.dll
[2010/02/06 18:11:07 | 000,005,120 | ---- | C] () -- C:\Windows\System32\Fsinst16.DLL
[2010/02/06 17:58:01 | 000,073,728 | ---- | C] () -- C:\Windows\XpIcfOpt.dll
[2010/02/06 17:47:42 | 000,000,010 | ---- | C] () -- C:\Windows\Wininit.ini
[2010/02/05 23:17:55 | 000,065,536 | ---- | C] () -- C:\Windows\System32\VDPersns.dat
[2010/02/05 23:16:26 | 000,014,496 | ---- | C] () -- C:\Windows\System32\VDI08X.dat
[2010/02/05 23:15:15 | 000,077,824 | ---- | C] () -- C:\Windows\System32\RDrv2KInterface.dll
[2010/02/05 23:15:15 | 000,053,248 | ---- | C] () -- C:\Windows\System32\RDrvNTInterface.dll
[2010/02/05 23:15:15 | 000,036,864 | ---- | C] () -- C:\Windows\System32\unVHDDrvExe.exe
[2010/02/05 23:15:15 | 000,036,864 | ---- | C] () -- C:\Windows\System32\inVHDDrvExe.exe
[2010/02/05 23:15:15 | 000,032,768 | ---- | C] () -- C:\Windows\System32\RDrv9xInterface.dll
[2010/02/05 23:15:15 | 000,028,672 | ---- | C] () -- C:\Windows\System32\RDrvInterface.dll
[2009/12/31 05:20:57 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/10/25 23:21:05 | 000,012,054 | R--- | C] () -- C:\Windows\hpwscr20.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/30 13:56:25 | 000,000,186 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009/05/30 13:54:38 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
[2009/05/30 13:54:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
[2009/05/10 07:11:56 | 000,121,305 | ---- | C] () -- C:\Windows\HPHins15.dat
[2009/05/10 07:11:56 | 000,002,885 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2009/01/11 15:20:53 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2009/01/11 15:20:53 | 000,000,025 | ---- | C] () -- C:\Windows\wpd99.drv
[2009/01/01 00:14:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/12/29 23:51:13 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/12/29 23:51:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/09 10:15:25 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008/12/09 09:50:06 | 000,105,472 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/09 08:03:23 | 000,001,356 | ---- | C] () -- C:\Users\Alexandra\AppData\Local\d3d9caps.dat
[2008/04/30 02:33:18 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/04/30 02:14:56 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2008/04/30 02:13:51 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2008/03/04 12:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2007/12/20 18:17:28 | 000,000,836 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/12/20 16:59:41 | 000,000,034 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2007/12/20 15:53:57 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2007/12/20 15:53:56 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/12/20 15:53:56 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/12/20 15:53:56 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/12/19 22:32:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/10/31 03:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/10/30 14:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/05/17 07:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2007/04/16 07:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2007/02/07 11:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 02:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,401,872 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,700,288 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,140,988 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/07 07:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006/03/27 05:19:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
[2006/03/07 05:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006/01/10 11:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006/01/10 11:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
[2001/11/14 17:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

< End of report >

Attached Files

  • Attached File  OTL.Txt   98.19KB   87 downloads

  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thois first run might not cure it but, it will show if there is anything else hiding - what error does the blue screen give ?

1. Please download The Avenger2 by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:

Files to delete:
C:\Windows\System32\drivers\httjdbi.sys


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh OTL log .
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP