Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Registry Problems please help [Solved]

Started by Help Help , Apr 18 2010 05:51 PM

  • This topic is locked This topic is locked

#1
Help Help
Posted 18 April 2010 - 05:51 PM

Help Help

    Member

  • Member
  • PipPip
  • 33 posts
Hi,
I ran into this place via google for some help.

A couple days ago somehow some very annoying virus/adware called "win 7 security tool" overran my laptop saying that I have a billion viruses and that I must pay for removal of so called viruses.
My malware bytes, etc couldnt load to take care of it, and I've heard thats due to the win7 virus making changes to the registry.

So earlier today, I found out I have to take care of the registry problems first before getting rid of the virus, so to google I went.

I followed these steps for removal of win7 and fixing the registry:
http://www.2-spyware...7-security.html

I tried to make this file through notepad and sending it to regedit to fix the exe and other file load problem:

[-HKEY_CURRENT_USERSoftwareClasses.exe]
[-HKEY_CURRENT_USERSoftwareClassessecfile]
[-HKEY_CLASSES_ROOTsecfile]
[-HKEY_CLASSES_ROOT.exeshellopencommand]

[HKEY_CLASSES_ROOTexefileshellopencommand]
@=""%1" %*"

[HKEY_CLASSES_ROOT.exe]
@="exefile"
"Content Type"="application/x-msdownload"


But that didnt work, it wouldn't go through my computer, so I followed the other way to do so, MANUALLY through regedit, as it walks you through on that site (http://www.2-spyware...7-security.html)

So I went through regedit manually and did as that site said, this:


Delete registry values:
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*
HKEY_CURRENT_USERSoftwareClassessecfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*
HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*
HKEY_CLASSES_ROOTsecfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe"
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "C:Program FilesInternet Exploreriexplore.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = "1"




After doing so, NO EXE FILES ARE LOADABLE. NOT even regedit, etc. The win7 virus is gone as the exe for it cant load as well, NO programs work. every time I try to get into a program it states this

"This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Programs control panel"

So after doing the manual regedit as shown above a couple hours ago, I asked a friend that happens to be a computer geek for help and he downloaded a bootable regedit disk and did the following changes:

HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command.
Double-click the (Default) value in the right hand pane and delete the current value data, and then type:
"%1" %* exactly as shown including the quotes and asterisk.
Navigate to HKEY_CLASSES_ROOT\.exe
In the right-hand pane, set (default) to exefile


After doing that, SAME PROBLEM STILL EXISTS.

Thus I am here asking for help.

Please help : /

BTW I can not run OTL on the problemed computer as OTL won't run on it due to the registry problem obviously.

Edited by Help Help, 18 April 2010 - 05:53 PM.

  • 0

Advertisements

#2
Help Help
Posted 18 April 2010 - 07:11 PM

Help Help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Ok it turns out that some .exe files do work...
like vlc media player and windows media player.
Wierd.
  • 0

#3
Help Help
Posted 19 April 2010 - 12:20 AM

Help Help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
any help would be appreciated
  • 0

#4
Help Help
Posted 19 April 2010 - 01:12 AM

Help Help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Alright, so I right clicked malwarebytes and say "run as administrator" clicked it and it worked...The app loaded.
So I did the same thing for a bunch of exe apps and they all load when run as administrator is made.

As a result, I could run OTL now and did so here are the results:

OTL logfile created on: 4/19/2010 2:45:33 AM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Laptop\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.99 Gb Total Space | 205.18 Gb Free Space | 71.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 58.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Laptop-PC
Current User Name: Laptop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/19 02:43:31 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Desktop\OTL.exe
PRC - [2010/04/17 15:42:31 | 000,031,232 | ---- | M] () -- c:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
PRC - [2010/04/17 15:25:11 | 000,029,696 | ---- | M] () -- C:\Program Files (x86)\Adobe\acrotray .exe
PRC - [2010/04/01 13:11:10 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/08/06 13:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/17 20:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe


========== Modules (SafeList) ==========

MOD - [2010/04/19 02:43:31 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Desktop\OTL.exe
MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/14 03:00:50 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/09/26 04:28:30 | 004,924,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV:64bit: - [2009/08/06 00:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/29 08:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (Ias)
SRV:64bit: - [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (FastUserSwitchingCompatibility)
SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/04/07 18:35:16 | 002,504,280 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\rswin_3653.dll -- (Akamai)
SRV - [2010/01/10 22:44:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/29 10:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/08/06 13:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:15:39 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/17 20:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2009/06/17 20:31:46 | 000,050,432 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2004/08/17 20:00:00 | 000,073,748 | -H-- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Iasex.dll -- (Ias)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...34z1l5t48l2a24n
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...34z1l5t48l2a24n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...34z1l5t48l2a24n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...34z1l5t48l2a24n

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...34z1l5t48l2a24n
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://www3.iamwired...c=tops&search="
FF - prefs.js..browser.startup.homepage: "http://us.mc551.mail...=5tgkqcl6adcf0"
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
FF - prefs.js..keyword.URL: "http://www3.iamwired...c=tops&search="


FF - HKLM\software\mozilla\Eudora 8.0b9\extensions\\Components: C:\Program Files (x86)\Eudora 8.0 Beta 9\components [2010/03/13 16:38:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Eudora 8.0b9\extensions\\Plugins: C:\Program Files (x86)\Eudora 8.0 Beta 9\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/01 14:43:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/01 13:11:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/03/13 16:38:51 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Mozilla\Extensions
[2010/03/13 16:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/12/08 19:48:23 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/04/17 16:56:25 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\5k54anb5.default\extensions
[2009/12/30 11:13:18 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\5k54anb5.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2010/04/17 16:56:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\lmanager.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [AdobeUpdater6] C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe ()
O4 - HKCU..\Run: [Aim] C:\program files (x86)\aim\aim .exe (AOL Inc.)
O4 - HKCU..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] C:\Users\Laptop\AppData\Local\Temp\wqmxpsuc .exe ()
O4 - HKCU..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Users\Laptop\AppData\Local\Temp\user.exe ()
O4 - Startup: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37:64bit: - HKCU\...exe [@ = secfile] -- Reg Error: Value error. File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = secfile] -- Reg Error: Value error. File not found

NetSvcs:64bit: FastUserSwitchingCompatibility - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
NetSvcs:64bit: Ias - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: FastUserSwitchingCompatibility - C:\Windows\SysWOW64\FastUv32.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\Iasex.dll ()
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/19 02:43:30 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\Laptop\Desktop\OTL.exe
[2010/04/17 12:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eusing Free Registry Cleaner
[2010/04/16 14:12:45 | 000,036,715 | ---- | C] (Privat) -- C:\Windows\SysWow64\net.net
[2010/04/14 03:00:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/04/14 03:00:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/04/09 21:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/04/09 21:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/04/09 21:53:17 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/04/09 21:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/04/09 21:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/04/09 21:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/04/09 21:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/09 21:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/04/09 21:48:48 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\Microsoft Help
[2010/04/09 21:48:32 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/04/09 21:34:47 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\Download Manager

========== Files - Modified Within 14 Days ==========

[2010/04/19 02:48:01 | 002,097,152 | -HS- | M] () -- C:\Users\Laptop\NTUSER.DAT
[2010/04/19 02:43:31 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Desktop\OTL.exe
[2010/04/19 02:26:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/19 02:00:37 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/04/19 02:00:36 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At99.job
[2010/04/19 01:38:42 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At120.job
[2010/04/19 01:38:41 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At119.job
[2010/04/19 01:38:41 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At118.job
[2010/04/19 01:38:40 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At117.job
[2010/04/19 01:38:40 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At116.job
[2010/04/19 01:38:40 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At115.job
[2010/04/19 01:38:39 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At114.job
[2010/04/19 01:38:39 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At113.job
[2010/04/19 01:38:38 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At112.job
[2010/04/19 01:38:38 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At111.job
[2010/04/19 01:38:37 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At110.job
[2010/04/19 01:38:37 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At109.job
[2010/04/19 01:38:37 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At108.job
[2010/04/19 01:38:36 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At107.job
[2010/04/19 01:38:36 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At106.job
[2010/04/19 01:38:35 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At105.job
[2010/04/19 01:38:35 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At104.job
[2010/04/19 01:38:35 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At103.job
[2010/04/19 01:38:34 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At102.job
[2010/04/19 01:38:34 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At101.job
[2010/04/19 01:38:33 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At100.job
[2010/04/19 01:38:32 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At98.job
[2010/04/19 01:38:32 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At97.job
[2010/04/19 01:00:37 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/04/19 00:02:36 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/04/18 23:00:37 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/04/18 22:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/04/18 21:08:31 | 366,422,016 | ---- | M] () -- C:\Users\Laptop\Desktop\+Lost+1x15+Homecoming.divx
[2010/04/18 21:00:37 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/04/18 20:00:37 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/04/18 19:33:26 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/18 19:33:26 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/18 19:33:26 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/18 19:00:37 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/04/18 18:02:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/04/18 18:02:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/04/18 18:01:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/04/18 18:01:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/04/18 18:01:58 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/04/18 18:01:58 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/04/18 18:01:57 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/04/18 18:01:57 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/04/18 18:01:57 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/04/18 18:01:56 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/04/18 18:01:56 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/04/18 18:01:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/04/18 18:01:55 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/04/18 18:01:54 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/04/18 18:01:54 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/04/18 18:01:54 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/04/18 18:00:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/18 18:00:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/18 17:57:51 | 000,000,296 | ---- | M] () -- C:\Users\Laptop\Desktop\exefix.reg
[2010/04/18 17:53:52 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/18 17:53:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/18 17:53:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/18 17:53:24 | 3016,790,016 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/18 16:14:55 | 001,253,732 | -H-- | M] () -- C:\Users\Laptop\AppData\Local\IconCache.db
[2010/04/18 15:58:23 | 000,012,724 | -HS- | M] () -- C:\Users\Laptop\AppData\Local\IGI4W75
[2010/04/18 15:58:23 | 000,012,724 | -HS- | M] () -- C:\ProgramData\IGI4W75
[2010/04/18 01:18:50 | 055,518,680 | ---- | M] () -- C:\Users\Laptop\Desktop\Getcha Life Right SLOWED.wav
[2010/04/18 01:10:15 | 051,262,628 | ---- | M] () -- C:\Users\Laptop\Desktop\LIL MAMA SLOWED.wav
[2010/04/18 00:31:12 | 366,548,992 | ---- | M] () -- C:\Users\Laptop\Desktop\+Lost+1x14+Special.divx
[2010/04/17 23:10:44 | 366,471,168 | ---- | M] () -- C:\Users\Laptop\Desktop\+Lost+1x13+Hearts+and+Minds.divx
[2010/04/17 18:42:47 | 000,025,600 | ---- | M] () -- C:\Users\Laptop\TRINIDAD LIST.doc
[2010/04/17 18:08:23 | 366,641,152 | ---- | M] () -- C:\Users\Laptop\Desktop\+Lost+1x10+Raised+by+Another.divx
[2010/04/17 15:39:00 | 000,001,270 | ---- | M] () -- C:\Users\Laptop\Desktop\regedit.vbs
[2010/04/17 15:27:17 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At207.job
[2010/04/17 15:27:17 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At208.job
[2010/04/17 15:27:15 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At206.job
[2010/04/17 15:26:48 | 000,012,672 | -HS- | M] () -- C:\Users\Laptop\AppData\Local\3351340037
[2010/04/17 15:26:48 | 000,012,672 | -HS- | M] () -- C:\ProgramData\3351340037
[2010/04/17 15:16:36 | 367,386,624 | ---- | M] () -- C:\Users\Laptop\Desktop\+Lost+1x09+Solitary.divx
[2010/04/17 12:29:46 | 368,283,648 | ---- | M] () -- C:\Users\Laptop\Desktop\+Lost+1x08+Confidence+Man.divx
[2010/04/17 12:23:53 | 000,001,017 | ---- | M] () -- C:\Users\Laptop\Desktop\Eusing Free Registry Cleaner.lnk
[2010/04/17 05:03:52 | 367,482,880 | ---- | M] () -- C:\Users\Laptop\Desktop\+Lost+1x07+The+Moth.divx
[2010/04/17 03:42:15 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2010/04/17 02:06:53 | 367,513,600 | ---- | M] () -- C:\Users\Laptop\Desktop\+Lost+1x06+House+of+the+Rising+Sun.divx
[2010/04/16 15:33:16 | 000,031,232 | ---- | M] () -- C:\Users\Laptop\reader_s .exe
[2010/04/16 15:32:50 | 000,081,408 | ---- | M] () -- C:\Windows\SysWow64\drivers\zoqyivvcd9.sys
[2010/04/16 15:32:48 | 000,026,624 | ---- | M] () -- C:\Windows\SysWow64\reader_s .exe
[2010/04/16 14:15:51 | 000,055,296 | ---- | M] () -- C:\Windows\services .exe
[2010/04/16 14:13:03 | 000,188,416 | -HS- | M] () -- C:\Users\Laptop\AppData\Local\ave.exe
[2010/04/16 14:13:01 | 000,020,000 | ---- | M] () -- C:\Windows\SysWow64\bnfvbt0i0t.dll
[2010/04/16 14:12:46 | 000,036,715 | ---- | M] (Privat) -- C:\Windows\SysWow64\net.net
[2010/04/15 15:01:53 | 365,633,536 | ---- | M] () -- C:\Users\Laptop\Desktop\+Lost+1x01+Pilot+%28Part+1%29.divx
[2010/04/14 22:28:18 | 366,164,094 | ---- | M] () -- C:\Users\Laptop\Desktop\Justified+1x05+The+Lord+of+War+and+Thunder.divx
[2010/04/12 10:11:06 | 003,290,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/04/10 15:55:43 | 000,116,960 | ---- | M] () -- C:\Users\Laptop\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/10 00:43:01 | 000,022,016 | ---- | M] () -- C:\Users\Laptop\Desktop\NV2009-1 packing list.xls
[2010/04/10 00:42:30 | 000,030,720 | ---- | M] () -- C:\Users\Laptop\Desktop\NV2009-1 INVOICE FOR CUSTOMS.xls
[2010/04/09 22:03:44 | 000,001,178 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
[2010/04/09 21:49:31 | 000,000,510 | ---- | M] () -- C:\Windows\win.ini
[2010/04/09 19:42:59 | 000,001,626 | ---- | M] () -- C:\Users\Laptop\AppData\Roaming\wklnhst.dat
[2010/04/09 19:35:40 | 000,001,081 | ---- | M] () -- C:\Users\Laptop\Documents - Shortcut.lnk
[2010/04/07 14:38:25 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI

========== Files Created - No Company Name ==========

[2010/04/19 02:22:22 | 000,293,376 | ---- | C] () -- C:\Users\Laptop\Desktop\gmer.exe
[2010/04/19 01:38:41 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At120.job
[2010/04/19 01:38:41 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At119.job
[2010/04/19 01:38:40 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At118.job
[2010/04/19 01:38:40 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At117.job
[2010/04/19 01:38:40 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At116.job
[2010/04/19 01:38:39 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At115.job
[2010/04/19 01:38:39 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At114.job
[2010/04/19 01:38:38 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At113.job
[2010/04/19 01:38:38 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At112.job
[2010/04/19 01:38:37 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At111.job
[2010/04/19 01:38:37 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At110.job
[2010/04/19 01:38:37 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At109.job
[2010/04/19 01:38:36 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At108.job
[2010/04/19 01:38:36 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At107.job
[2010/04/19 01:38:35 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At106.job
[2010/04/19 01:38:35 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At105.job
[2010/04/19 01:38:35 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At104.job
[2010/04/19 01:38:34 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At103.job
[2010/04/19 01:38:34 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At102.job
[2010/04/19 01:38:33 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At101.job
[2010/04/19 01:38:33 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At100.job
[2010/04/19 01:38:32 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At99.job
[2010/04/19 01:38:32 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At98.job
[2010/04/19 01:38:32 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At97.job
[2010/04/18 21:09:04 | 366,422,016 | ---- | C] () -- C:\Users\Laptop\Desktop\+Lost+1x15+Homecoming.divx
[2010/04/18 18:02:02 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010/04/18 18:02:01 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010/04/18 18:02:01 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010/04/18 18:02:00 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010/04/18 18:02:00 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010/04/18 18:02:00 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010/04/18 18:01:59 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010/04/18 18:01:59 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010/04/18 18:01:58 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010/04/18 18:01:58 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010/04/18 18:01:57 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010/04/18 18:01:57 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010/04/18 18:01:57 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010/04/18 18:01:56 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010/04/18 18:01:56 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010/04/18 18:01:55 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010/04/18 18:01:55 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010/04/18 18:01:54 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010/04/18 18:01:54 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010/04/18 18:01:54 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010/04/18 18:01:53 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/04/18 18:01:53 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/04/18 18:01:52 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/04/18 18:01:52 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/04/18 01:18:44 | 055,518,680 | ---- | C] () -- C:\Users\Laptop\Desktop\Getcha Life Right SLOWED.wav
[2010/04/18 01:10:09 | 051,262,628 | ---- | C] () -- C:\Users\Laptop\Desktop\LIL MAMA SLOWED.wav
[2010/04/18 00:43:06 | 366,548,992 | ---- | C] () -- C:\Users\Laptop\Desktop\+Lost+1x14+Special.divx
[2010/04/17 23:19:10 | 366,471,168 | ---- | C] () -- C:\Users\Laptop\Desktop\+Lost+1x13+Hearts+and+Minds.divx
[2010/04/17 18:37:41 | 366,641,152 | ---- | C] () -- C:\Users\Laptop\Desktop\+Lost+1x10+Raised+by+Another.divx
[2010/04/17 15:47:30 | 000,000,296 | ---- | C] () -- C:\Users\Laptop\Desktop\exefix.reg
[2010/04/17 15:39:00 | 000,001,270 | ---- | C] () -- C:\Users\Laptop\Desktop\regedit.vbs
[2010/04/17 15:27:17 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At208.job
[2010/04/17 15:27:15 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At207.job
[2010/04/17 15:27:13 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At206.job
[2010/04/17 15:23:23 | 367,386,624 | ---- | C] () -- C:\Users\Laptop\Desktop\+Lost+1x09+Solitary.divx
[2010/04/17 12:30:08 | 368,283,648 | ---- | C] () -- C:\Users\Laptop\Desktop\+Lost+1x08+Confidence+Man.divx
[2010/04/17 12:23:53 | 000,001,017 | ---- | C] () -- C:\Users\Laptop\Desktop\Eusing Free Registry Cleaner.lnk
[2010/04/17 05:03:59 | 367,482,880 | ---- | C] () -- C:\Users\Laptop\Desktop\+Lost+1x07+The+Moth.divx
[2010/04/17 03:42:15 | 000,000,118 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2010/04/17 02:53:13 | 367,513,600 | ---- | C] () -- C:\Users\Laptop\Desktop\+Lost+1x06+House+of+the+Rising+Sun.divx
[2010/04/16 15:32:50 | 000,081,408 | ---- | C] () -- C:\Windows\SysWow64\drivers\zoqyivvcd9.sys
[2010/04/16 15:32:48 | 000,031,232 | ---- | C] () -- C:\Users\Laptop\reader_s .exe
[2010/04/16 15:32:48 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\reader_s .exe
[2010/04/16 15:31:57 | 000,012,672 | -HS- | C] () -- C:\ProgramData\3351340037
[2010/04/16 15:31:56 | 000,012,672 | -HS- | C] () -- C:\Users\Laptop\AppData\Local\3351340037
[2010/04/16 14:15:54 | 000,055,296 | ---- | C] () -- C:\Windows\services .exe
[2010/04/16 14:13:03 | 000,188,416 | -HS- | C] () -- C:\Users\Laptop\AppData\Local\ave.exe
[2010/04/16 14:13:03 | 000,012,724 | -HS- | C] () -- C:\Users\Laptop\AppData\Local\IGI4W75
[2010/04/16 14:13:03 | 000,012,724 | -HS- | C] () -- C:\ProgramData\IGI4W75
[2010/04/16 14:13:01 | 000,020,000 | ---- | C] () -- C:\Windows\SysWow64\bnfvbt0i0t.dll
[2010/04/15 15:06:05 | 365,633,536 | ---- | C] () -- C:\Users\Laptop\Desktop\+Lost+1x01+Pilot+%28Part+1%29.divx
[2010/04/14 22:30:36 | 366,164,094 | ---- | C] () -- C:\Users\Laptop\Desktop\Justified+1x05+The+Lord+of+War+and+Thunder.divx
[2010/04/10 00:39:51 | 000,022,016 | ---- | C] () -- C:\Users\Laptop\Desktop\NV2009-1 packing list.xls
[2010/04/10 00:39:43 | 000,030,720 | ---- | C] () -- C:\Users\Laptop\Desktop\NV2009-1 INVOICE FOR CUSTOMS.xls
[2010/04/09 22:03:44 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
[2010/04/09 19:42:05 | 000,025,600 | ---- | C] () -- C:\Users\Laptop\TRINIDAD LIST.doc
[2010/04/09 19:35:40 | 000,001,081 | ---- | C] () -- C:\Users\Laptop\Documents - Shortcut.lnk
[2010/03/23 02:25:19 | 000,006,362 | ---- | C] () -- C:\Users\Laptop\.recently-used.xbel
[2010/02/16 15:42:05 | 000,001,501 | ---- | C] () -- C:\Users\Laptop\TRINIDAD LIST.rtf
[2010/01/07 17:43:33 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/01/04 10:09:01 | 000,060,744 | ---- | C] () -- C:\Users\Laptop\g2mdlhlpx.exe
[2009/12/12 23:55:42 | 000,001,626 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\wklnhst.dat
[2009/12/11 16:27:07 | 000,004,608 | ---- | C] () -- C:\Users\Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/09 02:09:25 | 000,524,288 | -HS- | C] () -- C:\Users\Laptop\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009/12/09 02:09:25 | 000,524,288 | -HS- | C] () -- C:\Users\Laptop\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009/12/09 02:09:25 | 000,262,144 | -HS- | C] () -- C:\Users\Laptop\ntuser.dat.LOG1
[2009/12/09 02:09:25 | 000,065,536 | -HS- | C] () -- C:\Users\Laptop\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009/12/09 02:09:25 | 000,000,020 | -HS- | C] () -- C:\Users\Laptop\ntuser.ini
[2009/12/09 02:09:25 | 000,000,000 | -HS- | C] () -- C:\Users\Laptop\ntuser.dat.LOG2
[2009/12/09 02:09:24 | 002,097,152 | -HS- | C] () -- C:\Users\Laptop\NTUSER.DAT
[2009/07/13 20:14:59 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\FastUv32.dll
[2009/07/13 20:14:59 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\diskchk.sys
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2005/10/14 06:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005/10/14 06:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2005/10/14 06:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005/10/14 06:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2005/10/14 06:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2005/10/14 06:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2005/10/14 06:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2005/10/14 06:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2004/08/17 20:00:00 | 000,073,748 | -H-- | C] () -- C:\Windows\SysWow64\Iasex.dll

========== LOP Check ==========

[2009/12/08 20:04:56 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\acccore
[2009/12/08 14:18:42 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Acer
[2010/01/29 00:41:22 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Hardcore
[2010/03/11 15:06:52 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\inkscape
[2010/01/29 00:43:11 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Juce VST Host
[2009/12/08 14:18:40 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Leadertech
[2010/04/18 15:58:08 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\LimeWire
[2010/01/22 19:38:11 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\SharePod
[2010/03/04 02:23:07 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\SignCut
[2009/12/12 23:55:47 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Template
[2010/03/13 16:38:50 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Thunderbird
[2010/04/06 19:40:03 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\uTorrent
[2010/04/19 00:02:36 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/04/18 18:01:56 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2010/04/19 01:38:33 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At100.job
[2010/04/19 01:38:34 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At101.job
[2010/04/19 01:38:34 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At102.job
[2010/04/19 01:38:35 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At103.job
[2010/04/19 01:38:35 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At104.job
[2010/04/19 01:38:35 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At105.job
[2010/04/19 01:38:36 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At106.job
[2010/04/19 01:38:36 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At107.job
[2010/04/19 01:38:37 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At108.job
[2010/04/19 01:38:37 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At109.job
[2010/04/18 18:01:57 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2010/04/19 01:38:37 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At110.job
[2010/04/19 01:38:38 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At111.job
[2010/04/19 01:38:38 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At112.job
[2010/04/19 01:38:39 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At113.job
[2010/04/19 01:38:39 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At114.job
[2010/04/19 01:38:40 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At115.job
[2010/04/19 01:38:40 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At116.job
[2010/04/19 01:38:40 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At117.job
[2010/04/19 01:38:41 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At118.job
[2010/04/19 01:38:41 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At119.job
[2010/04/18 18:01:57 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2010/04/19 01:38:42 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At120.job
[2010/04/18 18:01:57 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2010/04/18 18:01:58 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2010/04/18 18:01:58 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2010/04/18 18:01:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2010/04/18 18:01:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2010/04/18 18:02:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2010/04/18 18:02:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2010/04/19 01:00:37 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/04/18 19:00:37 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2010/04/17 15:27:15 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At206.job
[2010/04/17 15:27:17 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At207.job
[2010/04/17 15:27:17 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At208.job
[2010/04/18 20:00:37 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2010/04/18 21:00:37 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2010/04/18 22:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2010/04/18 23:00:37 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2010/04/19 02:00:37 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/04/18 18:01:54 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/04/18 18:01:54 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2010/04/18 18:01:54 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2010/04/18 18:01:55 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2010/04/18 18:01:55 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2010/04/18 18:01:56 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2010/04/19 01:38:32 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At97.job
[2010/04/19 01:38:32 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At98.job
[2010/04/19 02:00:36 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At99.job
[2009/07/14 01:08:49 | 000,018,918 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/13 21:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/13 21:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:28 | 000,186,368 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\iepeers.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/16 15:32:50 | 000,081,408 | ---- | M] () -- C:\Windows\SysWOW64\drivers\zoqyivvcd9.sys

========== Files - Unicode (All) ==========
[2010/03/29 22:40:54 | 000,823,922 | ---- | M] ()(C:\Users\Laptop\Desktop\?? 1.pdf) -- C:\Users\Laptop\Desktop\组合 1.pdf
[2010/03/29 22:40:51 | 000,823,922 | ---- | C] ()(C:\Users\Laptop\Desktop\?? 1.pdf) -- C:\Users\Laptop\Desktop\组合 1.pdf

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:C8B8CEBD
< End of report >
  • 0

#5
Help Help
Posted 19 April 2010 - 01:14 AM

Help Help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
HERE IS THE OTL EXTRAS LOG:

OTL Extras logfile created on: 4/19/2010 2:45:33 AM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Laptop\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.99 Gb Total Space | 205.18 Gb Free Space | 71.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 58.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Laptop-PC
Current User Name: Laptop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- Reg Error: Value error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{20140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 (Beta)
"{20140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 (Beta)
"{20140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Beta)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ACCA82EB-7088-919E-5E1C-100A24F11CCF}" = ATI Catalyst Install Manager
"{E2FCA441-6D7B-CD78-3ADF-42EA9FA06065}" = ccc-utility64
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{183F0908-AD5E-8B3B-5F06-28B1A8C65C62}" = CCC Help Japanese
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{20140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 (Beta)
"{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
"{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
"{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
"{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
"{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
"{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
"{20140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23E9588B-05ED-BC2F-EB69-101A96511EF1}" = ccc-core-static
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2484D1EA-CBA4-60BB-82B9-F8477D25C47A}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{29802D65-9514-DB20-36CD-E47A94C8AEB9}" = Catalyst Control Center Graphics Full Existing
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2F61E9D7-CD05-643E-A04E-CC1A8B6610BA}" = CCC Help Finnish
"{2FA3CDD8-1436-497D-6339-789936561E99}" = CCC Help German
"{34123E80-BE96-6282-1167-6696730AF6D2}" = CCC Help Korean
"{387B5FB4-7A4A-AD76-7B49-23DD29E84715}" = LightSpeed SSL 7.0.140
"{38F93109-35AB-4562-A961-4DEBC0C164FB}" = REDIPlus
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3D20EF26-2E9A-D388-851D-E7675BBACFF5}" = Catalyst Control Center Core Implementation
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{4024F49B-65D4-D6B2-2A1D-6DBF6F09F181}" = CCC Help Greek
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49A63237-FD38-AE77-6DF6-FFB41499A4E6}" = CCC Help Hungarian
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4F0FC827-B693-F166-612E-EA89D798540C}" = CCC Help Chinese Traditional
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{52FBF90E-D2EF-A2A3-1CCA-6984596B1B02}" = CCC Help English
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{628CBFE4-3823-67FB-26D2-566899C3BB5C}" = CCC Help Italian
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63F26DAE-CB0D-98B6-3019-D4FC3D0DD203}" = Catalyst Control Center InstallProxy
"{652EB559-6865-DEF4-2409-D506963C15FD}" = CCC Help Polish
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{68987945-A387-4C25-0C59-21F2AF657E65}" = CCC Help Thai
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B45E33B-6BB4-234B-2F5F-65B1A103801D}" = CCC Help Russian
"{6B99737C-9FDC-50F9-C9A4-AB7DA5C9A336}" = Catalyst Control Center Graphics Full New
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BE74C0E-F300-D0A6-780B-C93BB78DE58C}" = CCC Help Norwegian
"{7E75ACC5-B0EC-7006-183A-374974019911}" = Catalyst Control Center Graphics Light
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9207A8EC-3B2D-4A4A-8BF7-957FC19BB3DE}" = Zebra Setup Utilities
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97124B44-C17B-C352-44B1-403D0D706173}" = CCC Help Czech
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACA8261-11D1-F8A1-C154-7F8B23515C79}" = CCC Help Swedish
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9574A7E-C024-EED1-7A81-CC4786A1915A}" = CCC Help Portuguese
"{AA32D2A6-1299-0F05-BF8D-04075A9F69EB}" = CCC Help Turkish
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCC05B1F-7397-799A-9EDB-AC10123BB17A}" = CCC Help Chinese Standard
"{BEF4FD8A-29FF-C250-468A-5FC55F0E3451}" = Catalyst Control Center Localization All
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CF7A62B6-F712-412E-9914-D80033A7F8B8}" = Catalyst Control Center - Branding
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D41301F8-90FD-9CE8-CD2C-ED2B9D5F07E3}" = CCC Help Spanish
"{D43AD08C-BE76-8C5B-FD90-4B665EF60E2E}" = CCC Help Danish
"{DA4CA661-5ABF-9218-6E42-84BF89F43655}" = CCC Help French
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"AVS Image Converter_is1" = AVS Image Converter 1.1.1.31 Beta Version
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BassBox 6 Pro" = BassBox 6 Pro
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Eudora (8.0b9)" = Eudora (8.0b9)
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FL Studio 9" = FL Studio 9
"Free Invoicer_is1" = Free Invoicer
"GridVista" = Acer GridVista
"Hardcore" = Hardcore
"Identity Card" = Identity Card
"IL Download Manager" = IL Download Manager
"Inkscape" = Inkscape 0.47
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"LimeWire" = LimeWire 5.3.6
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PoiZone" = PoiZone
"Sawer" = Sawer
"SignCut" = SignCut (remove only)
"SoftwareClub Audio Converter Extractor Max_is1" = SoftwareClub Audio Converter Extractor Max 1.0.0.4
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"thinkorswim from TD AMERITRADE" = thinkorswim from TD AMERITRADE
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"Vector Magic" = Vector Magic
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Zebra Font Downloader_is1" = Zebra Font Downloader
"Zebra Setup Utilities" = Zebra Setup Utilities
"Zebra Status Monitor_is1" = Zebra Status Monitor 4.5.39

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"1df0cdb088182ccc" = FOREXTraderPro
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/19/2010 3:27:04 PM | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/19/2010 3:27:05 PM | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/21/2010 11:14:09 AM | Computer Name = Laptop-PC | Source = Application Error | ID = 1000
Description = Faulting application name: java.exe, version: 6.0.160.1, time stamp:
0x4a734839 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x30707034 Faulting process id: 0x110 Faulting application
start time: 0x01cac90922c51474 Faulting application path: C:\Program Files (x86)\Java\jre6\bin\java.exe
Faulting
module path: unknown Report Id: 65598dc1-34fc-11df-986a-002622638dba

Error - 3/22/2010 4:41:51 PM | Computer Name = Laptop-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SignCut.exe, version: 0.0.0.0, time stamp:
0x4b1427ec Faulting module name: MSVCR90.dll, version: 9.0.30729.4926, time stamp:
0x4a1743c1 Exception code: 0xc0000005 Fault offset: 0x00036c38 Faulting process id:
0x198 Faulting application start time: 0x01caca0018232929 Faulting application path:
C:\Program Files (x86)\SignCut\SignCut.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll
Report
Id: 5748a850-35f3-11df-9685-002622638dba

Error - 3/23/2010 2:58:34 PM | Computer Name = Laptop-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SignCut.exe, version: 0.0.0.0, time stamp:
0x4b1427ec Faulting module name: SignCut.exe, version: 0.0.0.0, time stamp: 0x4b1427ec
Exception
code: 0xc0000005 Fault offset: 0x0015c46a Faulting process id: 0x11b0 Faulting application
start time: 0x01cacaba753a1d94 Faulting application path: C:\Program Files (x86)\SignCut\SignCut.exe
Faulting
module path: C:\Program Files (x86)\SignCut\SignCut.exe Report Id: 141a3122-36ae-11df-9685-002622638dba

Error - 3/23/2010 8:23:02 PM | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 3/23/2010 8:23:53 PM | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/23/2010 8:23:53 PM | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/23/2010 8:23:53 PM | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/23/2010 8:23:53 PM | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 4/17/2010 3:28:39 PM | Computer Name = Laptop-PC | Source = DCOM | ID = 10005
Description =

Error - 4/17/2010 3:28:39 PM | Computer Name = Laptop-PC | Source = DCOM | ID = 10005
Description =

Error - 4/17/2010 3:28:39 PM | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 4/17/2010 3:28:39 PM | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 4/17/2010 3:28:39 PM | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 4/17/2010 3:28:41 PM | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 4/17/2010 3:40:27 PM | Computer Name = Laptop-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\zoqyivvcd9.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 4/17/2010 3:40:36 PM | Computer Name = Laptop-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 4/17/2010 3:40:36 PM | Computer Name = Laptop-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 4/17/2010 4:46:13 PM | Computer Name = Laptop-PC | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >
  • 0

#6
Help Help
Posted 19 April 2010 - 01:16 AM

Help Help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
AND HERE IS THE GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-19 03:07:00
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\Schedule@NextAtJobId 121

---- Files - GMER 1.0.15 ----

File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF7WH1F9\goad[3].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OE4ES0XW\adserv[2].htm 19 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0WXXAU4\iframe3CAMRX8KS.htm 1353 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[2].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[2].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@openx[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@quantserve[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@rubiconproject[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@scorecardresearch[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt 0 bytes

---- EOF - GMER 1.0.15 ----
  • 0

#7
Help Help
Posted 19 April 2010 - 01:36 AM

Help Help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Here is what Malwarebytes removed:

Malwarebytes' Anti-Malware 1.42
Database version: 3335
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/19/2010 3:33:13 AM
mbam-log-2010-04-19 (03-33-13).txt

Scan type: Quick Scan
Objects scanned: 95083
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Windows\System32\Iasex.dll (Backdoor.Bot) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ias (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\Temp\anxsrweocm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\Iasex.dll (Backdoor.Bot) -> Delete on reboot.
C:\Users\Laptop\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\Temp\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\Temp\services.exe (Password.Stealer) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\Temp\win32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\Temp\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Adobe\acrotray .exe (Trojan.Agent) -> Quarantined and deleted successfully.
  • 0

#8
Help Help
Posted 19 April 2010 - 09:38 AM

Help Help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
.......
  • 0

#9
Help Help
Posted 20 April 2010 - 10:20 AM

Help Help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Help please.
  • 0

#10
SweetTech
Posted 20 April 2010 - 12:29 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums! My name is SweetTech, it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:
  • Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within five days    . I will post a reminder should you seem to fail to do this, however, if you fail to reply within two days then,
    unless I have been notified of your absence in advance, the topic shall be closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message on here. :)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________


Running OTS
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans click the "Extras" button
  • In the custom scans section copy and paste in the following


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    c:\windows\system32\drivers\*.sys /60
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please post the contents of the log in your next post.



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the OTS scan.
3. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
  • 0

Advertisements

#11
Help Help
Posted 20 April 2010 - 01:47 PM

Help Help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Alright, thanks for helping me out through this ordeal.
The new OTS scan is running
  • 0

#12
SweetTech
Posted 20 April 2010 - 01:59 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
:)
  • 0

#13
Help Help
Posted 20 April 2010 - 02:21 PM

Help Help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts 
OTS logfile created on: 4/20/2010 3:46:55 PM - Run 1

OTS by OldTimer - Version 3.1.28.3	 Folder = C:\Users\Laptop\Desktop

64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free

7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.99 Gb Total Space | 202.27 Gb Free Space | 70.73% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: Laptop-PC

Current User Name: Laptop

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

 

[Processes - Safe List]

atibtmon.exe -> C:\Windows\SysWow64\atibtmon.exe -> File not found

ots.exe -> C:\Users\Laptop\Desktop\OTS.exe -> [2010/04/20 15:45:14 | 000,638,464 | ---- | M] (OldTimer Tools)

ctv4174 .exe -> C:\Windows\Temp\ctv4174 .exe -> [2010/04/19 15:32:05 | 000,029,696 | ---- | M] ()

wmpscfgs.exe -> c:\Program Files (x86)\Internet Explorer\wmpscfgs.exe -> [2010/04/17 15:42:31 | 000,031,232 | ---- | M] ()

firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2010/04/01 13:11:10 | 000,908,248 | ---- | M] (Mozilla Corporation)

dsiwmis.exe -> C:\Program Files (x86)\Launch Manager\dsiwmis.exe -> [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.)

mwlservice.exe -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe -> [2009/08/06 13:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.)

updaterservice.exe -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer)

schedulersvc.exe -> C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -> [2009/06/17 20:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.)

greghsrw.exe -> C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -> [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated)

 

[Modules - Safe List]

ots.exe -> C:\Users\Laptop\Desktop\OTS.exe -> [2010/04/20 15:45:14 | 000,638,464 | ---- | M] (OldTimer Tools)

comdlg32.dll -> C:\Windows\SysWOW64\comdlg32.dll -> [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation)

comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation)

 

[Win32 Services - Safe List]

64bit-(WatAdminSvc)  [Unknown | Stopped] -> C:\Windows\SysNative\Wat\WatAdminSvc.exe -> [2010/04/14 03:00:50 | 001,255,736 | ---- | M] (Microsoft Corporation)

64bit-(osppsvc)  [On_Demand | Running] -> C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -> [2009/09/26 04:28:30 | 004,924,336 | ---- | M] (Microsoft Corporation)

64bit-(ePowerSvc)  [Auto | Running] -> C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -> [2009/08/06 00:30:58 | 000,844,320 | ---- | M] (Acer Incorporated)

64bit-(AMD External Events Utility)  [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2009/07/29 08:03:42 | 000,203,264 | ---- | M] (AMD)

64bit-(WwanSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\wwansvc.dll -> [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation)

64bit-(WbioSrvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\wbiosrvc.dll -> [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation)

64bit-(Power)  [Auto | Running] -> C:\Windows\SysNative\umpo.dll -> [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation)

64bit-(Themes)  [Auto | Running] -> C:\Windows\SysNative\themeservice.dll -> [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation)

64bit-(sppuinotify)  [On_Demand | Stopped] -> C:\Windows\SysNative\sppuinotify.dll -> [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation)

64bit-(SensrSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\sensrsvc.dll -> [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation)

64bit-(PNRPsvc)  [On_Demand | Running] -> C:\Windows\SysNative\pnrpsvc.dll -> [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation)

64bit-(p2pimsvc)  [On_Demand | Running] -> C:\Windows\SysNative\pnrpsvc.dll -> [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation)

64bit-(HomeGroupProvider)  [On_Demand | Running] -> C:\Windows\SysNative\provsvc.dll -> [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation)

64bit-(RpcEptMapper)  [Unknown | Running] -> C:\Windows\SysNative\RpcEpMap.dll -> [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation)

64bit-(PNRPAutoReg)  [On_Demand | Stopped] -> C:\Windows\SysNative\pnrpauto.dll -> [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation)

64bit-(WinDefend)  [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)

64bit-(HomeGroupListener)  [On_Demand | Running] -> C:\Windows\SysNative\ListSvc.dll -> [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation)

64bit-(FontCache)  [On_Demand | Stopped] -> C:\Windows\SysNative\FntCache.dll -> [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation)

64bit-(Dhcp)  [Auto | Running] -> C:\Windows\SysNative\dhcpcore.dll -> [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation)

64bit-(defragsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\defragsvc.dll -> [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation)

64bit-(bthserv)  [On_Demand | Stopped] -> C:\Windows\SysNative\bthserv.dll -> [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation)

64bit-(BDESVC)  [Unknown | Stopped] -> C:\Windows\SysNative\bdesvc.dll -> [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation)

64bit-(AxInstSV)  [On_Demand | Stopped] -> C:\Windows\SysNative\AxInstSv.dll -> [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation)

64bit-(AppIDSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\appidsvc.dll -> [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation)

64bit-(wbengine)  [On_Demand | Stopped] -> C:\Windows\SysNative\wbengine.exe -> [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation)

64bit-(FastUserSwitchingCompatibility)  [Auto | Running] -> C:\Windows\SysNative\svchost.exe -> [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation)

64bit-(sppsvc)  [Auto | Stopped] -> C:\Windows\SysNative\sppsvc.exe -> [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation)

64bit-(Fax)  [On_Demand | Stopped] -> C:\Windows\SysNative\FXSSVC.exe -> [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation)

64bit-(Updater Service)  [Auto | Running] -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer)

(Akamai) Akamai NetSession Interface [Auto | Running] -> c:\Program Files (x86)\Common Files\Akamai\rswin_3653.dll -> [2010/04/07 18:35:16 | 002,504,280 | ---- | M] ()

(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2010/01/10 22:44:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.)

(Microsoft SharePoint Workspace Audit Service) Microsoft SharePoint Workspace Audit Service [On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -> [2009/10/29 10:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation)

(DsiWMIService) Dritek WMI Service [Auto | Running] -> C:\Program Files (x86)\Launch Manager\dsiwmis.exe -> [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.)

(MWLService) MyWinLocker Service [Auto | Running] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -> [2009/08/06 13:18:54 | 000,311,592 | ---- | M] ()

(VSS) Volume Shadow Copy [On_Demand | Stopped] -> C:\Windows\Vss -> [2009/07/13 23:20:14 | 000,000,000 | ---D | M]

(MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] -> C:\Windows\SysWOW64\Msdtc -> [2009/07/13 23:20:14 | 000,000,000 | ---D | M]

(HomeGroupProvider) HomeGroup Provider [On_Demand | Running] -> C:\Windows\SysWOW64\provsvc.dll -> [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation)

(FastUserSwitchingCompatibility) Network Security [Auto | Running] -> C:\Windows\SysWOW64\FastUv32.dll -> [2009/07/13 21:15:39 | 000,053,248 | ---- | M] ()

(Dhcp) DHCP Client [Auto | Running] -> C:\Windows\SysWOW64\dhcpcore.dll -> [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation)

(vds) Virtual Disk [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vds.mof -> [2009/07/13 16:30:11 | 000,061,056 | ---- | M] ()

(NTISchedulerSvc) NTI Backup Now 5 Scheduler Service [Auto | Running] -> C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -> [2009/06/17 20:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.)

(NTIBackupSvc) NTI Backup Now 5 Backup Service [On_Demand | Stopped] -> C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -> [2009/06/17 20:31:46 | 000,050,432 | ---- | M] (NewTech InfoSystems, Inc.)

(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation)

(Greg_Service) GRegService [Auto | Running] -> C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -> [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated)

 

[Driver Services - Safe List]

64bit-(RSUSBSTOR) RtsUStor.Sys Realtek USB Card Reader [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\RtsUStor.sys -> [2009/08/09 23:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.)

64bit-(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2009/07/29 18:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.)

64bit-(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\athrx.sys -> [2009/07/16 07:33:44 | 001,488,384 | ---- | M] (Atheros Communications, Inc.)

64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices)

64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices)

64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)

64bit-(KSecPkg) KSecPkg [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\ksecpkg.sys -> [2009/07/13 21:48:04 | 000,153,152 | ---- | M] (Microsoft Corporation)

64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation)

64bit-(hwpolicy) Hardware Policy Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\hwpolicy.sys -> [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation)

64bit-(FsDepends) File System Dependency Minifilter [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fsdepends.sys -> [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation)

64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company)

64bit-(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\wimmount.sys -> [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation)

64bit-(vhdmp) vhdmp [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vhdmp.sys -> [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation)

64bit-(vdrvroot) Microsoft Virtual Drive Enumerator Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\vdrvroot.sys -> [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation)

64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology)

64bit-(rdyboost) ReadyBoost [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\rdyboost.sys -> [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation)

64bit-(pcw) Performance Counters for Windows Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\pcw.sys -> [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation)

64bit-(CNG) CNG [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\cng.sys -> [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation)

64bit-(fvevol) Bitlocker Drive Encryption Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\fvevol.sys -> [2009/07/13 21:43:13 | 000,223,448 | ---- | M] (Microsoft Corporation)

64bit-(rdpbus) Remote Desktop Device Redirector Bus Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rdpbus.sys -> [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation)

64bit-(RDPREFMP) Reflector Display Driver used to gain access to graphics data [Kernel | System | Running] -> C:\Windows\SysNative\drivers\RDPREFMP.sys -> [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation)

64bit-(RasAgileVpn) WAN Miniport (IKEv2) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\agilevpn.sys -> [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation)

64bit-(WfpLwf) WFP Lightweight Filter [Kernel | System | Running] -> C:\Windows\SysNative\drivers\wfplwf.sys -> [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation)

64bit-(NdisCap) NDIS Capture LightWeight Filter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ndiscap.sys -> [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation)

64bit-(vwififlt) Virtual WiFi Filter Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\vwififlt.sys -> [2009/07/13 20:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation)

64bit-(vwifibus) Virtual WiFi Bus Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\vwifibus.sys -> [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation)

64bit-(1394ohci) 1394 OHCI Compliant Host Controller [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\1394ohci.sys -> [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation)

64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation)

64bit-(usbvideo) USB Video Device (WDM) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\usbvideo.sys -> [2009/07/13 20:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation)

64bit-(UmPass) Microsoft UMPass Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\umpass.sys -> [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation)

64bit-(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\USBAUDIO.sys -> [2009/07/13 20:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation)

64bit-(mshidkmdf) Pass-through HID to KMDF Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mshidkmdf.sys -> [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation)

64bit-(WudfPf) User Mode Driver Frameworks Platform Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\WUDFPf.sys -> [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation)

64bit-(MTConfig) Microsoft Input Configuration Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\MTConfig.sys -> [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation)

64bit-(CompositeBus) Composite Bus Enumerator Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CompositeBus.sys -> [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation)

64bit-(Beep) Beep [Kernel | System | Running] -> C:\Windows\SysNative\drivers\beep.sys -> [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation)

64bit-(AppID) AppID Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\appid.sys -> [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation)

64bit-(scfilter) Smart card PnP Class Filter Driver [Kernel | Unknown | Stopped] -> C:\Windows\SysNative\drivers\scfilter.sys -> [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation)

64bit-(discache) System Attribute Cache [Kernel | System | Running] -> C:\Windows\SysNative\drivers\discache.sys -> [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation)

64bit-(HidBatt) HID UPS Battery Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hidbatt.sys -> [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation)

64bit-(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CmBatt.sys -> [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation)

64bit-(AcpiPmi) ACPI Power Meter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\acpipmi.sys -> [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation)

64bit-(AmdPPM) AMD Processor Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdppm.sys -> [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation)

64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2009/06/18 08:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated)

64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)

64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)

64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)

64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)

64bit-(mwlPSDVDisk) mwlPSDVDisk [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -> [2009/06/02 07:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.)

64bit-(mwlPSDFilter) mwlPSDFilter [File_System | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDFilter.sys -> [2009/06/02 07:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.)

64bit-(mwlPSDNServ) mwlPSDNServ [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDNserv.sys -> [2009/06/02 07:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.)

64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2009/05/22 10:52:30 | 000,215,040 | ---- | M] (Realtek											)

64bit-(NTIDrvr) NTIDrvr [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NTIDrvr.sys -> [2009/05/05 04:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.)

64bit-(UBHelper) UBHelper [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\UBHelper.sys -> [2009/05/05 04:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation)

64bit-(AtiPcie) AMD PCI Express (3GIO) Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\AtiPcie.sys -> [2009/05/04 09:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.)

64bit-(usbfilter) AMD USB Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\usbfilter.sys -> [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices)

64bit-(adfs) adfs [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\adfs.sys -> [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.)

64bit-(FTDIBUS) USB Serial Converter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ftdibus.sys -> [2007/06/27 09:05:10 | 000,063,808 | ---- | M] (FTDI Ltd.)

64bit-(FTSER2K) USB Serial Port Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ftser2k.sys -> [2007/06/27 09:03:54 | 000,083,776 | ---- | M] (FTDI Ltd.)

(zoqyivvcd9) zoqyivvcd9 [Kernel | System | Stopped] -> C:\Windows\SysWOW64\drivers\zoqyivvcd9.sys -> [2010/04/16 15:32:50 | 000,081,408 | ---- | M] ()

(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)

(NetBIOS) NetBIOS Interface [File_System | System | Running] -> C:\Windows\SysWOW64\netbios.dll -> [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation)

(diskchk) diskchk [Kernel | On_Demand | Stopped] -> C:\Windows\SysWOW64\diskchk.sys -> [2009/07/13 21:15:39 | 000,002,304 | ---- | M] ()

(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2009/06/10 17:28:14 | 000,001,088 | ---- | M] ()

(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2009/06/10 17:15:18 | 000,003,066 | ---- | M] ()

(mwlPSDVDisk) mwlPSDVDisk [Kernel | System | Running] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDVdisk.sys -> [2009/06/02 07:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.)

(mwlPSDNServ) mwlPSDNServ [Kernel | System | Running] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDNServ.sys -> [2009/06/02 07:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.)

(mwlPSDFilter) mwlPSDFilter [File_System | System | Running] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDFilter.sys -> [2009/06/02 07:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.)

(DKbFltr) Dritek Keyboard Filter Driver (64-bit) [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\drivers\DKbFltr.sys -> [2009/03/25 23:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.)

 

[Registry - Safe List]

< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a645l0334z1l5t48l2a24n -> 

HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a645l0334z1l5t48l2a24n -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a645l0334z1l5t48l2a24n -> 

HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a645l0334z1l5t48l2a24n -> 

< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 

HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 

HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\] > -> -> 

HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a645l0334z1l5t48l2a24n -> 

HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\: Main\\"Start Page" -> about:blank -> 

HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\: "ProxyEnable" -> 0 -> 

< FireFox Settings [Prefs.js] > -> C:\Users\Laptop\AppData\Roaming\Mozilla\FireFox\Profiles\5k54anb5.default\prefs.js -> 

browser.search.defaultenginename -> "Search" ->

browser.search.defaulturl -> "http://www3.iamwired.net/websearch.php?src=tops&search=" ->

browser.startup.homepage -> "http://us.mc551.mail.yahoo.com/mc/welcome?.gx=1&.tm=1262230232&.rand=5tgkqcl6adcf0" ->

extensions.enabledItems -> {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0 ->

keyword.URL -> "http://www3.iamwired.net/websearch.php?src=tops&search=" ->

< FireFox Settings [User.js] > -> C:\Users\Laptop\AppData\Roaming\Mozilla\FireFox\Profiles\5k54anb5.default\user.js -> 

< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKLM\software\mozilla\Eudora 8.0b9\extensions ->  -> 

HKLM\software\mozilla\Eudora 8.0b9\extensions\\Components -> C:\Program Files (x86)\Eudora 8.0 Beta 9\components [C:\PROGRAM FILES (X86)\EUDORA 8.0 BETA 9\COMPONENTS] -> [2010/03/13 16:38:50 | 000,000,000 | ---D | M]

HKLM\software\mozilla\Eudora 8.0b9\extensions\\Plugins -> C:\PROGRAM FILES (X86)\EUDORA 8.0 BETA 9\PLUGINS -> 

HKLM\software\mozilla\Firefox\Extensions ->  -> 

HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions ->  -> 

HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/04/01 14:43:29 | 000,000,000 | ---D | M]

HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/04/01 13:11:12 | 000,000,000 | ---D | M]

HKLM\software\mozilla\Thunderbird\Extensions ->  -> 

HKLM\software\mozilla\Thunderbird\Extensions\\[email protected] -> C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD -> 

< FireFox Extensions [User Folders] > -> 

  -> C:\Users\Laptop\AppData\Roaming\Mozilla\Extensions -> [2010/03/13 16:38:51 | 000,000,000 | ---D | M]

No name found   -> C:\Users\Laptop\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} -> [2010/03/13 16:38:51 | 000,000,000 | ---D | M]

  -> C:\Users\Laptop\AppData\Roaming\Mozilla\Extensions\[email protected] -> [2009/12/08 19:48:23 | 000,000,000 | ---D | M]

  -> C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\5k54anb5.default\extensions -> [2010/04/20 11:23:54 | 000,000,000 | ---D | M]

TradeManager-Plugin   -> C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\5k54anb5.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF} -> [2009/12/30 11:13:18 | 000,000,000 | ---D | M]

< FireFox SearchPlugins [User Folders] > -> 

< FireFox Extensions [Program Folders] > -> 

  -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/04/20 11:23:54 | 000,000,000 | ---D | M]

< HOSTS File > ([2009/06/10 17:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 

Reset Hosts

< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Browser Helper] -> [2009/10/29 10:32:58 | 006,652,816 | ---- | M] (Microsoft Corporation)

{B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [Office Document Cache Handler] -> [2009/11/03 21:19:14 | 000,683,392 | ---- | M] (Microsoft Corporation)

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 18:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation)

< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

"Acer ePower Management" -> C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe] -> [2009/08/06 00:30:58 | 000,828,960 | ---- | M] (Acer Incorporated)

"mwlDaemon" -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe] -> [2009/08/06 13:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.)

"RtHDVCpl" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe] -> [2009/07/06 05:52:00 | 007,940,128 | ---- | M] (Realtek Semiconductor)

"Skytel" -> C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [C:\Program Files\Realtek\Audio\HDA\Skytel.exe] -> [2009/07/06 05:52:54 | 001,833,504 | ---- | M] (Realtek Semiconductor Corp.)

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

"Acer Assist Launcher" -> C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [C:\Program Files (x86)\Acer\Acer Assist\launcher.exe] -> [2010/04/19 15:01:29 | 000,031,232 | ---- | M] ()

"BCSSync" -> C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe ["C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices] -> [2010/04/19 15:01:31 | 000,031,232 | ---- | M] ()

"EgisTecLiveUpdate" -> C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe ["C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"] -> [2010/04/19 15:01:22 | 000,031,232 | ---- | M] ()

"LManager" -> C:\Program Files (x86)\Launch Manager\lmanager.exe [C:\Program Files (x86)\Launch Manager\LManager.exe] -> [2010/04/19 15:01:25 | 000,031,232 | ---- | M] ()

"Malwarebytes Anti-Malware (reboot)" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2010/03/30 00:46:02 | 001,086,856 | ---- | M] (Malwarebytes Corporation)

"NortonOnlineBackupReminder" -> C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe ["C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED] -> [2010/04/19 15:01:24 | 000,031,232 | ---- | M] ()

"PDVD8LanguageShortcut" -> C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ["C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"] -> [2010/04/19 15:01:28 | 000,031,232 | ---- | M] ()

"RemoteControl8" -> C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe ["C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"] -> [2010/04/19 15:01:27 | 000,031,232 | ---- | M] ()

"StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2010/04/19 15:01:26 | 000,031,232 | ---- | M] ()

< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 

"InnoSetupRegFile.0000000001" -> C:\Windows\is-P5449.exe ["C:\Windows\is-P5449.exe" /REG] -> [2010/04/19 20:39:59 | 000,699,904 | ---- | M] ()

"Malwarebytes' Anti-Malware" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent] -> [2010/03/30 00:46:12 | 000,437,584 | ---- | M] (Malwarebytes Corporation)

"Malwarebytes' Anti-Malware (registration)" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [regsvr32.exe /s "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll"] -> [2009/12/03 17:14:00 | 000,095,056 | ---- | M] (Malwarebytes Corporation)

< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 21:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)

< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 

"mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found

< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 21:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)

< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 

"mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found

< Run [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\] > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

"AdobeUpdater6" -> C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe ["C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"] -> [2010/04/17 15:42:18 | 000,031,232 | ---- | M] ()

"Aim" -> C:\program files (x86)\aim\aim	  .exe ["C:\program files (x86)\aim\aim	  .exe" /d locale=en-US] -> [2010/03/08 17:04:49 | 003,972,440 | ---- | M] (AOL Inc.)

"hf8wefhuaihf8ewfydiujhfdsfdf" -> C:\Users\Laptop\AppData\Local\Temp\wqmxpsuc	  .exe [C:\Users\Laptop\appdata\local\temp\wqmxpsuc	  .exe] -> [2010/04/16 14:13:02 | 000,020,001 | -H-- | M] ()

"hsf87efjhdsf87f3jfsdi7fhsujfd" -> C:\Users\Laptop\AppData\Local\Temp\user.exe [C:\Users\Laptop\AppData\Local\Temp\user.exe] -> [2010/04/17 17:52:04 | 000,030,212 | -H-- | M] ()

< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoActiveDesktop" ->  [1] -> File not found

< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

\\"ConsentPromptBehaviorAdmin" ->  [0] -> File not found

\\"ConsentPromptBehaviorUser" ->  [3] -> File not found

\\"EnableLUA" ->  [0] -> File not found

\\"PromptOnSecureDesktop" ->  [0] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001] > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001] > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 

HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\] > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\Software\Microsoft\Internet Explorer\MenuExt\ -> 

E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE [res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000] -> [2009/09/26 23:20:02 | 020,800,336 | ---- | M] (Microsoft Corporation)

Se&nd to OneNote -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105] -> [2009/10/28 23:28:50 | 000,633,760 | ---- | M] (Microsoft Corporation)

< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\] > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\Software\Microsoft\Internet Explorer\MenuExt\ -> 

E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE [res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000] -> [2009/09/26 23:20:02 | 020,800,336 | ---- | M] (Microsoft Corporation)

Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html] -> File not found

Se&nd to OneNote -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105] -> [2009/10/28 23:28:50 | 000,633,760 | ---- | M] (Microsoft Corporation)

< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [Button: Send to OneNote] -> [2009/10/28 23:47:48 | 000,788,896 | ---- | M] (Microsoft Corporation)

{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [Menu: Se&nd to OneNote] -> [2009/10/28 23:47:48 | 000,788,896 | ---- | M] (Microsoft Corporation)

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Button: OneNote Lin&ked Notes] -> [2009/10/28 23:47:46 | 000,592,288 | ---- | M] (Microsoft Corporation)

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Menu: OneNote Lin&ked Notes] -> [2009/10/28 23:47:46 | 000,592,288 | ---- | M] (Microsoft Corporation)

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/02/06 21:07:54 | 000,187,248 | ---- | M] (Microsoft Corporation)

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/02/06 21:07:54 | 000,187,248 | ---- | M] (Microsoft Corporation)

{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [Button: Send to OneNote] -> [2009/10/28 23:28:50 | 000,633,760 | ---- | M] (Microsoft Corporation)

{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [Menu: Se&nd to OneNote] -> [2009/10/28 23:28:50 | 000,633,760 | ---- | M] (Microsoft Corporation)

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Button: OneNote Lin&ked Notes] -> [2009/10/28 23:28:48 | 000,493,984 | ---- | M] (Microsoft Corporation)

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Menu: OneNote Lin&ked Notes] -> [2009/10/28 23:28:48 | 000,493,984 | ---- | M] (Microsoft Corporation)

< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix

"" -> http://

< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix

"" -> http://

< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\] > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\] > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 

{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 

< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 

DhcpNameServer -> 192.168.0.1 -> 

< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{628F5436-45B1-426D-81CE-C6C96C13A0AC}\\DhcpNameServer -> 10.1.10.1   (Realtek PCIe GBE Family Controller) -> 

{EB27D864-ECA0-46C5-B729-6E747DDE5247}\\DhcpNameServer -> 192.168.0.1   (Atheros AR5B93 Wireless Network Adapter) -> 

< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

explorer.exe -> C:\Windows\explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> -> 

64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 

SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 21:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)

/pagefile ->  -> File not found

*MultiFile Done* -> -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

Explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> -> 

*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 

SystemPropertiesPerformance.exe -> C:\Windows\SysWow64\SystemPropertiesPerformance.exe -> [2009/07/13 21:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)

/pagefile ->  -> File not found

*MultiFile Done* -> -> 

< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found

< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found

< 64bit-ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Stub Execution Hook] -> [2009/10/29 10:32:58 | 006,652,816 | ---- | M] (Microsoft Corporation)

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Stub Execution Hook] -> [2009/10/29 10:22:48 | 004,150,160 | ---- | M] (Microsoft Corporation)

< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

64bit-*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

pku2u -> C:\Windows\SysNative\pku2u.dll -> [2009/07/13 21:41:53 | 000,240,640 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> -> 

*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

pku2u -> C:\Windows\SysWow64\pku2u.dll -> [2009/07/13 21:16:12 | 000,186,880 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> -> 

< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 

{091F0DCC-D1E8-4F63-B422-7B49A8FF5994} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28503 | app=system | 

{1082A977-173C-459E-B8C7-437B612CC4CF} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28511 | app=system | 

{202C7079-BD00-4DCA-A050-1AE577509235} -> lport=56226 | profile=private | protocol=6 | dir=in | action=allow | name=akamai netsession interface | 

{273A8A6A-B073-450C-A086-4108E8D307A7} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | 

{2C3CDCA6-7454-414A-BC6C-5E9D89AF3C94} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28527 | app=system | 

{318D42DD-9291-40F8-A6AC-DFF0FA559B33} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 

{3BFF0F97-C5CD-426B-804D-EFB78541FF2E} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 

{3CCFB4E6-7AB6-4103-84D3-0E1DA6BCEF59} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 

{4695775E-C37F-4EEC-89D5-5662F699A375} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31277 | app=system | 

{51D873DE-0F03-41E8-BFA1-625B697ACB7F} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 

{583F8413-EF21-493A-AEA9-AF4DEB80F787} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 

{66555C0D-9DBE-4F1D-AE49-53CAF73EA875} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 

{75C6F8AD-24E6-4DA9-9948-CFF178FF2146} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28515 | app=system | 

{7759348A-1CAC-4635-94E0-3D051774BE05} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31285 | app=system | 

{7802BE22-D43A-4BB5-88DB-052708602D0D} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 

{7F3D8230-80B2-45E7-B669-D76D1698384A} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28531 | app=system | 

{80D76CC2-F801-4051-B3D8-6F6DDAD2062C} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 

{8854D437-448C-4887-B068-84251C9FF8B0} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28539 | svc=rpcss | 

{9A351858-1B2C-4B3B-AC3D-562292CC52FF} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | 

{9EA40CBA-1B60-4CE5-A04C-D7F1F6134CDD} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28507 | app=system | 

{AF0E6183-D1A7-429B-BE9D-CAD2367AAB4B} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 

{B7858861-ADF0-4BDC-8009-B1ED60A361C3} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 

{C0015557-1356-4D10-88CB-430CF4275F35} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31289 | app=system | 

{C2B2D0ED-56E0-4CAD-A96B-C3D14355BE75} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 

{D346727C-8506-4BC0-A54E-3F877BFD30FE} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28519 | app=system | 

{D43F89DD-88C8-4E28-A10E-9A41DFA8DCEB} -> lport=5000 | profile=private | protocol=17 | dir=in | action=allow | name=akamai netsession interface | 

{D6066914-D530-47E8-AFC5-D3A5BA15C034} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 

{ECA2C314-6BDA-41D1-8E56-4A3A319FF495} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28523 | app=system | 

< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 

{064C2CB8-3ABA-4C41-A2F6-EF4100A82E56} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31007 | app=%programfiles%\windows media player\wmplayer.exe | 

{09DA61E3-024F-47CA-9567-62B12BF5279E} -> profile=private | protocol=17 | dir=in | action=allow | name=limewire | app=c:\program files (x86)\limewire\limewire.exe | 

{0AE4E151-7A00-47F7-B28F-11C3379ABF29} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 

{13F05C89-373E-4721-B98E-D63259D30787} -> profile=private | protocol=6 | dir=in | action=allow | name=services.exe | app=c:\windows\services.exe | 

{14435599-C76F-403B-BC08-7FBDCBCCEB25} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | 

{14BB2555-704D-4F9B-8122-2FDCE51B1A31} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 

{1CE3EA6B-E0EC-4D31-AA57-D7BBB38D515C} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31297 | app=%programfiles%\windows media player\wmplayer.exe | 

{20ADD131-1481-439C-B6D3-5583E41BA5A0} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31003 | app=%programfiles%\windows media player\wmplayer.exe | 

{27B287DE-37F9-4320-8D28-27118E254091} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

{2867F456-D6D5-4624-B843-8BA50FC910A3} -> profile=public | protocol=6 | dir=in | action=allow | name=schedulersvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 

{30180EDF-D509-4777-9180-DC14E2B0178E} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

{30F62540-6477-4DDF-935D-9D6151B687B6} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

{3CAC5310-848F-4935-8D98-926C2C0D0F0F} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 

{4B5A1ED1-A5B7-422D-96BE-F102C2E3933C} -> profile=private | protocol=6 | dir=in | action=allow | name=limewire | app=c:\program files (x86)\limewire\limewire.exe | 

{4ED387D2-0091-4077-B613-7BFA5FBA0230} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 

{52F70010-E62A-48E8-9A7C-296446F9C7CB} -> profile=public | protocol=17 | dir=in | action=allow | name=backupsvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 

{53474344-6DA8-400A-A657-9FF3B8B5AE3F} -> profile=public | protocol=17 | dir=in | action=allow | name=schedulersvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 

{53FFD7DC-B4FA-47BC-A732-D8ECA2151029} -> profile=private | protocol=6 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim\aim.exe | 

{54E5E36A-C31B-437B-8170-63504F2663CF} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31301 | app=%programfiles%\windows media player\wmplayer.exe | 

{5BFB2FE4-8DC1-457E-AC2E-2AB37C0D8724} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

{673E69AE-717E-4664-B44A-D9F76DC45BFA} -> dir=in | action=allow | name=cyberlink powerdvd 8.0 | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 

{6FD38A2C-3C82-4886-B069-2CA05622873F} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 

{705A66FC-AF59-4FA6-BCDF-B20C5A160FFE} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31281 | app=system | 

{7A41E530-0B15-4C29-B355-9E06282495F0} -> protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | 

{80657D29-2041-4416-9B86-A5916C4C8BDA} -> protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | 

{9EA74C80-B1DA-4E66-BF63-1E9E8D53193B} -> profile=private | protocol=1 | dir=in | action=allow | [email protected],-28543 | 

{9FF9E113-F0B2-4B4F-B86C-B4725E9E0C53} -> profile=public | protocol=6 | dir=in | action=allow | name=backupsvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 

{A14419A2-8B41-483C-8D56-736D32EB577A} -> profile=private | protocol=17 | dir=in | action=allow | name=services.exe | app=c:\windows\services.exe | 

{AC1C37D2-0728-46DD-B664-DCABEB54C6AF} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

{AF8AF79D-3944-47BC-B1CA-89BEFCA68229} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 

{B2BBE44F-584D-4E68-892C-21B2FAD4BE86} -> profile=private | protocol=1 | dir=out | action=allow | [email protected],-28544 | 

{B83629B9-90EF-4EBF-9BC6-64766FB78046} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31011 | app=%programfiles%\windows media player\wmplayer.exe | 

{C1E2C783-60E5-44E1-B978-B5FDBDD9B8E3} -> profile=private | protocol=58 | dir=in | action=allow | [email protected],-28545 | 

{DB8D9BC3-BEFD-4EA4-AD5A-F8BE0A8B8951} -> profile=private | protocol=58 | dir=out | action=allow | [email protected],-28546 | 

{E2E387D7-8665-4E2B-A62E-2F30695C2FF7} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

{E7E4C252-184C-4A62-8044-9DAF2130EE9F} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

{F2426A15-62F2-49B4-A499-915FA48CF503} -> profile=private | protocol=17 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim\aim.exe | 

{F447B1C9-277D-4689-A324-484EAB2E7CFD} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | 

{FAEF2E6D-ECED-4406-9F4E-A135CC7E2513} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31293 | app=%programfiles%\windows media player\wmplayer.exe | 

{FC88EE31-B487-4EFB-8105-B18A3ED857E3} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

{FFFDA5EB-9EA2-444B-94F2-AD6A781DFCA0} -> profile=private | protocol=6 | dir=in | action=allow | [email protected],-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 

TCP Query User{075CC07B-1BA9-4F16-B64D-68DA41945316}C:\users\Laptop\appdata\local\temp\qmf.exe -> profile=private | protocol=6 | dir=in | action=block | name=qmf.exe | app=c:\users\Laptop\appdata\local\temp\qmf.exe | 

TCP Query User{5C9E1FCF-77AA-4460-BF38-BC7F354338CA}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe | 

TCP Query User{603CBCDA-BCD8-4AA1-8D7E-D22F6288C29E}C:\program files (x86)\lightspeed\lightspeed.exe -> profile=private | protocol=6 | dir=in | action=allow | name=lightspeed | app=c:\program files (x86)\lightspeed\lightspeed.exe | 

TCP Query User{60ED0C03-4C0D-4DBF-83EB-30B1645BDA0D}C:\program files (x86)\aim\aim.exe -> profile=public | protocol=6 | dir=in | action=allow | name=aol instant messenger | app=c:\program files (x86)\aim\aim.exe | 

UDP Query User{13B95101-5955-4EE1-8BF9-B1157FC28B7A}C:\program files (x86)\aim\aim.exe -> profile=public | protocol=17 | dir=in | action=allow | name=aol instant messenger | app=c:\program files (x86)\aim\aim.exe | 

UDP Query User{5950F398-53C6-4030-B81F-1FCFEC03C455}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe | 

UDP Query User{6F662CB6-2E1A-4B50-B216-7F7954C0B090}C:\program files (x86)\lightspeed\lightspeed.exe -> profile=private | protocol=17 | dir=in | action=allow | name=lightspeed | app=c:\program files (x86)\lightspeed\lightspeed.exe | 

UDP Query User{8FE81C51-E6B0-446B-9C51-91C5977D700D}C:\users\Laptop\appdata\local\temp\qmf.exe -> profile=private | protocol=17 | dir=in | action=block | name=qmf.exe | app=c:\users\Laptop\appdata\local\temp\qmf.exe | 

< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 

< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->

"AutoRun" -> 1 -> 

"DisplayName" -> CD-ROM Driver -> 

"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/13 19:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation)

< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 

< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 

64bit-comfile [open] -> "%1" %* -> File not found

64bit-exefile [open] -> "%1" %* -> File not found

comfile [open] -> "%1" %* -> 

exefile [open] -> "%1" %* -> 

< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 

.com [@ = comfile] -> "%1" %* -> 

.exe [@ = exefile] -> "%1" %* -> 

< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 

.com [@ = comfile] -> "%1" %* -> 

.exe [@ = exefile] -> "%1" %* -> 

< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Classes\<extension>\ -> 

.exe [@ = secfile] -> Reg Error: Value error. -> File not found

 

[Registry - Additional Scans - Safe List]

< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 

.bat [@ = batfile] -> "%1" %* -> 

.cmd [@ = cmdfile] -> "%1" %* -> 

.com [@ = comfile] -> "%1" %* -> 

.exe [@ = exefile] -> "%1" %* -> 

.pif [@ = piffile] -> "%1" %* -> 

.scr [@ = scrfile] -> "%1" /S -> 

< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 

.bat [@ = batfile] -> "%1" %* -> 

.cmd [@ = cmdfile] -> "%1" %* -> 

.com [@ = comfile] -> "%1" %* -> 

.cpl [@ = cplfile] -> C:\Windows\SysWow64\control.exe -> [2009/07/13 21:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation)

.exe [@ = exefile] -> "%1" %* -> 

.pif [@ = piffile] -> "%1" %* -> 

.scr [@ = scrfile] -> "%1" /S -> 

< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Classes\<extension>\ -> 

.exe [@ = secfile] -> Reg Error: Value error. -> File not found

.html [@ = FirefoxHTML] -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2010/04/01 13:11:10 | 000,908,248 | ---- | M] (Mozilla Corporation)

< 64bit-Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> 

text/xml:{807573E5-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL[Microsoft Office InfoPath XML Mime Filter] -> [2009/09/26 23:53:28 | 000,056,176 | ---- | M] (Microsoft Corporation)

< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> 

text/xml:{807573E5-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL[Microsoft Office InfoPath XML Mime Filter] -> [2009/09/26 23:54:44 | 000,049,008 | ---- | M] (Microsoft Corporation)

< 64bit-Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] -> File not found

ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] -> File not found

msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] -> File not found

wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] -> File not found

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll[Reg Error: Value error.] -> [2009/02/06 21:52:44 | 000,062,304 | ---- | M] (Microsoft Corporation)

msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll[Reg Error: Value error.] -> [2009/02/06 21:52:44 | 000,062,304 | ---- | M] (Microsoft Corporation)

wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} [HKLM] -> C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll[Windows Live Mail HTML Asynchronous Pluggable Protocol Handler] -> [2009/02/06 21:53:40 | 000,791,392 | ---- | M] (Microsoft Corporation)

< 64bit-Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> 

64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center

\\"cval" ->  [0] -> File not found

64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> -> 

64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc

\Svc\\"VistaSp1" ->  [28 4D B2 76 41 04 CA 01  [binary data]] -> File not found

\Svc\\"AntiVirusOverride" ->  [0] -> File not found

\Svc\\"AntiSpywareOverride" ->  [0] -> File not found

\Svc\\"FirewallOverride" ->  [0] -> File not found

< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center

\\"FirewallOverride" ->  [1] -> File not found

\\"FirewallDisableNotify" ->  [0] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

\\"DisableNotifications" ->  [0] -> File not found

\\"EnableFirewall" ->  [0] -> File not found

\\"DoNotAllowExceptions" ->  [0] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\ -> -> 

< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 

64bit-NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -> C:\Program Files (x86)\Bonjour\mdnsNSP.dll -> [2006/02/28 13:42:30 | 000,094,208 | ---- | M] (Apple Computer, Inc.)

NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -> C:\Program Files (x86)\Bonjour\mdnsNSP.dll -> [2006/02/28 13:42:30 | 000,094,208 | ---- | M] (Apple Computer, Inc.)

< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 

ldap -> 4 = Restricted sites (Not a Default Protocol) -> 

news -> 4 = Restricted sites (Not a Default Protocol) -> 

nntp -> 4 = Restricted sites (Not a Default Protocol) -> 

oecmd -> 4 = Restricted sites (Not a Default Protocol) -> 

snews -> 4 = Restricted sites (Not a Default Protocol) -> 

< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 

@ivt -> @ivt protocol not assigned -> 

file -> file protocol not assigned -> 

ftp -> ftp protocol not assigned -> 

http -> http protocol not assigned -> 

https -> https protocol not assigned -> 

shell -> shell protocol not assigned -> 

< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 

@ivt -> @ivt protocol not assigned -> 

file -> file protocol not assigned -> 

ftp -> ftp protocol not assigned -> 

http -> http protocol not assigned -> 

https -> https protocol not assigned -> 

shell -> shell protocol not assigned -> 

< 64bit-Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 

{20140000-002A-0000-1000-0000000FF1CE} -> Microsoft Office Office 64-bit Components 2010 (Beta)

{20140000-002A-0409-1000-0000000FF1CE} -> Microsoft Office Shared 64-bit MUI (English) 2010 (Beta)

{20140000-0116-0409-1000-0000000FF1CE} -> Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Beta)

{95120000-00B9-0409-1000-0000000FF1CE} -> Microsoft Application Error Reporting

{ACCA82EB-7088-919E-5E1C-100A24F11CCF} -> ATI Catalyst Install Manager

{E2FCA441-6D7B-CD78-3ADF-42EA9FA06065} -> ccc-utility64

SynTPDeinstKey -> Synaptics Pointing Device Driver

< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 

{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} -> Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

{0046FA01-C5B9-4985-BACB-398DC480FC05} -> Adobe Photoshop CS3

{04AF207D-9A77-465A-8B76-991F6AB66245} -> Adobe Help Viewer CS3

{08B32819-6EEF-4057-AEDA-5AB681A36A23} -> Adobe Bridge Start Meeting

{08C0729E-3E50-11DF-9D81-005056806466} -> Google Earth

{0AAA9C97-74D4-47CE-B089-0B147EF3553C} -> Windows Live Messenger

{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1} -> Adobe Flash Player 10 Plugin

{12EFA1A4-AC3B-443C-8143-237EDE760403} -> NTI Backup Now Standard

{15D967B5-A4BE-42AE-9E84-64CD062B25AA} -> eSobi v2

{183F0908-AD5E-8B3B-5F06-28B1A8C65C62} -> CCC Help Japanese

{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} -> Adobe WinSoft Linguistics Plugin

{20140000-0011-0000-0000-0000000FF1CE} -> Microsoft Office Professional Plus 2010 (Beta)

{20140000-0015-0409-0000-0000000FF1CE} -> Microsoft Office Access MUI (English) 2010 (Beta)

{20140000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2010 (Beta)

{20140000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2010 (Beta)

{20140000-0019-0409-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (English) 2010 (Beta)

{20140000-001A-0409-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (English) 2010 (Beta)

{20140000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2010 (Beta)

{20140000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2010 (Beta)

{20140000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2010 (Beta)

{20140000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2010 (Beta)

{20140000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2010 (Beta)

{20140000-0044-0409-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (English) 2010 (Beta)

{20140000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2010 (Beta)

{20140000-00A1-0409-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (English) 2010 (Beta)

{20140000-00BA-0409-0000-0000000FF1CE} -> Microsoft Office Groove MUI (English) 2010 (Beta)

{20140000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)

{20140000-0117-0409-0000-0000000FF1CE} -> Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)

{20140000-011A-0000-0000-0000000FF1CE} -> Microsoft Office Send-a-Smile

{205C6BDD-7B73-42DE-8505-9A093F35A238} -> Windows Live Upload Tool

{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT

{23E9588B-05ED-BC2F-EB69-101A96511EF1} -> ccc-core-static

{2413930C-8309-47A6-BC61-5EF27A4222BC} -> NTI Media Maker 8

{2484D1EA-CBA4-60BB-82B9-F8477D25C47A} -> CCC Help Dutch

{26A24AE4-039D-4CA4-87B4-2F83216016FF} -> Java(TM) 6 Update 16

{29802D65-9514-DB20-36CD-E47A94C8AEB9} -> Catalyst Control Center Graphics Full Existing

{29E5EA97-5F74-4A57-B8B2-D4F169117183} -> Adobe Stock Photos CS3

{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47} -> CyberLink PowerDVD 8

{2F61E9D7-CD05-643E-A04E-CC1A8B6610BA} -> CCC Help Finnish

{2FA3CDD8-1436-497D-6339-789936561E99} -> CCC Help German

{34123E80-BE96-6282-1167-6696730AF6D2} -> CCC Help Korean

{387B5FB4-7A4A-AD76-7B49-23DD29E84715} -> LightSpeed SSL 7.0.140

{38F93109-35AB-4562-A961-4DEBC0C164FB} -> REDIPlus

{39F6E2B4-CFE8-C30A-66E8-489651F0F34C} -> Adobe Media Player

{3B4E636E-9D65-4D67-BA61-189800823F52} -> Windows Live Communications Platform

{3C52E7DA-C431-4239-B66B-1BF703D5B194} -> Windows Live Photo Gallery

{3D20EF26-2E9A-D388-851D-E7675BBACFF5} -> Catalyst Control Center Core Implementation

{3DB0448D-AD82-4923-B305-D001E521A964} -> Acer ePower Management

{4024F49B-65D4-D6B2-2A1D-6DBF6F09F181} -> CCC Help Greek

{45338B07-A236-4270-9A77-EBB4115517B5} -> Windows Live Sign-in Assistant

{49A63237-FD38-AE77-6DF6-FFB41499A4E6} -> CCC Help Hungarian

{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} -> Junk Mail filter update

{4F0FC827-B693-F166-612E-EA89D798540C} -> CCC Help Chinese Traditional

{51846830-E7B2-4218-8968-B77F0FF475B8} -> Adobe Color EU Extra Settings

{51F026FA-5146-4232-A8BA-1364740BD053} -> Acer Crystal Eye webcam

{52FBF90E-D2EF-A2A3-1CCA-6984596B1B02} -> CCC Help English

{54793AA1-5001-42F4-ABB6-C364617C6078} -> Adobe Linguistics CS3

{597E70FF-7C46-4EED-8092-91B7C2E0529D} -> Google SketchUp 7

{628CBFE4-3823-67FB-26D2-566899C3BB5C} -> CCC Help Italian

{63C1109E-D977-49ED-BCE3-D00D0BF187D6} -> Windows Live Mail

{63F26DAE-CB0D-98B6-3019-D4FC3D0DD203} -> Catalyst Control Center InstallProxy

{652EB559-6865-DEF4-2409-D506963C15FD} -> CCC Help Polish

{68301905-2DEA-41CE-A4D4-E8B443B099BA} -> MyWinLocker

{68987945-A387-4C25-0C59-21F2AF657E65} -> CCC Help Thai

{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2} -> Windows Live Writer

{6ABE0BEE-D572-4FE8-B434-9E72A289431B} -> Adobe Fonts All

{6B45E33B-6BB4-234B-2F5F-65B1A103801D} -> CCC Help Russian

{6B99737C-9FDC-50F9-C9A4-AB7DA5C9A336} -> Catalyst Control Center Graphics Full New

{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} -> Adobe Asset Services CS3

{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable

{767CC44C-9BBC-438D-BAD3-FD4595DD148B} -> VC80CRTRedist - 8.0.50727.762

{770657D0-A123-3C07-8E44-1C83EC895118} -> Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

{7BE74C0E-F300-D0A6-780B-C93BB78DE58C} -> CCC Help Norwegian

{7E75ACC5-B0EC-7006-183A-374974019911} -> Catalyst Control Center Graphics Light

{7F811A54-5A09-4579-90E1-C93498E230D9} -> Acer eRecovery Management

{802771A9-A856-4A41-ACF7-1450E523C923} -> Adobe XMP Panels CS3

{82809116-D1EE-443C-AE31-F19E709DDF7A} -> AMD USB Filter Driver

{8833FFB6-5B0C-4764-81AA-06DFEED9A476} -> Realtek 8136 8168 8169 Ethernet Driver

{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight

{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} -> Adobe Device Central CS3

{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} -> Adobe Type Support

{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} -> Choice Guard

{90120000-0020-0409-0000-0000000FF1CE} -> Compatibility Pack for the 2007 Office system

{90176341-0A8B-4CCC-A78D-F862228A6B95} -> Adobe Anchor Service CS3

{9207A8EC-3B2D-4A4A-8BF7-957FC19BB3DE} -> Zebra Setup Utilities

{95120000-00AF-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint Viewer 2007 (English)

{95655ED4-7CA5-46DF-907F-7144877A32E5} -> Adobe Color NA Recommended Settings

{96AE7E41-E34E-47D0-AC07-1091A8127911} -> Realtek USB 2.0 Card Reader

{97124B44-C17B-C352-44B1-403D0D706173} -> CCC Help Czech

{9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

{9ACA8261-11D1-F8A1-C154-7F8B23515C79} -> CCC Help Swedish

{9C9824D9-9000-4373-A6A5-D0E5D4831394} -> Adobe Bridge CS3

{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5} -> Windows Live Sync

{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} -> Adobe CMaps

{A2BCA9F1-566C-4805-97D1-7FDC93386723} -> Adobe AIR

{A2D81E70-2A98-4A08-A628-94388B063C5E} -> Adobe Color - Photoshop Specific

{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} -> Google Update Helper

{A9574A7E-C024-EED1-7A81-CC4786A1915A} -> CCC Help Portuguese

{AA32D2A6-1299-0F05-BF8D-04075A9F69EB} -> CCC Help Turkish

{AAF89271-2594-468D-B578-96B2E30C41C4} -> eBay Worldwide

{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} -> PDF Settings

{AC76BA86-7AD7-FFFF-7B44-A91000000001} -> Adobe Reader 9.1 MUI

{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} -> Adobe Camera Raw 4.0

{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player

{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} -> Adobe Default Language CS3

{BCC05B1F-7397-799A-9EDB-AC10123BB17A} -> CCC Help Chinese Standard

{BEF4FD8A-29FF-C250-468A-5FC55F0E3451} -> Catalyst Control Center Localization All

{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} -> Adobe ExtendScript Toolkit 2

{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1} -> Norton Online Backup

{C6CA8874-5F22-4AF0-9BE3-016BF299C536} -> Windows Live Essentials

{CF7A62B6-F712-412E-9914-D80033A7F8B8} -> Catalyst Control Center - Branding

{D0DFF92A-492E-4C40-B862-A74A173C25C5} -> Adobe Version Cue CS3 Client

{D1BB4446-AE9C-4256-9A7F-4D46604D2462} -> Adobe Setup

{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} -> Adobe PDF Library Files

{D41301F8-90FD-9CE8-CD2C-ED2B9D5F07E3} -> CCC Help Spanish

{D43AD08C-BE76-8C5B-FD90-4B665EF60E2E} -> CCC Help Danish

{DA4CA661-5ABF-9218-6E42-84BF89F43655} -> CCC Help French

{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} -> Adobe Color Common Settings

{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} -> Adobe Color JA Extra Settings

{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E} -> Microsoft Office Suite Activation Assistant

{E69AE897-9E0B-485C-8552-7841F48D42D8} -> Adobe Update Manager CS3

{EE171732-BEB4-4576-887D-CB62727F01CA} -> Acer Updater

{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} -> Microsoft SQL Server 2005 Compact Edition [ENU]

{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver

{F6BD194C-4190-4D73-B1B1-C48C99921BFE} -> Windows Live Call

Acer Assist -> Acer Assist

Acer Registration -> Acer Registration

Acer Welcome Center -> Welcome Center

Adobe AIR -> Adobe AIR

Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX

Adobe_2ac78060bc5856b0c1cf873bb919b58 -> Adobe Photoshop CS3

AIM_7 -> AIM 7

Akamai -> Akamai NetSession Interface

ASIO4ALL -> ASIO4ALL

Audacity_is1 -> Audacity 1.2.6

AVS Image Converter_is1 -> AVS Image Converter 1.1.1.31 Beta Version

AVS Update Manager_is1 -> AVS Update Manager 1.0

AVS4YOU Software Navigator_is1 -> AVS4YOU Software Navigator 1.3

BassBox 6 Pro -> BassBox 6 Pro

com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Adobe Media Player

Cool's_Codec_pack_4.12 -> Codec Pack - All In 1 6.0.3.0

Eudora (8.0b9) -> Eudora (8.0b9)

Eusing Free Registry Cleaner -> Eusing Free Registry Cleaner

FL Studio 9 -> FL Studio 9

Free Invoicer_is1 -> Free Invoicer

GridVista -> Acer GridVista

Hardcore -> Hardcore

Identity Card -> Identity Card

IL Download Manager -> IL Download Manager

Inkscape -> Inkscape 0.47

InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403} -> NTI Backup Now 5

InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA} -> eSobi v2

InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC} -> NTI Media Maker 8

InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47} -> CyberLink PowerDVD 8

LimeWire -> LimeWire 5.3.6

LManager -> Launch Manager

Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware

Mozilla Firefox (3.5.9) -> Mozilla Firefox (3.5.9)

Office14.PROPLUS -> Microsoft Office Professional Plus 2010

PoiZone -> PoiZone

Sawer -> Sawer

SignCut -> SignCut (remove only)

SoftwareClub Audio Converter Extractor Max_is1 -> SoftwareClub Audio Converter Extractor Max 1.0.0.4

SoftwareUpdUtility -> Download Updater (AOL LLC)

thinkorswim from TD AMERITRADE -> thinkorswim from TD AMERITRADE

Toxic Biohazard -> Toxic Biohazard

uTorrent -> µTorrent

Vector Magic -> Vector Magic

VLC media player -> VLC media player 1.0.3

WinLiveSuite_Wave3 -> Windows Live Essentials

WinRAR archiver -> WinRAR archiver

Zebra Font Downloader_is1 -> Zebra Font Downloader

Zebra Setup Utilities -> Zebra Setup Utilities

Zebra Status Monitor_is1 -> Zebra Status Monitor 4.5.39

< Uninstall List [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\] > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 

1df0cdb088182ccc -> FOREXTraderPro

GoToMeeting -> GoToMeeting 4.0.0.320

< EventViewer Logs - Last 10 Errors > -> Event Information -> Description

Application [ Error ] 3/25/2010 2:20:28 PM Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.

Application [ Error ] 3/25/2010 2:20:28 PM Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.

Application [ Error ] 3/25/2010 2:20:28 PM Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.

Application [ Error ] 3/26/2010 4:49:49 PM Computer Name = Laptop-PC | Source = Application Error | ID = 1000 -> Description = Faulting application name: java.exe, version: 6.0.160.1, time stamp: 0x4a734839  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000  Exception code: 0xc0000005  Fault offset: 0x71347334  Faulting process id: 0xa3c  Faulting application start time: 0x01cacd25d820c19d  Faulting application path: C:\Program Files (x86)\Java\jre6\bin\java.exe  Faulting module path: unknown  Report Id: 1e3f077d-3919-11df-90ec-002622638dba

Application [ Error ] 3/26/2010 4:49:54 PM Computer Name = Laptop-PC | Source = Application Error | ID = 1000 -> Description = Faulting application name: firefox.exe, version: 1.9.1.3685, time stamp: 0x4b68deea  Faulting module name: 3difr.x3d, version: 9.1.0.0, time stamp: 0x49a8481e  Exception code: 0xc0000005  Fault offset: 0x0001d601  Faulting process id: 0x112c  Faulting application start time: 0x01cacd2219902ab4  Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Faulting module path: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\3difr.x3d  Report Id: 20c32696-3919-11df-90ec-002622638dba

Application [ Error ] 3/30/2010 3:03:20 AM Computer Name = Laptop-PC | Source = SideBySide | ID = 16842815 -> Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Application [ Error ] 3/30/2010 3:04:17 AM Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.

Application [ Error ] 3/30/2010 3:04:17 AM Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.

Application [ Error ] 3/30/2010 3:04:17 AM Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.

Application [ Error ] 3/30/2010 3:04:17 AM Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.

System [ Error ] 4/18/2010 4:48:04 PM Computer Name = Laptop-PC | Source = atikmdag | ID = 52236 -> Description = CPLIB :: General - Invalid Parameter

System [ Error ] 4/18/2010 4:48:04 PM Computer Name = Laptop-PC | Source = atikmdag | ID = 43029 -> Description = Display is not active

System [ Error ] 4/18/2010 5:43:42 PM Computer Name = Laptop-PC | Source = Application Popup | ID = 1060 -> Description = \SystemRoot\SysWow64\drivers\zoqyivvcd9.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

System [ Error ] 4/18/2010 5:44:04 PM Computer Name = Laptop-PC | Source = atikmdag | ID = 52236 -> Description = CPLIB :: General - Invalid Parameter

System [ Error ] 4/18/2010 5:44:04 PM Computer Name = Laptop-PC | Source = atikmdag | ID = 43029 -> Description = Display is not active

System [ Error ] 4/18/2010 5:53:15 PM Computer Name = Laptop-PC | Source = Application Popup | ID = 1060 -> Description = \SystemRoot\SysWow64\drivers\zoqyivvcd9.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

System [ Error ] 4/18/2010 5:53:25 PM Computer Name = Laptop-PC | Source = Microsoft-Windows-Kernel-General | ID = 5 -> Description = 

System [ Error ] 4/18/2010 5:53:29 PM Computer Name = Laptop-PC | Source = atikmdag | ID = 52236 -> Description = CPLIB :: General - Invalid Parameter

System [ Error ] 4/18/2010 5:53:29 PM Computer Name = Laptop-PC | Source = atikmdag | ID = 43029 -> Description = Display is not active

System [ Error ] 4/18/2010 6:44:12 PM Computer Name = Laptop-PC | Source = Microsoft-Windows-Kernel-General | ID = 5 -> Description = 

 

[Files/Folders - Created Within 30 Days]

 OTS.exe -> C:\Users\Laptop\Desktop\OTS.exe -> [2010/04/20 15:45:14 | 000,638,464 | ---- | C] (OldTimer Tools)

 OTL.exe -> C:\Users\Laptop\Desktop\OTL.exe -> [2010/04/19 02:43:30 | 000,562,176 | ---- | C] (OldTimer Tools)

 Eusing Free Registry Cleaner -> C:\Program Files (x86)\Eusing Free Registry Cleaner -> [2010/04/17 12:23:52 | 000,000,000 | ---D | C]

 vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2010/04/14 09:09:09 | 000,612,352 | ---- | C] (Microsoft Corporation)

 vbscript.dll -> C:\Windows\SysWow64\vbscript.dll -> [2010/04/14 09:09:09 | 000,427,520 | ---- | C] (Microsoft Corporation)

 ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2010/04/14 09:08:16 | 005,509,008 | ---- | C] (Microsoft Corporation)

 ntoskrnl.exe -> C:\Windows\SysWow64\ntoskrnl.exe -> [2010/04/14 09:08:15 | 003,899,280 | ---- | C] (Microsoft Corporation)

 ntkrnlpa.exe -> C:\Windows\SysWow64\ntkrnlpa.exe -> [2010/04/14 09:08:14 | 003,954,568 | ---- | C] (Microsoft Corporation)

 wintrust.dll -> C:\Windows\SysNative\wintrust.dll -> [2010/04/14 09:05:42 | 000,220,672 | ---- | C] (Microsoft Corporation)

 wintrust.dll -> C:\Windows\SysWow64\wintrust.dll -> [2010/04/14 09:05:42 | 000,172,032 | ---- | C] (Microsoft Corporation)

 cabview.dll -> C:\Windows\SysNative\cabview.dll -> [2010/04/14 09:05:41 | 000,139,264 | ---- | C] (Microsoft Corporation)

 cabview.dll -> C:\Windows\SysWow64\cabview.dll -> [2010/04/14 09:05:41 | 000,132,608 | ---- | C] (Microsoft Corporation)

 Wat -> C:\Windows\SysWow64\Wat -> [2010/04/14 03:00:53 | 000,000,000 | ---D | C]

 Wat -> C:\Windows\SysNative\Wat -> [2010/04/14 03:00:53 | 000,000,000 | ---D | C]

 secproc.dll -> C:\Windows\SysNative\secproc.dll -> [2010/04/09 22:16:04 | 000,424,960 | ---- | C] (Microsoft Corporation)

 secproc_isv.dll -> C:\Windows\SysNative\secproc_isv.dll -> [2010/04/09 22:16:04 | 000,422,912 | ---- | C] (Microsoft Corporation)

 secproc.dll -> C:\Windows\SysWow64\secproc.dll -> [2010/04/09 22:16:04 | 000,369,152 | ---- | C] (Microsoft Corporation)

 secproc_isv.dll -> C:\Windows\SysWow64\secproc_isv.dll -> [2010/04/09 22:16:04 | 000,365,568 | ---- | C] (Microsoft Corporation)

 RMActivate_isv.exe -> C:\Windows\SysNative\RMActivate_isv.exe -> [2010/04/09 22:16:04 | 000,357,888 | ---- | C] (Microsoft Corporation)

 RMActivate.exe -> C:\Windows\SysNative\RMActivate.exe -> [2010/04/09 22:16:04 | 000,356,352 | ---- | C] (Microsoft Corporation)

 RMActivate_isv.exe -> C:\Windows\SysWow64\RMActivate_isv.exe -> [2010/04/09 22:16:04 | 000,324,608 | ---- | C] (Microsoft Corporation)

 RMActivate_ssp.exe -> C:\Windows\SysNative\RMActivate_ssp.exe -> [2010/04/09 22:16:04 | 000,306,688 | ---- | C] (Microsoft Corporation)

 RMActivate_ssp_isv.exe -> C:\Windows\SysNative\RMActivate_ssp_isv.exe -> [2010/04/09 22:16:04 | 000,305,152 | ---- | C] (Microsoft Corporation)

 RMActivate.exe -> C:\Windows\SysWow64\RMActivate.exe -> [2010/04/09 22:16:03 | 000,320,512 | ---- | C] (Microsoft Corporation)

 RMActivate_ssp.exe -> C:\Windows\SysWow64\RMActivate_ssp.exe -> [2010/04/09 22:16:03 | 000,280,064 | ---- | C] (Microsoft Corporation)

 RMActivate_ssp_isv.exe -> C:\Windows\SysWow64\RMActivate_ssp_isv.exe -> [2010/04/09 22:16:03 | 000,277,504 | ---- | C] (Microsoft Corporation)

 secproc_ssp_isv.dll -> C:\Windows\SysNative\secproc_ssp_isv.dll -> [2010/04/09 22:16:03 | 000,121,856 | ---- | C] (Microsoft Corporation)

 secproc_ssp.dll -> C:\Windows\SysNative\secproc_ssp.dll -> [2010/04/09 22:16:03 | 000,121,856 | ---- | C] (Microsoft Corporation)

 secproc_ssp_isv.dll -> C:\Windows\SysWow64\secproc_ssp_isv.dll -> [2010/04/09 22:16:03 | 000,085,504 | ---- | C] (Microsoft Corporation)

 secproc_ssp.dll -> C:\Windows\SysWow64\secproc_ssp.dll -> [2010/04/09 22:16:03 | 000,085,504 | ---- | C] (Microsoft Corporation)

 wow64.dll -> C:\Windows\SysNative\wow64.dll -> [2010/04/09 22:15:35 | 000,243,200 | ---- | C] (Microsoft Corporation)

 setup16.exe -> C:\Windows\SysWow64\setup16.exe -> [2010/04/09 22:15:35 | 000,025,600 | ---- | C] (Microsoft Corporation)

 ntvdm64.dll -> C:\Windows\SysWow64\ntvdm64.dll -> [2010/04/09 22:15:35 | 000,014,336 | ---- | C] (Microsoft Corporation)

 instnm.exe -> C:\Windows\SysWow64\instnm.exe -> [2010/04/09 22:15:35 | 000,007,680 | ---- | C] (Microsoft Corporation)

 wow32.dll -> C:\Windows\SysWow64\wow32.dll -> [2010/04/09 22:15:35 | 000,005,120 | ---- | C] (Microsoft Corporation)

 user.exe -> C:\Windows\SysWow64\user.exe -> [2010/04/09 22:15:35 | 000,002,048 | ---- | C] (Microsoft Corporation)

 CPFilters.dll -> C:\Windows\SysNative\CPFilters.dll -> [2010/04/09 22:15:09 | 000,960,512 | ---- | C] (Microsoft Corporation)

 CPFilters.dll -> C:\Windows\SysWow64\CPFilters.dll -> [2010/04/09 22:15:08 | 000,641,536 | ---- | C] (Microsoft Corporation)

 psisdecd.dll -> C:\Windows\SysNative\psisdecd.dll -> [2010/04/09 22:15:08 | 000,613,888 | ---- | C] (Microsoft Corporation)

 msdri.dll -> C:\Windows\SysNative\msdri.dll -> [2010/04/09 22:15:08 | 000,552,960 | ---- | C] (Microsoft Corporation)

 MSNP.ax -> C:\Windows\SysNative\MSNP.ax -> [2010/04/09 22:15:08 | 000,288,256 | ---- | C] (Microsoft Corporation)

 MSNP.ax -> C:\Windows\SysWow64\MSNP.ax -> [2010/04/09 22:15:08 | 000,204,288 | ---- | C] (Microsoft Corporation)

 psisdecd.dll -> C:\Windows\SysWow64\psisdecd.dll -> [2010/04/09 22:15:07 | 000,465,408 | ---- | C] (Microsoft Corporation)

 Microsoft Synchronization Services -> C:\Program Files (x86)\Microsoft Synchronization Services -> [2010/04/09 21:53:51 | 000,000,000 | ---D | C]

 DESIGNER -> C:\Program Files (x86)\Common Files\DESIGNER -> [2010/04/09 21:53:48 | 000,000,000 | ---D | C]

 PCHEALTH -> C:\Windows\PCHEALTH -> [2010/04/09 21:53:17 | 000,000,000 | ---D | C]

 Microsoft.NET -> C:\Program Files (x86)\Microsoft.NET -> [2010/04/09 21:53:17 | 000,000,000 | ---D | C]

 Microsoft Sync Framework -> C:\Program Files (x86)\Microsoft Sync Framework -> [2010/04/09 21:53:17 | 000,000,000 | ---D | C]

 Microsoft Visual Studio 8 -> C:\Program Files (x86)\Microsoft Visual Studio 8 -> [2010/04/09 21:50:15 | 000,000,000 | ---D | C]

 Microsoft Office -> C:\Program Files\Microsoft Office -> [2010/04/09 21:49:41 | 000,000,000 | ---D | C]

 Microsoft Analysis Services -> C:\Program Files (x86)\Microsoft Analysis Services -> [2010/04/09 21:49:12 | 000,000,000 | ---D | C]

 Microsoft Help -> C:\Users\Laptop\AppData\Local\Microsoft Help -> [2010/04/09 21:48:48 | 000,000,000 | ---D | C]

 MSOCache -> C:\MSOCache -> [2010/04/09 21:48:32 | 000,000,000 | RH-D | C]

 Download Manager -> C:\Users\Laptop\AppData\Roaming\Download Manager -> [2010/04/09 21:34:47 | 000,000,000 | ---D | C]

 {50D3FBE1-AD16-4F59-9326-86404D6B1B1F} -> C:\ProgramData\{50D3FBE1-AD16-4F59-9326-86404D6B1B1F} -> [2010/03/31 15:45:12 | 000,000,000 | -H-D | C]

 wininet.dll -> C:\Windows\SysNative\wininet.dll -> [2010/03/31 10:17:17 | 001,192,960 | ---- | C] (Microsoft Corporation)

 mstime.dll -> C:\Windows\SysNative\mstime.dll -> [2010/03/31 10:17:17 | 001,026,048 | ---- | C] (Microsoft Corporation)

 mstime.dll -> C:\Windows\SysWow64\mstime.dll -> [2010/03/31 10:17:17 | 000,606,208 | ---- | C] (Microsoft Corporation)

 wininet.dll -> C:\Windows\SysWow64\wininet.dll -> [2010/03/31 10:17:16 | 000,977,920 | ---- | C] (Microsoft Corporation)

 iedkcs32.dll -> C:\Windows\SysNative\iedkcs32.dll -> [2010/03/31 10:17:16 | 000,445,952 | ---- | C] (Microsoft Corporation)

 iedkcs32.dll -> C:\Windows\SysWow64\iedkcs32.dll -> [2010/03/31 10:17:16 | 000,381,440 | ---- | C] (Microsoft Corporation)

 msfeedsbs.dll -> C:\Windows\SysNative\msfeedsbs.dll -> [2010/03/31 10:17:16 | 000,082,944 | ---- | C] (Microsoft Corporation)

 msfeedsbs.dll -> C:\Windows\SysWow64\msfeedsbs.dll -> [2010/03/31 10:17:16 | 000,064,512 | ---- | C] (Microsoft Corporation)

 Software Update Utility -> C:\Program Files (x86)\Common Files\Software Update Utility -> [2010/03/28 13:34:24 | 000,000,000 | ---D | C]

 Zebra Technologies -> C:\Program Files (x86)\Zebra Technologies -> [2010/03/27 14:24:56 | 000,000,000 | ---D | C]

 Font Downloader -> C:\ProgramData\Font Downloader -> [2010/03/27 14:24:56 | 000,000,000 | ---D | C]

 Audacity -> C:\Program Files (x86)\Audacity -> [2010/03/27 14:05:50 | 000,000,000 | ---D | C]

 ZUD55725 -> C:\ZUD55725 -> [2010/03/27 00:05:17 | 000,000,000 | ---D | C]

 MSFLXGRD.ocx -> C:\Windows\SysWow64\MSFLXGRD.ocx -> [2010/03/26 13:27:18 | 000,244,416 | ---- | C] (Microsoft Corporation)

 OneWayX.ocx -> C:\Windows\SysWow64\OneWayX.ocx -> [2010/03/26 13:27:18 | 000,223,744 | ---- | C] (Atma Software)

 MSCOMM32.ocx -> C:\Windows\SysWow64\MSCOMM32.ocx -> [2010/03/26 13:27:18 | 000,103,744 | ---- | C] (Microsoft Corporation)

 MSCAL.OCX -> C:\Windows\SysWow64\MSCAL.OCX -> [2010/03/26 13:27:18 | 000,089,600 | ---- | C] (Microsoft Corporation)

 Citrusware -> C:\Program Files (x86)\Citrusware -> [2010/03/26 13:27:18 | 000,000,000 | ---D | C]

 Vector Magic -> C:\Program Files (x86)\Vector Magic -> [2010/03/22 16:25:35 | 000,000,000 | ---D | C]

 

[Files/Folders - Modified Within 30 Days]

 NTUSER.DAT -> C:\Users\Laptop\NTUSER.DAT -> [2010/04/20 15:48:33 | 002,097,152 | -HS- | M] ()

 OTS.exe -> C:\Users\Laptop\Desktop\OTS.exe -> [2010/04/20 15:45:14 | 000,638,464 | ---- | M] (OldTimer Tools)

 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/04/20 15:26:00 | 000,000,896 | ---- | M] ()

 At64.job -> C:\Windows\tasks\At64.job -> [2010/04/20 15:00:36 | 000,000,370 | ---- | M] ()

 At16.job -> C:\Windows\tasks\At16.job -> [2010/04/20 15:00:00 | 000,000,392 | ---- | M] ()

 At15.job -> C:\Windows\tasks\At15.job -> [2010/04/20 14:00:38 | 000,000,392 | ---- | M] ()

 At63.job -> C:\Windows\tasks\At63.job -> [2010/04/20 14:00:37 | 000,000,370 | ---- | M] ()

 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/04/20 13:26:00 | 000,000,892 | ---- | M] ()

 At62.job -> C:\Windows\tasks\At62.job -> [2010/04/20 13:08:34 | 000,000,370 | ---- | M] ()

 At14.job -> C:\Windows\tasks\At14.job -> [2010/04/20 13:08:32 | 000,000,392 | ---- | M] ()

 bootstat.dat -> C:\Windows\bootstat.dat -> [2010/04/20 13:07:53 | 000,067,584 | --S- | M] ()

 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2010/04/20 12:36:02 | 000,713,888 | ---- | M] ()

 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2010/04/20 12:36:02 | 000,615,360 | ---- | M] ()

 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2010/04/20 12:36:02 | 000,103,702 | ---- | M] ()

 SharePodSettings.xml -> C:\Users\Laptop\Desktop\SharePodSettings.xml -> [2010/04/20 12:35:30 | 000,007,358 | ---- | M] ()

 SHE GOT IT REMIX SLOWED.wav -> C:\Users\Laptop\Desktop\SHE GOT IT REMIX SLOWED.wav -> [2010/04/20 12:33:34 | 085,503,488 | ---- | M] ()

 2 Pistols, T-Pain, Rick Ross, Lil Wayne, Fat Joe & Juelz Santana - She Got It Remix .mp3 -> C:\Users\Laptop\Desktop\2 Pistols, T-Pain, Rick Ross, Lil Wayne, Fat Joe & Juelz Santana - She Got It Remix .mp3 -> [2010/04/20 12:24:39 | 007,137,376 | ---- | M] ()

 At13.job -> C:\Windows\tasks\At13.job -> [2010/04/20 12:06:52 | 000,000,392 | ---- | M] ()

 At61.job -> C:\Windows\tasks\At61.job -> [2010/04/20 12:06:52 | 000,000,370 | ---- | M] ()

 At72.job -> C:\Windows\tasks\At72.job -> [2010/04/20 11:14:12 | 000,000,370 | ---- | M] ()

 At71.job -> C:\Windows\tasks\At71.job -> [2010/04/20 11:14:12 | 000,000,370 | ---- | M] ()

 At70.job -> C:\Windows\tasks\At70.job -> [2010/04/20 11:14:11 | 000,000,370 | ---- | M] ()

 At69.job -> C:\Windows\tasks\At69.job -> [2010/04/20 11:14:10 | 000,000,370 | ---- | M] ()

 At68.job -> C:\Windows\tasks\At68.job -> [2010/04/20 11:14:10 | 000,000,370 | ---- | M] ()

 At67.job -> C:\Windows\tasks\At67.job -> [2010/04/20 11:14:09 | 000,000,370 | ---- | M] ()

 At66.job -> C:\Windows\tasks\At66.job -> [2010/04/20 11:14:09 | 000,000,370 | ---- | M] ()

 At65.job -> C:\Windows\tasks\At65.job -> [2010/04/20 11:14:08 | 000,000,370 | ---- | M] ()

 At60.job -> C:\Windows\tasks\At60.job -> [2010/04/20 11:14:05 | 000,000,370 | ---- | M] ()

 At59.job -> C:\Windows\tasks\At59.job -> [2010/04/20 11:14:04 | 000,000,370 | ---- | M] ()

 At58.job -> C:\Windows\tasks\At58.job -> [2010/04/20 11:14:03 | 000,000,370 | ---- | M] ()

 At57.job -> C:\Windows\tasks\At57.job -> [2010/04/20 11:14:02 | 000,000,370 | ---- | M] ()

 At56.job -> C:\Windows\tasks\At56.job -> [2010/04/20 11:14:01 | 000,000,370 | ---- | M] ()

 At55.job -> C:\Windows\tasks\At55.job -> [2010/04/20 11:14:00 | 000,000,370 | ---- | M] ()

 At54.job -> C:\Windows\tasks\At54.job -> [2010/04/20 11:14:00 | 000,000,370 | ---- | M] ()

 At53.job -> C:\Windows\tasks\At53.job -> [2010/04/20 11:13:59 | 000,000,370 | ---- | M] ()

 At52.job -> C:\Windows\tasks\At52.job -> [2010/04/20 11:13:58 | 000,000,370 | ---- | M] ()

 At51.job -> C:\Windows\tasks\At51.job -> [2010/04/20 11:13:57 | 000,000,370 | ---- | M] ()

 At50.job -> C:\Windows\tasks\At50.job -> [2010/04/20 11:13:56 | 000,000,370 | ---- | M] ()

 At49.job -> C:\Windows\tasks\At49.job -> [2010/04/20 11:13:56 | 000,000,370 | ---- | M] ()

 At9.job -> C:\Windows\tasks\At9.job -> [2010/04/20 11:13:30 | 000,000,392 | ---- | M] ()

 At8.job -> C:\Windows\tasks\At8.job -> [2010/04/20 11:13:30 | 000,000,392 | ---- | M] ()

 At7.job -> C:\Windows\tasks\At7.job -> [2010/04/20 11:13:30 | 000,000,392 | ---- | M] ()

 At12.job -> C:\Windows\tasks\At12.job -> [2010/04/20 11:13:30 | 000,000,392 | ---- | M] ()

 At11.job -> C:\Windows\tasks\At11.job -> [2010/04/20 11:13:30 | 000,000,392 | ---- | M] ()

 At10.job -> C:\Windows\tasks\At10.job -> [2010/04/20 11:13:30 | 000,000,392 | ---- | M] ()

 At6.job -> C:\Windows\tasks\At6.job -> [2010/04/20 05:09:08 | 000,000,392 | ---- | M] ()

 At5.job -> C:\Windows\tasks\At5.job -> [2010/04/20 05:09:08 | 000,000,392 | ---- | M] ()

 At4.job -> C:\Windows\tasks\At4.job -> [2010/04/20 05:09:08 | 000,000,392 | ---- | M] ()

 At3.job -> C:\Windows\tasks\At3.job -> [2010/04/20 02:00:00 | 000,000,392 | ---- | M] ()

 At2.job -> C:\Windows\tasks\At2.job -> [2010/04/20 01:00:37 | 000,000,392 | ---- | M] ()

 At1.job -> C:\Windows\tasks\At1.job -> [2010/04/20 00:02:36 | 000,000,392 | ---- | M] ()

 At24.job -> C:\Windows\tasks\At24.job -> [2010/04/19 23:00:36 | 000,000,392 | ---- | M] ()

 At23.job -> C:\Windows\tasks\At23.job -> [2010/04/19 22:00:00 | 000,000,392 | ---- | M] ()

 +Lost+1x16+Outlaws.divx -> C:\Users\Laptop\Desktop\+Lost+1x16+Outlaws.divx -> [2010/04/19 21:20:24 | 368,290,708 | ---- | M] ()

 The+Apprentice+9x06+.divx -> C:\Users\Laptop\Desktop\The+Apprentice+9x06+.divx -> [2010/04/19 21:07:25 | 733,368,464 | ---- | M] ()

 At22.job -> C:\Windows\tasks\At22.job -> [2010/04/19 21:00:37 | 000,000,392 | ---- | M] ()

 is-P5449.exe -> C:\Windows\is-P5449.exe -> [2010/04/19 20:39:59 | 000,699,904 | ---- | M] ()

 is-P5449.msg -> C:\Windows\is-P5449.msg -> [2010/04/19 20:39:59 | 000,010,498 | ---- | M] ()

 is-P5449.lst -> C:\Windows\is-P5449.lst -> [2010/04/19 20:39:59 | 000,000,348 | ---- | M] ()

 At21.job -> C:\Windows\tasks\At21.job -> [2010/04/19 20:00:37 | 000,000,392 | ---- | M] ()

 TRINIDAD LIST.doc -> C:\Users\Laptop\TRINIDAD LIST.doc -> [2010/04/19 19:45:26 | 000,025,600 | ---- | M] ()

 At20.job -> C:\Windows\tasks\At20.job -> [2010/04/19 19:00:00 | 000,000,392 | ---- | M] ()

 At19.job -> C:\Windows\tasks\At19.job -> [2010/04/19 18:11:56 | 000,000,392 | ---- | M] ()

 At18.job -> C:\Windows\tasks\At18.job -> [2010/04/19 18:11:56 | 000,000,392 | ---- | M] ()

 At17.job -> C:\Windows\tasks\At17.job -> [2010/04/19 16:00:36 | 000,000,392 | ---- | M] ()

 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/04/19 14:30:07 | 000,009,920 | -H-- | M] ()

 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/04/19 14:30:07 | 000,009,920 | -H-- | M] ()

 NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.2.regtrans-ms -> C:\Users\Laptop\NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.2.regtrans-ms -> [2010/04/19 14:23:21 | 001,048,576 | -HS- | M] ()

 NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.1.regtrans-ms -> C:\Users\Laptop\NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.1.regtrans-ms -> [2010/04/19 14:23:21 | 001,048,576 | -HS- | M] ()

 NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.0.regtrans-ms -> C:\Users\Laptop\NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.0.regtrans-ms -> [2010/04/19 14:23:21 | 001,048,576 | -HS- | M] ()

 NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf -> C:\Users\Laptop\NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf -> [2010/04/19 14:23:21 | 000,065,536 | -HS- | M] ()

 SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/04/19 14:23:01 | 000,000,006 | -H-- | M] ()

 hiberfil.sys -> C:\hiberfil.sys -> [2010/04/19 14:22:54 | 3016,790,016 | -HS- | M] ()

 Breaking+Bad+3x05+Mas.divx -> C:\Users\Laptop\Desktop\Breaking+Bad+3x05+Mas.divx -> [2010/04/19 03:56:09 | 367,210,448 | ---- | M] ()

 IconCache.db -> C:\Users\Laptop\AppData\Local\IconCache.db -> [2010/04/19 03:25:03 | 001,412,040 | -H-- | M] ()

 OTL.exe -> C:\Users\Laptop\Desktop\OTL.exe -> [2010/04/19 02:43:31 | 000,562,176 | ---- | M] (OldTimer Tools)

 +Lost+1x15+Homecoming.divx -> C:\Users\Laptop\Desktop\+Lost+1x15+Homecoming.divx -> [2010/04/18 21:08:31 | 366,422,016 | ---- | M] ()

 exefix.reg -> C:\Users\Laptop\Desktop\exefix.reg -> [2010/04/18 17:57:51 | 000,000,296 | ---- | M] ()

 IGI4W75 -> C:\Users\Laptop\AppData\Local\IGI4W75 -> [2010/04/18 15:58:23 | 000,012,724 | -HS- | M] ()

 IGI4W75 -> C:\ProgramData\IGI4W75 -> [2010/04/18 15:58:23 | 000,012,724 | -HS- | M] ()

 Getcha Life Right SLOWED.wav -> C:\Users\Laptop\Desktop\Getcha Life Right SLOWED.wav -> [2010/04/18 01:18:50 | 055,518,680 | ---- | M] ()

 LIL MAMA SLOWED.wav -> C:\Users\Laptop\Desktop\LIL MAMA SLOWED.wav -> [2010/04/18 01:10:15 | 051,262,628 | ---- | M] ()

 +Lost+1x14+Special.divx -> C:\Users\Laptop\Desktop\+Lost+1x14+Special.divx -> [2010/04/18 00:31:12 | 366,548,992 | ---- | M] ()

 +Lost+1x13+Hearts+and+Minds.divx -> C:\Users\Laptop\Desktop\+Lost+1x13+Hearts+and+Minds.divx -> [2010/04/17 23:10:44 | 366,471,168 | ---- | M] ()

 +Lost+1x10+Raised+by+Another.divx -> C:\Users\Laptop\Desktop\+Lost+1x10+Raised+by+Another.divx -> [2010/04/17 18:08:23 | 366,641,152 | ---- | M] ()

 regedit.vbs -> C:\Users\Laptop\Desktop\regedit.vbs -> [2010/04/17 15:39:00 | 000,001,270 | ---- | M] ()

 At207.job -> C:\Windows\tasks\At207.job -> [2010/04/17 15:27:17 | 000,000,370 | ---- | M] ()

 At208.job -> C:\Windows\tasks\At208.job -> [2010/04/17 15:27:17 | 000,000,302 | ---- | M] ()

 At206.job -> C:\Windows\tasks\At206.job -> [2010/04/17 15:27:15 | 000,000,370 | ---- | M] ()

 3351340037 -> C:\Users\Laptop\AppData\Local\3351340037 -> [2010/04/17 15:26:48 | 000,012,672 | -HS- | M] ()

 3351340037 -> C:\ProgramData\3351340037 -> [2010/04/17 15:26:48 | 000,012,672 | -HS- | M] ()

 +Lost+1x09+Solitary.divx -> C:\Users\Laptop\Desktop\+Lost+1x09+Solitary.divx -> [2010/04/17 15:16:36 | 367,386,624 | ---- | M] ()

 +Lost+1x08+Confidence+Man.divx -> C:\Users\Laptop\Desktop\+Lost+1x08+Confidence+Man.divx -> [2010/04/17 12:29:46 | 368,283,648 | ---- | M] ()

 Eusing Free Registry Cleaner.lnk -> C:\Users\Laptop\Desktop\Eusing Free Registry Cleaner.lnk -> [2010/04/17 12:23:53 | 000,001,017 | ---- | M] ()

 +Lost+1x07+The+Moth.divx -> C:\Users\Laptop\Desktop\+Lost+1x07+The+Moth.divx -> [2010/04/17 05:03:52 | 367,482,880 | ---- | M] ()

 MRT.INI -> C:\Windows\SysNative\MRT.INI -> [2010/04/17 03:42:15 | 000,000,118 | ---- | M] ()

 +Lost+1x06+House+of+the+Rising+Sun.divx -> C:\Users\Laptop\Desktop\+Lost+1x06+House+of+the+Rising+Sun.divx -> [2010/04/17 02:06:53 | 367,513,600 | ---- | M] ()

 zoqyivvcd9.sys -> C:\Windows\SysWow64\drivers\zoqyivvcd9.sys -> [2010/04/16 15:32:50 | 000,081,408 | ---- | M] ()

 reader_s .exe -> C:\Windows\SysWow64\reader_s .exe -> [2010/04/16 15:32:48 | 000,026,624 | ---- | M] ()

 services .exe -> C:\Windows\services .exe -> [2010/04/16 14:15:51 | 000,055,296 | ---- | M] ()

 ave.exe -> C:\Users\Laptop\AppData\Local\ave.exe -> [2010/04/16 14:13:03 | 000,188,416 | -HS- | M] ()

 bnfvbt0i0t.dll -> C:\Windows\SysWow64\bnfvbt0i0t.dll -> [2010/04/16 14:13:01 | 000,020,000 | ---- | M] ()

 +Lost+1x01+Pilot+%28Part+1%29.divx -> C:\Users\Laptop\Desktop\+Lost+1x01+Pilot+%28Part+1%29.divx -> [2010/04/15 15:01:53 | 365,633,536 | ---- | M] ()

 Justified+1x05+The+Lord+of+War+and+Thunder.divx -> C:\Users\Laptop\Desktop\Justified+1x05+The+Lord+of+War+and+Thunder.divx -> [2010/04/14 22:28:18 | 366,164,094 | ---- | M] ()

 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2010/04/12 10:11:06 | 003,290,488 | ---- | M] ()

 GDIPFONTCACHEV1.DAT -> C:\Users\Laptop\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/04/10 15:55:43 | 000,116,960 | ---- | M] ()

 NV2009-1  packing list.xls -> C:\Users\Laptop\Desktop\NV2009-1  packing list.xls -> [2010/04/10 00:43:01 | 000,022,016 | ---- | M] ()

 NV2009-1  INVOICE FOR CUSTOMS.xls -> C:\Users\Laptop\Desktop\NV2009-1  INVOICE FOR CUSTOMS.xls -> [2010/04/10 00:42:30 | 000,030,720 | ---- | M] ()

 OfficeSAS.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk -> [2010/04/09 22:03:44 | 000,001,178 | ---- | M] ()

 win.ini -> C:\Windows\win.ini -> [2010/04/09 21:49:31 | 000,000,510 | ---- | M] ()

 wklnhst.dat -> C:\Users\Laptop\AppData\Roaming\wklnhst.dat -> [2010/04/09 19:42:59 | 000,001,626 | ---- | M] ()

 Documents - Shortcut.lnk -> C:\Users\Laptop\Documents - Shortcut.lnk -> [2010/04/09 19:35:40 | 000,001,081 | ---- | M] ()

 WORDPAD.INI -> C:\Windows\WORDPAD.INI -> [2010/04/07 14:38:25 | 000,000,193 | ---- | M] ()

 7501.pdf -> C:\Users\Laptop\Desktop\7501.pdf -> [2010/04/02 14:32:12 | 000,132,330 | ---- | M] ()

 Tech N9ne - Leave Me Alone-RGF.wav -> C:\Users\Laptop\Desktop\Tech N9ne - Leave Me Alone-RGF.wav -> [2010/04/01 00:36:00 | 021,381,974 | ---- | M] ()

 TRINIDAD LIST.rtf -> C:\Users\Laptop\TRINIDAD LIST.rtf -> [2010/03/31 21:50:34 | 000,001,501 | ---- | M] ()

 mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation)

 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation)

 The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx -> C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx -> [2010/03/29 20:19:00 | 756,072,778 | ---- | M] ()

 The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx -> C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx -> [2010/03/29 15:44:17 | 703,565,644 | ---- | M] ()

 IPH.PH -> C:\IPH.PH -> [2010/03/28 13:34:31 | 000,000,700 | -H-- | M] ()

 AIM.lnk -> C:\Users\Public\Desktop\AIM.lnk -> [2010/03/28 13:34:29 | 000,001,875 | ---- | M] ()

 Audacity.lnk -> C:\Users\Laptop\Desktop\Audacity.lnk -> [2010/03/27 14:05:51 | 000,000,907 | ---- | M] ()

 Create an Invoice.lnk -> C:\Users\Laptop\Desktop\Create an Invoice.lnk -> [2010/03/26 13:27:19 | 000,000,917 | ---- | M] ()

 National+Geographic+-+Megafactories%3A+Lamborghini.divx -> C:\Users\Laptop\Desktop\National+Geographic+-+Megafactories%3A+Lamborghini.divx -> [2010/03/25 01:08:24 | 366,267,282 | ---- | M] ()

 .recently-used.xbel -> C:\Users\Laptop\.recently-used.xbel -> [2010/03/23 02:25:19 | 000,006,362 | ---- | M] ()

 CRESCENDO LOGO1_vectorized.png -> C:\Users\Laptop\Desktop\CRESCENDO LOGO1_vectorized.png -> [2010/03/22 16:40:19 | 000,067,283 | ---- | M] ()

 CRESCENDO LOGO1.eps -> C:\Users\Laptop\Desktop\CRESCENDO LOGO1.eps -> [2010/03/22 16:35:09 | 000,086,168 | ---- | M] ()

 Vector Magic.lnk -> C:\Users\Laptop\Desktop\Vector Magic.lnk -> [2010/03/22 16:25:36 | 000,000,975 | ---- | M] ()

 363 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> 

 363 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> 

 328 C:\Users\Laptop\AppData\Local\Temp\*.tmp files -> C:\Users\Laptop\AppData\Local\Temp\*.tmp -> 

 328 C:\Users\Laptop\AppData\Local\Temp\*.tmp files -> C:\Users\Laptop\AppData\Local\Temp\*.tmp -> 

 

[Files - No Company Name]

 SHE GOT IT REMIX SLOWED.wav -> C:\Users\Laptop\Desktop\SHE GOT IT REMIX SLOWED.wav -> [2010/04/20 12:33:25 | 085,503,488 | ---- | C] ()

 2 Pistols, T-Pain, Rick Ross, Lil Wayne, Fat Joe & Juelz Santana - She Got It Remix .mp3 -> C:\Users\Laptop\Desktop\2 Pistols, T-Pain, Rick Ross, Lil Wayne, Fat Joe & Juelz Santana - She Got It Remix .mp3 -> [2010/04/20 12:25:18 | 007,137,376 | ---- | C] ()

 At72.job -> C:\Windows\tasks\At72.job -> [2010/04/20 11:14:12 | 000,000,370 | ---- | C] ()

 At71.job -> C:\Windows\tasks\At71.job -> [2010/04/20 11:14:11 | 000,000,370 | ---- | C] ()

 At70.job -> C:\Windows\tasks\At70.job -> [2010/04/20 11:14:10 | 000,000,370 | ---- | C] ()

 At69.job -> C:\Windows\tasks\At69.job -> [2010/04/20 11:14:10 | 000,000,370 | ---- | C] ()

 At68.job -> C:\Windows\tasks\At68.job -> [2010/04/20 11:14:09 | 000,000,370 | ---- | C] ()

 At67.job -> C:\Windows\tasks\At67.job -> [2010/04/20 11:14:09 | 000,000,370 | ---- | C] ()

 At66.job -> C:\Windows\tasks\At66.job -> [2010/04/20 11:14:08 | 000,000,370 | ---- | C] ()

 At65.job -> C:\Windows\tasks\At65.job -> [2010/04/20 11:14:07 | 000,000,370 | ---- | C] ()

 At64.job -> C:\Windows\tasks\At64.job -> [2010/04/20 11:14:07 | 000,000,370 | ---- | C] ()

 At63.job -> C:\Windows\tasks\At63.job -> [2010/04/20 11:14:06 | 000,000,370 | ---- | C] ()

 At62.job -> C:\Windows\tasks\At62.job -> [2010/04/20 11:14:05 | 000,000,370 | ---- | C] ()

 At61.job -> C:\Windows\tasks\At61.job -> [2010/04/20 11:14:05 | 000,000,370 | ---- | C] ()

 At60.job -> C:\Windows\tasks\At60.job -> [2010/04/20 11:14:04 | 000,000,370 | ---- | C] ()

 At59.job -> C:\Windows\tasks\At59.job -> [2010/04/20 11:14:03 | 000,000,370 | ---- | C] ()

 At58.job -> C:\Windows\tasks\At58.job -> [2010/04/20 11:14:02 | 000,000,370 | ---- | C] ()

 At57.job -> C:\Windows\tasks\At57.job -> [2010/04/20 11:14:01 | 000,000,370 | ---- | C] ()

 At56.job -> C:\Windows\tasks\At56.job -> [2010/04/20 11:14:00 | 000,000,370 | ---- | C] ()

 At55.job -> C:\Windows\tasks\At55.job -> [2010/04/20 11:14:00 | 000,000,370 | ---- | C] ()

 At54.job -> C:\Windows\tasks\At54.job -> [2010/04/20 11:13:59 | 000,000,370 | ---- | C] ()

 At53.job -> C:\Windows\tasks\At53.job -> [2010/04/20 11:13:58 | 000,000,370 | ---- | C] ()

 At52.job -> C:\Windows\tasks\At52.job -> [2010/04/20 11:13:57 | 000,000,370 | ---- | C] ()

 At51.job -> C:\Windows\tasks\At51.job -> [2010/04/20 11:13:56 | 000,000,370 | ---- | C] ()

 At50.job -> C:\Windows\tasks\At50.job -> [2010/04/20 11:13:56 | 000,000,370 | ---- | C] ()

 At49.job -> C:\Windows\tasks\At49.job -> [2010/04/20 11:13:55 | 000,000,370 | ---- | C] ()

 +Lost+1x16+Outlaws.divx -> C:\Users\Laptop\Desktop\+Lost+1x16+Outlaws.divx -> [2010/04/19 21:34:15 | 368,290,708 | ---- | C] ()

 The+Apprentice+9x06+.divx -> C:\Users\Laptop\Desktop\The+Apprentice+9x06+.divx -> [2010/04/19 21:13:30 | 733,368,464 | ---- | C] ()

 is-P5449.exe -> C:\Windows\is-P5449.exe -> [2010/04/19 20:39:59 | 000,699,904 | ---- | C] ()

 is-P5449.msg -> C:\Windows\is-P5449.msg -> [2010/04/19 20:39:59 | 000,010,498 | ---- | C] ()

 is-P5449.lst -> C:\Windows\is-P5449.lst -> [2010/04/19 20:39:59 | 000,000,348 | ---- | C] ()

 NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.2.regtrans-ms -> C:\Users\Laptop\NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.2.regtrans-ms -> [2010/04/19 14:23:21 | 001,048,576 | -HS- | C] ()

 NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.1.regtrans-ms -> C:\Users\Laptop\NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.1.regtrans-ms -> [2010/04/19 14:23:21 | 001,048,576 | -HS- | C] ()

 NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.0.regtrans-ms -> C:\Users\Laptop\NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.0.regtrans-ms -> [2010/04/19 14:23:21 | 001,048,576 | -HS- | C] ()

 NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf -> C:\Users\Laptop\NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf -> [2010/04/19 14:23:21 | 000,065,536 | -HS- | C] ()

 At16.job -> C:\Windows\tasks\At16.job -> [2010/04/19 12:01:59 | 000,000,392 | ---- | C] ()

 At15.job -> C:\Windows\tasks\At15.job -> [2010/04/19 12:01:59 | 000,000,392 | ---- | C] ()

 At14.job -> C:\Windows\tasks\At14.job -> [2010/04/19 12:01:58 | 000,000,392 | ---- | C] ()

 At13.job -> C:\Windows\tasks\At13.job -> [2010/04/19 12:01:58 | 000,000,392 | ---- | C] ()

 At12.job -> C:\Windows\tasks\At12.job -> [2010/04/19 12:01:57 | 000,000,392 | ---- | C] ()

 At11.job -> C:\Windows\tasks\At11.job -> [2010/04/19 12:01:57 | 000,000,392 | ---- | C] ()

 At10.job -> C:\Windows\tasks\At10.job -> [2010/04/19 12:01:56 | 000,000,392 | ---- | C] ()

 At1.job -> C:\Windows\tasks\At1.job -> [2010/04/19 12:01:52 | 000,000,392 | ---- | C] ()

 Breaking+Bad+3x05+Mas.divx -> C:\Users\Laptop\Desktop\Breaking+Bad+3x05+Mas.divx -> [2010/04/19 03:56:37 | 367,210,448 | ---- | C] ()

 gmer.exe -> C:\Users\Laptop\Desktop\gmer.exe -> [2010/04/19 02:22:22 | 000,293,376 | ---- | C] ()

 +Lost+1x15+Homecoming.divx -> C:\Users\Laptop\Desktop\+Lost+1x15+Homecoming.divx -> [2010/04/18 21:09:04 | 366,422,016 | ---- | C] ()

 At24.job -> C:\Windows\tasks\At24.job -> [2010/04/18 18:02:02 | 000,000,392 | ---- | C] ()

 At23.job -> C:\Windows\tasks\At23.job -> [2010/04/18 18:02:01 | 000,000,392 | ---- | C] ()

 At22.job -> C:\Windows\tasks\At22.job -> [2010/04/18 18:02:01 | 000,000,392 | ---- | C] ()

 At21.job -> C:\Windows\tasks\At21.job -> [2010/04/18 18:02:00 | 000,000,392 | ---- | C] ()

 At20.job -> C:\Windows\tasks\At20.job -> [2010/04/18 18:02:00 | 000,000,392 | ---- | C] ()

 At19.job -> C:\Windows\tasks\At19.job -> [2010/04/18 18:02:00 | 000,000,392 | ---- | C] ()

 At18.job -> C:\Windows\tasks\At18.job -> [2010/04/18 18:01:59 | 000,000,392 | ---- | C] ()

 At17.job -> C:\Windows\tasks\At17.job -> [2010/04/18 18:01:59 | 000,000,392 | ---- | C] ()

 At9.job -> C:\Windows\tasks\At9.job -> [2010/04/18 18:01:55 | 000,000,392 | ---- | C] ()

 At8.job -> C:\Windows\tasks\At8.job -> [2010/04/18 18:01:55 | 000,000,392 | ---- | C] ()

 At7.job -> C:\Windows\tasks\At7.job -> [2010/04/18 18:01:54 | 000,000,392 | ---- | C] ()

 At6.job -> C:\Windows\tasks\At6.job -> [2010/04/18 18:01:54 | 000,000,392 | ---- | C] ()

 At5.job -> C:\Windows\tasks\At5.job -> [2010/04/18 18:01:54 | 000,000,392 | ---- | C] ()

 At4.job -> C:\Windows\tasks\At4.job -> [2010/04/18 18:01:53 | 000,000,392 | ---- | C] ()

 At3.job -> C:\Windows\tasks\At3.job -> [2010/04/18 18:01:53 | 000,000,392 | ---- | C] ()

 At2.job -> C:\Windows\tasks\At2.job -> [2010/04/18 18:01:52 | 000,000,392 | ---- | C] ()

 IconCache.db -> C:\Users\Laptop\AppData\Local\IconCache.db -> [2010/04/18 15:57:15 | 001,412,040 | -H-- | C] ()

 Getcha Life Right SLOWED.wav -> C:\Users\Laptop\Desktop\Getcha Life Right SLOWED.wav -> [2010/04/18 01:18:44 | 055,518,680 | ---- | C] ()

 LIL MAMA SLOWED.wav -> C:\Users\Laptop\Desktop\LIL MAMA SLOWED.wav -> [2010/04/18 01:10:09 | 051,262,628 | ---- | C] ()

 +Lost+1x14+Special.divx -> C:\Users\Laptop\Desktop\+Lost+1x14+Special.divx -> [2010/04/18 00:43:06 | 366,548,992 | ---- | C] ()

 +Lost+1x13+Hearts+and+Minds.divx -> C:\Users\Laptop\Desktop\+Lost+1x13+Hearts+and+Minds.divx -> [2010/04/17 23:19:10 | 366,471,168 | ---- | C] ()

 +Lost+1x10+Raised+by+Another.divx -> C:\Users\Laptop\Desktop\+Lost+1x10+Raised+by+Another.divx -> [2010/04/17 18:37:41 | 366,641,152 | ---- | C] ()

 exefix.reg -> C:\Users\Laptop\Desktop\exefix.reg -> [2010/04/17 15:47:30 | 000,000,296 | ---- | C] ()

 regedit.vbs -> C:\Users\Laptop\Desktop\regedit.vbs -> [2010/04/17 15:39:00 | 000,001,270 | ---- | C] ()

 At208.job -> C:\Windows\tasks\At208.job -> [2010/04/17 15:27:17 | 000,000,302 | ---- | C] ()

 At207.job -> C:\Windows\tasks\At207.job -> [2010/04/17 15:27:15 | 000,000,370 | ---- | C] ()

 At206.job -> C:\Windows\tasks\At206.job -> [2010/04/17 15:27:13 | 000,000,370 | ---- | C] ()

 +Lost+1x09+Solitary.divx -> C:\Users\Laptop\Desktop\+Lost+1x09+Solitary.divx -> [2010/04/17 15:23:23 | 367,386,624 | ---- | C] ()

 +Lost+1x08+Confidence+Man.divx -> C:\Users\Laptop\Desktop\+Lost+1x08+Confidence+Man.divx -> [2010/04/17 12:30:08 | 368,283,648 | ---- | C] ()

 Eusing Free Registry Cleaner.lnk -> C:\Users\Laptop\Desktop\Eusing Free Registry Cleaner.lnk -> [2010/04/17 12:23:53 | 000,001,017 | ---- | C] ()

 +Lost+1x07+The+Moth.divx -> C:\Users\Laptop\Desktop\+Lost+1x07+The+Moth.divx -> [2010/04/17 05:03:59 | 367,482,880 | ---- | C] ()

 MRT.INI -> C:\Windows\SysNative\MRT.INI -> [2010/04/17 03:42:15 | 000,000,118 | ---- | C] ()

 +Lost+1x06+House+of+the+Rising+Sun.divx -> C:\Users\Laptop\Desktop\+Lost+1x06+House+of+the+Rising+Sun.divx -> [2010/04/17 02:53:13 | 367,513,600 | ---- | C] ()

 zoqyivvcd9.sys -> C:\Windows\SysWow64\drivers\zoqyivvcd9.sys -> [2010/04/16 15:32:50 | 000,081,408 | ---- | C] ()

 reader_s .exe -> C:\Windows\SysWow64\reader_s .exe -> [2010/04/16 15:32:48 | 000,026,624 | ---- | C] ()

 3351340037 -> C:\ProgramData\3351340037 -> [2010/04/16 15:31:57 | 000,012,672 | -HS- | C] ()

 3351340037 -> C:\Users\Laptop\AppData\Local\3351340037 -> [2010/04/16 15:31:56 | 000,012,672 | -HS- | C] ()

 services .exe -> C:\Windows\services .exe -> [2010/04/16 14:15:54 | 000,055,296 | ---- | C] ()

 ave.exe -> C:\Users\Laptop\AppData\Local\ave.exe -> [2010/04/16 14:13:03 | 000,188,416 | -HS- | C] ()

 IGI4W75 -> C:\Users\Laptop\AppData\Local\IGI4W75 -> [2010/04/16 14:13:03 | 000,012,724 | -HS- | C] ()

 IGI4W75 -> C:\ProgramData\IGI4W75 -> [2010/04/16 14:13:03 | 000,012,724 | -HS- | C] ()

 bnfvbt0i0t.dll -> C:\Windows\SysWow64\bnfvbt0i0t.dll -> [2010/04/16 14:13:01 | 000,020,000 | ---- | C] ()

 +Lost+1x01+Pilot+%28Part+1%29.divx -> C:\Users\Laptop\Desktop\+Lost+1x01+Pilot+%28Part+1%29.divx -> [2010/04/15 15:06:05 | 365,633,536 | ---- | C] ()

 Justified+1x05+The+Lord+of+War+and+Thunder.divx -> C:\Users\Laptop\Desktop\Justified+1x05+The+Lord+of+War+and+Thunder.divx -> [2010/04/14 22:30:36 | 366,164,094 | ---- | C] ()

 NV2009-1  packing list.xls -> C:\Users\Laptop\Desktop\NV2009-1  packing list.xls -> [2010/04/10 00:39:51 | 000,022,016 | ---- | C] ()

 NV2009-1  INVOICE FOR CUSTOMS.xls -> C:\Users\Laptop\Desktop\NV2009-1  INVOICE FOR CUSTOMS.xls -> [2010/04/10 00:39:43 | 000,030,720 | ---- | C] ()

 OfficeSAS.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk -> [2010/04/09 22:03:44 | 000,001,178 | ---- | C] ()

 TRINIDAD LIST.doc -> C:\Users\Laptop\TRINIDAD LIST.doc -> [2010/04/09 19:42:05 | 000,025,600 | ---- | C] ()

 Documents - Shortcut.lnk -> C:\Users\Laptop\Documents - Shortcut.lnk -> [2010/04/09 19:35:40 | 000,001,081 | ---- | C] ()

 7501.pdf -> C:\Users\Laptop\Desktop\7501.pdf -> [2010/04/02 14:32:12 | 000,132,330 | ---- | C] ()

 Tech N9ne - Leave Me Alone-RGF.wav -> C:\Users\Laptop\Desktop\Tech N9ne - Leave Me Alone-RGF.wav -> [2010/04/01 00:35:57 | 021,381,974 | ---- | C] ()

 The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx -> C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+2%29.divx -> [2010/03/29 21:03:55 | 756,072,778 | ---- | C] ()

 The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx -> C:\Users\Laptop\Desktop\The+Blind+Side+%282009%29+DVDSCR+XviD+AC3+-+DEViSE+Release+%28Part+1%29.divx -> [2010/03/29 15:47:59 | 703,565,644 | ---- | C] ()

 Audacity.lnk -> C:\Users\Laptop\Desktop\Audacity.lnk -> [2010/03/27 14:05:51 | 000,000,907 | ---- | C] ()

 06-b-legit-stickem.mp3 -> C:\Users\Laptop\Desktop\06-b-legit-stickem.mp3 -> [2010/03/27 11:40:26 | 004,275,628 | ---- | C] ()

 Create an Invoice.lnk -> C:\Users\Laptop\Desktop\Create an Invoice.lnk -> [2010/03/26 13:27:19 | 000,000,917 | ---- | C] ()

 National+Geographic+-+Megafactories%3A+Lamborghini.divx -> C:\Users\Laptop\Desktop\National+Geographic+-+Megafactories%3A+Lamborghini.divx -> [2010/03/25 01:08:42 | 366,267,282 | ---- | C] ()

 .recently-used.xbel -> C:\Users\Laptop\.recently-used.xbel -> [2010/03/23 02:25:19 | 000,006,362 | ---- | C] ()

 CRESCENDO LOGO1_vectorized.png -> C:\Users\Laptop\Desktop\CRESCENDO LOGO1_vectorized.png -> [2010/03/22 16:40:19 | 000,067,283 | ---- | C] ()

 CRESCENDO LOGO1.eps -> C:\Users\Laptop\Desktop\CRESCENDO LOGO1.eps -> [2010/03/22 16:35:08 | 000,086,168 | ---- | C] ()

 Vector Magic.lnk -> C:\Users\Laptop\Desktop\Vector Magic.lnk -> [2010/03/22 16:25:36 | 000,000,975 | ---- | C] ()

 WORDPAD.INI -> C:\Windows\WORDPAD.INI -> [2010/01/07 17:43:33 | 000,000,193 | ---- | C] ()

 GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2009/07/14 01:32:39 | 000,043,318 | ---- | C] ()

 GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2009/07/14 01:32:39 | 000,029,779 | ---- | C] ()

 GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2009/07/14 01:32:39 | 000,026,489 | ---- | C] ()

 GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2009/07/14 01:32:39 | 000,026,040 | ---- | C] ()

 FastUv32.dll -> C:\Windows\SysWow64\FastUv32.dll -> [2009/07/13 20:14:59 | 000,053,248 | ---- | C] ()

 diskchk.sys -> C:\Windows\SysWow64\diskchk.sys -> [2009/07/13 20:14:59 | 000,002,304 | ---- | C] ()

 BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 19:42:10 | 000,064,000 | ---- | C] ()

 msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 17:03:59 | 000,364,544 | ---- | C] ()

 qt-dx331.dll -> C:\Windows\SysWow64\qt-dx331.dll -> [2005/10/14 06:56:50 | 003,596,288 | ---- | C] ()

 VorbisEnc.dll -> C:\Windows\SysWow64\VorbisEnc.dll -> [2005/10/14 06:56:50 | 000,921,600 | ---- | C] ()

 xvidcore.dll -> C:\Windows\SysWow64\xvidcore.dll -> [2005/10/14 06:56:50 | 000,761,856 | ---- | C] ()

 xvid.dll -> C:\Windows\SysWow64\xvid.dll -> [2005/10/14 06:56:50 | 000,344,064 | ---- | C] ()

 OggDS.dll -> C:\Windows\SysWow64\OggDS.dll -> [2005/10/14 06:56:50 | 000,237,568 | ---- | C] ()

 vorbis.dll -> C:\Windows\SysWow64\vorbis.dll -> [2005/10/14 06:56:50 | 000,188,416 | ---- | C] ()

 unrar.dll -> C:\Windows\SysWow64\unrar.dll -> [2005/10/14 06:56:50 | 000,155,136 | ---- | C] ()

 ogg.dll -> C:\Windows\SysWow64\ogg.dll -> [2005/10/14 06:56:50 | 000,045,056 | ---- | C] ()

[Custom Scans]

< netsvcs >

< %SYSTEMDRIVE%\*.exe >

< MD5 Scans Start>

< %systemdrive%\AGP440.SYS  /md5 /s >

 AGP440.sys : MD5=608C14DBA7299D8CB6ED035A68A15799 -> C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys -> [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation)

 AGP440.sys : MD5=608C14DBA7299D8CB6ED035A68A15799 -> C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys -> [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation)

< %systemdrive%\ATAPI.SYS  /md5 /s >

 atapi.sys : MD5=02062C0B390B7729EDC9E69C680A6F3C -> C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys -> [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation)

 atapi.sys : MD5=02062C0B390B7729EDC9E69C680A6F3C -> C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys -> [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation)

< %systemdrive%\CNGAUDIT.DLL  /md5 /s >

 cngaudit.dll : MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -> C:\Windows\SysWOW64\cngaudit.dll -> [2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation)

 cngaudit.dll : MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -> C:\Windows\SysWOW64\cngaudit.dll -> [2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation)

 cngaudit.dll : MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll -> [2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation)

 cngaudit.dll : MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -> C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll -> [2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation)

< %systemdrive%\IASTORV.SYS  /md5 /s >

 iaStorV.sys : MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -> C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys -> [2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation)

 iaStorV.sys : MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -> C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys -> [2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation)

< %systemdrive%\NETLOGON.DLL  /md5 /s >

 netlogon.dll : MD5=956D030D375F207B22FB111E06EF9C35 -> C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll -> [2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation)

 netlogon.dll : MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -> C:\Windows\SysWOW64\netlogon.dll -> [2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation)

 netlogon.dll : MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -> C:\Windows\SysWOW64\netlogon.dll -> [2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation)

 netlogon.dll : MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -> C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll -> [2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation)

< %systemdrive%\NVRAID.SYS  /md5 /s >

 nvraid.sys : MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -> C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys -> [2009/07/13 21:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation)

 nvraid.sys : MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -> C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys -> [2009/07/13 21:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation)

< %systemdrive%\NVSTOR.SYS  /md5 /s >

 nvstor.sys : MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -> C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys -> [2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation)

 nvstor.sys : MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -> C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys -> [2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation)

< %systemdrive%\SCECLI.DLL  /md5 /s >

 scecli.dll : MD5=26073302DAEA83CC5B944C546D6B47D2 -> C:\Windows\SysWOW64\scecli.dll -> [2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation)

 scecli.dll : MD5=26073302DAEA83CC5B944C546D6B47D2 -> C:\Windows\SysWOW64\scecli.dll -> [2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation)

 scecli.dll : MD5=26073302DAEA83CC5B944C546D6B47D2 -> C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll -> [2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation)

 scecli.dll : MD5=398712DDDAEFB85EDF61DF6A07B65C79 -> C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll -> [2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation)

< MD5 Scans End>

< %systemroot%\*. /mp /s >

< c:\windows\system32\drivers\*.sys /60 >

 mbamswissarmy.sys -> C:\Windows\SysWOW64\drivers\mbamswissarmy.sys -> [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation)

 zoqyivvcd9.sys -> C:\Windows\SysWOW64\drivers\zoqyivvcd9.sys -> [2010/04/16 15:32:50 | 000,081,408 | ---- | M] ()

OTS cannot create restorepoints on Vista OSs!

< %systemroot%\system32\*.dll /lockedfiles >

 dxtmsft.dll : Unable to obtain MD5  -> C:\Windows\SysWOW64\dxtmsft.dll -> [2009/07/13 21:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation)

 dxtrans.dll : Unable to obtain MD5  -> C:\Windows\SysWOW64\dxtrans.dll -> [2009/07/13 21:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation)

 iepeers.dll : Unable to obtain MD5  -> C:\Windows\SysWOW64\iepeers.dll -> [2009/07/13 21:15:28 | 000,186,368 | ---- | M] (Microsoft Corporation)

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

 

[Files/Folders - Unicode - All]

C:\Users\Laptop\Desktop\?? 1.pdf -> C:\Users\Laptop\Desktop\组合 1.pdf -> [2010/03/29 22:40:51 | 000,823,922 | ---- | C] ()

C:\Users\Laptop\Desktop\?? 1.pdf -> C:\Users\Laptop\Desktop\组合 1.pdf -> [2010/03/29 22:40:54 | 000,823,922 | ---- | M] ()

 

[Alternate Data Streams]

@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:C8B8CEBD

< End of report >

Edited by Help Help, 20 April 2010 - 02:23 PM.

  • 0

#14
SweetTech
Posted 21 April 2010 - 10:40 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

I'm still going through your OTS log, but in the meantime please do the following.

Show hidden files in Windows Vista
Please enable the Show Hidden Files and Folders option:
  • Close all programs so that you are at your desktop.
  • Press Posted Image.
  • Click the Start Search box on the Start Menu
  • Copy and paste the following value, in the open text entry box:
    control folders
    • Depending on you view settings: choose one of these options:
    • Double-click on the Folder Options icon... then click on the View tab.
    • Click on the Appearance and Personalization link... then click on Show Hidden Files or Folders.
  • SELECT...button Show hidden files and folders.
    under the "Hidden files and folders" section.
  • Press the Apply button...then the OK button.
Now Windows Vista is configured to show all hidden files.


You will need to make sure that you re-hide your system files and folders after submitting the file for analysis.

VirusTotal File Scan
Please go to: VirusTotal
  • Posted Image
  • Click the Browse button and search for the following file: C:\Windows\SysWow64\reader_s .exe
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.
If it says already scanned -- click "reanalyze now"

Please post the results in your next reply
  • 0

#15
Help Help
Posted 21 April 2010 - 04:48 PM

Help Help

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
RESULTS:

http://www.virustota...9d82-1271889947
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP