Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

No Boot After Malware Removal [Solved]

Started by oze , Jul 27 2013 09:57 PM

  • This topic is locked This topic is locked

#16
oze
Posted 01 August 2013 - 04:16 PM

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Phew, thanks for that! Here is the resultant fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2013 01
Ran by SYSTEM at 2013-08-01 18:14:10 Run:2
Running from F:\
Boot Mode: Recovery
==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====
  • 0

Advertisements

#17
emeraldnzl
Posted 01 August 2013 - 04:27 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Phew, thanks for that! Here is the resultant fixlog.txt:


Does that mean you can boot into normal mode now? :)

If so do this:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    /md5start
explorer.exe
Userinit.exe
wininit.exe
/md5stop
CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.

    o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post back here.

Edited by emeraldnzl, 01 August 2013 - 04:32 PM.
spelling

  • 0

#18
oze
Posted 01 August 2013 - 05:34 PM

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Well, we have progressed a bit. However, as Windows loads, I get a "Logon Process Initialization Failure" window, which states:

Interactive logon process initialization has failed.
Please consult the event log for more details.

Which continues to repeat as I "OK" out of it. This occurs with a normal boot attempt and an attempt to boot into Safe Mode.
  • 0

#19
emeraldnzl
Posted 01 August 2013 - 05:46 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Which continues to repeat as I "OK" out of it. This occurs with a normal boot attempt and an attempt to boot into Safe Mode.


I take it that you get to a black screen with options including Normal Mode, Safe Mode etc. and it's after selecting one of these that you get the error message.

If that is so please try selecting the Command Prompt option. If you can get there then type in the following:

sfc /scannow

Note the space, it should be there.

Press enter

  • You should see the following on-screen messages:

    Beginning the system scan. This process will take some time.

    Beginning verification phase of system scan.

    Verification % complete.
  • Once the scan has completed you will receive an onscreen message resembling one of the following:

    …found no integrity violations

    …found corruption but repaired it

    …found corruption that it could not repair
Please reply with the completion message that you received.
  • 0

#20
oze
Posted 01 August 2013 - 05:55 PM

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Deep breath...

Even when selecting Safe Mode with Command Prompt, I get the same error window. I cannot proceed past it.

I appreciate you having so much patience with this extremely frustrating problem.
  • 0

#21
emeraldnzl
Posted 01 August 2013 - 06:00 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hmm... I wonder if we can do this with a CD.

This is a way to access your computer using a disk we will create.

Before starting you might like to print these instruction out so that you know what you are doing

  • Download OTLPE.iso and save it somewhere you can get it.
  • Insert a writable blank CD/DVD in your CD drive and click on the OTPLE.iso to burn a CD. NOTE:
  • Reboot your infected system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
  • The CD needs to detect your hardware and load the operating system...can take a bit of time, just be patient :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • If asked "Do you wish to load the remote registry", select Yes
  • If asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#22
oze
Posted 01 August 2013 - 06:46 PM

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Very cool tool! Here is the log:



OTL logfile created on: 8/1/2013 9:24:55 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86)
Drive C: | 13.25 Gb Total Space | 5.34 Gb Free Space | 40.33% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 75.68 Gb Free Space | 16.25% Space Free | Partition Type: NTFS
Drive I: | 1849.73 Gb Total Space | 1442.18 Gb Free Space | 77.97% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- I:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/02 13:10:32 | 000,086,216 | ---- | M] (PC Pitstop LLC) [Auto] -- I:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2012/12/15 14:29:55 | 000,189,248 | ---- | M] () [Auto] -- I:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/12/15 14:29:44 | 000,076,888 | ---- | M] () [Auto] -- I:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [On_Demand] -- I:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/08/11 18:48:06 | 000,248,304 | ---- | M] (CyberLink) [On_Demand] -- I:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- I:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto] -- I:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/11 11:06:54 | 000,039,504 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand] -- I:\Windows\System32\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2013/03/28 23:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/03/28 22:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 07:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- I:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/10/24 13:39:02 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto] -- I:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2012/06/13 03:00:48 | 000,726,160 | ---- | M] (Realtek ) [Kernel | On_Demand] -- I:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/05/28 07:09:04 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- I:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- I:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- I:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/29 17:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/20 17:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- I:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/10/27 03:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/10/27 03:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/24 08:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- I:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- I:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/03/23 15:07:28 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- I:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/12/10 00:16:22 | 000,023,552 | ---- | M] (defrag Development Team) [Kernel | On_Demand] -- I:\Windows\SysWOW64\drivers\dfg.sys -- (dfg)
DRV - [2007/07/26 05:00:00 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- I:\Windows\SysWOW64\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2005/12/15 20:13:34 | 000,274,432 | ---- | M] (Sunbelt Software) [Kernel | System] -- I:\Windows\SysWOW64\drivers\fwdrv.sys -- (fwdrv)
DRV - [2005/12/15 20:01:52 | 000,081,920 | ---- | M] () [Kernel | System] -- I:\Windows\SysWOW64\drivers\khips.sys -- (khips)
DRV - [2005/12/15 16:27:52 | 000,034,639 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- I:\Windows\SysWOW64\drivers\FTD2XX.sys -- (FTD2XX)
DRV - [2004/04/10 09:43:54 | 000,004,608 | ---- | M] ([email protected]) [Kernel | System] -- I:\Windows\SysWOW64\mbmiodrvr.sys -- (mbmiodrvr)
DRV - [2001/08/18 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- I:\Windows\SysWow64\winsock.dll -- (Winsock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_I\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\Administrator_ON_I\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
IE - HKU\Administrator_ON_I\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\Administrator_ON_I\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Administrator_ON_I\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\Administrator_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.facebook.com/login.php
IE - HKU\Administrator_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Oze_ON_I\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\Oze_ON_I\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
IE - HKU\Oze_ON_I\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Oze_ON_I\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\Oze_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.live.c...bcxt=mai&snsc=1
IE - HKU\Oze_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.facebook.com/login.php
IE - HKU\Oze_ON_I\..\URLSearchHook: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - Reg Error: Key error. File not found
IE - HKU\Oze_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "VisualBee V.1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...13524572984971"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.foxnews.com/"
FF - prefs.js..extensions.enabledItems: {595b0a3f-adff-4c15-b0b5-3b97e42ea839}:1.0
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.4
FF - prefs.js..extensions.enabledItems: {F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}:3.6
FF - prefs.js..keyword.URL: "http://search.condui...24572984971&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\Windows\System32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: I:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: I:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: I:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: I:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: I:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: I:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: I:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: I:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/SAFFPlugin: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: I:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: I:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: I:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame: I:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@oberon-media.com/ONCAdapter: I:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: I:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@viewpoint.com/VMP: I:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: I:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: I:\Users\Oze\AppData\Local\Roblox\Versions\version-14148f7d00f24d47\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: I:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: I:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: I:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/07 18:37:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/08 23:08:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/04/20 14:27:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/07/08 23:08:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/07 18:37:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/08 23:08:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/04/20 14:27:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/07/08 23:08:55 | 000,000,000 | ---D | M]

[2012/09/13 20:14:27 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Oze\AppData\Roaming\Mozilla\Extensions
[2011/09/18 01:54:49 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Oze\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/07/26 09:22:16 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions
[2013/07/23 16:38:20 | 000,000,000 | ---D | M] ("QuickShare Widget") -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{595b0a3f-adff-4c15-b0b5-3b97e42ea839}
[2011/09/18 01:54:53 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2)
[2011/09/18 01:54:53 | 000,000,000 | ---D | M] (IE View) -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}(2)
[2013/05/17 16:04:20 | 000,000,000 | ---D | M] (WOT) -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/07/07 20:27:00 | 000,000,000 | ---D | M] (ReminderFox) -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2013/07/25 17:29:35 | 000,000,000 | ---D | M] (.) -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
[2012/01/28 18:49:17 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\[email protected]
[2011/09/29 00:02:27 | 000,000,000 | ---D | M] (Disconnect) -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\[email protected]
[2010/06/20 22:46:16 | 000,002,269 | ---- | M] () -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\searchplugins\aol-search.xml
[2011/08/28 16:04:31 | 000,001,945 | ---- | M] () -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\searchplugins\bing-zugo.xml
[2013/01/25 07:41:52 | 000,000,985 | ---- | M] () -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\searchplugins\conduit.xml
[2013/05/26 11:04:08 | 000,002,053 | ---- | M] () -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\searchplugins\hostip.xml
[2012/09/13 20:14:24 | 000,002,519 | ---- | M] () -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\searchplugins\Search_Results.xml
[2007/06/09 13:57:08 | 000,002,386 | ---- | M] () -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\searchplugins\siteadvisor.xml
[2006/10/24 18:06:44 | 000,001,668 | ---- | M] () -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\searchplugins\stumbleupon.xml
[2013/07/07 18:37:02 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/07 18:37:02 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/07 18:37:05 | 000,000,000 | ---D | M] (Default) -- I:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
() (No name found) -- I:\USERS\OZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1NQ9I9MP.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- I:\USERS\OZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1NQ9I9MP.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- I:\USERS\OZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1NQ9I9MP.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- I:\USERS\OZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1NQ9I9MP.DEFAULT\EXTENSIONS\[email protected]
[2011/09/17 20:00:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- I:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2006/09/22 22:34:35 | 000,396,288 | ---- | M] () -- I:\Program Files (x86)\mozilla firefox\plugins\npagent.dll
[2006/01/18 14:50:00 | 000,319,488 | ---- | M] ( ) -- I:\Program Files (x86)\mozilla firefox\plugins\npsnapfish.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- I:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2010/03/31 12:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- I:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll
[2010/04/08 14:36:02 | 000,107,760 | ---- | M] () -- I:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- I:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/09/13 20:14:24 | 000,002,519 | ---- | M] () -- I:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - I:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Vgrabber Toolbar) - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - I:\Program Files (x86)\Vgrabber\prxtbVgra.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vgrabber Toolbar) - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - I:\Program Files (x86)\Vgrabber\prxtbVgra.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Oze_ON_I\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKU\Oze_ON_I\..\Toolbar\WebBrowser: (Vgrabber Toolbar) - {B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} - I:\Program Files (x86)\Vgrabber\prxtbVgra.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] I:\Windows\System32\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] I:\Windows\System32\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [Zune Launcher] I:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] File not found
O4 - HKLM..\Run: [BDRegion] I:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Dell DataSafe Online] I:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [EEventManager] I:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] I:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Info Center] I:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [LifeCam] File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] File not found
O4 - HKLM..\Run: [PC MaticRT] I:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [THX Audio Control Panel] I:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] File not found
O4 - HKU\Administrator_ON_I..\Run: [Download Nitro] I:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe (PC Pitstop, LLC)
O4 - HKU\Administrator_ON_I..\Run: [EPSON NX510 Series] File not found
O4 - HKU\Administrator_ON_I..\Run: [Epson Stylus NX510(Network) (Copy 1)] File not found
O4 - HKU\Administrator_ON_I..\Run: [Sidebar] File not found
O4 - HKU\Administrator_ON_I..\Run: [StartUp This] I:\Program Files (x86)\Laplink\PCmover\LaunchSt.exe (Laplink Software, Inc.)
O4 - HKU\LocalService_ON_I..\Run: [Sidebar] File not found
O4 - HKU\NetworkService_ON_I..\Run: [Sidebar] File not found
O4 - HKU\Oze_ON_I..\Run: [Download Nitro] I:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe (PC Pitstop, LLC)
O4 - HKU\Oze_ON_I..\Run: [Dxtory Update Checker 2.0] I:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software)
O4 - HKU\Oze_ON_I..\Run: [HydraVisionDesktopManager] I:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\Oze_ON_I..\Run: [Speech Recognition] I:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] File not found
O4 - HKU\Administrator_ON_I..\RunOnce: [avg_spchecker] File not found
O4 - HKU\Administrator_ON_I..\RunOnce: [mctadmin] File not found
O4 - HKU\LocalService_ON_I..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_I..\RunOnce: [mctadmin] File not found
O4 - Startup: I:\Users\Oze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Caller ID.lnk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_I\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_I\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_I\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Oze_ON_I\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Oze_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Oze_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Oze_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\systemprofile_ON_I\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13:64bit: - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...oad/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Reg Error: Key error.)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1135802222035 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1135802445551 (MUWebControl Class)
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} http://www.ultimateb...o/launchubo.OCX (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcp...ols/pcmatic.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://www.pcpitstop...ols/pcmatic.cab (PCPitstop Exam)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll - I:\Program Files (x86)\Citrix\GoToAssist\822\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - I:\Windows\SysWOW64\ExplorerFrame.dll (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - I:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - File not found - -- [ NTFS ]
O32 - AutoRun File - [2007/08/17 15:48:16 | 000,000,040 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/03/11 15:51:02 | 000,000,246 | RHS- | M] () - J:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{d496a84c-df17-11e0-afba-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d496a84c-df17-11e0-afba-806e6f6e6963}\Shell\AutoRun\command - "" = D:\LaunchBFII.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/07/28 00:19:56 | 000,000,000 | ---D | C] -- I:\FRST
[2013/07/25 19:35:17 | 000,082,872 | ---- | C] (GFI Software) -- I:\Windows\System32\drivers\sbapifs.sys
[2013/07/25 17:58:43 | 000,000,000 | ---D | C] -- I:\Users\Oze\AppData\Local\VS Revo Group
[2013/07/25 17:58:41 | 000,031,800 | ---- | C] (VS Revo Group) -- I:\Windows\System32\drivers\revoflt.sys
[2013/07/25 17:58:41 | 000,000,000 | ---D | C] -- I:\ProgramData\VS Revo Group
[2013/07/25 17:58:41 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/07/25 17:58:40 | 000,000,000 | ---D | C] -- I:\Program Files\VS Revo Group
[2013/07/22 21:32:48 | 000,000,000 | ---D | C] -- I:\Users\Oze\AppData\Local\Smartbar
[2013/07/22 21:32:23 | 000,000,000 | ---D | C] -- I:\Users\Oze\Documents\My Cheat Tables
[2013/07/22 21:32:18 | 000,000,000 | ---D | C] -- I:\Users\Oze\AppData\Roaming\OpenCandy
[2013/07/22 21:32:18 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Cheat Engine 6.3
[2013/07/20 10:06:16 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2013/07/16 16:05:51 | 000,000,000 | ---D | C] -- I:\Users\Oze\AppData\Roaming\.technic
[2013/07/11 03:05:03 | 000,526,336 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieui.dll
[2013/07/11 03:05:03 | 000,391,168 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieui.dll
[2013/07/11 03:05:02 | 000,136,704 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iesysprep.dll
[2013/07/11 03:05:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\iesysprep.dll
[2013/07/11 03:05:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iesetup.dll
[2013/07/11 03:05:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\iesetup.dll
[2013/07/11 03:05:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iernonce.dll
[2013/07/11 03:05:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\iernonce.dll
[2013/07/11 03:05:01 | 003,958,784 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript9.dll
[2013/07/11 03:05:01 | 000,855,552 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript.dll
[2013/07/11 03:05:01 | 000,690,688 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\jscript.dll
[2013/07/11 03:05:01 | 000,603,136 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msfeeds.dll
[2013/07/11 03:05:01 | 000,493,056 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\msfeeds.dll
[2013/07/11 03:05:00 | 002,877,440 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\jscript9.dll
[2013/07/11 02:07:35 | 001,887,744 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\WMVDECOD.DLL
[2013/07/11 02:07:35 | 001,620,480 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/11 02:07:35 | 000,624,128 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\qedit.dll
[2013/07/11 02:07:35 | 000,509,440 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\qedit.dll
[2013/07/11 02:07:24 | 001,643,520 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\DWrite.dll
[2013/07/11 02:07:24 | 001,247,744 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\DWrite.dll
[2013/07/08 23:07:13 | 000,108,968 | ---- | C] (Oracle Corporation) -- I:\Windows\System32\WindowsAccessBridge-64.dll
[2013/07/08 23:07:10 | 000,000,000 | ---D | C] -- I:\Program Files\Java
[2013/07/07 18:37:02 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Mozilla Firefox
[2013/07/07 17:43:41 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/07/07 17:43:41 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\LogMeIn Hamachi
[2 I:\Windows\*.tmp files -> I:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/01 20:15:45 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2013/08/01 19:53:14 | 000,002,048 | -HS- | M] () -- I:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
[2013/08/01 19:53:14 | 000,002,048 | -HS- | M] () -- I:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
[2013/08/01 19:53:05 | 1066,602,494 | -HS- | M] () -- I:\hiberfil.sys
[2013/08/01 04:00:58 | 000,000,000 | ---- | M] () -- I:\that
[2013/07/26 14:27:01 | 002,855,536 | ---- | M] () -- I:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
[2013/07/26 14:11:09 | 000,000,000 | ---- | M] () -- I:\Windows\SysWow64\SBRC.dat
[2013/07/26 14:05:10 | 000,512,221 | ---- | M] () -- I:\Users\Oze\AppData\Local\dfl28z32.dll
[2013/07/26 13:53:27 | 000,021,296 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/26 13:53:27 | 000,021,296 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/26 13:51:11 | 000,660,520 | ---- | M] () -- I:\Windows\System32\perfh009.dat
[2013/07/26 13:51:11 | 000,121,190 | ---- | M] () -- I:\Windows\System32\perfc009.dat
[2013/07/26 13:45:15 | 000,000,894 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/26 13:43:09 | 000,000,830 | ---- | M] () -- I:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/26 13:38:10 | 000,000,898 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/26 12:30:24 | 000,000,030 | ---- | M] () -- I:\Users\Oze\AppData\Roaming\mbam.context.scan
[2013/07/26 12:04:13 | 001,067,217 | ---- | M] () -- I:\Users\Oze\Desktop\Windows Signature Error.rtf
[2013/07/25 20:01:48 | 000,002,119 | ---- | M] () -- I:\Users\Oze\Desktop\vba.ini
[2013/07/25 20:00:21 | 000,002,036 | ---- | M] () -- I:\Users\Oze\Desktop\PC Matic (2).lnk
[2013/07/25 17:58:41 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/07/22 23:11:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/22 23:10:52 | 001,397,248 | ---- | M] (Microsoft Corporation) -- I:\Windows\SysWow64\Utilman.exe
[2013/07/22 23:10:38 | 000,046,080 | ---- | M] (Microsoft Corporation) -- I:\Windows\SysWow64\net.exe
[2013/07/22 23:09:58 | 017,231,872 | ---- | M] (Microsoft Corporation) -- I:\Users\Oze\Desktop\LMSetup.exe
[2013/07/22 23:09:52 | 002,684,416 | ---- | M] (Sysinternals - www.sysinternals.com) -- I:\Users\Oze\Desktop\ CPAP SD Card (1).exe
[2013/07/20 14:58:58 | 000,123,323 | ---- | M] () -- I:\Users\Oze\Desktop\Zune_chat..xps
[2013/07/20 10:06:17 | 000,000,889 | ---- | M] () -- I:\Users\Public\Desktop\Zune.lnk
[2013/07/20 10:06:17 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2013/07/17 20:35:45 | 008,388,608 | ---- | M] () -- I:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1045897972-430549950-2674849696-1001.dat
[2013/07/11 03:27:11 | 000,534,760 | ---- | M] () -- I:\Windows\System32\FNTCACHE.DAT
[2013/07/11 03:01:46 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/07/08 23:09:34 | 000,002,441 | ---- | M] () -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/07/08 23:07:11 | 001,093,032 | ---- | M] (Oracle Corporation) -- I:\Windows\System32\npDeployJava1.dll
[2013/07/08 23:07:11 | 000,972,712 | ---- | M] (Oracle Corporation) -- I:\Windows\System32\deployJava1.dll
[2013/07/08 23:07:11 | 000,108,968 | ---- | M] (Oracle Corporation) -- I:\Windows\System32\WindowsAccessBridge-64.dll
[2013/07/07 19:54:59 | 000,587,906 | ---- | M] () -- I:\Users\Oze\Desktop\azh_dell.xps
[2013/07/07 17:47:41 | 000,000,991 | ---- | M] () -- I:\Users\Oze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Caller ID.lnk
[2013/07/07 17:43:42 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2 I:\Windows\*.tmp files -> I:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/01 19:28:25 | 000,002,048 | -HS- | C] () -- I:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
[2013/08/01 19:28:25 | 000,002,048 | -HS- | C] () -- I:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
[2013/08/01 04:00:58 | 000,000,000 | ---- | C] () -- I:\that
[2013/07/26 14:11:09 | 000,000,000 | ---- | C] () -- I:\Windows\SysWow64\SBRC.dat
[2013/07/26 12:30:24 | 000,000,030 | ---- | C] () -- I:\Users\Oze\AppData\Roaming\mbam.context.scan
[2013/07/26 12:04:13 | 001,067,217 | ---- | C] () -- I:\Users\Oze\Desktop\Windows Signature Error.rtf
[2013/07/25 20:00:21 | 000,002,036 | ---- | C] () -- I:\Users\Oze\Desktop\PC Matic (2).lnk
[2013/07/25 17:33:43 | 000,000,898 | ---- | C] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/25 17:33:37 | 000,000,894 | ---- | C] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/22 20:56:13 | 000,512,221 | ---- | C] () -- I:\Users\Oze\AppData\Local\dfl28z32.dll
[2013/07/20 14:58:58 | 000,123,323 | ---- | C] () -- I:\Users\Oze\Desktop\Zune_chat..xps
[2013/07/20 10:06:17 | 000,000,889 | ---- | C] () -- I:\Users\Public\Desktop\Zune.lnk
[2013/07/11 15:52:02 | 000,002,119 | ---- | C] () -- I:\Users\Oze\Desktop\vba.ini
[2013/07/07 19:54:53 | 000,587,906 | ---- | C] () -- I:\Users\Oze\Desktop\azh_dell.xps
[2013/06/08 14:44:42 | 008,388,608 | ---- | C] () -- I:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1045897972-430549950-2674849696-1001.dat
[2013/05/27 23:10:59 | 000,995,342 | ---- | C] () -- I:\Windows\SysWow64\amdocl_as32.exe
[2013/05/27 23:10:59 | 000,798,734 | ---- | C] () -- I:\Windows\SysWow64\amdocl_ld32.exe
[2013/05/26 11:08:45 | 000,564,016 | ---- | C] () -- I:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-System.dat
[2013/02/27 04:18:26 | 016,777,216 | ---- | C] () -- I:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-FontFace.dat
[2013/02/14 09:12:18 | 000,000,001 | ---- | C] () -- I:\Users\Oze\AppData\Local\llftool.4.25.agreement
[2013/01/21 17:39:11 | 000,000,597 | ---- | C] () -- I:\Windows\RegistryKit.ini
[2013/01/06 13:59:52 | 000,413,916 | ---- | C] () -- I:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
[2012/11/15 11:35:29 | 000,001,484 | ---- | C] () -- I:\Users\Oze\AppData\Local\recently-used.xbel
[2012/09/06 08:26:08 | 000,007,602 | ---- | C] () -- I:\Users\Oze\AppData\Local\Resmon.ResmonCfg
[2012/08/13 10:57:00 | 000,012,927 | ---- | C] () -- I:\Program Files (x86)\readme.html
[2012/05/08 14:15:36 | 000,000,005 | ---- | C] () -- I:\Program Files (x86)\basis-link
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- I:\Windows\SysWow64\kdbsdk32.dll
[2012/04/09 23:14:32 | 000,204,952 | ---- | C] () -- I:\Windows\SysWow64\ativvsvl.dat
[2012/04/09 23:14:32 | 000,157,144 | ---- | C] () -- I:\Windows\SysWow64\ativvsva.dat
[2012/04/09 23:14:31 | 000,003,917 | ---- | C] () -- I:\Windows\SysWow64\atipblag.dat
[2012/04/07 21:56:13 | 000,000,032 | R--- | C] () -- I:\ProgramData\hash.dat
[2012/03/29 19:18:45 | 000,189,248 | ---- | C] () -- I:\Windows\SysWow64\PnkBstrB.exe
[2012/03/29 19:18:45 | 000,076,888 | ---- | C] () -- I:\Windows\SysWow64\PnkBstrA.exe
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- I:\Windows\SysWow64\xlive.dll.cat
[2011/09/20 04:16:17 | 060,245,860 | ---- | C] () -- I:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1045897972-430549950-2674849696-1001-4096.dat
[2011/09/19 15:11:35 | 000,007,783 | ---- | C] () -- I:\Users\Oze\AppData\Roaming\.freeciv-client-rc-2.3
[2011/09/19 03:07:46 | 000,015,360 | ---- | C] () -- I:\Windows\SysWow64\bdmjpeg.dll
[2011/09/19 03:07:32 | 000,058,368 | ---- | C] () -- I:\Windows\SysWow64\bdmpegv.dll
[2011/09/18 08:38:40 | 055,624,736 | ---- | C] () -- I:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1045897972-430549950-2674849696-1001-8192.dat
[2011/09/18 08:38:40 | 010,076,012 | ---- | C] () -- I:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1045897972-430549950-2674849696-1001-12288.dat
[2011/09/14 19:08:57 | 000,000,000 | ---- | C] () -- I:\Windows\ativpsrm.bin
[2011/09/14 17:50:57 | 002,855,536 | ---- | C] () -- I:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
[2011/09/14 17:50:57 | 000,268,220 | ---- | C] () -- I:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1045897972-430549950-2674849696-500-12288.dat
[2011/09/14 17:29:48 | 000,001,264 | ---- | C] () -- I:\Windows\THXCfg_SP_APOIM.ini
[2011/09/14 17:29:48 | 000,001,247 | ---- | C] () -- I:\Windows\THXCfg_HP_APOIM.ini
[2011/09/14 17:29:48 | 000,001,247 | ---- | C] () -- I:\Windows\THXCfg_APOIM.ini
[2011/09/14 17:29:13 | 000,177,664 | ---- | C] () -- I:\Windows\SysWow64\APOMngr.DLL
[2011/09/14 17:29:13 | 000,073,728 | ---- | C] () -- I:\Windows\SysWow64\CmdRtr.DLL
[2011/06/01 12:08:23 | 000,006,975 | ---- | C] () -- I:\Users\Oze\AppData\Roaming\.freeciv-client-rc-2.2
[2011/02/10 12:10:51 | 000,773,512 | ---- | C] () -- I:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- I:\Windows\SysWow64\DShowRdpFilter.dll
[2010/08/19 07:15:54 | 000,011,176 | ---- | C] () -- I:\Windows\TrueProcess.exe
[2010/03/29 13:20:32 | 000,000,293 | ---- | C] () -- I:\Windows\game.ini
[2010/03/28 17:30:05 | 000,000,000 | ---- | C] () -- I:\Windows\EEventManager.INI
[2010/03/27 13:50:39 | 000,073,220 | ---- | C] () -- I:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/03/27 13:50:39 | 000,000,097 | ---- | C] () -- I:\Windows\SysWow64\PICSDK.ini
[2010/03/27 13:50:38 | 000,031,053 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern131.dat
[2010/03/27 13:50:38 | 000,029,114 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern1.dat
[2010/03/27 13:50:38 | 000,027,417 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern121.dat
[2010/03/27 13:50:38 | 000,021,021 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern3.dat
[2010/03/27 13:50:38 | 000,015,670 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern5.dat
[2010/03/27 13:50:38 | 000,013,280 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern2.dat
[2010/03/27 13:50:38 | 000,010,673 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern4.dat
[2010/03/27 13:50:38 | 000,004,943 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern6.dat
[2010/03/27 13:50:38 | 000,001,140 | ---- | C] () -- I:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/03/27 13:50:38 | 000,001,140 | ---- | C] () -- I:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/03/27 13:50:38 | 000,001,137 | ---- | C] () -- I:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/03/27 13:50:38 | 000,001,130 | ---- | C] () -- I:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/03/27 13:50:38 | 000,001,130 | ---- | C] () -- I:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/03/27 13:50:38 | 000,001,104 | ---- | C] () -- I:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/03/27 13:44:59 | 000,000,079 | ---- | C] () -- I:\Windows\EPNX510.ini
[2010/02/20 09:06:46 | 000,073,728 | ---- | C] () -- I:\Windows\SysWow64\RtNicProp32.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- I:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- I:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- I:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- I:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- I:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll
[2009/06/15 17:34:18 | 000,007,776 | ---- | C] () -- I:\Users\Oze\AppData\Roaming\.civclientrc
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- I:\Windows\SysWow64\mlang.dat
[2009/06/02 15:46:06 | 000,000,069 | ---- | C] () -- I:\Windows\NeroDigital.ini
[2009/02/26 08:16:50 | 000,008,594 | ---- | C] () -- I:\Windows\SysWow64\winiml.dat
[2009/02/26 08:16:50 | 000,007,910 | ---- | C] () -- I:\ProgramData\winiml.dat
[2009/02/26 08:16:50 | 000,007,910 | ---- | C] () -- I:\ProgramData\iml.xml
[2008/12/14 15:32:15 | 000,348,937 | ---- | C] () -- I:\Windows\CSUPP.EXE
[2008/10/23 15:00:58 | 000,000,291 | ---- | C] () -- I:\Windows\PowerReg.dat
[2008/10/17 16:03:37 | 000,000,089 | ---- | C] () -- I:\Windows\SysWow64\FTD2XXUN.ini
[2008/10/13 16:41:43 | 000,000,000 | ---- | C] () -- I:\Windows\hpqEmlSz.INI
[2008/06/05 20:40:16 | 000,000,245 | ---- | C] () -- I:\Windows\Title.INI
[2008/06/05 17:45:02 | 000,000,028 | ---- | C] () -- I:\Windows\MotionSDSTUDIO.INI
[2008/05/21 09:59:00 | 000,000,626 | ---- | C] () -- I:\Windows\SysWow64\xmlovrfrc.dat
[2008/04/18 11:46:11 | 000,000,664 | ---- | C] () -- I:\Windows\SysWow64\d3d9caps.dat
[2008/02/15 16:08:26 | 000,000,000 | ---- | C] () -- I:\ProgramData\f7129022-a000-4847-db07-470265a73c4f
[2008/02/12 23:49:51 | 000,000,021 | ---- | C] () -- I:\Windows\atid.ini
[2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- I:\Windows\SysWow64\OnlineScannerDLLA.dll
[2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- I:\Windows\SysWow64\OnlineScannerDLLW.dll
[2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- I:\Windows\SysWow64\OnlineScannerLang.dll
[2008/02/03 12:19:30 | 000,019,558 | ---- | C] () -- I:\Windows\hpoins01.dat
[2008/02/03 12:19:30 | 000,016,606 | ---- | C] () -- I:\Windows\hpomdl01.dat
[2007/12/25 10:39:04 | 000,000,053 | ---- | C] () -- I:\Windows\marscam.ini
[2007/12/11 19:30:44 | 000,002,098 | -HS- | C] () -- I:\Windows\SysWow64\KGyGaAvL.sys
[2007/10/18 18:23:00 | 000,000,754 | ---- | C] () -- I:\Windows\WORDPAD.INI
[2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- I:\Windows\SysWow64\lnod32apiW.dll
[2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- I:\Windows\SysWow64\lnod32apiA.dll
[2007/06/20 16:47:15 | 000,000,552 | ---- | C] () -- I:\Windows\SysWow64\d3d8caps.dat
[2007/06/19 15:24:03 | 000,043,520 | ---- | C] () -- I:\Windows\SysWow64\CmdLineExt03.dll
[2007/06/06 17:35:32 | 000,004,096 | ---- | C] () -- I:\Windows\d3dx.dat
[2006/10/10 19:45:20 | 000,000,293 | ---- | C] () -- I:\Windows\EReg077.dat
[2006/10/10 19:44:47 | 000,000,108 | ---- | C] () -- I:\Windows\TLCAPPS.INI
[2006/09/17 19:24:01 | 000,102,236 | ---- | C] () -- I:\Windows\hpoins05.dat.temp
[2006/09/17 19:24:00 | 000,017,505 | ---- | C] () -- I:\Windows\hpomdl07.dat.temp
[2006/09/08 11:28:50 | 000,147,456 | ---- | C] () -- I:\Windows\SysWow64\RtlCPAPI.dll
[2006/09/08 11:05:43 | 000,102,259 | ---- | C] () -- I:\Windows\hpoins05.dat
[2006/08/12 00:45:20 | 000,581,632 | ---- | C] () -- I:\Windows\SysWow64\nvhwvid.dll
[2006/08/12 00:43:00 | 001,703,936 | ---- | C] () -- I:\Windows\SysWow64\nvwdmcpl.dll
[2006/08/12 00:43:00 | 001,486,848 | ---- | C] () -- I:\Windows\SysWow64\nview.dll
[2006/08/12 00:43:00 | 001,019,904 | ---- | C] () -- I:\Windows\SysWow64\nvwimg.dll
[2006/08/12 00:43:00 | 000,466,944 | ---- | C] () -- I:\Windows\SysWow64\nvshell.dll
[2006/08/12 00:43:00 | 000,286,720 | ---- | C] () -- I:\Windows\SysWow64\nvnt4cpl.dll
[2006/07/20 22:36:22 | 000,000,470 | ---- | C] () -- I:\Windows\ikey.ini
[2006/06/12 16:56:01 | 000,061,678 | ---- | C] () -- I:\Users\Oze\AppData\Roaming\PFP100JPR.{PB
[2006/06/12 16:56:01 | 000,012,358 | ---- | C] () -- I:\Users\Oze\AppData\Roaming\PFP100JCM.{PB
[2006/02/09 21:34:10 | 000,007,406 | ---- | C] () -- I:\Windows\ICOADB32.DAT
[2006/02/03 15:37:15 | 000,000,749 | ---- | C] () -- I:\Windows\TTutor7.ini
[2006/02/03 09:29:44 | 000,000,178 | ---- | C] () -- I:\Windows\QTW.INI
[2006/02/03 09:28:30 | 000,000,256 | ---- | C] () -- I:\Windows\PROVW.INI
[2006/02/03 09:28:28 | 000,000,673 | ---- | C] () -- I:\Windows\KPSTUDIO.INI
[2006/01/15 12:39:37 | 000,000,022 | ---- | C] () -- I:\Windows\SysWow64\w_madriver.dll
[2006/01/10 18:51:45 | 000,135,168 | ---- | C] () -- I:\Users\Oze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/28 17:52:26 | 000,001,804 | ---- | C] () -- I:\Windows\SysWow64\dcache.bin
[2005/12/28 17:52:23 | 000,053,840 | ---- | C] () -- I:\Windows\SysWow64\dosx.exe
[2005/12/28 17:52:09 | 000,042,537 | ---- | C] () -- I:\Windows\SysWow64\keyboard.sys
[2005/12/28 17:52:03 | 000,004,126 | ---- | C] () -- I:\Windows\SysWow64\msdxmlc.dll
[2005/12/28 17:51:53 | 000,035,648 | ---- | C] () -- I:\Windows\SysWow64\ntio411.sys
[2005/12/28 17:51:53 | 000,035,424 | ---- | C] () -- I:\Windows\SysWow64\ntio412.sys
[2005/12/28 17:51:53 | 000,034,560 | ---- | C] () -- I:\Windows\SysWow64\ntio804.sys
[2005/12/28 17:51:53 | 000,034,560 | ---- | C] () -- I:\Windows\SysWow64\ntio404.sys
[2005/12/28 17:51:53 | 000,033,840 | ---- | C] () -- I:\Windows\SysWow64\ntio.sys
[2005/12/28 17:51:47 | 000,003,338 | ---- | C] () -- I:\Windows\SysWow64\redir.exe
[2005/12/28 17:51:38 | 000,053,478 | ---- | C] () -- I:\Windows\SysWow64\tcpmon.ini
[2005/12/28 17:38:35 | 000,004,569 | ---- | C] () -- I:\Windows\SysWow64\secupd.dat
[2005/12/28 17:10:29 | 000,006,550 | ---- | C] () -- I:\Windows\jautoexp.dat
[2005/12/28 15:41:23 | 000,000,335 | ---- | C] () -- I:\Windows\nsreg.dat
[2005/12/28 15:41:05 | 000,008,524 | ---- | C] () -- I:\Windows\mozver.dat
[2005/12/28 13:24:17 | 000,013,312 | ---- | C] () -- I:\Windows\SysWow64\win87em.dll
[2005/12/28 13:24:04 | 000,015,360 | ---- | C] () -- I:\Windows\SysWow64\tsd32.dll
[2005/12/28 13:23:46 | 000,011,753 | ---- | C] () -- I:\Windows\SysWow64\setver.exe
[2005/12/28 13:23:46 | 000,000,882 | ---- | C] () -- I:\Windows\SysWow64\share.exe
[2005/12/28 13:23:28 | 000,272,128 | ---- | C] () -- I:\Windows\SysWow64\perfi009.dat
[2005/12/28 13:23:28 | 000,028,626 | ---- | C] () -- I:\Windows\SysWow64\perfd009.dat
[2005/12/28 13:23:13 | 000,029,370 | ---- | C] () -- I:\Windows\SysWow64\ntdos411.sys
[2005/12/28 13:23:13 | 000,029,274 | ---- | C] () -- I:\Windows\SysWow64\ntdos412.sys
[2005/12/28 13:23:13 | 000,029,146 | ---- | C] () -- I:\Windows\SysWow64\ntdos804.sys
[2005/12/28 13:23:13 | 000,029,146 | ---- | C] () -- I:\Windows\SysWow64\ntdos404.sys
[2005/12/28 13:23:13 | 000,027,866 | ---- | C] () -- I:\Windows\SysWow64\ntdos.sys
[2005/12/28 13:23:11 | 000,007,052 | ---- | C] () -- I:\Windows\SysWow64\nlsfunc.exe
[2005/12/28 13:22:52 | 000,094,282 | ---- | C] () -- I:\Windows\SysWow64\msencode.dll
[2005/12/28 13:22:51 | 000,000,817 | ---- | C] () -- I:\Windows\SysWow64\mscdexnt.exe
[2005/12/28 13:22:44 | 000,046,258 | ---- | C] () -- I:\Windows\SysWow64\mib.bin
[2005/12/28 13:22:42 | 000,039,274 | ---- | C] () -- I:\Windows\SysWow64\mem.exe
[2005/12/28 13:22:37 | 000,001,131 | ---- | C] () -- I:\Windows\SysWow64\loadfix.com
[2005/12/28 13:22:35 | 000,042,809 | ---- | C] () -- I:\Windows\SysWow64\key01.sys
[2005/12/28 13:22:34 | 000,014,710 | ---- | C] () -- I:\Windows\SysWow64\kb16.com
[2005/12/28 13:22:26 | 000,004,768 | ---- | C] () -- I:\Windows\SysWow64\himem.sys
[2005/12/28 13:22:24 | 000,019,694 | ---- | C] () -- I:\Windows\SysWow64\graphics.com
[2005/12/28 13:22:19 | 000,000,882 | ---- | C] () -- I:\Windows\SysWow64\fastopen.exe
[2005/12/28 13:22:17 | 000,008,424 | ---- | C] () -- I:\Windows\SysWow64\exe2bin.exe
[2005/12/28 13:22:16 | 000,069,886 | ---- | C] () -- I:\Windows\SysWow64\edit.com
[2005/12/28 13:22:16 | 000,012,642 | ---- | C] () -- I:\Windows\SysWow64\edlin.exe
[2005/12/28 13:21:38 | 000,020,634 | ---- | C] () -- I:\Windows\SysWow64\debug.exe
[2005/12/28 13:21:33 | 000,027,097 | ---- | C] () -- I:\Windows\SysWow64\country.sys
[2005/12/28 13:21:21 | 000,012,498 | ---- | C] () -- I:\Windows\SysWow64\append.exe
[2005/12/28 13:21:21 | 000,009,029 | ---- | C] () -- I:\Windows\SysWow64\ansi.sys
[2005/12/15 20:01:52 | 000,081,920 | ---- | C] () -- I:\Windows\SysWow64\drivers\khips.sys
[2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- I:\Windows\SysWow64\lnod32umc.dll
[2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- I:\Windows\SysWow64\lnod32upd.dll
[2004/07/10 20:55:38 | 000,252,416 | ---- | C] () -- I:\Windows\SysWow64\wsiShared.dll
[2004/06/04 17:34:46 | 000,053,693 | ---- | C] () -- I:\Windows\UNDPX2K.sys
[2003/03/09 23:31:04 | 000,561,152 | ---- | C] () -- I:\Windows\SysWow64\hpotscl.dll
[2002/07/26 23:41:34 | 000,000,061 | ---- | C] () -- I:\Windows\smscfg.ini
[2002/07/24 20:32:31 | 000,045,056 | ---- | C] () -- I:\Windows\SysWow64\hpREG.DLL
[2002/07/24 20:32:31 | 000,024,576 | ---- | C] () -- I:\Windows\SysWow64\syscontr.dll
[2002/07/24 19:41:48 | 000,019,968 | ---- | C] () -- I:\Windows\SysWow64\cpuinf32.dll
[2002/07/24 19:10:35 | 000,000,029 | ---- | C] () -- I:\Windows\ALSndMgr.ini
[2002/07/24 18:58:11 | 000,299,073 | ---- | C] () -- I:\Windows\SysWow64\PythonCOM22.dll
[2002/07/24 18:58:11 | 000,065,536 | ---- | C] () -- I:\Windows\SysWow64\PyWinTypes22.dll
[2002/07/24 18:57:49 | 000,016,896 | ---- | C] () -- I:\Windows\SysWow64\bcbmm.dll
[2002/07/24 03:29:49 | 000,000,761 | ---- | C] () -- I:\Windows\orun32.ini
[2002/07/24 03:16:03 | 000,021,640 | ---- | C] () -- I:\Windows\SysWow64\emptyregdb.dat
[2002/07/24 03:14:37 | 000,013,223 | ---- | C] () -- I:\Windows\SysWow64\tslabels.ini
[2002/07/24 03:14:36 | 000,001,931 | ---- | C] () -- I:\Windows\SysWow64\msdtcprf.ini
[2002/07/24 03:05:36 | 000,012,082 | ---- | C] () -- I:\Windows\SysWow64\rsvp.ini
[2002/07/24 03:05:35 | 000,006,877 | ---- | C] () -- I:\Windows\SysWow64\pschdprf.ini
[2002/07/24 03:05:35 | 000,003,458 | ---- | C] () -- I:\Windows\SysWow64\rasctrs.ini
[2002/07/24 03:05:35 | 000,000,343 | ---- | C] () -- I:\Windows\SysWow64\prodspec.ini
[2002/07/24 03:05:34 | 000,434,464 | ---- | C] () -- I:\Windows\SysWow64\perfh009.dat
[2002/07/24 03:05:34 | 000,068,624 | ---- | C] () -- I:\Windows\SysWow64\perfc009.dat
[2002/07/24 03:05:34 | 000,002,891 | ---- | C] () -- I:\Windows\SysWow64\perfci.ini
[2002/07/24 03:05:34 | 000,002,732 | ---- | C] () -- I:\Windows\SysWow64\perfwci.ini
[2002/07/24 03:05:34 | 000,001,152 | ---- | C] () -- I:\Windows\SysWow64\perffilt.ini
[2002/07/24 03:05:25 | 001,015,477 | ---- | C] () -- I:\Windows\SysWow64\esentprf.ini
[2002/07/23 20:10:46 | 000,004,161 | ---- | C] () -- I:\Windows\ODBCINST.INI
[2002/07/23 20:09:58 | 000,318,744 | ---- | C] () -- I:\Windows\SysWow64\FNTCACHE.DAT
[2002/06/01 01:59:12 | 000,000,000 | ---- | C] () -- I:\Windows\SysWow64\px.ini
[2002/05/24 22:44:48 | 000,004,760 | ---- | C] () -- I:\Windows\hphmdl11.dat
[2002/05/22 22:04:26 | 000,262,144 | ---- | C] () -- I:\Windows\SysWow64\shpshftr.dll
[2002/03/14 13:00:26 | 000,038,567 | ---- | C] () -- I:\Windows\SysWow64\pcpbios.exe
[2002/02/28 02:07:34 | 000,049,152 | ---- | C] () -- I:\Windows\SysWow64\sis740.bin
[2002/02/28 02:01:10 | 000,049,152 | ---- | C] () -- I:\Windows\SysWow64\sis650.bin
[2001/09/04 23:25:36 | 000,040,960 | ---- | C] () -- I:\Windows\LoadDll.dll
[2001/09/01 01:33:58 | 000,425,984 | ---- | C] () -- I:\Windows\SysWow64\VxDMDcDlg.dll
[2001/08/18 01:36:28 | 000,157,696 | ---- | C] () -- I:\Windows\SysWow64\paqsp.dll
[2001/08/08 16:13:22 | 000,012,351 | ---- | C] () -- I:\Windows\SysWow64\i81xcoin.dll
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- I:\Windows\SysWow64\sysres.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- I:\Windows\SysWow64\giveio.sys

========== LOP Check ==========

[2011/09/17 19:20:40 | 000,000,000 | ---D | M] -- I:\ProgramData\acccore
[2013/01/28 10:32:42 | 000,000,000 | ---D | M] -- I:\ProgramData\AMD
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Application Data
[2011/09/17 19:23:07 | 000,000,000 | ---D | M] -- I:\ProgramData\ApplicationBlocker
[2011/09/17 19:23:07 | 000,000,000 | ---D | M] -- I:\ProgramData\Applications
[2011/09/17 19:23:15 | 000,000,000 | ---D | M] -- I:\ProgramData\AVAST Software
[2012/03/06 11:14:06 | 000,000,000 | ---D | M] -- I:\ProgramData\avg9
[2013/06/04 17:02:53 | 000,000,000 | ---D | M] -- I:\ProgramData\Battle.net
[2012/09/13 20:14:24 | 000,000,000 | ---D | M] -- I:\ProgramData\boost_interprocess
[2011/10/14 23:43:00 | 000,000,000 | ---D | M] -- I:\ProgramData\Citrix
[2011/09/18 08:40:51 | 000,000,000 | -H-D | M] -- I:\ProgramData\Common Files
[2011/09/14 17:28:36 | 000,000,000 | ---D | M] -- I:\ProgramData\Cozi
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Documents
[2011/09/17 19:26:53 | 000,000,000 | ---D | M] -- I:\ProgramData\DriverScanner
[2011/09/17 19:26:53 | 000,000,000 | ---D | M] -- I:\ProgramData\Electronic Arts
[2011/09/17 19:26:59 | 000,000,000 | ---D | M] -- I:\ProgramData\EPSON
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favorites
[2012/07/31 19:06:19 | 000,000,000 | ---D | M] -- I:\ProgramData\Graboid Inc
[2011/09/17 19:26:59 | 000,000,000 | ---D | M] -- I:\ProgramData\Ignite Software
[2011/09/14 17:31:22 | 000,000,000 | ---D | M] -- I:\ProgramData\install_clap
[2011/09/17 19:26:59 | 000,000,000 | ---D | M] -- I:\ProgramData\interMute
[2011/09/17 14:17:45 | 000,000,000 | ---D | M] -- I:\ProgramData\Laplink
[2011/09/17 19:27:34 | 000,000,000 | ---D | M] -- I:\ProgramData\Napster
[2012/01/28 22:14:22 | 000,000,000 | ---D | M] -- I:\ProgramData\Nexon
[2013/06/05 20:57:30 | 000,000,000 | ---D | M] -- I:\ProgramData\NexonUS
[2013/07/25 19:55:49 | 000,000,000 | ---D | M] -- I:\ProgramData\NoteBurner
[2011/09/17 19:27:34 | 000,000,000 | ---D | M] -- I:\ProgramData\Nova Development
[2012/06/29 17:42:37 | 000,000,000 | ---D | M] -- I:\ProgramData\Oberon Media
[2012/03/24 21:44:56 | 000,000,000 | ---D | M] -- I:\ProgramData\PACE Anti-Piracy
[2011/09/17 19:27:34 | 000,000,000 | ---D | M] -- I:\ProgramData\Panasonic
[2013/01/23 08:38:22 | 000,000,000 | ---D | M] -- I:\ProgramData\ParetoLogic
[2011/09/17 19:27:35 | 000,000,000 | ---D | M] -- I:\ProgramData\PC Drivers Headquarters
[2013/05/22 11:04:28 | 000,000,000 | ---D | M] -- I:\ProgramData\PC-Doctor for Windows
[2013/07/22 16:04:36 | 000,000,000 | ---D | M] -- I:\ProgramData\PCDr
[2013/08/01 00:07:35 | 000,000,000 | ---D | M] -- I:\ProgramData\PCPitstop
[2013/07/26 14:26:58 | 000,000,000 | ---D | M] -- I:\ProgramData\PCPitstopDat
[2011/09/14 17:44:28 | 000,000,000 | ---D | M] -- I:\ProgramData\PhotoShow Shared Assets
[2013/07/22 22:13:09 | 000,000,000 | ---D | M] -- I:\ProgramData\PMB Files
[2011/09/17 19:31:02 | 000,000,000 | ---D | M] -- I:\ProgramData\RapidSolution
[2011/09/17 19:31:04 | 000,000,000 | ---D | M] -- I:\ProgramData\Seagate
[2011/09/18 01:51:36 | 000,000,000 | ---D | M] -- I:\ProgramData\Spearit
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Start Menu
[2012/11/11 10:09:20 | 000,000,000 | ---D | M] -- I:\ProgramData\SUPERSetup
[2011/09/17 19:31:05 | 000,000,000 | ---D | M] -- I:\ProgramData\Tarma Installer
[2012/06/29 17:40:00 | 000,000,000 | ---D | M] -- I:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Templates
[2011/09/17 19:31:09 | 000,000,000 | ---D | M] -- I:\ProgramData\TuneUp Software
[2012/03/29 19:20:22 | 000,000,000 | ---D | M] -- I:\ProgramData\Ubisoft
[2011/09/14 17:45:01 | 000,000,000 | ---D | M] -- I:\ProgramData\Uninstall
[2011/09/17 19:31:10 | 000,000,000 | ---D | M] -- I:\ProgramData\Viewpoint
[2012/08/28 18:02:45 | 000,000,000 | ---D | M] -- I:\ProgramData\VirtualizedApplications
[2013/07/17 20:23:01 | 000,000,000 | ---D | M] -- I:\ProgramData\VisualBee
[2013/07/25 17:58:41 | 000,000,000 | ---D | M] -- I:\ProgramData\VS Revo Group
[2011/09/19 15:38:11 | 000,000,000 | ---D | M] -- I:\ProgramData\WinZip
[2011/09/17 19:31:11 | 000,000,000 | ---D | M] -- I:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/17 19:31:58 | 000,000,000 | -H-D | M] -- I:\ProgramData\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}
[2011/09/17 19:31:58 | 000,000,000 | ---D | M] -- I:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/10/15 13:41:14 | 000,032,582 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> I:\ProgramData\Temp:EEBA2194
@Alternate Data Stream - 137 bytes -> I:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 1115 bytes -> I:\Users\Oze\AppData\Local\ArPedAEm:8o5ZoFINgDZLcPjek58XYSn
@Alternate Data Stream - 1059 bytes -> I:\Users\Oze\AppData\Local:c5nHWyHIIHlkVXIJrNxcgR9
< End of report >
  • 0

#23
emeraldnzl
Posted 01 August 2013 - 07:14 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Firstly, let's see if system file checker can fix those missing files.

Please run OTLPE
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
sfc /scannow /c
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Post the log that is produced
  • Attempt to reboot normally into Windows
Tell me how it went.
  • 0

#24
oze
Posted 01 August 2013 - 07:42 PM

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I'm having trouble getting the PC to recognize the flash drive, but this log is short:

I:\cmd.bat deleted successfully
I:\cmd.txt deleted successfully

Boot option screen appeared--I chose to boot normally. Same Logon Process Installation Failure error message. Tried Command Prompt boot next. Loads drivers, but then stops and freezes.

I'm thinking that the fix log should have shown more activity, no?

Oh, I just noticed that the splash screen displayed when Reatogo loads indicates Win XP--is this an issue?

Edited by oze, 01 August 2013 - 07:47 PM.

  • 0

#25
emeraldnzl
Posted 01 August 2013 - 07:52 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Different tack:

Restart the computer back to the OTLPE CD.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
    • Press the None button
    • Under the Custom Scan box copy and paste in this:

      /md5start
      explorer.exe
      Userinit.exe
      wininit.exe
      /md5stop
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply also.

  • 0

Advertisements

#26
oze
Posted 01 August 2013 - 08:27 PM

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Sorry for the delay--I closed the log before saving it and had to re-run the scan.



OTL logfile created on: 8/2/2013 12:17:11 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86)
Drive C: | 13.25 Gb Total Space | 5.34 Gb Free Space | 40.33% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 75.68 Gb Free Space | 16.25% Space Free | Partition Type: NTFS
Drive I: | 1849.73 Gb Total Space | 1442.16 Gb Free Space | 77.97% Space Free | Partition Type: NTFS
Drive J: | 1011.61 Mb Total Space | 1009.72 Mb Free Space | 99.81% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001

========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2011/09/14 19:04:01 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/09/14 19:04:01 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- I:\Windows\explorer.exe
[2011/09/14 19:04:01 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/09/14 19:04:01 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- I:\Windows\System32\wininit.exe
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- I:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
< End of report >
  • 0

#27
emeraldnzl
Posted 01 August 2013 - 08:57 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Well not all we want are there.

Let's do this and see if we have any luck.

Start the Reatogo desktop as before.

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKU\Oze_ON_I\..\URLSearchHook: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultthis.engineName: "VisualBee V.1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3268494&SearchSource=3&q={searchTerms}&CUI=UN28513524572984971"
FF - prefs.js..extensions.enabledItems: {595b0a3f-adff-4c15-b0b5-3b97e42ea839}:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3268494&SearchSource=2&CUI=UN28513524572984971&q="
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/SAFFPlugin: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme
[2013/07/23 16:38:20 | 000,000,000 | ---D | M] ("QuickShare Widget") -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{595b0a3f-adff-4c15-b0b5-3b97e42ea839}
[2013/07/25 17:29:35 | 000,000,000 | ---D | M] (.) -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
[2010/06/20 22:46:16 | 000,002,269 | ---- | M] () -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\searchplugins\aol-search.xml
[2011/08/28 16:04:31 | 000,001,945 | ---- | M] () -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\searchplugins\bing-zugo.xml
[2013/01/25 07:41:52 | 000,000,985 | ---- | M] () -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\searchplugins\conduit.xml
[2012/09/13 20:14:24 | 000,002,519 | ---- | M] () -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\searchplugins\Search_Results.xml
[2007/06/09 13:57:08 | 000,002,386 | ---- | M] () -- I:\Users\Oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\searchplugins\siteadvisor.xml
O2 - BHO: (Vgrabber Toolbar) - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - I:\Program Files (x86)\Vgrabber\prxtbVgra.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vgrabber Toolbar) - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - I:\Program Files (x86)\Vgrabber\prxtbVgra.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Oze_ON_I\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKU\Oze_ON_I\..\Toolbar\WebBrowser: (Vgrabber Toolbar) - {B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} - I:\Program Files (x86)\Vgrabber\prxtbVgra.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found

:Files
I:\Windows\system32>sfc /scannow /c

:Commands
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Post the log that is produced
  • Attempt to reboot normally into Windows

  • 0

#28
oze
Posted 01 August 2013 - 09:25 PM

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I ran the tool, and afterwards, the computer rebooted (off of the disk). I never got a chance to capture the log file, so I am hesitant to reboot normally. I can search for the file if you can give me an idea as to its name and possible location.
  • 0

#29
emeraldnzl
Posted 01 August 2013 - 09:30 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
No problem. Just see if it will boot normally... not likely but worth a try.

Come back and tell me how you got on either way.

Edited by emeraldnzl, 01 August 2013 - 09:31 PM.
clarification

  • 0

#30
oze
Posted 01 August 2013 - 09:35 PM

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
It recommended a disk check, and I didn't disagree. CHKDSK is running now.

CHKDSK made a ton of changes, some of which I attempted to scribble down as the information scrolled by. But, after Windows restarted itself, the same Logon Process Initialization Failure error popped up again. :wacko:

I don't want to muddy up the waters, but I think there is a Windows hotfix for this issue. Is that worth a try, or have we already gone down a different path?

Edited by oze, 01 August 2013 - 09:50 PM.

  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP