Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Overkill and Being Killed By Rootkits


  • This topic is locked This topic is locked

#16
photopony

photopony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here are the Kaspersky logs.

Attached Files


  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Kaspersky appears to have found an infected MBR file in firefox, a weird place for that to be

Still no normal mode ?

Could you now do the Roguekiller and OTL scans please
  • 0

#18
photopony

photopony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Hegemon [Admin rights]
Mode: Scan -- Date : 06/05/2011 17:16:32

Bad processes: 1
[SUSP PATH] setup_9.0.0.722_05.06.2011_20-46.exe -- c:\users\hegemon\desktop\virus removal tool\setup_9.0.0.722_05.06.2011_20-46\setup_9.0.0.722_05.06.2011_20-46.exe -> KILLED

Registry Entries: 3
[SUSP PATH] setup_9.0.0.722_05.06.2011_20-46.lnk : C:\Users\Hegemon\Desktop\Virus Removal Tool\setup_9.0.0.722_05.06.2011_20-46\startup.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
127.0.0.1 localhost
















OTS logfile created on: 6/5/2011 5:18:26 PM - Run 2
OTS by OldTimer - Version 3.1.43.0     Folder = C:\Users\Hegemon\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.71 Gb Total Space | 263.31 Gb Free Space | 72.40% Space Free | Partition Type: NTFS
Drive D: | 8.90 Gb Total Space | 1.00 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HEGEMON-PC
Current User Name: Hegemon
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Quick Scan
 
[Processes - Safe List]
ots.exe -> C:\Users\Hegemon\Downloads\OTS.exe -> [2011/05/31 08:32:57 | 000,645,632 | ---- | M] (OldTimer Tools)
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited)
aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2011/05/13 02:11:03 | 001,191,216 | ---- | M] (Lavasoft Limited)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2011/05/10 05:20:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
awsc.exe -> C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe -> [2011/04/29 12:11:58 | 000,994,304 | ---- | M] ()
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
 
[Modules - Safe List]
ots.exe -> C:\Users\Hegemon\Downloads\OTS.exe -> [2011/05/31 08:32:57 | 000,645,632 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll -> [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(getPlusHelper) getPlusHelper [Unknown | Stopped] ->  -> File not found
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited)
(avast! Antivirus) avast! Antivirus [Auto | Stopped] -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Stopped] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2011/04/27 03:32:55 | 000,136,360 | ---- | M] (Avira GmbH)
(AntiVirService) Avira AntiVir Guard [Auto | Stopped] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH)
(FontCache) Windows Font Cache Service [Auto | Stopped] -> C:\Windows\System32\FntCache.dll -> [2011/02/22 06:33:09 | 000,797,696 | ---- | M] (Microsoft Corporation)
(FreeAgentGoNext Service) Seagate Service [Disabled | Stopped] -> C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -> [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC)
(ioloSystemService) iolo System Service [Disabled | Stopped] -> C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -> [2009/02/06 18:16:54 | 000,712,048 | ---- | M] ()
(ioloFileInfoList) iolo FileInfoList Service [Disabled | Stopped] -> C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -> [2009/02/06 18:16:54 | 000,712,048 | ---- | M] ()
(NMSAccessU) NMSAccessU [Auto | Stopped] -> C:\Program Files\CDBurnerXP\NMSAccessU.exe -> [2007/10/12 09:34:56 | 000,071,096 | ---- | M] ()
(PSI_SVC_2) Protexis Licensing V2 [Disabled | Stopped] -> C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.)
(ProtexisLicensing) ProtexisLicensing [Auto | Stopped] -> C:\Windows\System32\PSIService.exe -> [2006/11/02 21:40:12 | 000,174,656 | ---- | M] ()
(AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [Disabled | Stopped] -> C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [2006/09/14 07:56:06 | 000,102,400 | ---- | M] ()
(Remote UI Service) Intel(R) Remoting Service [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -> [2006/09/11 16:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation)
(MCLServiceATL) Intel(R) Application Tracker [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -> [2006/09/11 16:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation)
(ISSM) Intel(R) Software Services Manager [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -> [2006/09/11 15:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation)
(AlertService) Intel(R) Alert Service [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -> [2006/09/11 15:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation)
(DQLWinService) DQLWinService [Disabled | Stopped] -> C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -> [2006/09/03 10:32:28 | 000,208,896 | ---- | M] ()
(M1 Server) Intel(R) Viiv(TM) Media Server [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -> [2006/08/31 23:47:56 | 000,026,624 | ---- | M] ()
(IntelDHSvcConf) Intel DH Service [Auto | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -> [2006/05/10 09:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation)
 
[Driver Services - Safe List]
(MBAMSwissArmy) MBAMSwissArmy [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation)
(aswSnx) aswSnx [File_System | System | Stopped] -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software)
(aswSP) aswSP [Kernel | System | Stopped] -> C:\Windows\System32\drivers\aswSP.sys -> [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software)
(aswTdi) avast! Network Shield Support [Kernel | System | Stopped] -> C:\Windows\System32\drivers\aswTdi.sys -> [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software)
(aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\System32\drivers\aswRdr.sys -> [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software)
(aswMonFlt) aswMonFlt [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2011/05/10 04:59:44 | 000,053,592 | ---- | M] (AVAST Software)
(aswFsBlk) aswFsBlk [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software)
(Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\Lbd.sys -> [2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB)
(avipbb) avipbb [Kernel | System | Stopped] -> C:\Windows\System32\drivers\avipbb.sys -> [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH)
(avgntflt) avgntflt [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\avgntflt.sys -> [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH)
(ssmdrv) ssmdrv [Kernel | System | Stopped] -> C:\Windows\System32\drivers\ssmdrv.sys -> [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH)
(SAVRKBootTasks) Boot Tasks Driver [Kernel | System | Running] -> C:\Windows\System32\SAVRKBootTasks.sys -> [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc)
(SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASDIFSV) SASDIFSV [Kernel | System | Stopped] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(60020822) 60020822 Boot Guard Driver [Kernel | Boot | Stopped] -> C:\Windows\system32\DRIVERS\60020822.sys -> [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab)
(setup_9.0.0.722_05.06.2011_20-46drv) setup_9.0.0.722_05.06.2011_20-46drv [File_System | System | Stopped] -> C:\Windows\System32\drivers\6002082.sys -> [2009/10/09 23:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab)
(60020821) 60020821 [Kernel | System | Stopped] -> C:\Windows\System32\drivers\60020821.sys -> [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab)
(avgio) avgio [Kernel | System | Stopped] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH)
(ElRawDisk) ElRawDisk [Kernel | System | Stopped] -> C:\Windows\System32\drivers\elrawdsk.sys -> [2008/12/09 15:26:50 | 000,020,392 | ---- | M] (EldoS Corporation)
(HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\HSXHWBS2.sys -> [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\HSX_DP.sys -> [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.)
(atksgt) atksgt [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\atksgt.sys -> [2008/04/02 21:38:05 | 000,278,984 | ---- | M] ()
(lirsgt) lirsgt [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\lirsgt.sys -> [2008/04/02 21:38:04 | 000,025,416 | ---- | M] ()
(XAudio) XAudio [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\XAudio.sys -> [2007/10/18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.)
(nvlddmkm) nvlddmkm [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2007/08/27 17:59:00 | 007,574,976 | ---- | M] (NVIDIA Corporation)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\e1e6032.sys -> [2007/04/13 06:22:56 | 000,228,224 | ---- | M] (Intel Corporation)
(HCW85BDA) Hauppauge WinTV 885 Video Capture [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\HCW85BDA.sys -> [2007/04/09 13:45:08 | 000,959,104 | ---- | M] (Hauppauge Computer Works)
(VSTHWBS2) VSTHWBS2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\VSTBS23.SYS -> [2006/11/02 00:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.)
(MRVW245) Linksys Wireless-N USB Network Adapter WUSB300N [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\MRVW245.sys -> [2006/09/28 09:57:04 | 000,489,216 | ---- | M] (Marvell Semiconductor, Inc)
(Ps2) Ps2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\PS2.sys -> [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> -> 
HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\: Main\\"Start Page" -> http://www.facebook.com/ -> 
HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\: Main\\"StartPageCache" ->  -> 
HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Hegemon\AppData\Roaming\Mozilla\FireFox\Profiles\rw2r8886.default\prefs.js -> 
browser.startup.homepage -> "http://www.facebook.com/" ->
extensions.enabledItems -> [email protected]:1.0.0.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->
extensions.enabledItems -> {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 ->
extensions.enabledItems -> [email protected]:1.85.20100407 ->
< FireFox Settings [User.js] > -> C:\Users\Hegemon\AppData\Roaming\Mozilla\FireFox\Profiles\rw2r8886.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15} -> C:\USERS\HEGEMON\APPDATA\LOCAL\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15} -> 
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\AVAST Software\Avast\WebRep\FF [C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF] -> [2011/05/17 10:06:59 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/05/10 05:21:18 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2011/05/15 19:34:49 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Extensions -> [2008/09/14 20:32:04 | 000,000,000 | ---D | M]
  -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/07/04 20:11:05 | 000,000,000 | ---D | M]
Zynga Community Toolbar   -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} -> [2011/05/23 22:54:56 | 000,000,000 | ---D | M]
  -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected] -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M]
  -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected] -> [2010/05/31 09:39:04 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2011/05/02 22:27:55 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/06/11 15:56:48 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/12/01 09:51:09 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} -> [2011/01/24 10:34:44 | 000,000,000 | ---D | M]
No name found ->  -> File not found
avast! WebRep -> C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF -> [2011/05/17 10:06:59 | 000,000,000 | ---D | M]
IE Tab + -> C:\USERS\HEGEMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RW2R8886.DEFAULT\EXTENSIONS\[email protected] -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M]
Ancestry.com Advanced Image Viewer -> C:\USERS\HEGEMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RW2R8886.DEFAULT\EXTENSIONS\[email protected] -> [2010/05/31 09:39:04 | 000,000,000 | ---D | M]
< FireFox Plugins [Program Folders] > -> 
 npImgCtl.dll -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected]\plugins\npImgCtl.dll -> [2009/01/07 13:46:34 | 000,200,704 | ---- | M] (Ancestry.com)
< HOSTS File > ([2011/06/05 10:05:23 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\System32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2011/01/21 13:43:07 | 000,061,888 | ---- | M] (Adobe Systems Incorporated)
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/05/10 05:10:54 | 000,819,840 | ---- | M] (AVAST Software)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/05/10 05:10:54 | 000,819,840 | ---- | M] (AVAST Software)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Photo Downloader" -> C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"] -> [2006/09/14 07:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated)
"avast" -> C:\Program Files\AVAST Software\Avast\avastUI.exe ["C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui] -> [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software)
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH)
"Malwarebytes' Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation)
"MaxMenuMgr" -> C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe ["C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"] -> [2009/05/01 14:35:10 | 000,185,640 | ---- | M] (Seagate LLC)
"Symantec PIF AlertEng" ->  ["C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"] -> File not found
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"GrpConv" -> C:\Windows\System32\grpconv.exe [grpconv -o] -> [2006/11/02 02:45:12 | 000,016,896 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2011/05/23 08:00:06 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com)
< Software Policy Settings [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HideSCAHealth" ->  [1] -> File not found
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HideSCAHealth" ->  [1] -> File not found
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/04/29 11:47:18 | 003,600,384 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/04/29 11:47:18 | 003,600,384 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/04/29 11:47:18 | 003,600,384 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel ->  [res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
www_oovoo.com [https] -> Trusted sites -> 
rhap-app-4-0_real.com [https] -> Trusted sites -> 
rhapreg_real.com [https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{049A470D-F818-4E34-B14D-E4E237DADCF8} [HKLM] -> http://www.shockwave.com/content/fashiondash/sis/fashiondashweb.1.0.0.21.cab [CPlayFirstFashionDasControl Object] -> 
{055B4212-4C81-448E-AFA9-C3CA4AAE8F95} [HKLM] -> http://www.shockwave.com/content/dairydash/sis/DairyDashWeb.1.0.0.12.cab [CPlayFirstDairyDashWControl Object] -> 
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] -> 
{21BB8360-F943-447E-98F3-3C22345375A7} [HKLM] -> http://www.shockwave.com/content/chocolatier/sis/ChocolatierWeb.1.0.0.13.cab [CPlayFirstChocolatierControl Object] -> 
{26B2A5DA-BFD6-422F-A89A-28A54C74B12B} [HKLM] -> http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab [Photo Upload Plugin Class] -> 
{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://www.costcophotocenter.com/CostcoActivia.cab [Snapfish Activia] -> 
{44990B00-3C9D-426D-81DF-AAB636FA4345} [HKLM] -> https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab [Symantec Configuration Class] -> 
{459E93B6-150E-45D5-8D4B-45C66FC035FE} [HKLM] -> http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx [Reg Error: Key error.] -> 
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab [Reg Error: Key error.] -> 
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [HKLM] -> http://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab [Image Uploader Control] -> 
{6F15128C-E66A-490C-B848-5000B5ABEEAC} [HKLM] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab [HP Download Manager] -> 
{74EF5274-F439-2168-B543-14745B625C72} [HKLM] -> http://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab [CPlayFirstWeddingDasControl Object] -> 
{8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Facebook Photo Uploader 5 Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> 
{A1662FB6-39BE-41BB-ACDC-0448FB1B5817} [HKLM] -> http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab [Photo Upload Plugin Class] -> 
{B516CA4E-A5BA-405C-AFCF-A97F08CC7429} [HKLM] -> http://www.shockwave.com/content/burgershop/sis/EggoKitchen/GoBitGamesPlayer_v5.cab [GoBit Games Player] -> 
{C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} [HKLM] -> http://www.shockwave.com/content/petshophop/sis/petshophopweb.1.0.0.17.cab [CPlayFirstPetShopHopControl Object] -> 
{C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} [HKLM] -> http://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab [GameTap Web Updater] -> 
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> 
{D54160C3-DB7B-4534-9B65-190EE4A9C7F7} [HKLM] -> http://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab [SproutLauncherCtrl Class] -> 
{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab [Facebook Photo Uploader 4] -> 
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [HKLM] -> http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab [Reg Error: Key error.] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
{E93E9DF0-3E59-4331-A269-F1E077C66F00} [HKLM] -> http://cnn-5.vo.llnwd.net/c1/static/client/browserplayer/gtplugin.cab [Reg Error: Key error.] -> 
{EFD1E13D-1CB3-4545-B754-CA410FE7734F} [HKLM] -> http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab? [Photo Upload Plugin Class] -> 
{FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} [HKLM] -> http://www.shockwave.com/content/chocolatierdecadence/sis/Chocolatier3Web.1.0.0.6.cab [CPlayFirstChocolatieControl Object] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{57F6B19F-1831-46AA-BB54-2AC85578153C}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12   (Linksys Wireless-N USB Network Adapter WUSB300N) -> 
{A08F0F5B-3FBA-4925-A9AB-426258AF9CB3}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12   (Linksys Wireless-N USB Network Adapter WUSB300N) -> 
{AE2CABB7-2FEA-4E51-AD14-E22CD361C404}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12   (Linksys Wireless-N USB Network Adapter WUSB300N) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" ->  [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\autoexec.bat [ NTFS ] -> [2007/06/23 11:46:47 | 000,000,074 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001_Classes\<key>\shell\[command]\command -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>\ -> 
.exe [@ = exefile] -> "C:\Windows\system32\config\systemprofile\AppData\Local\rpf.exe" -a "%1" %* -> 
.exe [@ = exefile] -> "C:\Windows\system32\config\systemprofile\AppData\Local\rpf.exe" -a "%1" %* -> 
.com [@ = ComFile] -> Reg Error: Key error. -> File not found
 
 
[Files/Folders - Created Within 30 Days]
 RK_Quarantine -> C:\Users\Hegemon\Desktop\RK_Quarantine -> [2011/06/05 17:16:32 | 000,000,000 | ---D | C]
 Kaspersky Lab -> C:\ProgramData\Kaspersky Lab -> [2011/06/05 10:22:29 | 000,000,000 | ---D | C]
 6002082.sys -> C:\Windows\System32\drivers\6002082.sys -> [2011/06/05 10:21:59 | 000,311,312 | ---- | C] (Kaspersky Lab)
 60020821.sys -> C:\Windows\System32\drivers\60020821.sys -> [2011/06/05 10:21:59 | 000,128,016 | ---- | C] (Kaspersky Lab)
 60020822.sys -> C:\Windows\System32\drivers\60020822.sys -> [2011/06/05 10:21:59 | 000,037,392 | ---- | C] (Kaspersky Lab)
 Virus Removal Tool -> C:\Users\Hegemon\Desktop\Virus Removal Tool -> [2011/06/05 10:21:59 | 000,000,000 | ---D | C]
 temp -> C:\Windows\temp -> [2011/06/05 10:06:31 | 000,000,000 | ---D | C]
 temp -> C:\Users\Hegemon\AppData\Local\temp -> [2011/06/05 10:06:30 | 000,000,000 | ---D | C]
 $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2011/06/05 10:06:08 | 000,000,000 | -HSD | C]
 SWREG.exe -> C:\Windows\SWREG.exe -> [2011/06/05 09:53:48 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\Windows\SWSC.exe -> [2011/06/05 09:53:48 | 000,406,528 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2011/06/05 09:53:48 | 000,060,416 | ---- | C] (NirSoft)
 ERDNT -> C:\Windows\ERDNT -> [2011/06/05 09:51:53 | 000,000,000 | ---D | C]
 Qoobox -> C:\Qoobox -> [2011/06/05 06:47:26 | 000,000,000 | ---D | C]
 _OTL -> C:\_OTL -> [2011/06/03 23:00:57 | 000,000,000 | ---D | C]
 SAVRKBootTasks.sys -> C:\Windows\System32\SAVRKBootTasks.sys -> [2011/05/31 19:35:39 | 000,018,816 | ---- | C] (Sophos Plc)
 Sophos -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos -> [2011/05/31 11:00:41 | 000,000,000 | ---D | C]
 Sophos -> C:\Program Files\Sophos -> [2011/05/31 11:00:39 | 000,000,000 | ---D | C]
 WindowsSearch -> C:\ProgramData\WindowsSearch -> [2011/05/28 08:48:19 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\Users\Hegemon\AppData\Roaming\SUPERAntiSpyware.com -> [2011/05/28 06:46:51 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2011/05/28 06:46:51 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware -> [2011/05/28 06:46:16 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2011/05/28 06:46:13 | 000,000,000 | ---D | C]
 Lbd.sys -> C:\Windows\System32\drivers\Lbd.sys -> [2011/05/26 18:55:14 | 000,064,512 | ---- | C] (Lavasoft AB)
 Lavasoft -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft -> [2011/05/26 18:55:09 | 000,000,000 | ---D | C]
 Lavasoft -> C:\Program Files\Lavasoft -> [2011/05/26 18:55:09 | 000,000,000 | ---D | C]
 NEWORLEANS -> C:\Users\Hegemon\Desktop\NEWORLEANS -> [2011/05/19 22:59:36 | 000,000,000 | ---D | C]
 New Folder -> C:\Users\Hegemon\Desktop\New Folder -> [2011/05/19 09:24:31 | 000,000,000 | ---D | C]
 CONEXANT -> C:\Program Files\CONEXANT -> [2011/05/17 11:59:33 | 000,000,000 | ---D | C]
 avast! Free Antivirus -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus -> [2011/05/17 10:07:26 | 000,000,000 | ---D | C]
 aswSnx.sys -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/05/17 10:07:24 | 000,441,176 | ---- | C] (AVAST Software)
 avastSS.scr -> C:\Windows\avastSS.scr -> [2011/05/17 10:06:50 | 000,040,112 | ---- | C] (AVAST Software)
 AVAST Software -> C:\Program Files\AVAST Software -> [2011/05/17 10:06:31 | 000,000,000 | ---D | C]
 AVAST Software -> C:\ProgramData\AVAST Software -> [2011/05/17 10:05:58 | 000,000,000 | ---D | C]
 OEM Links -> C:\ProgramData\OEM Links -> [2011/05/16 07:46:33 | 000,000,000 | ---D | C]
 MicroWorld -> C:\ProgramData\MicroWorld -> [2011/05/16 07:46:32 | 000,000,000 | ---D | C]
 killproc.exe -> C:\Windows\killproc.exe -> [2011/05/16 07:46:27 | 000,145,928 | ---- | C] (MicroWorld Technologies Inc.)
 contf64.dll -> C:\Windows\System32\contf64.dll -> [2011/05/16 07:46:06 | 002,161,672 | ---- | C] (MicroWorld Technologies Inc.)
 contfilt.dll -> C:\Windows\System32\contfilt.dll -> [2011/05/16 07:46:06 | 001,792,520 | ---- | C] (MicroWorld Technologies Inc.)
 mwnsp64.dll -> C:\Windows\System32\mwnsp64.dll -> [2011/05/16 07:46:06 | 000,221,704 | ---- | C] (MicroWorld Technologies Inc.)
 mwnsp.dll -> C:\Windows\System32\mwnsp.dll -> [2011/05/16 07:46:06 | 000,186,888 | ---- | C] (MicroWorld Technologies Inc.)
 mwtsp64.dll -> C:\Windows\System32\mwtsp64.dll -> [2011/05/16 07:46:05 | 000,687,624 | ---- | C] (MicroWorld Technologies Inc.)
 mwtsp.dll -> C:\Windows\System32\mwtsp.dll -> [2011/05/16 07:46:05 | 000,580,104 | ---- | C] (MicroWorld Technologies Inc.)
 inst_tspx.exe -> C:\Windows\inst_tspx.exe -> [2011/05/16 07:46:05 | 000,249,352 | ---- | C] (MicroWorld Technologies Inc.)
 inst_tsp.exe -> C:\Windows\inst_tsp.exe -> [2011/05/16 07:46:05 | 000,174,600 | ---- | C] (MicroWorld Technologies Inc.)
 ZIPDLL.DLL -> C:\Windows\System32\ZIPDLL.DLL -> [2011/05/16 07:46:05 | 000,137,224 | ---- | C] (MWTI)
 UNZDLL.DLL -> C:\Windows\System32\UNZDLL.DLL -> [2011/05/16 07:46:05 | 000,132,104 | ---- | C] (MWTI)
 MicroWorld -> C:\Program Files\Common Files\MicroWorld -> [2011/05/16 07:46:03 | 000,000,000 | ---D | C]
 eScan -> C:\Program Files\eScan -> [2011/05/16 07:46:03 | 000,000,000 | ---D | C]
 iwn2k3ek.exe -> C:\Users\Hegemon\Desktop\iwn2k3ek.exe -> [2011/05/16 07:45:44 | 149,100,720 | ---- | C] (MicroWorld Technologies Inc.                                )
 Malwarebytes -> C:\Users\Hegemon\AppData\Roaming\Malwarebytes -> [2011/05/16 07:19:37 | 000,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/16 07:19:30 | 000,039,984 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/05/16 07:19:30 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/05/16 07:19:29 | 000,000,000 | ---D | C]
 mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/05/16 07:19:27 | 000,022,712 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2011/05/16 07:19:27 | 000,000,000 | ---D | C]
 CCleaner.exe -> C:\Users\Hegemon\Desktop\CCleaner.exe -> [2011/05/15 16:12:09 | 001,578,736 | ---- | C] (Piriform Ltd)
 Lang -> C:\Users\Hegemon\Desktop\Lang -> [2011/05/15 16:11:59 | 000,000,000 | ---D | C]
 Avira -> C:\Users\Hegemon\AppData\Roaming\Avira -> [2011/05/14 12:29:04 | 000,000,000 | ---D | C]
 HORSECAMP -> C:\Users\Hegemon\Desktop\HORSECAMP -> [2011/05/07 08:16:26 | 000,000,000 | ---D | C]
 
[Files/Folders - Modified Within 30 Days]
 avptool_sysinfo.zip - Shortcut.lnk -> C:\Users\Hegemon\Desktop\avptool_sysinfo.zip - Shortcut.lnk -> [2011/06/05 13:11:18 | 000,000,925 | ---- | M] ()
 setup_9.0.0.722_05.06.2011_20-46.lnk -> C:\Users\Hegemon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_05.06.2011_20-46.lnk -> [2011/06/05 10:22:29 | 000,002,169 | ---- | M] ()
 OTS.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\OTS.exe - Shortcut.lnk -> [2011/06/05 10:14:41 | 000,000,517 | ---- | M] ()
 perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2011/06/05 10:14:16 | 000,603,516 | ---- | M] ()
 perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2011/06/05 10:14:16 | 000,103,586 | ---- | M] ()
 Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2011/06/05 10:11:35 | 000,000,384 | ---- | M] ()
 rp_stats.dat -> C:\Windows\System32\rp_stats.dat -> [2011/06/05 10:11:27 | 000,000,064 | ---- | M] ()
 rp_rules.dat -> C:\Windows\System32\rp_rules.dat -> [2011/06/05 10:11:27 | 000,000,044 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2011/06/05 10:10:02 | 000,067,584 | --S- | M] ()
 temppf.sys -> C:\Windows\System32\temppf.sys -> [2011/06/05 10:09:53 | 268,435,456 | -HS- | M] ()
 hosts -> C:\Windows\System32\drivers\etc\hosts -> [2011/06/05 10:05:23 | 000,000,027 | ---- | M] ()
 ComboFix.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\ComboFix.exe - Shortcut.lnk -> [2011/06/05 09:54:10 | 000,000,548 | ---- | M] ()
 MBR.dat -> C:\Users\Hegemon\Desktop\MBR.dat -> [2011/06/04 18:04:05 | 000,000,512 | ---- | M] ()
 aswMBR.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\aswMBR.exe - Shortcut.lnk -> [2011/06/04 18:02:03 | 000,000,536 | ---- | M] ()
 MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/06/04 17:42:35 | 195,192,043 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/04 17:15:27 | 000,003,568 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/04 17:15:27 | 000,003,568 | -H-- | M] ()
 mcs.rma -> C:\Users\Hegemon\AppData\Roaming\mcs.rma -> [2011/06/02 11:32:06 | 000,870,128 | ---- | M] ()
 F20116 -> C:\Users\Hegemon\AppData\Roaming\F20116 -> [2011/06/02 11:32:06 | 000,000,004 | ---- | M] ()
 vs.jpg -> C:\Users\Hegemon\Desktop\vs.jpg -> [2011/05/31 21:10:01 | 003,295,350 | ---- | M] ()
 thug.jpg -> C:\Users\Hegemon\Desktop\thug.jpg -> [2011/05/31 20:57:50 | 000,783,393 | ---- | M] ()
 SPIKE.jpg -> C:\Users\Hegemon\Desktop\SPIKE.jpg -> [2011/05/31 20:50:13 | 001,295,450 | ---- | M] ()
 ntuser.pol -> C:\ProgramData\ntuser.pol -> [2011/05/29 10:12:43 | 000,000,258 | RHS- | M] ()
 mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation)
 SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2011/05/28 06:46:16 | 000,001,802 | ---- | M] ()
 Windows Media Player.lnk -> C:\Users\Hegemon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> [2011/05/28 05:01:13 | 000,000,940 | ---- | M] ()
 lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2011/05/26 18:57:26 | 000,016,432 | ---- | M] ()
 Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2011/05/26 18:55:15 | 000,000,939 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Hegemon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/05/22 17:57:27 | 000,047,104 | ---- | M] ()
 avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2011/05/17 10:07:26 | 000,001,831 | ---- | M] ()
 config.nt -> C:\Windows\System32\config.nt -> [2011/05/17 10:07:23 | 000,002,577 | ---- | M] ()
 d3d9caps.dat -> C:\Users\Hegemon\AppData\Local\d3d9caps.dat -> [2011/05/17 09:57:32 | 000,000,680 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/05/16 22:15:22 | 000,000,908 | ---- | M] ()
 Win.Bak.Ini -> C:\Windows\Win.Bak.Ini -> [2011/05/16 07:50:00 | 000,002,141 | ---- | M] ()
 winsbak2.reg -> C:\Windows\winsbak2.reg -> [2011/05/16 07:46:49 | 000,194,492 | ---- | M] ()
 winsbak.reg -> C:\Windows\winsbak.reg -> [2011/05/16 07:46:49 | 000,023,946 | ---- | M] ()
 iwn2k3ek.exe -> C:\Users\Hegemon\Desktop\iwn2k3ek.exe -> [2011/05/16 07:08:06 | 149,100,720 | ---- | M] (MicroWorld Technologies Inc.                                )
 EE64.B7F -> C:\Users\Hegemon\AppData\Roaming\EE64.B7F -> [2011/05/15 20:21:19 | 000,009,177 | ---- | M] ()
 ODBCINST.INI -> C:\Windows\ODBCINST.INI -> [2011/05/15 19:29:30 | 000,000,209 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2011/05/11 20:26:13 | 000,377,984 | ---- | M] ()
 avastSS.scr -> C:\Windows\avastSS.scr -> [2011/05/10 05:10:59 | 000,040,112 | ---- | M] (AVAST Software)
 aswBoot.exe -> C:\Windows\System32\aswBoot.exe -> [2011/05/10 05:10:55 | 000,199,304 | ---- | M] (AVAST Software)
 aswSnx.sys -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software)
 aswSP.sys -> C:\Windows\System32\drivers\aswSP.sys -> [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software)
 aswTdi.sys -> C:\Windows\System32\drivers\aswTdi.sys -> [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software)
 aswRdr.sys -> C:\Windows\System32\drivers\aswRdr.sys -> [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software)
 aswMonFlt.sys -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2011/05/10 04:59:44 | 000,053,592 | ---- | M] (AVAST Software)
 aswFsBlk.sys -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software)
 
[Files - No Company Name]
 avptool_sysinfo.zip - Shortcut.lnk -> C:\Users\Hegemon\Desktop\avptool_sysinfo.zip - Shortcut.lnk -> [2011/06/05 13:11:18 | 000,000,925 | ---- | C] ()
 setup_9.0.0.722_05.06.2011_20-46.lnk -> C:\Users\Hegemon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_05.06.2011_20-46.lnk -> [2011/06/05 10:22:29 | 000,002,169 | ---- | C] ()
 OTS.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\OTS.exe - Shortcut.lnk -> [2011/06/05 10:14:41 | 000,000,517 | ---- | C] ()
 ComboFix.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\ComboFix.exe - Shortcut.lnk -> [2011/06/05 09:54:10 | 000,000,548 | ---- | C] ()
 PEV.exe -> C:\Windows\PEV.exe -> [2011/06/05 09:53:48 | 000,256,512 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2011/06/05 09:53:48 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2011/06/05 09:53:48 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2011/06/05 09:53:48 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2011/06/05 09:53:48 | 000,068,096 | ---- | C] ()
 aswMBR.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\aswMBR.exe - Shortcut.lnk -> [2011/06/04 18:02:03 | 000,000,536 | ---- | C] ()
 temppf.sys -> C:\Windows\System32\temppf.sys -> [2011/06/04 17:59:06 | 268,435,456 | -HS- | C] ()
 MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/06/04 17:42:35 | 195,192,043 | ---- | C] ()
 MBR.dat -> C:\Users\Hegemon\Desktop\MBR.dat -> [2011/06/03 23:18:04 | 000,000,512 | ---- | C] ()
 Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2011/06/02 08:39:51 | 000,000,384 | ---- | C] ()
 vs.jpg -> C:\Users\Hegemon\Desktop\vs.jpg -> [2011/05/31 21:09:59 | 003,295,350 | ---- | C] ()
 thug.jpg -> C:\Users\Hegemon\Desktop\thug.jpg -> [2011/05/31 20:57:50 | 000,783,393 | ---- | C] ()
 SPIKE.jpg -> C:\Users\Hegemon\Desktop\SPIKE.jpg -> [2011/05/31 20:50:12 | 001,295,450 | ---- | C] ()
 ntuser.pol -> C:\ProgramData\ntuser.pol -> [2011/05/29 10:12:43 | 000,000,258 | RHS- | C] ()
 SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2011/05/28 06:46:16 | 000,001,802 | ---- | C] ()
 Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2011/05/26 18:55:15 | 000,000,939 | ---- | C] ()
 avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2011/05/17 10:07:26 | 000,001,831 | ---- | C] ()
 d3d9caps.dat -> C:\Users\Hegemon\AppData\Local\d3d9caps.dat -> [2011/05/17 09:57:32 | 000,000,680 | ---- | C] ()
 winsbak2.reg -> C:\Windows\winsbak2.reg -> [2011/05/16 07:46:49 | 000,194,492 | ---- | C] ()
 winsbak.reg -> C:\Windows\winsbak.reg -> [2011/05/16 07:46:49 | 000,023,946 | ---- | C] ()
 wget.exe -> C:\Windows\System32\wget.exe -> [2011/05/16 07:46:04 | 000,338,176 | ---- | C] ()
 curl.exe -> C:\Windows\System32\curl.exe -> [2011/05/16 07:46:04 | 000,293,896 | ---- | C] ()
 unrar.dll -> C:\Windows\System32\unrar.dll -> [2011/05/16 07:46:04 | 000,172,040 | ---- | C] ()
 Win.Bak.Ini -> C:\Windows\Win.Bak.Ini -> [2011/05/16 07:45:56 | 000,002,141 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/05/16 07:19:30 | 000,000,908 | ---- | C] ()
 EE64.B7F -> C:\Users\Hegemon\AppData\Roaming\EE64.B7F -> [2011/05/14 12:23:18 | 000,009,177 | ---- | C] ()
 Mozilla Firefox.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> [2011/05/10 05:21:31 | 000,000,860 | ---- | C] ()
 rp_stats.dat -> C:\Windows\System32\rp_stats.dat -> [2011/05/08 10:07:30 | 000,000,064 | ---- | C] ()
 rp_rules.dat -> C:\Windows\System32\rp_rules.dat -> [2011/05/08 10:07:30 | 000,000,044 | ---- | C] ()
 lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2010/12/26 14:30:47 | 000,016,432 | ---- | C] ()
 HPHins15.dat -> C:\Windows\HPHins15.dat -> [2010/05/12 09:45:50 | 000,121,318 | ---- | C] ()
 hphmdl15.dat -> C:\Windows\hphmdl15.dat -> [2010/05/12 09:45:50 | 000,002,885 | ---- | C] ()
 hpwscr14.dat -> C:\Windows\hpwscr14.dat -> [2010/01/04 12:43:49 | 000,012,858 | ---- | C] ()
 hpwins14.dat -> C:\Windows\hpwins14.dat -> [2010/01/04 12:30:00 | 000,179,441 | ---- | C] ()
 hpwmdl14.dat -> C:\Windows\hpwmdl14.dat -> [2010/01/04 12:30:00 | 000,001,108 | ---- | C] ()
 cdplayer.ini -> C:\Windows\cdplayer.ini -> [2010/01/02 15:45:52 | 000,001,056 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/12/16 22:51:22 | 000,008,192 | ---- | C] ()
 SIntfNT.dll -> C:\Windows\System32\SIntfNT.dll -> [2009/12/08 20:05:57 | 000,021,840 | ---- | C] ()
 SIntf32.dll -> C:\Windows\System32\SIntf32.dll -> [2009/12/08 20:05:57 | 000,017,212 | ---- | C] ()
 SIntf16.dll -> C:\Windows\System32\SIntf16.dll -> [2009/12/08 20:05:57 | 000,012,067 | ---- | C] ()
 StructuredQuerySchema.bin -> C:\Windows\System32\StructuredQuerySchema.bin -> [2009/12/05 10:26:36 | 000,107,612 | ---- | C] ()
 EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/12/05 10:26:35 | 000,117,248 | ---- | C] ()
 .zreglib -> C:\ProgramData\.zreglib -> [2009/12/04 20:16:26 | 000,000,040 | -HS- | C] ()
 KGyGaAvL.sys -> C:\ProgramData\KGyGaAvL.sys -> [2009/11/17 00:16:58 | 000,000,952 | -HS- | C] ()
 D1CEAE08F7.sys -> C:\ProgramData\D1CEAE08F7.sys -> [2009/11/17 00:16:58 | 000,000,088 | RHS- | C] ()
 Incinerator.dll -> C:\Windows\System32\Incinerator.dll -> [2009/11/07 21:25:10 | 000,933,208 | ---- | C] ()
 mfc45.dll -> C:\Windows\System32\mfc45.dll -> [2009/11/07 21:24:08 | 000,074,703 | ---- | C] ()
 StructuredQuerySchemaTrivial.bin -> C:\Windows\System32\StructuredQuerySchemaTrivial.bin -> [2009/05/28 10:09:29 | 000,018,904 | ---- | C] ()
 wklnhst.dat -> C:\Users\Hegemon\AppData\Roaming\wklnhst.dat -> [2009/05/11 11:06:12 | 000,000,000 | ---- | C] ()
 hash.dat -> C:\ProgramData\hash.dat -> [2009/04/11 10:44:34 | 000,000,032 | R--- | C] ()
 F20116 -> C:\Users\Hegemon\AppData\Roaming\F20116 -> [2009/03/15 18:57:23 | 000,000,004 | ---- | C] ()
 mcs.rma -> C:\Users\Hegemon\AppData\Roaming\mcs.rma -> [2009/03/15 18:57:22 | 000,870,128 | ---- | C] ()
 yukon.ini -> C:\Windows\yukon.ini -> [2008/10/03 21:47:14 | 000,000,446 | ---- | C] ()
 iPlayer.INI -> C:\Windows\iPlayer.INI -> [2008/04/07 18:13:38 | 000,000,000 | ---- | C] ()
 atksgt.sys -> C:\Windows\System32\drivers\atksgt.sys -> [2008/04/02 21:38:05 | 000,278,984 | ---- | C] ()
 lirsgt.sys -> C:\Windows\System32\drivers\lirsgt.sys -> [2008/04/02 21:38:04 | 000,025,416 | ---- | C] ()
 D1CEAE08F7.sys -> C:\Windows\System32\D1CEAE08F7.sys -> [2008/02/28 21:33:36 | 000,000,088 | RHS- | C] ()
 KGyGaAvL.sys -> C:\Windows\System32\KGyGaAvL.sys -> [2008/02/28 21:33:35 | 000,000,952 | -HS- | C] ()
 d3dx.dat -> C:\Windows\d3dx.dat -> [2007/11/16 21:13:29 | 000,004,096 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Hegemon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2007/11/15 21:08:47 | 000,047,104 | ---- | C] ()
 AVSDVDPlayer.m3u -> C:\Users\Hegemon\AppData\Roaming\AVSDVDPlayer.m3u -> [2007/08/28 19:38:21 | 000,000,000 | ---- | C] ()
 xvidcore.dll -> C:\Windows\System32\xvidcore.dll -> [2007/08/28 19:30:47 | 000,524,288 | ---- | C] ()
 xvidvfw.dll -> C:\Windows\System32\xvidvfw.dll -> [2007/08/28 19:30:47 | 000,139,264 | ---- | C] ()
 SI.bin -> C:\Windows\System32\SI.bin -> [2007/08/25 21:41:11 | 000,000,001 | ---- | C] ()
 nsreg.dat -> C:\Windows\nsreg.dat -> [2007/08/25 18:30:26 | 000,000,335 | ---- | C] ()
 ODBCINST.INI -> C:\Windows\ODBCINST.INI -> [2007/08/13 23:28:07 | 000,000,209 | ---- | C] ()
 WLAN.INI -> C:\Windows\System32\WLAN.INI -> [2007/08/13 20:37:57 | 000,000,859 | ---- | C] ()
 hpqins13.dat -> C:\Windows\hpqins13.dat -> [2007/06/23 11:39:04 | 000,103,521 | ---- | C] ()
 hcwxds.dll -> C:\Windows\System32\hcwxds.dll -> [2007/06/23 11:30:18 | 000,066,048 | ---- | C] ()
 OsdRemove.exe -> C:\Windows\System32\OsdRemove.exe -> [2007/06/23 11:22:39 | 000,061,440 | ---- | C] ()
 pythoncom24.dll -> C:\Windows\System32\pythoncom24.dll -> [2007/06/23 11:19:53 | 000,327,680 | ---- | C] ()
 pywintypes24.dll -> C:\Windows\System32\pywintypes24.dll -> [2007/06/23 11:19:53 | 000,102,400 | ---- | C] ()
 px.ini -> C:\Windows\System32\px.ini -> [2007/03/06 01:47:24 | 000,000,000 | ---- | C] ()
 CddbPlaylist2Roxio.dll -> C:\Windows\System32\CddbPlaylist2Roxio.dll -> [2007/01/12 07:07:48 | 000,520,192 | ---- | C] ()
 CddbFileTaggerRoxio.dll -> C:\Windows\System32\CddbFileTaggerRoxio.dll -> [2007/01/12 07:07:48 | 000,204,800 | ---- | C] ()
 PSIService.exe -> C:\Windows\System32\PSIService.exe -> [2006/11/02 21:40:12 | 000,174,656 | ---- | C] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2006/11/02 05:57:28 | 000,067,584 | --S- | C] ()
 FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2006/11/02 05:47:37 | 000,377,984 | ---- | C] ()
 sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 05:35:32 | 000,005,632 | ---- | C] ()
 perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2006/11/02 03:33:01 | 000,603,516 | ---- | C] ()
 perfi009.dat -> C:\Windows\System32\perfi009.dat -> [2006/11/02 03:33:01 | 000,287,440 | ---- | C] ()
 perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2006/11/02 03:33:01 | 000,103,586 | ---- | C] ()
 perfd009.dat -> C:\Windows\System32\perfd009.dat -> [2006/11/02 03:33:01 | 000,030,674 | ---- | C] ()
 dssec.dat -> C:\Windows\System32\dssec.dat -> [2006/11/02 03:23:21 | 000,215,943 | ---- | C] ()
 mib.bin -> C:\Windows\mib.bin -> [2006/11/02 01:58:30 | 000,043,131 | ---- | C] ()
 NOISE.DAT -> C:\Windows\System32\NOISE.DAT -> [2006/11/02 01:19:00 | 000,000,741 | ---- | C] ()
 pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 00:40:29 | 000,013,750 | ---- | C] ()
 mlang.dat -> C:\Windows\System32\mlang.dat -> [2006/11/02 00:25:31 | 000,673,088 | ---- | C] ()
 secdrv.sys -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/01 23:37:21 | 000,011,376 | ---- | C] ()
 cpuinf32.dll -> C:\Windows\System32\cpuinf32.dll -> [2006/06/23 10:09:34 | 000,019,968 | R--- | C] ()
 EyeCand3.INI -> C:\Windows\EyeCand3.INI -> [2001/07/13 07:04:00 | 000,373,248 | ---- | C] ()
 iyvu9_32.dll -> C:\Windows\System32\iyvu9_32.dll -> [1997/06/13 19:56:08 | 000,056,832 | ---- | C] ()
 
[File - Lop Check]
 1morebee -> C:\Users\Hegemon\AppData\Roaming\1morebee -> [2010/03/11 23:53:59 | 000,000,000 | ---D | M]
 acccore -> C:\Users\Hegemon\AppData\Roaming\acccore -> [2011/03/22 19:27:11 | 000,000,000 | ---D | M]
 Anthropics -> C:\Users\Hegemon\AppData\Roaming\Anthropics -> [2010/06/09 21:59:02 | 000,000,000 | ---D | M]
 EleFun Games -> C:\Users\Hegemon\AppData\Roaming\EleFun Games -> [2010/02/14 23:18:53 | 000,000,000 | ---D | M]
 freshgames -> C:\Users\Hegemon\AppData\Roaming\freshgames -> [2010/06/18 09:16:33 | 000,000,000 | ---D | M]
 Gaijin Ent -> C:\Users\Hegemon\AppData\Roaming\Gaijin Ent -> [2008/10/12 20:11:06 | 000,000,000 | ---D | M]
 Gamelab -> C:\Users\Hegemon\AppData\Roaming\Gamelab -> [2010/04/29 16:26:42 | 000,000,000 | ---D | M]
 GetRightToGo -> C:\Users\Hegemon\AppData\Roaming\GetRightToGo -> [2010/06/02 09:50:42 | 000,000,000 | ---D | M]
 iolo -> C:\Users\Hegemon\AppData\Roaming\iolo -> [2009/11/07 21:24:03 | 000,000,000 | ---D | M]
 Leadertech -> C:\Users\Hegemon\AppData\Roaming\Leadertech -> [2009/08/18 21:11:50 | 000,000,000 | ---D | M]
 My Games -> C:\Users\Hegemon\AppData\Roaming\My Games -> [2010/12/28 14:19:38 | 000,000,000 | ---D | M]
 ooVoo Details -> C:\Users\Hegemon\AppData\Roaming\ooVoo Details -> [2009/04/19 00:25:18 | 000,000,000 | ---D | M]
 Opera -> C:\Users\Hegemon\AppData\Roaming\Opera -> [2008/01/06 18:54:24 | 000,000,000 | ---D | M]
 PlayFirst -> C:\Users\Hegemon\AppData\Roaming\PlayFirst -> [2011/01/13 00:25:54 | 000,000,000 | ---D | M]
 Pogo Games -> C:\Users\Hegemon\AppData\Roaming\Pogo Games -> [2010/12/12 22:37:07 | 000,000,000 | ---D | M]
 Snapfish -> C:\Users\Hegemon\AppData\Roaming\Snapfish -> [2007/12/30 18:09:27 | 000,000,000 | ---D | M]
 Template -> C:\Users\Hegemon\AppData\Roaming\Template -> [2009/05/11 11:06:13 | 000,000,000 | ---D | M]
 WinBatch -> C:\Users\Hegemon\AppData\Roaming\WinBatch -> [2010/09/07 08:19:55 | 000,000,000 | ---D | M]
 Ad-Aware Update (Weekly).job -> C:\Windows\Tasks\Ad-Aware Update (Weekly).job -> [2011/06/05 10:11:35 | 000,000,384 | ---- | M] ()
 SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2011/06/04 16:26:13 | 000,032,550 | ---- | M] ()
 
[File - Purity Scan]
 
[Custom Scans]
< MD5 Scans Start>
< %systemdrive%\VOLSNAP.INF  /md5 /s >
 volsnap.inf : MD5=E5EE5E075DAB1367001C467C70E8C580 -> C:\Windows\inf\volsnap.inf -> [2006/11/02 03:25:18 | 000,001,790 | ---- | M] ()
 volsnap.inf : MD5=E5EE5E075DAB1367001C467C70E8C580 -> C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.inf -> [2006/11/01 23:35:04 | 000,001,790 | ---- | M] ()
< %systemdrive%\VOLSNAP.INF_LOC  /md5 /s >
 volsnap.inf_loc : MD5=F040058B592FE682204B2FC15DDEAC0D -> C:\Windows\System32\DriverStore\en-US\volsnap.inf_loc -> [2006/11/02 05:41:18 | 000,000,198 | ---- | M] ()
 volsnap.inf_loc : MD5=F040058B592FE682204B2FC15DDEAC0D -> C:\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_112c68f98452eff6\volsnap.inf_loc -> [2006/11/02 05:41:18 | 000,000,198 | ---- | M] ()
< %systemdrive%\VOLSNAP.PNF  /md5 /s >
 volsnap.PNF : MD5=9CAA187CCD63073AD6C2ABD5254B3E61 -> C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.PNF -> [2007/08/12 18:46:46 | 000,004,940 | ---- | M] ()
 volsnap.PNF : MD5=AF3ECC6605451900858CBFCFD9434EBD -> C:\Windows\inf\volsnap.PNF -> [2007/08/12 18:46:46 | 000,004,940 | ---- | M] ()
< %systemdrive%\VOLSNAP.SYS  /md5 /s >
 volsnap.sys : MD5=11EF6C1CAEF76B685233450A126125D6 -> C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys -> [2006/11/02 02:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation)
 volsnap.sys : MD5=147281C01FCB1DF9252DE2A10D5E7093 -> C:\Windows\System32\drivers\volsnap.sys -> [2009/04/10 23:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation)
 volsnap.sys : MD5=147281C01FCB1DF9252DE2A10D5E7093 -> C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys -> [2009/04/10 23:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation)
 volsnap.sys : MD5=147281C01FCB1DF9252DE2A10D5E7093 -> C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys -> [2009/04/10 23:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation)
 volsnap.sys : MD5=327639D2EC931B057F3826A51ADC73E9 -> C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys -> [2008/01/09 10:25:05 | 000,211,000 | ---- | M] (Microsoft Corporation)
 volsnap.sys : MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -> C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys -> [2008/01/09 10:25:05 | 000,211,000 | ---- | M] (Microsoft Corporation)
 volsnap.sys : MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -> C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys -> [2008/01/09 10:25:05 | 000,211,000 | ---- | M] (Microsoft Corporation)
 volsnap.sys : MD5=D8B4A53DD2769F226B3EB374374987C9 -> C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys -> [2008/01/19 00:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation)
 volsnap.sys : MD5=D8B4A53DD2769F226B3EB374374987C9 -> C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys -> [2008/01/19 00:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation)
< %systemdrive%\VOLSNAP.SYS.MUI  /md5 /s >
 volsnap.sys.mui : MD5=2A3DEAD70397152006B4E3CED20B41C4 -> C:\Windows\System32\drivers\en-US\volsnap.sys.mui -> [2008/01/19 00:36:32 | 000,032,768 | ---- | M] (Microsoft Corporation)
 volsnap.sys.mui : MD5=2A3DEAD70397152006B4E3CED20B41C4 -> C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7b264a38bff55d35\volsnap.sys.mui -> [2008/01/19 00:36:32 | 000,032,768 | ---- | M] (Microsoft Corporation)
 volsnap.sys.mui : MD5=F9B09F7E31E49004666C9B3EB0BEBD94 -> C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_78ef883cc30a4c61\volsnap.sys.mui -> [2006/11/02 05:41:23 | 000,014,848 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
 
[Alternate Data Streams]
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F798BF2E
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:42D29305
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C4671424
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9C6A9B00
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:6371CFDB
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:BF5EAC0C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:837546C7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8F16601E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DF0F61BB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2BAAE818
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D6C31E03
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:26FE5B17
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5AEA68EE
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:AD7C3EFB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFB5119F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFD2D4A7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E23D0CEC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E4FBF8BD
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B12FF3F2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9EE2AB9
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:30759574
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:C210B4D5
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:68FB0053
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:12CF331A
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:8F84BF39
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:FB2DC8A5
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:3D857D30
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:25EFDD27
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:CBCF563D
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:261B2A7E
< End of report >


Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#19
photopony

photopony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
No Normal Mode still, and there is no option for Last Good when I am in the boot screen.
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this should get you back in now

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List] 
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YN -> "GrpConv" -> C:\Windows\System32\grpconv.exe [grpconv -o]
< File Associations - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>\
YN -> .exe [@ = exefile] -> "C:\Windows\system32\config\systemprofile\AppData\Local\rpf.exe" -a "%1" %*
YN -> .exe [@ = exefile] -> "C:\Windows\system32\config\systemprofile\AppData\Local\rpf.exe" -a "%1" %*
[Files/Folders - Created Within 30 Days] 
NY ->  New Folder -> C:\Users\Hegemon\Desktop\New Folder
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.
  • 0

#21
photopony

photopony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Okay so I ran the fix but it never gave me the ok option, it simply said that it needed to restart to fully delete the files. I tried to reboot in normal and it crashed just the same.
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Does the screen state anything when it crashes ?

Could you run OTS again please and paste the following in the scan box then press the scan button

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer /s
  • 0

#23
photopony

photopony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
No it doesn't state anything at all, it starts to go to the normal startup login screen (like user login) and then just goes black and restarts. No blue screen of death or anything, then it restarts to the black boot screen that offers me Safe Mode, Safe Mode w/Networking, and Normal Mode but no Last good or anything like that.

Windows Security Center still wont start.

Here is the report you requested. If I havent already, thank you so much for your continued support and dedication to fixing my computer! I realllllly appreciate it!


OTS logfile created on: 6/6/2011 6:34:42 PM - Run 1
OTS by OldTimer - Version 3.1.43.0     Folder = C:\Users\Hegemon\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.71 Gb Total Space | 263.43 Gb Free Space | 72.43% Space Free | Partition Type: NTFS
Drive D: | 8.90 Gb Total Space | 1.00 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HEGEMON-PC
Current User Name: Hegemon
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\Hegemon\Downloads\OTS.exe -> [2011/05/31 08:32:57 | 000,645,632 | ---- | M] (OldTimer Tools)
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited)
aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2011/05/13 02:11:03 | 001,191,216 | ---- | M] (Lavasoft Limited)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2011/05/10 05:20:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
awsc.exe -> C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe -> [2011/04/29 12:11:58 | 000,994,304 | ---- | M] ()
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
 
[Modules - Safe List]
ots.exe -> C:\Users\Hegemon\Downloads\OTS.exe -> [2011/05/31 08:32:57 | 000,645,632 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll -> [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(getPlusHelper) getPlusHelper [Unknown | Stopped] ->  -> File not found
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited)
(avast! Antivirus) avast! Antivirus [Auto | Stopped] -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Stopped] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2011/04/27 03:32:55 | 000,136,360 | ---- | M] (Avira GmbH)
(AntiVirService) Avira AntiVir Guard [Auto | Stopped] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH)
(FontCache) Windows Font Cache Service [Auto | Stopped] -> C:\Windows\System32\FntCache.dll -> [2011/02/22 06:33:09 | 000,797,696 | ---- | M] (Microsoft Corporation)
(FreeAgentGoNext Service) Seagate Service [Disabled | Stopped] -> C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -> [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC)
(ioloSystemService) iolo System Service [Disabled | Stopped] -> C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -> [2009/02/06 18:16:54 | 000,712,048 | ---- | M] ()
(ioloFileInfoList) iolo FileInfoList Service [Disabled | Stopped] -> C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -> [2009/02/06 18:16:54 | 000,712,048 | ---- | M] ()
(NMSAccessU) NMSAccessU [Auto | Stopped] -> C:\Program Files\CDBurnerXP\NMSAccessU.exe -> [2007/10/12 09:34:56 | 000,071,096 | ---- | M] ()
(PSI_SVC_2) Protexis Licensing V2 [Disabled | Stopped] -> C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.)
(ProtexisLicensing) ProtexisLicensing [Auto | Stopped] -> C:\Windows\System32\PSIService.exe -> [2006/11/02 21:40:12 | 000,174,656 | ---- | M] ()
(AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [Disabled | Stopped] -> C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [2006/09/14 07:56:06 | 000,102,400 | ---- | M] ()
(Remote UI Service) Intel(R) Remoting Service [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -> [2006/09/11 16:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation)
(MCLServiceATL) Intel(R) Application Tracker [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -> [2006/09/11 16:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation)
(ISSM) Intel(R) Software Services Manager [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -> [2006/09/11 15:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation)
(AlertService) Intel(R) Alert Service [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -> [2006/09/11 15:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation)
(DQLWinService) DQLWinService [Disabled | Stopped] -> C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -> [2006/09/03 10:32:28 | 000,208,896 | ---- | M] ()
(M1 Server) Intel(R) Viiv(TM) Media Server [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -> [2006/08/31 23:47:56 | 000,026,624 | ---- | M] ()
(IntelDHSvcConf) Intel DH Service [Auto | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -> [2006/05/10 09:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation)
 
[Driver Services - Safe List]
(MBAMSwissArmy) MBAMSwissArmy [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation)
(aswSnx) aswSnx [File_System | System | Stopped] -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software)
(aswSP) aswSP [Kernel | System | Stopped] -> C:\Windows\System32\drivers\aswSP.sys -> [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software)
(aswTdi) avast! Network Shield Support [Kernel | System | Stopped] -> C:\Windows\System32\drivers\aswTdi.sys -> [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software)
(aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\System32\drivers\aswRdr.sys -> [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software)
(aswMonFlt) aswMonFlt [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2011/05/10 04:59:44 | 000,053,592 | ---- | M] (AVAST Software)
(aswFsBlk) aswFsBlk [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software)
(Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\Lbd.sys -> [2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB)
(avipbb) avipbb [Kernel | System | Stopped] -> C:\Windows\System32\drivers\avipbb.sys -> [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH)
(avgntflt) avgntflt [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\avgntflt.sys -> [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH)
(ssmdrv) ssmdrv [Kernel | System | Stopped] -> C:\Windows\System32\drivers\ssmdrv.sys -> [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH)
(SAVRKBootTasks) Boot Tasks Driver [Kernel | System | Running] -> C:\Windows\System32\SAVRKBootTasks.sys -> [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc)
(SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASDIFSV) SASDIFSV [Kernel | System | Stopped] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(avgio) avgio [Kernel | System | Stopped] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH)
(ElRawDisk) ElRawDisk [Kernel | System | Stopped] -> C:\Windows\System32\drivers\elrawdsk.sys -> [2008/12/09 15:26:50 | 000,020,392 | ---- | M] (EldoS Corporation)
(HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\HSXHWBS2.sys -> [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\HSX_DP.sys -> [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.)
(atksgt) atksgt [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\atksgt.sys -> [2008/04/02 21:38:05 | 000,278,984 | ---- | M] ()
(lirsgt) lirsgt [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\lirsgt.sys -> [2008/04/02 21:38:04 | 000,025,416 | ---- | M] ()
(XAudio) XAudio [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\XAudio.sys -> [2007/10/18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.)
(nvlddmkm) nvlddmkm [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2007/08/27 17:59:00 | 007,574,976 | ---- | M] (NVIDIA Corporation)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\e1e6032.sys -> [2007/04/13 06:22:56 | 000,228,224 | ---- | M] (Intel Corporation)
(HCW85BDA) Hauppauge WinTV 885 Video Capture [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\HCW85BDA.sys -> [2007/04/09 13:45:08 | 000,959,104 | ---- | M] (Hauppauge Computer Works)
(VSTHWBS2) VSTHWBS2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\VSTBS23.SYS -> [2006/11/02 00:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.)
(MRVW245) Linksys Wireless-N USB Network Adapter WUSB300N [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\MRVW245.sys -> [2006/09/28 09:57:04 | 000,489,216 | ---- | M] (Marvell Semiconductor, Inc)
(Ps2) Ps2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\PS2.sys -> [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> -> 
HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\: Main\\"Start Page" -> http://www.facebook.com/ -> 
HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\: Main\\"StartPageCache" ->  -> 
HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Hegemon\AppData\Roaming\Mozilla\FireFox\Profiles\rw2r8886.default\prefs.js -> 
browser.startup.homepage -> "http://www.facebook.com/" ->
extensions.enabledItems -> [email protected]:1.0.0.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->
extensions.enabledItems -> {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 ->
extensions.enabledItems -> [email protected]:1.85.20100407 ->
< FireFox Settings [User.js] > -> C:\Users\Hegemon\AppData\Roaming\Mozilla\FireFox\Profiles\rw2r8886.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15} -> C:\USERS\HEGEMON\APPDATA\LOCAL\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15} -> 
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\AVAST Software\Avast\WebRep\FF [C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF] -> [2011/05/17 10:06:59 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/05/10 05:21:18 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2011/05/15 19:34:49 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Extensions -> [2008/09/14 20:32:04 | 000,000,000 | ---D | M]
  -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/07/04 20:11:05 | 000,000,000 | ---D | M]
Zynga Community Toolbar   -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} -> [2011/05/23 22:54:56 | 000,000,000 | ---D | M]
  -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected] -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M]
  -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected] -> [2010/05/31 09:39:04 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2011/05/02 22:27:55 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/06/11 15:56:48 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/12/01 09:51:09 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} -> [2011/01/24 10:34:44 | 000,000,000 | ---D | M]
No name found ->  -> File not found
avast! WebRep -> C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF -> [2011/05/17 10:06:59 | 000,000,000 | ---D | M]
IE Tab + -> C:\USERS\HEGEMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RW2R8886.DEFAULT\EXTENSIONS\[email protected] -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M]
Ancestry.com Advanced Image Viewer -> C:\USERS\HEGEMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RW2R8886.DEFAULT\EXTENSIONS\[email protected] -> [2010/05/31 09:39:04 | 000,000,000 | ---D | M]
< FireFox Plugins [Program Folders] > -> 
 npImgCtl.dll -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected]\plugins\npImgCtl.dll -> [2009/01/07 13:46:34 | 000,200,704 | ---- | M] (Ancestry.com)
< HOSTS File > ([2011/06/05 10:05:23 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\System32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2011/01/21 13:43:07 | 000,061,888 | ---- | M] (Adobe Systems Incorporated)
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/05/10 05:10:54 | 000,819,840 | ---- | M] (AVAST Software)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/05/10 05:10:54 | 000,819,840 | ---- | M] (AVAST Software)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Photo Downloader" -> C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"] -> [2006/09/14 07:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated)
"avast" -> C:\Program Files\AVAST Software\Avast\avastUI.exe ["C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui] -> [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software)
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH)
"Malwarebytes' Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation)
"MaxMenuMgr" -> C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe ["C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"] -> [2009/05/01 14:35:10 | 000,185,640 | ---- | M] (Seagate LLC)
"Symantec PIF AlertEng" ->  ["C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"] -> File not found
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2011/05/23 08:00:06 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com)
< Software Policy Settings [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HideSCAHealth" ->  [1] -> File not found
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HideSCAHealth" ->  [1] -> File not found
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/04/29 11:47:18 | 003,600,384 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/04/29 11:47:18 | 003,600,384 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/04/29 11:47:18 | 003,600,384 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel ->  [res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
www_oovoo.com [https] -> Trusted sites -> 
rhap-app-4-0_real.com [https] -> Trusted sites -> 
rhapreg_real.com [https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{049A470D-F818-4E34-B14D-E4E237DADCF8} [HKLM] -> http://www.shockwave.com/content/fashiondash/sis/fashiondashweb.1.0.0.21.cab [CPlayFirstFashionDasControl Object] -> 
{055B4212-4C81-448E-AFA9-C3CA4AAE8F95} [HKLM] -> http://www.shockwave.com/content/dairydash/sis/DairyDashWeb.1.0.0.12.cab [CPlayFirstDairyDashWControl Object] -> 
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] -> 
{21BB8360-F943-447E-98F3-3C22345375A7} [HKLM] -> http://www.shockwave.com/content/chocolatier/sis/ChocolatierWeb.1.0.0.13.cab [CPlayFirstChocolatierControl Object] -> 
{26B2A5DA-BFD6-422F-A89A-28A54C74B12B} [HKLM] -> http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab [Photo Upload Plugin Class] -> 
{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://www.costcophotocenter.com/CostcoActivia.cab [Snapfish Activia] -> 
{44990B00-3C9D-426D-81DF-AAB636FA4345} [HKLM] -> https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab [Symantec Configuration Class] -> 
{459E93B6-150E-45D5-8D4B-45C66FC035FE} [HKLM] -> http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx [Reg Error: Key error.] -> 
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab [Reg Error: Key error.] -> 
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [HKLM] -> http://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab [Image Uploader Control] -> 
{6F15128C-E66A-490C-B848-5000B5ABEEAC} [HKLM] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab [HP Download Manager] -> 
{74EF5274-F439-2168-B543-14745B625C72} [HKLM] -> http://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab [CPlayFirstWeddingDasControl Object] -> 
{8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Facebook Photo Uploader 5 Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> 
{A1662FB6-39BE-41BB-ACDC-0448FB1B5817} [HKLM] -> http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab [Photo Upload Plugin Class] -> 
{B516CA4E-A5BA-405C-AFCF-A97F08CC7429} [HKLM] -> http://www.shockwave.com/content/burgershop/sis/EggoKitchen/GoBitGamesPlayer_v5.cab [GoBit Games Player] -> 
{C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} [HKLM] -> http://www.shockwave.com/content/petshophop/sis/petshophopweb.1.0.0.17.cab [CPlayFirstPetShopHopControl Object] -> 
{C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} [HKLM] -> http://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab [GameTap Web Updater] -> 
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> 
{D54160C3-DB7B-4534-9B65-190EE4A9C7F7} [HKLM] -> http://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab [SproutLauncherCtrl Class] -> 
{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab [Facebook Photo Uploader 4] -> 
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [HKLM] -> http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab [Reg Error: Key error.] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
{E93E9DF0-3E59-4331-A269-F1E077C66F00} [HKLM] -> http://cnn-5.vo.llnwd.net/c1/static/client/browserplayer/gtplugin.cab [Reg Error: Key error.] -> 
{EFD1E13D-1CB3-4545-B754-CA410FE7734F} [HKLM] -> http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab? [Photo Upload Plugin Class] -> 
{FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} [HKLM] -> http://www.shockwave.com/content/chocolatierdecadence/sis/Chocolatier3Web.1.0.0.6.cab [CPlayFirstChocolatieControl Object] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{57F6B19F-1831-46AA-BB54-2AC85578153C}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12   (Linksys Wireless-N USB Network Adapter WUSB300N) -> 
{A08F0F5B-3FBA-4925-A9AB-426258AF9CB3}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12   (Linksys Wireless-N USB Network Adapter WUSB300N) -> 
{AE2CABB7-2FEA-4E51-AD14-E22CD361C404}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12   (Linksys Wireless-N USB Network Adapter WUSB300N) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" ->  [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\autoexec.bat [ NTFS ] -> [2007/06/23 11:46:47 | 000,000,074 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001_Classes\<key>\shell\[command]\command -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>\ -> 
.exe [@ = exefile] -> "C:\Windows\system32\config\systemprofile\AppData\Local\rpf.exe" -a "%1" %* -> 
.exe [@ = exefile] -> "C:\Windows\system32\config\systemprofile\AppData\Local\rpf.exe" -a "%1" %* -> 
.com [@ = ComFile] -> Reg Error: Key error. -> File not found
 
 
[Files/Folders - Created Within 30 Days]
 _OTS -> C:\_OTS -> [2011/06/06 09:23:07 | 000,000,000 | ---D | C]
 RK_Quarantine -> C:\Users\Hegemon\Desktop\RK_Quarantine -> [2011/06/05 17:16:32 | 000,000,000 | ---D | C]
 Kaspersky Lab -> C:\ProgramData\Kaspersky Lab -> [2011/06/05 10:22:29 | 000,000,000 | ---D | C]
 6002082.sys -> C:\Windows\System32\drivers\6002082.sys -> [2011/06/05 10:21:59 | 000,311,312 | ---- | C] (Kaspersky Lab)
 60020821.sys -> C:\Windows\System32\drivers\60020821.sys -> [2011/06/05 10:21:59 | 000,128,016 | ---- | C] (Kaspersky Lab)
 60020822.sys -> C:\Windows\System32\drivers\60020822.sys -> [2011/06/05 10:21:59 | 000,037,392 | ---- | C] (Kaspersky Lab)
 Virus Removal Tool -> C:\Users\Hegemon\Desktop\Virus Removal Tool -> [2011/06/05 10:21:59 | 000,000,000 | ---D | C]
 temp -> C:\Windows\temp -> [2011/06/05 10:06:31 | 000,000,000 | ---D | C]
 temp -> C:\Users\Hegemon\AppData\Local\temp -> [2011/06/05 10:06:30 | 000,000,000 | ---D | C]
 $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2011/06/05 10:06:08 | 000,000,000 | -HSD | C]
 SWREG.exe -> C:\Windows\SWREG.exe -> [2011/06/05 09:53:48 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\Windows\SWSC.exe -> [2011/06/05 09:53:48 | 000,406,528 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2011/06/05 09:53:48 | 000,060,416 | ---- | C] (NirSoft)
 ERDNT -> C:\Windows\ERDNT -> [2011/06/05 09:51:53 | 000,000,000 | ---D | C]
 Qoobox -> C:\Qoobox -> [2011/06/05 06:47:26 | 000,000,000 | ---D | C]
 _OTL -> C:\_OTL -> [2011/06/03 23:00:57 | 000,000,000 | ---D | C]
 SAVRKBootTasks.sys -> C:\Windows\System32\SAVRKBootTasks.sys -> [2011/05/31 19:35:39 | 000,018,816 | ---- | C] (Sophos Plc)
 Sophos -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos -> [2011/05/31 11:00:41 | 000,000,000 | ---D | C]
 Sophos -> C:\Program Files\Sophos -> [2011/05/31 11:00:39 | 000,000,000 | ---D | C]
 WindowsSearch -> C:\ProgramData\WindowsSearch -> [2011/05/28 08:48:19 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\Users\Hegemon\AppData\Roaming\SUPERAntiSpyware.com -> [2011/05/28 06:46:51 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2011/05/28 06:46:51 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware -> [2011/05/28 06:46:16 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2011/05/28 06:46:13 | 000,000,000 | ---D | C]
 Lbd.sys -> C:\Windows\System32\drivers\Lbd.sys -> [2011/05/26 18:55:14 | 000,064,512 | ---- | C] (Lavasoft AB)
 Lavasoft -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft -> [2011/05/26 18:55:09 | 000,000,000 | ---D | C]
 Lavasoft -> C:\Program Files\Lavasoft -> [2011/05/26 18:55:09 | 000,000,000 | ---D | C]
 NEWORLEANS -> C:\Users\Hegemon\Desktop\NEWORLEANS -> [2011/05/19 22:59:36 | 000,000,000 | ---D | C]
 CONEXANT -> C:\Program Files\CONEXANT -> [2011/05/17 11:59:33 | 000,000,000 | ---D | C]
 FlashPlayerCPLApp.cpl -> C:\Windows\System32\FlashPlayerCPLApp.cpl -> [2011/05/17 11:36:54 | 000,404,640 | ---- | C] (Adobe Systems Incorporated)
 avast! Free Antivirus -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus -> [2011/05/17 10:07:26 | 000,000,000 | ---D | C]
 aswSnx.sys -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/05/17 10:07:24 | 000,441,176 | ---- | C] (AVAST Software)
 avastSS.scr -> C:\Windows\avastSS.scr -> [2011/05/17 10:06:50 | 000,040,112 | ---- | C] (AVAST Software)
 AVAST Software -> C:\Program Files\AVAST Software -> [2011/05/17 10:06:31 | 000,000,000 | ---D | C]
 AVAST Software -> C:\ProgramData\AVAST Software -> [2011/05/17 10:05:58 | 000,000,000 | ---D | C]
 OEM Links -> C:\ProgramData\OEM Links -> [2011/05/16 07:46:33 | 000,000,000 | ---D | C]
 MicroWorld -> C:\ProgramData\MicroWorld -> [2011/05/16 07:46:32 | 000,000,000 | ---D | C]
 killproc.exe -> C:\Windows\killproc.exe -> [2011/05/16 07:46:27 | 000,145,928 | ---- | C] (MicroWorld Technologies Inc.)
 contf64.dll -> C:\Windows\System32\contf64.dll -> [2011/05/16 07:46:06 | 002,161,672 | ---- | C] (MicroWorld Technologies Inc.)
 contfilt.dll -> C:\Windows\System32\contfilt.dll -> [2011/05/16 07:46:06 | 001,792,520 | ---- | C] (MicroWorld Technologies Inc.)
 mwnsp64.dll -> C:\Windows\System32\mwnsp64.dll -> [2011/05/16 07:46:06 | 000,221,704 | ---- | C] (MicroWorld Technologies Inc.)
 mwnsp.dll -> C:\Windows\System32\mwnsp.dll -> [2011/05/16 07:46:06 | 000,186,888 | ---- | C] (MicroWorld Technologies Inc.)
 mwtsp64.dll -> C:\Windows\System32\mwtsp64.dll -> [2011/05/16 07:46:05 | 000,687,624 | ---- | C] (MicroWorld Technologies Inc.)
 mwtsp.dll -> C:\Windows\System32\mwtsp.dll -> [2011/05/16 07:46:05 | 000,580,104 | ---- | C] (MicroWorld Technologies Inc.)
 inst_tspx.exe -> C:\Windows\inst_tspx.exe -> [2011/05/16 07:46:05 | 000,249,352 | ---- | C] (MicroWorld Technologies Inc.)
 inst_tsp.exe -> C:\Windows\inst_tsp.exe -> [2011/05/16 07:46:05 | 000,174,600 | ---- | C] (MicroWorld Technologies Inc.)
 ZIPDLL.DLL -> C:\Windows\System32\ZIPDLL.DLL -> [2011/05/16 07:46:05 | 000,137,224 | ---- | C] (MWTI)
 UNZDLL.DLL -> C:\Windows\System32\UNZDLL.DLL -> [2011/05/16 07:46:05 | 000,132,104 | ---- | C] (MWTI)
 sporder.dll -> C:\Windows\System32\sporder.dll -> [2011/05/16 07:46:05 | 000,013,840 | ---- | C] (Microsoft Corporation)
 sporder.dll -> C:\Windows\sporder.dll -> [2011/05/16 07:46:05 | 000,013,840 | ---- | C] (Microsoft Corporation)
 sporder.exe -> C:\Windows\sporder.exe -> [2011/05/16 07:46:05 | 000,013,056 | ---- | C] (Microsoft Corporation)
 MicroWorld -> C:\Program Files\Common Files\MicroWorld -> [2011/05/16 07:46:03 | 000,000,000 | ---D | C]
 eScan -> C:\Program Files\eScan -> [2011/05/16 07:46:03 | 000,000,000 | ---D | C]
 iwn2k3ek.exe -> C:\Users\Hegemon\Desktop\iwn2k3ek.exe -> [2011/05/16 07:45:44 | 149,100,720 | ---- | C] (MicroWorld Technologies Inc.                                )
 Malwarebytes -> C:\Users\Hegemon\AppData\Roaming\Malwarebytes -> [2011/05/16 07:19:37 | 000,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/16 07:19:30 | 000,039,984 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/05/16 07:19:30 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/05/16 07:19:29 | 000,000,000 | ---D | C]
 mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/05/16 07:19:27 | 000,022,712 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2011/05/16 07:19:27 | 000,000,000 | ---D | C]
 CCleaner.exe -> C:\Users\Hegemon\Desktop\CCleaner.exe -> [2011/05/15 16:12:09 | 001,578,736 | ---- | C] (Piriform Ltd)
 Lang -> C:\Users\Hegemon\Desktop\Lang -> [2011/05/15 16:11:59 | 000,000,000 | ---D | C]
 juxguhhj.sys -> C:\Windows\System32\drivers\juxguhhj.sys -> [2011/05/15 03:24:01 | 000,041,680 | ---- | C] (Microsoft Corporation)
 Avira -> C:\Users\Hegemon\AppData\Roaming\Avira -> [2011/05/14 12:29:04 | 000,000,000 | ---D | C]
 
[Files/Folders - Modified Within 30 Days]
 perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2011/06/06 18:25:06 | 000,603,516 | ---- | M] ()
 perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2011/06/06 18:25:06 | 000,103,586 | ---- | M] ()
 Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2011/06/06 18:22:15 | 000,000,384 | ---- | M] ()
 rp_stats.dat -> C:\Windows\System32\rp_stats.dat -> [2011/06/06 18:22:10 | 000,000,064 | ---- | M] ()
 rp_rules.dat -> C:\Windows\System32\rp_rules.dat -> [2011/06/06 18:22:10 | 000,000,044 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2011/06/06 18:20:51 | 000,067,584 | --S- | M] ()
 temppf.sys -> C:\Windows\System32\temppf.sys -> [2011/06/06 18:20:41 | 268,435,456 | -HS- | M] ()
 avptool_sysinfo.zip - Shortcut.lnk -> C:\Users\Hegemon\Desktop\avptool_sysinfo.zip - Shortcut.lnk -> [2011/06/05 13:11:18 | 000,000,925 | ---- | M] ()
 setup_9.0.0.722_05.06.2011_20-46.lnk -> C:\Users\Hegemon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_05.06.2011_20-46.lnk -> [2011/06/05 10:22:29 | 000,002,169 | ---- | M] ()
 OTS.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\OTS.exe - Shortcut.lnk -> [2011/06/05 10:14:41 | 000,000,517 | ---- | M] ()
 hosts -> C:\Windows\System32\drivers\etc\hosts -> [2011/06/05 10:05:23 | 000,000,027 | ---- | M] ()
 ComboFix.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\ComboFix.exe - Shortcut.lnk -> [2011/06/05 09:54:10 | 000,000,548 | ---- | M] ()
 MBR.dat -> C:\Users\Hegemon\Desktop\MBR.dat -> [2011/06/04 18:04:05 | 000,000,512 | ---- | M] ()
 aswMBR.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\aswMBR.exe - Shortcut.lnk -> [2011/06/04 18:02:03 | 000,000,536 | ---- | M] ()
 MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/06/04 17:42:35 | 195,192,043 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/04 17:15:27 | 000,003,568 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/04 17:15:27 | 000,003,568 | -H-- | M] ()
 mcs.rma -> C:\Users\Hegemon\AppData\Roaming\mcs.rma -> [2011/06/02 11:32:06 | 000,870,128 | ---- | M] ()
 F20116 -> C:\Users\Hegemon\AppData\Roaming\F20116 -> [2011/06/02 11:32:06 | 000,000,004 | ---- | M] ()
 thug.jpg -> C:\Users\Hegemon\Desktop\thug.jpg -> [2011/05/31 20:57:50 | 000,783,393 | ---- | M] ()
 SPIKE.jpg -> C:\Users\Hegemon\Desktop\SPIKE.jpg -> [2011/05/31 20:50:13 | 001,295,450 | ---- | M] ()
 ntuser.pol -> C:\ProgramData\ntuser.pol -> [2011/05/29 10:12:43 | 000,000,258 | RHS- | M] ()
 mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation)
 SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2011/05/28 06:46:16 | 000,001,802 | ---- | M] ()
 Windows Media Player.lnk -> C:\Users\Hegemon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> [2011/05/28 05:01:13 | 000,000,940 | ---- | M] ()
 lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2011/05/26 18:57:26 | 000,016,432 | ---- | M] ()
 Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2011/05/26 18:55:15 | 000,000,939 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Hegemon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/05/22 17:57:27 | 000,047,104 | ---- | M] ()
 FlashPlayerCPLApp.cpl -> C:\Windows\System32\FlashPlayerCPLApp.cpl -> [2011/05/17 11:36:54 | 000,404,640 | ---- | M] (Adobe Systems Incorporated)
 avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2011/05/17 10:07:26 | 000,001,831 | ---- | M] ()
 config.nt -> C:\Windows\System32\config.nt -> [2011/05/17 10:07:23 | 000,002,577 | ---- | M] ()
 d3d9caps.dat -> C:\Users\Hegemon\AppData\Local\d3d9caps.dat -> [2011/05/17 09:57:32 | 000,000,680 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/05/16 22:15:22 | 000,000,908 | ---- | M] ()
 Win.Bak.Ini -> C:\Windows\Win.Bak.Ini -> [2011/05/16 07:50:00 | 000,002,141 | ---- | M] ()
 winsbak2.reg -> C:\Windows\winsbak2.reg -> [2011/05/16 07:46:49 | 000,194,492 | ---- | M] ()
 winsbak.reg -> C:\Windows\winsbak.reg -> [2011/05/16 07:46:49 | 000,023,946 | ---- | M] ()
 iwn2k3ek.exe -> C:\Users\Hegemon\Desktop\iwn2k3ek.exe -> [2011/05/16 07:08:06 | 149,100,720 | ---- | M] (MicroWorld Technologies Inc.                                )
 EE64.B7F -> C:\Users\Hegemon\AppData\Roaming\EE64.B7F -> [2011/05/15 20:21:19 | 000,009,177 | ---- | M] ()
 ODBCINST.INI -> C:\Windows\ODBCINST.INI -> [2011/05/15 19:29:30 | 000,000,209 | ---- | M] ()
 juxguhhj.sys -> C:\Windows\System32\drivers\juxguhhj.sys -> [2011/05/15 03:24:02 | 000,041,680 | ---- | M] (Microsoft Corporation)
 FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2011/05/11 20:26:13 | 000,377,984 | ---- | M] ()
 avastSS.scr -> C:\Windows\avastSS.scr -> [2011/05/10 05:10:59 | 000,040,112 | ---- | M] (AVAST Software)
 aswBoot.exe -> C:\Windows\System32\aswBoot.exe -> [2011/05/10 05:10:55 | 000,199,304 | ---- | M] (AVAST Software)
 aswSnx.sys -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software)
 aswSP.sys -> C:\Windows\System32\drivers\aswSP.sys -> [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software)
 aswTdi.sys -> C:\Windows\System32\drivers\aswTdi.sys -> [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software)
 aswRdr.sys -> C:\Windows\System32\drivers\aswRdr.sys -> [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software)
 aswMonFlt.sys -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2011/05/10 04:59:44 | 000,053,592 | ---- | M] (AVAST Software)
 aswFsBlk.sys -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software)
 
[Files - No Company Name]
 avptool_sysinfo.zip - Shortcut.lnk -> C:\Users\Hegemon\Desktop\avptool_sysinfo.zip - Shortcut.lnk -> [2011/06/05 13:11:18 | 000,000,925 | ---- | C] ()
 setup_9.0.0.722_05.06.2011_20-46.lnk -> C:\Users\Hegemon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_05.06.2011_20-46.lnk -> [2011/06/05 10:22:29 | 000,002,169 | ---- | C] ()
 OTS.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\OTS.exe - Shortcut.lnk -> [2011/06/05 10:14:41 | 000,000,517 | ---- | C] ()
 ComboFix.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\ComboFix.exe - Shortcut.lnk -> [2011/06/05 09:54:10 | 000,000,548 | ---- | C] ()
 PEV.exe -> C:\Windows\PEV.exe -> [2011/06/05 09:53:48 | 000,256,512 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2011/06/05 09:53:48 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2011/06/05 09:53:48 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2011/06/05 09:53:48 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2011/06/05 09:53:48 | 000,068,096 | ---- | C] ()
 aswMBR.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\aswMBR.exe - Shortcut.lnk -> [2011/06/04 18:02:03 | 000,000,536 | ---- | C] ()
 temppf.sys -> C:\Windows\System32\temppf.sys -> [2011/06/04 17:59:06 | 268,435,456 | -HS- | C] ()
 MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/06/04 17:42:35 | 195,192,043 | ---- | C] ()
 MBR.dat -> C:\Users\Hegemon\Desktop\MBR.dat -> [2011/06/03 23:18:04 | 000,000,512 | ---- | C] ()
 Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2011/06/02 08:39:51 | 000,000,384 | ---- | C] ()
 thug.jpg -> C:\Users\Hegemon\Desktop\thug.jpg -> [2011/05/31 20:57:50 | 000,783,393 | ---- | C] ()
 SPIKE.jpg -> C:\Users\Hegemon\Desktop\SPIKE.jpg -> [2011/05/31 20:50:12 | 001,295,450 | ---- | C] ()
 ntuser.pol -> C:\ProgramData\ntuser.pol -> [2011/05/29 10:12:43 | 000,000,258 | RHS- | C] ()
 SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2011/05/28 06:46:16 | 000,001,802 | ---- | C] ()
 Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2011/05/26 18:55:15 | 000,000,939 | ---- | C] ()
 avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2011/05/17 10:07:26 | 000,001,831 | ---- | C] ()
 d3d9caps.dat -> C:\Users\Hegemon\AppData\Local\d3d9caps.dat -> [2011/05/17 09:57:32 | 000,000,680 | ---- | C] ()
 winsbak2.reg -> C:\Windows\winsbak2.reg -> [2011/05/16 07:46:49 | 000,194,492 | ---- | C] ()
 winsbak.reg -> C:\Windows\winsbak.reg -> [2011/05/16 07:46:49 | 000,023,946 | ---- | C] ()
 wget.exe -> C:\Windows\System32\wget.exe -> [2011/05/16 07:46:04 | 000,338,176 | ---- | C] ()
 curl.exe -> C:\Windows\System32\curl.exe -> [2011/05/16 07:46:04 | 000,293,896 | ---- | C] ()
 unrar.dll -> C:\Windows\System32\unrar.dll -> [2011/05/16 07:46:04 | 000,172,040 | ---- | C] ()
 Win.Bak.Ini -> C:\Windows\Win.Bak.Ini -> [2011/05/16 07:45:56 | 000,002,141 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/05/16 07:19:30 | 000,000,908 | ---- | C] ()
 EE64.B7F -> C:\Users\Hegemon\AppData\Roaming\EE64.B7F -> [2011/05/14 12:23:18 | 000,009,177 | ---- | C] ()
 Mozilla Firefox.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> [2011/05/10 05:21:31 | 000,000,860 | ---- | C] ()
 rp_stats.dat -> C:\Windows\System32\rp_stats.dat -> [2011/05/08 10:07:30 | 000,000,064 | ---- | C] ()
 rp_rules.dat -> C:\Windows\System32\rp_rules.dat -> [2011/05/08 10:07:30 | 000,000,044 | ---- | C] ()
 lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2010/12/26 14:30:47 | 000,016,432 | ---- | C] ()
 HPHins15.dat -> C:\Windows\HPHins15.dat -> [2010/05/12 09:45:50 | 000,121,318 | ---- | C] ()
 hphmdl15.dat -> C:\Windows\hphmdl15.dat -> [2010/05/12 09:45:50 | 000,002,885 | ---- | C] ()
 hpwscr14.dat -> C:\Windows\hpwscr14.dat -> [2010/01/04 12:43:49 | 000,012,858 | ---- | C] ()
 hpwins14.dat -> C:\Windows\hpwins14.dat -> [2010/01/04 12:30:00 | 000,179,441 | ---- | C] ()
 hpwmdl14.dat -> C:\Windows\hpwmdl14.dat -> [2010/01/04 12:30:00 | 000,001,108 | ---- | C] ()
 cdplayer.ini -> C:\Windows\cdplayer.ini -> [2010/01/02 15:45:52 | 000,001,056 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/12/16 22:51:22 | 000,008,192 | ---- | C] ()
 SIntfNT.dll -> C:\Windows\System32\SIntfNT.dll -> [2009/12/08 20:05:57 | 000,021,840 | ---- | C] ()
 SIntf32.dll -> C:\Windows\System32\SIntf32.dll -> [2009/12/08 20:05:57 | 000,017,212 | ---- | C] ()
 SIntf16.dll -> C:\Windows\System32\SIntf16.dll -> [2009/12/08 20:05:57 | 000,012,067 | ---- | C] ()
 StructuredQuerySchema.bin -> C:\Windows\System32\StructuredQuerySchema.bin -> [2009/12/05 10:26:36 | 000,107,612 | ---- | C] ()
 EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/12/05 10:26:35 | 000,117,248 | ---- | C] ()
 .zreglib -> C:\ProgramData\.zreglib -> [2009/12/04 20:16:26 | 000,000,040 | -HS- | C] ()
 KGyGaAvL.sys -> C:\ProgramData\KGyGaAvL.sys -> [2009/11/17 00:16:58 | 000,000,952 | -HS- | C] ()
 D1CEAE08F7.sys -> C:\ProgramData\D1CEAE08F7.sys -> [2009/11/17 00:16:58 | 000,000,088 | RHS- | C] ()
 Incinerator.dll -> C:\Windows\System32\Incinerator.dll -> [2009/11/07 21:25:10 | 000,933,208 | ---- | C] ()
 mfc45.dll -> C:\Windows\System32\mfc45.dll -> [2009/11/07 21:24:08 | 000,074,703 | ---- | C] ()
 StructuredQuerySchemaTrivial.bin -> C:\Windows\System32\StructuredQuerySchemaTrivial.bin -> [2009/05/28 10:09:29 | 000,018,904 | ---- | C] ()
 wklnhst.dat -> C:\Users\Hegemon\AppData\Roaming\wklnhst.dat -> [2009/05/11 11:06:12 | 000,000,000 | ---- | C] ()
 hash.dat -> C:\ProgramData\hash.dat -> [2009/04/11 10:44:34 | 000,000,032 | R--- | C] ()
 F20116 -> C:\Users\Hegemon\AppData\Roaming\F20116 -> [2009/03/15 18:57:23 | 000,000,004 | ---- | C] ()
 mcs.rma -> C:\Users\Hegemon\AppData\Roaming\mcs.rma -> [2009/03/15 18:57:22 | 000,870,128 | ---- | C] ()
 yukon.ini -> C:\Windows\yukon.ini -> [2008/10/03 21:47:14 | 000,000,446 | ---- | C] ()
 iPlayer.INI -> C:\Windows\iPlayer.INI -> [2008/04/07 18:13:38 | 000,000,000 | ---- | C] ()
 atksgt.sys -> C:\Windows\System32\drivers\atksgt.sys -> [2008/04/02 21:38:05 | 000,278,984 | ---- | C] ()
 lirsgt.sys -> C:\Windows\System32\drivers\lirsgt.sys -> [2008/04/02 21:38:04 | 000,025,416 | ---- | C] ()
 D1CEAE08F7.sys -> C:\Windows\System32\D1CEAE08F7.sys -> [2008/02/28 21:33:36 | 000,000,088 | RHS- | C] ()
 KGyGaAvL.sys -> C:\Windows\System32\KGyGaAvL.sys -> [2008/02/28 21:33:35 | 000,000,952 | -HS- | C] ()
 d3dx.dat -> C:\Windows\d3dx.dat -> [2007/11/16 21:13:29 | 000,004,096 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Hegemon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2007/11/15 21:08:47 | 000,047,104 | ---- | C] ()
 AVSDVDPlayer.m3u -> C:\Users\Hegemon\AppData\Roaming\AVSDVDPlayer.m3u -> [2007/08/28 19:38:21 | 000,000,000 | ---- | C] ()
 xvidcore.dll -> C:\Windows\System32\xvidcore.dll -> [2007/08/28 19:30:47 | 000,524,288 | ---- | C] ()
 xvidvfw.dll -> C:\Windows\System32\xvidvfw.dll -> [2007/08/28 19:30:47 | 000,139,264 | ---- | C] ()
 SI.bin -> C:\Windows\System32\SI.bin -> [2007/08/25 21:41:11 | 000,000,001 | ---- | C] ()
 nsreg.dat -> C:\Windows\nsreg.dat -> [2007/08/25 18:30:26 | 000,000,335 | ---- | C] ()
 ODBCINST.INI -> C:\Windows\ODBCINST.INI -> [2007/08/13 23:28:07 | 000,000,209 | ---- | C] ()
 WLAN.INI -> C:\Windows\System32\WLAN.INI -> [2007/08/13 20:37:57 | 000,000,859 | ---- | C] ()
 hpqins13.dat -> C:\Windows\hpqins13.dat -> [2007/06/23 11:39:04 | 000,103,521 | ---- | C] ()
 hcwxds.dll -> C:\Windows\System32\hcwxds.dll -> [2007/06/23 11:30:18 | 000,066,048 | ---- | C] ()
 OsdRemove.exe -> C:\Windows\System32\OsdRemove.exe -> [2007/06/23 11:22:39 | 000,061,440 | ---- | C] ()
 pythoncom24.dll -> C:\Windows\System32\pythoncom24.dll -> [2007/06/23 11:19:53 | 000,327,680 | ---- | C] ()
 pywintypes24.dll -> C:\Windows\System32\pywintypes24.dll -> [2007/06/23 11:19:53 | 000,102,400 | ---- | C] ()
 px.ini -> C:\Windows\System32\px.ini -> [2007/03/06 01:47:24 | 000,000,000 | ---- | C] ()
 CddbPlaylist2Roxio.dll -> C:\Windows\System32\CddbPlaylist2Roxio.dll -> [2007/01/12 07:07:48 | 000,520,192 | ---- | C] ()
 CddbFileTaggerRoxio.dll -> C:\Windows\System32\CddbFileTaggerRoxio.dll -> [2007/01/12 07:07:48 | 000,204,800 | ---- | C] ()
 PSIService.exe -> C:\Windows\System32\PSIService.exe -> [2006/11/02 21:40:12 | 000,174,656 | ---- | C] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2006/11/02 05:57:28 | 000,067,584 | --S- | C] ()
 FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2006/11/02 05:47:37 | 000,377,984 | ---- | C] ()
 sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 05:35:32 | 000,005,632 | ---- | C] ()
 perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2006/11/02 03:33:01 | 000,603,516 | ---- | C] ()
 perfi009.dat -> C:\Windows\System32\perfi009.dat -> [2006/11/02 03:33:01 | 000,287,440 | ---- | C] ()
 perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2006/11/02 03:33:01 | 000,103,586 | ---- | C] ()
 perfd009.dat -> C:\Windows\System32\perfd009.dat -> [2006/11/02 03:33:01 | 000,030,674 | ---- | C] ()
 dssec.dat -> C:\Windows\System32\dssec.dat -> [2006/11/02 03:23:21 | 000,215,943 | ---- | C] ()
 mib.bin -> C:\Windows\mib.bin -> [2006/11/02 01:58:30 | 000,043,131 | ---- | C] ()
 NOISE.DAT -> C:\Windows\System32\NOISE.DAT -> [2006/11/02 01:19:00 | 000,000,741 | ---- | C] ()
 pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 00:40:29 | 000,013,750 | ---- | C] ()
 mlang.dat -> C:\Windows\System32\mlang.dat -> [2006/11/02 00:25:31 | 000,673,088 | ---- | C] ()
 secdrv.sys -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/01 23:37:21 | 000,011,376 | ---- | C] ()
 cpuinf32.dll -> C:\Windows\System32\cpuinf32.dll -> [2006/06/23 10:09:34 | 000,019,968 | R--- | C] ()
 EyeCand3.INI -> C:\Windows\EyeCand3.INI -> [2001/07/13 07:04:00 | 000,373,248 | ---- | C] ()
 iyvu9_32.dll -> C:\Windows\System32\iyvu9_32.dll -> [1997/06/13 19:56:08 | 000,056,832 | ---- | C] ()
[Custom Scans]
< HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer /s  >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"BindDirectlyToPropertySetStorage" ->  [0] -> File not found
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
 
[Alternate Data Streams]
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F798BF2E
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:42D29305
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C4671424
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9C6A9B00
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:6371CFDB
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:BF5EAC0C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:837546C7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8F16601E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DF0F61BB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2BAAE818
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D6C31E03
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:26FE5B17
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5AEA68EE
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:AD7C3EFB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFB5119F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFD2D4A7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E23D0CEC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E4FBF8BD
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B12FF3F2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9EE2AB9
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:30759574
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:C210B4D5
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:68FB0053
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:12CF331A
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:8F84BF39
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:FB2DC8A5
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:3D857D30
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:25EFDD27
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:CBCF563D
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:261B2A7E
< End of report >

  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

If I havent already, thank you so much for your continued support and dedication to fixing my computer! I realllllly appreciate it

! It is not a problem as I dislike malware


If I havent already, thank you so much for your continued support and dedication to fixing my computer! I realllllly appreciate it!
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List] 
< File Associations - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>\
YN -> .exe [@ = exefile] -> "C:\Windows\system32\config\systemprofile\AppData\Local\rpf.exe" -a "%1" %*
YN -> .exe [@ = exefile] -> "C:\Windows\system32\config\systemprofile\AppData\Local\rpf.exe" -a "%1" %*
[Files/Folders - Created Within 30 Days] 
NY ->  juxguhhj.sys -> C:\Windows\System32\drivers\juxguhhj.sys
[Files/Folders - Modified Within 30 Days] 
NY ->  juxguhhj.sys -> C:\Windows\System32\drivers\juxguhhj.sys
[Custom Items]
:Files
C:\Windows\system32\config\systemprofile\AppData\Local\rpf.exe
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.
  • 0

#25
photopony

photopony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
So, I ran the fix like you said, and it never gave me the "Okay" screen you were talking about, it just says that it needs to restart to finish removing the files.

It won't restart in normal mode still :)(((
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you are at the safe mode menu is there an option called repair my computer ?

If not we will install the recovery console and see if we can use that to repair it
  • 0

#27
photopony

photopony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
There is no option in the safe mode menu to repair :)
  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case lets make one shall we :) Once this has run once it will permanently be on your system..


Download the recovery console ISO from Here
Also download Imgburn from here and install

Once Imgburn is installed double click the ISO to burn to disc
  • Insert the disc reboot your computer and select start from the cd
  • Select Repair your computer.
  • Select the operating system you want to repair, and then click Next.
  • Select Startup repair

Allow it to do its thing and then try a reboot to normal windows

If this fails we will go for a clean boot
  • 0

#29
photopony

photopony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I am still trying to get the CDROM to work to burn the files :) Sorry it is taking so long!
  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Time is not a problem for me - 'Onest :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP