Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blue screen


  • This topic is locked This topic is locked

#1
Billy Plavsic

Billy Plavsic

    New Member

  • Member
  • Pip
  • 1 posts
I cant boot up unless in safe mode, its annoying i did the otl


OTL logfile created on: 8/8/2011 7:54:38 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\jeffy\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 73.88% Memory free
2.57 Gb Paging File | 2.25 Gb Available in Paging File | 87.52% Paging File free
Paging file location(s): c:\pagefile.sys 800 2875 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 151.12 Gb Free Space | 50.70% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 65.66 Gb Free Space | 58.74% Space Free | Partition Type: NTFS

Computer Name: MINE | User Name: jeffy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/08 07:54:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\jeffy\Downloads\OTL.exe
PRC - [2011/07/27 04:03:22 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2008/12/17 23:48:10 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/02 05:45:54 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe


========== Modules (SafeList) ==========

MOD - [2011/08/08 07:54:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\jeffy\Downloads\OTL.exe
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2007/09/12 14:17:02 | 000,265,912 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 07:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/06/29 22:49:01 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jhdwsnb.sys -- (rjlh)
DRV - [2008/09/08 23:58:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/05/22 22:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/21 01:13:04 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2007/05/04 01:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2006/11/02 02:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\jeffy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2011/08/02 01:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jeffy\AppData\Roaming\mozilla\Firefox\Profiles\e9ubs377.default\extensions
[2011/07/28 20:45:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jeffy\AppData\Roaming\mozilla\Firefox\Profiles\e9ubs377.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/07/28 20:45:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jeffy\AppData\Roaming\mozilla\Firefox\Profiles\e9ubs377.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/02 01:46:25 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\jeffy\AppData\Roaming\mozilla\Firefox\Profiles\e9ubs377.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - No CLSID value found.
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [8DDYX0ZBPZ] C:\Users\jeffy\AppData\Local\Temp\Stf.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\jeffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\jeffy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DriveConfiguration = [Binary data over 100 bytes]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: google.com ([b.mail] https in Local intranet)
O15 - HKCU\..Trusted Domains: google.com ([mail] https in Local intranet)
O15 - HKCU\..Trusted Domains: google.com ([www] https in Local intranet)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Aces Up! by pogo http://game1.pogo.co.../aces-en_US.cab (Reg Error: Key error.)
O16 - DPF: Backgammon by pogo http://game1.pogo.co...ammon-en_US.cab (Reg Error: Key error.)
O16 - DPF: Battle Phlinx by pogo http://game1.pogo.co...hlinx-en_US.cab (Reg Error: Key error.)
O16 - DPF: Bingo Luau by pogo http://game1.pogo.co...bingo-en_US.cab (Reg Error: Key error.)
O16 - DPF: Blackjack Carnival by pogo http://game1.pogo.co...jack2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Bowling by pogo http://game1.pogo.co...wling-en_US.cab (Reg Error: Key error.)
O16 - DPF: Canasta by pogo http://game1.pogo.co...nasta-en_US.cab (Reg Error: Key error.)
O16 - DPF: Chess by pogo http://game1.pogo.co...hess2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Cribbage by pogo http://game1.pogo.co...bbage-en_US.cab (Reg Error: Key error.)
O16 - DPF: Dice City Roller by pogo http://game1.pogo.co...z/ytz-en_US.cab (Reg Error: Key error.)
O16 - DPF: Euchre by pogo http://game1.pogo.co...uchre-en_US.cab (Reg Error: Key error.)
O16 - DPF: First Class Solitaire by pogo http://game1.pogo.co...lass2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Fortune Bingo by pogo http://game1.pogo.co...bingo-en_US.cab (Reg Error: Key error.)
O16 - DPF: Hangman Hijinks by pogo http://game1.pogo.co...ngman-en_US.cab (Reg Error: Key error.)
O16 - DPF: Harvest Mania by pogo http://game1.pogo.co...rvest-en_US.cab (Reg Error: Key error.)
O16 - DPF: Hearts by pogo http://game1.pogo.co...earts-en_US.cab (Reg Error: Key error.)
O16 - DPF: High Stakes Pool by pogo http://game1.pogo.co.../pool-en_US.cab (Reg Error: Key error.)
O16 - DPF: Hog Heaven Slots by pogo http://game1.pogo.co...fancy-en_US.cab (Reg Error: Key error.)
O16 - DPF: Jigsaw Detective by pogo http://game1.pogo.co...igsaw-en_US.cab (Reg Error: Key error.)
O16 - DPF: Jungle Gin by pogo http://game1.pogo.co.../gin2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Lost Temple Poker by pogo http://game1.pogo.co...poker-en_US.cab (Reg Error: Key error.)
O16 - DPF: Lottso by pogo http://game1.pogo.co...ottso-en_US.cab (Reg Error: Key error.)
O16 - DPF: Mah Jong Garden by pogo http://game1.pogo.co...jong2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Makeover Madness by pogo http://game1.pogo.co...shoes-en_US.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O16 - DPF: No-Limit Texas Hold'em by pogo http://game1.pogo.co...allin-en_US.cab (Reg Error: Key error.)
O16 - DPF: Pai Gow by pogo http://game1.pogo.co...aigow-en_US.cab (Reg Error: Key error.)
O16 - DPF: Payday Freecell Solitaire by pogo http://game1.pogo.co...cell2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Penguin Blocks by pogo http://game1.pogo.co...guins-en_US.cab (Reg Error: Key error.)
O16 - DPF: Perfect Pair Solitaire by pogo http://game1.pogo.co...wheel-en_US.cab (Reg Error: Key error.)
O16 - DPF: Phlinx by pogo http://game1.pogo.co...inger-en_US.cab (Reg Error: Key error.)
O16 - DPF: Pinochle by pogo http://game1.pogo.co...ochle-en_US.cab (Reg Error: Key error.)
O16 - DPF: PoppaZoppa by pogo http://game1.pogo.co...zoppa-en_US.cab (Reg Error: Key error.)
O16 - DPF: Poppit by pogo http://game1.pogo.co...ppit2-en_US.cab (Reg Error: Key error.)
O16 - DPF: QWERTY by pogo http://game1.pogo.co...uares-en_US.cab (Reg Error: Key error.)
O16 - DPF: Ride The Tide by pogo http://game1.pogo.co.../ride-en_US.cab (Reg Error: Key error.)
O16 - DPF: Shuffle Bump by pogo http://game1.pogo.co.../puck-en_US.cab (Reg Error: Key error.)
O16 - DPF: Spades 2 by pogo http://game1.pogo.co...ades2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Spider Solitaire by pogo http://game1.pogo.co...pider-en_US.cab (Reg Error: Key error.)
O16 - DPF: Spooky Slots http://game1.pogo.co...pooky-en_US.cab (Reg Error: Key error.)
O16 - DPF: Squelchies by pogo http://game1.pogo.co...chies-en_US.cab (Reg Error: Key error.)
O16 - DPF: Stax by pogo http://game1.pogo.co.../stax-en_US.cab (Reg Error: Key error.)
O16 - DPF: Texas Hold'em Poker by pogo http://game1.pogo.co...oldem-en_US.cab (Reg Error: Key error.)
O16 - DPF: Thousand Island Solitaire by pogo http://game1.pogo.co...lbrae-en_US.cab (Reg Error: Key error.)
O16 - DPF: Tri-Peaks by pogo http://game1.pogo.co...peaks-en_US.cab (Reg Error: Key error.)
O16 - DPF: Tumble Bees by pogo http://game1.pogo.co...mbee2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Wonderland Memories by pogo http://game1.pogo.co...ories-en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Craft by pogo http://game1.pogo.co...abble-en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Search Daily by pogo http://game1.pogo.co...earch-en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Whomp by pogo http://game1.pogo.co...homp2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Whomp Whackdown by pogo http://game1.pogo.co...kdown-en_US.cab (Reg Error: Key error.)
O16 - DPF: WordJong by pogo http://game1.pogo.co...djong-en_US.cab (Reg Error: Key error.)
O16 - DPF: World Class Solitaire by pogo http://game1.pogo.co...class-en_US.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\jeffy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\jeffy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/26 05:21:35 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8228bb9e-a80c-11dc-92ca-001a921f505b}\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/08/08 07:39:42 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\ChemTable Software
[2011/08/08 07:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Uninstall
[2011/08/08 07:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Full Uninstall
[2011/08/08 07:39:30 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Local\ChemTable Software
[2011/08/08 07:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Life
[2011/08/08 07:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Life
[2011/08/08 02:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\WinMend
[2011/08/08 02:10:23 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2011/08/08 02:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp360
[2011/08/08 02:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp360
[2011/08/08 01:43:25 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\RegGenie
[2011/08/08 01:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\RegGenie
[2011/08/08 01:37:20 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\DriverFinder
[2011/08/07 23:31:56 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\Error Fix
[2011/08/07 23:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Error Fix
[2011/08/07 23:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2011/08/07 23:02:10 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\ParetoLogic
[2011/08/07 23:02:10 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\DriverCure
[2011/08/07 23:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/08/07 20:49:03 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\gpvneego.sys
[2011/08/07 20:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/08/06 20:24:34 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\vlc
[2011/08/06 18:03:20 | 000,000,000 | R--D | C] -- C:\Users\jeffy\Contacts
[2011/08/06 17:23:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/08/06 16:35:56 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/08/06 16:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/08/06 16:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/08/06 16:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/08/06 16:26:15 | 000,000,000 | ---D | C] -- C:\extensions
[2011/08/06 16:26:11 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Local\Conduit
[2011/08/06 16:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/08/06 16:25:55 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Local\uTorrent
[2011/08/06 16:15:08 | 000,000,000 | R--D | C] -- C:\Users\jeffy\Documents
[2011/08/06 16:08:57 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/08/06 16:08:41 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\BitComet
[2011/08/06 16:08:40 | 000,000,000 | R--D | C] -- C:\Users\jeffy\Desktop
[2011/08/06 03:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/08/01 12:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/08/01 12:15:12 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\AnvSoft
[2011/08/01 12:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2011/08/01 10:45:10 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\AVS4YOU
[2011/08/01 10:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2011/08/01 10:40:50 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll
[2011/08/01 10:40:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2011/08/01 10:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2011/07/30 19:12:26 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\Systweak
[2011/07/30 19:12:23 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2011/07/28 23:35:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/28 14:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011/07/28 13:45:53 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Local\OpenCandy
[2011/07/28 13:45:48 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\OpenCandy
[2011/07/22 00:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/07/21 01:34:54 | 000,054,104 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/07/21 00:28:55 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Local\Microsoft Corporation
[2011/07/17 19:39:48 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\AVG
[2011/07/17 16:13:28 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\AVG10
[2011/07/17 16:12:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/07/17 16:12:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/07/17 16:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/07/17 13:11:12 | 000,000,000 | ---D | C] -- C:\Windows\nvtmpinst
[2011/07/17 12:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2011/07/17 12:34:16 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\WinBatch
[2011/07/17 12:08:21 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Local\Real
[2011/07/17 12:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011/07/17 12:07:36 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\Real
[2011/07/16 23:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/07/16 23:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/07/16 23:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/07/14 22:19:28 | 000,000,000 | R--D | C] -- C:\Users\jeffy\Dropbox
[2011/07/14 22:15:38 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/07/14 22:15:19 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\Dropbox
[2011/07/14 19:04:31 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Local\Mozilla
[2011/07/14 18:03:30 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Local\Google
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/08 07:47:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/08 07:46:34 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/08 07:46:34 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/08/08 07:46:32 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Error Fix Startup.job
[2011/08/08 07:46:30 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\hxihlwt.job
[2011/08/08 07:46:27 | 000,004,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/08 07:46:27 | 000,004,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/08 07:39:31 | 000,000,871 | ---- | M] () -- C:\Users\jeffy\Desktop\Full Uninstall - a complete software removal tool.lnk
[2011/08/08 07:39:29 | 000,000,859 | ---- | M] () -- C:\Users\jeffy\Desktop\Registry Life.lnk
[2011/08/08 07:22:54 | 000,397,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/08 07:20:43 | 000,000,000 | ---- | M] () -- C:\Users\jeffy\AppData\Local\{B5FC6F83-B668-4D75-9F6F-30B6DFB0BC16}
[2011/08/08 06:53:09 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/08/08 03:57:45 | 000,000,680 | ---- | M] () -- C:\Users\jeffy\AppData\Local\d3d9caps.dat
[2011/08/08 02:01:44 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\TuneUp360 Reminder.job
[2011/08/08 01:52:34 | 000,190,976 | ---- | M] () -- C:\Windows\Svywyb.exe
[2011/08/08 00:31:20 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/08 00:24:41 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\Error Fix Scan.job
[2011/08/08 00:23:00 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AC6ADC65-0E91-4882-819C-7B63F48F28F4}.job
[2011/08/07 23:58:18 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/07 23:15:41 | 000,065,024 | RHS- | M] () -- C:\Windows\System32\msidlef.dll
[2011/08/07 23:15:40 | 000,190,976 | ---- | M] () -- C:\Windows\Svywya.exe
[2011/08/07 20:49:03 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\gpvneego.sys
[2011/08/06 16:31:25 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/08/06 16:26:06 | 000,000,776 | ---- | M] () -- C:\Users\jeffy\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/08/06 16:26:06 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/08/06 03:15:57 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/04 21:07:59 | 000,193,536 | ---- | M] () -- C:\Users\jeffy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/01 14:45:23 | 000,000,949 | ---- | M] () -- C:\Users\jeffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
[2011/07/30 19:40:01 | 000,001,660 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
[2011/07/22 19:22:07 | 212,807,466 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/22 00:26:16 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/21 17:47:47 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/07/21 17:47:47 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/07/21 01:41:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/07/20 23:39:50 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/07/17 12:59:00 | 000,000,921 | ---- | M] () -- C:\Windows\QSFVExit.bat
[2011/07/16 23:45:29 | 000,001,955 | ---- | M] () -- C:\Users\jeffy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/14 22:15:45 | 000,000,921 | ---- | M] () -- C:\Users\jeffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/07/14 07:50:33 | 000,000,170 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/08 07:39:31 | 000,000,871 | ---- | C] () -- C:\Users\jeffy\Desktop\Full Uninstall - a complete software removal tool.lnk
[2011/08/08 07:39:29 | 000,000,859 | ---- | C] () -- C:\Users\jeffy\Desktop\Registry Life.lnk
[2011/08/08 07:20:43 | 000,000,000 | ---- | C] () -- C:\Users\jeffy\AppData\Local\{B5FC6F83-B668-4D75-9F6F-30B6DFB0BC16}
[2011/08/08 02:01:44 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\TuneUp360 Reminder.job
[2011/08/08 01:52:39 | 000,190,976 | ---- | C] () -- C:\Windows\Svywyb.exe
[2011/08/08 01:39:48 | 000,299,544 | ---- | C] () -- C:\Windows\RegGenieOnUninstall.exe
[2011/08/08 01:05:29 | 000,000,680 | ---- | C] () -- C:\Users\jeffy\AppData\Local\d3d9caps.dat
[2011/08/07 23:31:58 | 000,000,430 | ---- | C] () -- C:\Windows\tasks\Error Fix Scan.job
[2011/08/07 23:31:57 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Error Fix Startup.job
[2011/08/07 23:15:47 | 000,190,976 | ---- | C] () -- C:\Windows\Svywya.exe
[2011/08/07 23:15:44 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/08/07 23:15:42 | 000,000,246 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/08/07 23:15:41 | 000,065,024 | RHS- | C] () -- C:\Windows\System32\msidlef.dll
[2011/08/07 23:15:41 | 000,000,302 | -HS- | C] () -- C:\Windows\tasks\hxihlwt.job
[2011/08/07 20:24:08 | 000,002,243 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/08/07 20:23:53 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/08/06 16:31:25 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/08/06 16:26:06 | 000,000,776 | ---- | C] () -- C:\Users\jeffy\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/08/06 16:26:06 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/08/01 14:45:23 | 000,000,949 | ---- | C] () -- C:\Users\jeffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
[2011/08/01 12:31:35 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/08/01 12:31:35 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/07/30 19:36:19 | 000,001,660 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2011/07/21 17:33:37 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/07/21 17:33:37 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/07/20 23:39:50 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/07/17 15:58:23 | 212,807,466 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/07/17 12:59:00 | 000,000,921 | ---- | C] () -- C:\Windows\QSFVExit.bat
[2011/07/17 12:08:56 | 000,153,088 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2011/07/16 23:45:29 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/07/16 23:45:29 | 000,001,955 | ---- | C] () -- C:\Users\jeffy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/16 23:42:29 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/16 23:42:28 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/14 22:15:45 | 000,000,921 | ---- | C] () -- C:\Users\jeffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/07/14 18:11:35 | 000,000,430 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{AC6ADC65-0E91-4882-819C-7B63F48F28F4}.job
[2010/10/07 09:25:03 | 000,000,170 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/06/30 07:14:39 | 000,011,264 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2010/06/30 07:09:17 | 000,000,036 | ---- | C] () -- C:\Users\jeffy\AppData\Local\housecall.guid.cache
[2010/06/29 22:49:01 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\jhdwsnb.sys
[2010/06/08 08:20:55 | 000,000,120 | ---- | C] () -- C:\Users\jeffy\AppData\Local\Sfolidu.dat
[2010/06/08 08:20:55 | 000,000,000 | ---- | C] () -- C:\Users\jeffy\AppData\Local\Edopehocozisi.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/14 15:16:09 | 000,178,672 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/03/13 09:50:52 | 000,478,208 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2009/03/13 09:50:52 | 000,117,336 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2009/02/08 10:47:32 | 000,000,028 | ---- | C] () -- C:\Windows\wwwbatch.ini
[2008/10/12 12:29:26 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/04/20 19:14:24 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/01/18 19:09:37 | 000,000,008 | ---- | C] () -- C:\Windows\System32\mscertv.dll
[2008/01/18 19:09:31 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2007/11/03 14:12:28 | 000,023,104 | ---- | C] () -- C:\Windows\System32\svcprmpt.dll
[2007/11/03 14:12:27 | 000,030,976 | ---- | C] () -- C:\Windows\rascntrl.dll
[2007/08/23 15:46:04 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/08/18 19:00:54 | 000,001,156 | ---- | C] () -- C:\Windows\mozver.dat
[2007/06/19 09:35:15 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2007/06/06 16:46:57 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2007/05/04 10:58:33 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2007/05/04 10:58:30 | 000,947,984 | ---- | C] () -- C:\Windows\System32\msjava.dll
[2007/03/21 16:23:52 | 000,000,030 | ---- | C] () -- C:\Windows\System32\richtxt4.dll
[2007/03/21 16:23:52 | 000,000,029 | ---- | C] () -- C:\Windows\pool.ini
[2007/03/09 14:25:05 | 000,023,580 | ---- | C] () -- C:\Users\jeffy\AppData\Roaming\UserTile.png
[2007/02/20 17:47:10 | 000,000,428 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2007/02/08 13:01:03 | 000,000,018 | ---- | C] () -- C:\Windows\wininit.ini
[2007/02/04 18:56:55 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/02/04 13:16:41 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/02/04 13:13:40 | 000,000,028 | ---- | C] () -- C:\Windows\atid.ini
[2007/02/02 21:12:08 | 000,193,536 | ---- | C] () -- C:\Users\jeffy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/26 05:16:09 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2006/12/26 05:10:56 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2006/12/26 05:10:56 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,397,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,621,314 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,662 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/06/09 16:26:57 | 000,248,022 | ---- | C] () -- C:\Windows\jsd.dat
[2006/04/30 00:34:04 | 000,049,152 | ---- | C] () -- C:\Windows\System32\WbxRMenu.dll
[2006/04/13 23:18:24 | 000,196,608 | ---- | C] () -- C:\Windows\System32\atonres.dll
[2006/04/13 23:18:24 | 000,131,072 | ---- | C] () -- C:\Windows\System32\WbxMSAI.dll
[2006/04/13 23:18:24 | 000,098,304 | ---- | C] () -- C:\Windows\System32\atonecli.dll
[1999/03/04 23:42:08 | 000,000,136 | ---- | C] () -- C:\Windows\System32\mstraps.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:1892CA505E718FB5
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:07348C09
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:2D0C22DC
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:9B7E8561
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:C8E29393
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:A73EAFFB
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:4EFDF5FB
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:5EC637CB
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:D09AEE3D
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:1A6AFE3D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:13D82150

< End of report >
  • 0

Advertisements


#2
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, Billy Plavsic! :unsure:

:) I'm Nedklaw and I'll be glad to help you with your malware issues. :yes:

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for Billy Plavsic only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


Could you also post Extras.txt (should be in the same location as OTL.txt).


Things I want to see in your next reply

  • Extras.txt

  • 0

#3
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Next:

Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image


Things I want to see in your next reply

  • Extras.txt
  • aswMBR.txt

  • 0

#4
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Step 1

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL 
    DRV - [2010/06/29 22:49:01 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jhdwsnb.sys -- (rjlh)
    FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKCU..\Run: [8DDYX0ZBPZ] C:\Users\jeffy\AppData\Local\Temp\Stf.exe ()
    [2011/08/07 23:31:56 | 000,000,000 | ---D | C] -- C:\Users\jeffy\AppData\Roaming\Error Fix
    [2011/08/07 23:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Error Fix
    [2011/08/07 23:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
    [2011/08/07 20:49:03 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\gpvneego.sys
    [2011/08/06 16:26:15 | 000,000,000 | ---D | C] -- C:\extensions
    [2011/08/08 07:46:34 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
    [2011/08/08 07:46:32 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Error Fix Startup.job
    [2011/08/08 07:46:30 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\hxihlwt.job
    [2011/08/08 07:20:43 | 000,000,000 | ---- | M] () -- C:\Users\jeffy\AppData\Local\{B5FC6F83-B668-4D75-9F6F-30B6DFB0BC16}
    [2011/08/08 06:53:09 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2011/08/08 01:52:34 | 000,190,976 | ---- | M] () -- C:\Windows\Svywyb.exe
    [2011/08/08 00:24:41 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\Error Fix Scan.job
    [2011/08/07 23:15:41 | 000,065,024 | RHS- | M] () -- C:\Windows\System32\msidlef.dll
    [2011/08/07 23:15:40 | 000,190,976 | ---- | M] () -- C:\Windows\Svywya.exe
    [2010/06/29 22:49:01 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\jhdwsnb.sys
    [2008/01/18 19:09:37 | 000,000,008 | ---- | C] () -- C:\Windows\System32\mscertv.dll
    [2006/06/09 16:26:57 | 000,248,022 | ---- | C] () -- C:\Windows\jsd.dat
    [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    @Alternate Data Stream - 24 bytes -> C:\Windows:1892CA505E718FB5
    @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:07348C09
    @Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:2D0C22DC
    @Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:9B7E8561
    @Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:C8E29393
    @Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:A73EAFFB
    @Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:4EFDF5FB
    @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:5EC637CB
    @Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:588B60C7
    @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:D09AEE3D
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:1A6AFE3D
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:13D82150
    
    :Files
    ipconfig /flushdns /c
    
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [EMPTYFLASH]
    [CREATERESTOREPOINT] 
    [Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Hi, :unsure:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • TDSSKiller.[Version]_[Date]_[Time]_log.txt

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP