Attached Files
-
kasperscan.txt 357bytes
114 downloads
-
avptool_sysinfo.zip 13.69KB
94 downloads
Overkill and Being Killed By Rootkits
Started by
photopony
, Jun 03 2011 07:11 AM
-
This topic is locked
#16
Posted 05 June 2011 - 02:15 PM
photopony
- Topic Starter
-
- Member
-
- 19 posts
Member
#17
Posted 05 June 2011 - 03:56 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Kaspersky appears to have found an infected MBR file in firefox, a weird place for that to be
Still no normal mode ?
Could you now do the Roguekiller and OTL scans please
Still no normal mode ?
Could you now do the Roguekiller and OTL scans please
#18
Posted 05 June 2011 - 06:23 PM
photopony
- Topic Starter
-
- Member
-
- 19 posts
Member
RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Hegemon [Admin rights]
Mode: Scan -- Date : 06/05/2011 17:16:32
Bad processes: 1
[SUSP PATH] setup_9.0.0.722_05.06.2011_20-46.exe -- c:\users\hegemon\desktop\virus removal tool\setup_9.0.0.722_05.06.2011_20-46\setup_9.0.0.722_05.06.2011_20-46.exe -> KILLED
Registry Entries: 3
[SUSP PATH] setup_9.0.0.722_05.06.2011_20-46.lnk : C:\Users\Hegemon\Desktop\Virus Removal Tool\setup_9.0.0.722_05.06.2011_20-46\startup.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
HOSTS File:
127.0.0.1 localhost
Finished : << RKreport[1].txt >>
RKreport[1].txt
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Hegemon [Admin rights]
Mode: Scan -- Date : 06/05/2011 17:16:32
Bad processes: 1
[SUSP PATH] setup_9.0.0.722_05.06.2011_20-46.exe -- c:\users\hegemon\desktop\virus removal tool\setup_9.0.0.722_05.06.2011_20-46\setup_9.0.0.722_05.06.2011_20-46.exe -> KILLED
Registry Entries: 3
[SUSP PATH] setup_9.0.0.722_05.06.2011_20-46.lnk : C:\Users\Hegemon\Desktop\Virus Removal Tool\setup_9.0.0.722_05.06.2011_20-46\startup.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
HOSTS File:
127.0.0.1 localhost
OTS logfile created on: 6/5/2011 5:18:26 PM - Run 2 OTS by OldTimer - Version 3.1.43.0 Folder = C:\Users\Hegemon\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 363.71 Gb Total Space | 263.31 Gb Free Space | 72.40% Space Free | Partition Type: NTFS Drive D: | 8.90 Gb Total Space | 1.00 Gb Free Space | 11.25% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HEGEMON-PC Current User Name: Hegemon Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Quick Scan [Processes - Safe List] ots.exe -> C:\Users\Hegemon\Downloads\OTS.exe -> [2011/05/31 08:32:57 | 000,645,632 | ---- | M] (OldTimer Tools) aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2011/05/13 02:11:03 | 001,191,216 | ---- | M] (Lavasoft Limited) firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2011/05/10 05:20:45 | 000,924,632 | ---- | M] (Mozilla Corporation) awsc.exe -> C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe -> [2011/04/29 12:11:58 | 000,994,304 | ---- | M] () explorer.exe -> C:\Windows\explorer.exe -> [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) [Modules - Safe List] ots.exe -> C:\Users\Hegemon\Downloads\OTS.exe -> [2011/05/31 08:32:57 | 000,645,632 | ---- | M] (OldTimer Tools) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll -> [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (getPlusHelper) getPlusHelper [Unknown | Stopped] -> -> File not found (Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) (avast! Antivirus) avast! Antivirus [Auto | Stopped] -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) (AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Stopped] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2011/04/27 03:32:55 | 000,136,360 | ---- | M] (Avira GmbH) (AntiVirService) Avira AntiVir Guard [Auto | Stopped] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) (FontCache) Windows Font Cache Service [Auto | Stopped] -> C:\Windows\System32\FntCache.dll -> [2011/02/22 06:33:09 | 000,797,696 | ---- | M] (Microsoft Corporation) (FreeAgentGoNext Service) Seagate Service [Disabled | Stopped] -> C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -> [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) (ioloSystemService) iolo System Service [Disabled | Stopped] -> C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -> [2009/02/06 18:16:54 | 000,712,048 | ---- | M] () (ioloFileInfoList) iolo FileInfoList Service [Disabled | Stopped] -> C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -> [2009/02/06 18:16:54 | 000,712,048 | ---- | M] () (NMSAccessU) NMSAccessU [Auto | Stopped] -> C:\Program Files\CDBurnerXP\NMSAccessU.exe -> [2007/10/12 09:34:56 | 000,071,096 | ---- | M] () (PSI_SVC_2) Protexis Licensing V2 [Disabled | Stopped] -> C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) (ProtexisLicensing) ProtexisLicensing [Auto | Stopped] -> C:\Windows\System32\PSIService.exe -> [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () (AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [Disabled | Stopped] -> C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () (Remote UI Service) Intel(R) Remoting Service [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -> [2006/09/11 16:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation) (MCLServiceATL) Intel(R) Application Tracker [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -> [2006/09/11 16:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation) (ISSM) Intel(R) Software Services Manager [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -> [2006/09/11 15:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation) (AlertService) Intel(R) Alert Service [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -> [2006/09/11 15:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation) (DQLWinService) DQLWinService [Disabled | Stopped] -> C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -> [2006/09/03 10:32:28 | 000,208,896 | ---- | M] () (M1 Server) Intel(R) Viiv(TM) Media Server [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -> [2006/08/31 23:47:56 | 000,026,624 | ---- | M] () (IntelDHSvcConf) Intel DH Service [Auto | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -> [2006/05/10 09:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation) [Driver Services - Safe List] (MBAMSwissArmy) MBAMSwissArmy [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) (aswSnx) aswSnx [File_System | System | Stopped] -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) (aswSP) aswSP [Kernel | System | Stopped] -> C:\Windows\System32\drivers\aswSP.sys -> [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) (aswTdi) avast! Network Shield Support [Kernel | System | Stopped] -> C:\Windows\System32\drivers\aswTdi.sys -> [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) (aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\System32\drivers\aswRdr.sys -> [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) (aswMonFlt) aswMonFlt [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2011/05/10 04:59:44 | 000,053,592 | ---- | M] (AVAST Software) (aswFsBlk) aswFsBlk [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) (Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\Lbd.sys -> [2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) (avipbb) avipbb [Kernel | System | Stopped] -> C:\Windows\System32\drivers\avipbb.sys -> [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) (avgntflt) avgntflt [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\avgntflt.sys -> [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) (ssmdrv) ssmdrv [Kernel | System | Stopped] -> C:\Windows\System32\drivers\ssmdrv.sys -> [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) (SAVRKBootTasks) Boot Tasks Driver [Kernel | System | Running] -> C:\Windows\System32\SAVRKBootTasks.sys -> [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) (SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (SASDIFSV) SASDIFSV [Kernel | System | Stopped] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (60020822) 60020822 Boot Guard Driver [Kernel | Boot | Stopped] -> C:\Windows\system32\DRIVERS\60020822.sys -> [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) (setup_9.0.0.722_05.06.2011_20-46drv) setup_9.0.0.722_05.06.2011_20-46drv [File_System | System | Stopped] -> C:\Windows\System32\drivers\6002082.sys -> [2009/10/09 23:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) (60020821) 60020821 [Kernel | System | Stopped] -> C:\Windows\System32\drivers\60020821.sys -> [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) (avgio) avgio [Kernel | System | Stopped] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) (ElRawDisk) ElRawDisk [Kernel | System | Stopped] -> C:\Windows\System32\drivers\elrawdsk.sys -> [2008/12/09 15:26:50 | 000,020,392 | ---- | M] (EldoS Corporation) (HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\HSXHWBS2.sys -> [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) (HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\HSX_DP.sys -> [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) (atksgt) atksgt [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\atksgt.sys -> [2008/04/02 21:38:05 | 000,278,984 | ---- | M] () (lirsgt) lirsgt [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\lirsgt.sys -> [2008/04/02 21:38:04 | 000,025,416 | ---- | M] () (XAudio) XAudio [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\XAudio.sys -> [2007/10/18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) (nvlddmkm) nvlddmkm [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2007/08/27 17:59:00 | 007,574,976 | ---- | M] (NVIDIA Corporation) (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\e1e6032.sys -> [2007/04/13 06:22:56 | 000,228,224 | ---- | M] (Intel Corporation) (HCW85BDA) Hauppauge WinTV 885 Video Capture [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\HCW85BDA.sys -> [2007/04/09 13:45:08 | 000,959,104 | ---- | M] (Hauppauge Computer Works) (VSTHWBS2) VSTHWBS2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\VSTBS23.SYS -> [2006/11/02 00:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) (MRVW245) Linksys Wireless-N USB Network Adapter WUSB300N [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\MRVW245.sys -> [2006/09/28 09:57:04 | 000,489,216 | ---- | M] (Marvell Semiconductor, Inc) (Ps2) Ps2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\PS2.sys -> [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\: Main\\"Start Page" -> http://www.facebook.com/ -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\: Main\\"StartPageCache" -> -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Users\Hegemon\AppData\Roaming\Mozilla\FireFox\Profiles\rw2r8886.default\prefs.js -> browser.startup.homepage -> "http://www.facebook.com/" -> extensions.enabledItems -> [email protected]:1.0.0.1 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 -> extensions.enabledItems -> {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 -> extensions.enabledItems -> [email protected]:1.85.20100407 -> < FireFox Settings [User.js] > -> C:\Users\Hegemon\AppData\Roaming\Mozilla\FireFox\Profiles\rw2r8886.default\user.js -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15} -> C:\USERS\HEGEMON\APPDATA\LOCAL\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15} -> HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\AVAST Software\Avast\WebRep\FF [C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF] -> [2011/05/17 10:06:59 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/05/10 05:21:18 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2011/05/15 19:34:49 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Extensions -> [2008/09/14 20:32:04 | 000,000,000 | ---D | M] -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M] Microsoft .NET Framework Assistant -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/07/04 20:11:05 | 000,000,000 | ---D | M] Zynga Community Toolbar -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} -> [2011/05/23 22:54:56 | 000,000,000 | ---D | M] -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected] -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M] -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected] -> [2010/05/31 09:39:04 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Program Files\Mozilla Firefox\extensions -> [2011/05/02 22:27:55 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/06/11 15:56:48 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/12/01 09:51:09 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} -> [2011/01/24 10:34:44 | 000,000,000 | ---D | M] No name found -> -> File not found avast! WebRep -> C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF -> [2011/05/17 10:06:59 | 000,000,000 | ---D | M] IE Tab + -> C:\USERS\HEGEMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RW2R8886.DEFAULT\EXTENSIONS\[email protected] -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M] Ancestry.com Advanced Image Viewer -> C:\USERS\HEGEMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RW2R8886.DEFAULT\EXTENSIONS\[email protected] -> [2010/05/31 09:39:04 | 000,000,000 | ---D | M] < FireFox Plugins [Program Folders] > -> npImgCtl.dll -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected]\plugins\npImgCtl.dll -> [2009/01/07 13:46:34 | 000,200,704 | ---- | M] (Ancestry.com) < HOSTS File > ([2011/06/05 10:05:23 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\System32\drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2011/01/21 13:43:07 | 000,061,888 | ---- | M] (Adobe Systems Incorporated) {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/05/10 05:10:54 | 000,819,840 | ---- | M] (AVAST Software) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/05/10 05:10:54 | 000,819,840 | ---- | M] (AVAST Software) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Adobe Photo Downloader" -> C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"] -> [2006/09/14 07:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated) "avast" -> C:\Program Files\AVAST Software\Avast\avastUI.exe ["C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui] -> [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software) "avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) "Malwarebytes' Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) "MaxMenuMgr" -> C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe ["C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"] -> [2009/05/01 14:35:10 | 000,185,640 | ---- | M] (Seagate LLC) "Symantec PIF AlertEng" -> ["C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"] -> File not found "Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "GrpConv" -> C:\Windows\System32\grpconv.exe [grpconv -o] -> [2006/11/02 02:45:12 | 000,016,896 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2011/05/23 08:00:06 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) < Software Policy Settings [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"HideSCAHealth" -> [1] -> File not found \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"HideSCAHealth" -> [1] -> File not found \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/04/29 11:47:18 | 003,600,384 | ---- | M] (Google Inc.) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/04/29 11:47:18 | 003,600,384 | ---- | M] (Google Inc.) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/04/29 11:47:18 | 003,600,384 | ---- | M] (Google Inc.) E&xport to Microsoft Excel -> [res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> www_oovoo.com [https] -> Trusted sites -> rhap-app-4-0_real.com [https] -> Trusted sites -> rhapreg_real.com [https] -> Trusted sites -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {049A470D-F818-4E34-B14D-E4E237DADCF8} [HKLM] -> http://www.shockwave.com/content/fashiondash/sis/fashiondashweb.1.0.0.21.cab [CPlayFirstFashionDasControl Object] -> {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} [HKLM] -> http://www.shockwave.com/content/dairydash/sis/DairyDashWeb.1.0.0.12.cab [CPlayFirstDairyDashWControl Object] -> {0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] -> {21BB8360-F943-447E-98F3-3C22345375A7} [HKLM] -> http://www.shockwave.com/content/chocolatier/sis/ChocolatierWeb.1.0.0.13.cab [CPlayFirstChocolatierControl Object] -> {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} [HKLM] -> http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab [Photo Upload Plugin Class] -> {406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://www.costcophotocenter.com/CostcoActivia.cab [Snapfish Activia] -> {44990B00-3C9D-426D-81DF-AAB636FA4345} [HKLM] -> https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab [Symantec Configuration Class] -> {459E93B6-150E-45D5-8D4B-45C66FC035FE} [HKLM] -> http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx [Reg Error: Key error.] -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab [Reg Error: Key error.] -> {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [HKLM] -> http://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab [Image Uploader Control] -> {6F15128C-E66A-490C-B848-5000B5ABEEAC} [HKLM] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab [HP Download Manager] -> {74EF5274-F439-2168-B543-14745B625C72} [HKLM] -> http://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab [CPlayFirstWeddingDasControl Object] -> {8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Facebook Photo Uploader 5 Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} [HKLM] -> http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab [Photo Upload Plugin Class] -> {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} [HKLM] -> http://www.shockwave.com/content/burgershop/sis/EggoKitchen/GoBitGamesPlayer_v5.cab [GoBit Games Player] -> {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} [HKLM] -> http://www.shockwave.com/content/petshophop/sis/petshophopweb.1.0.0.17.cab [CPlayFirstPetShopHopControl Object] -> {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} [HKLM] -> http://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab [GameTap Web Updater] -> {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} [HKLM] -> http://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab [SproutLauncherCtrl Class] -> {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab [Facebook Photo Uploader 4] -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [HKLM] -> http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab [Reg Error: Key error.] -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> {E93E9DF0-3E59-4331-A269-F1E077C66F00} [HKLM] -> http://cnn-5.vo.llnwd.net/c1/static/client/browserplayer/gtplugin.cab [Reg Error: Key error.] -> {EFD1E13D-1CB3-4545-B754-CA410FE7734F} [HKLM] -> http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab? [Photo Upload Plugin Class] -> {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} [HKLM] -> http://www.shockwave.com/content/chocolatierdecadence/sis/Chocolatier3Web.1.0.0.6.cab [CPlayFirstChocolatieControl Object] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {57F6B19F-1831-46AA-BB54-2AC85578153C}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 (Linksys Wireless-N USB Network Adapter WUSB300N) -> {A08F0F5B-3FBA-4925-A9AB-426258AF9CB3}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 (Linksys Wireless-N USB Network Adapter WUSB300N) -> {AE2CABB7-2FEA-4E51-AD14-E22CD361C404}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 (Linksys Wireless-N USB Network Adapter WUSB300N) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -> [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\autoexec.bat [ NTFS ] -> [2007/06/23 11:46:47 | 000,000,074 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < Registry Shell Spawning - Select to Repair > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001_Classes\<key>\shell\[command]\command -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>\ -> .exe [@ = exefile] -> "C:\Windows\system32\config\systemprofile\AppData\Local\rpf.exe" -a "%1" %* -> .exe [@ = exefile] -> "C:\Windows\system32\config\systemprofile\AppData\Local\rpf.exe" -a "%1" %* -> .com [@ = ComFile] -> Reg Error: Key error. -> File not found [Files/Folders - Created Within 30 Days] RK_Quarantine -> C:\Users\Hegemon\Desktop\RK_Quarantine -> [2011/06/05 17:16:32 | 000,000,000 | ---D | C] Kaspersky Lab -> C:\ProgramData\Kaspersky Lab -> [2011/06/05 10:22:29 | 000,000,000 | ---D | C] 6002082.sys -> C:\Windows\System32\drivers\6002082.sys -> [2011/06/05 10:21:59 | 000,311,312 | ---- | C] (Kaspersky Lab) 60020821.sys -> C:\Windows\System32\drivers\60020821.sys -> [2011/06/05 10:21:59 | 000,128,016 | ---- | C] (Kaspersky Lab) 60020822.sys -> C:\Windows\System32\drivers\60020822.sys -> [2011/06/05 10:21:59 | 000,037,392 | ---- | C] (Kaspersky Lab) Virus Removal Tool -> C:\Users\Hegemon\Desktop\Virus Removal Tool -> [2011/06/05 10:21:59 | 000,000,000 | ---D | C] temp -> C:\Windows\temp -> [2011/06/05 10:06:31 | 000,000,000 | ---D | C] temp -> C:\Users\Hegemon\AppData\Local\temp -> [2011/06/05 10:06:30 | 000,000,000 | ---D | C] $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2011/06/05 10:06:08 | 000,000,000 | -HSD | C] SWREG.exe -> C:\Windows\SWREG.exe -> [2011/06/05 09:53:48 | 000,518,144 | ---- | C] (SteelWerX) SWSC.exe -> C:\Windows\SWSC.exe -> [2011/06/05 09:53:48 | 000,406,528 | ---- | C] (SteelWerX) NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2011/06/05 09:53:48 | 000,060,416 | ---- | C] (NirSoft) ERDNT -> C:\Windows\ERDNT -> [2011/06/05 09:51:53 | 000,000,000 | ---D | C] Qoobox -> C:\Qoobox -> [2011/06/05 06:47:26 | 000,000,000 | ---D | C] _OTL -> C:\_OTL -> [2011/06/03 23:00:57 | 000,000,000 | ---D | C] SAVRKBootTasks.sys -> C:\Windows\System32\SAVRKBootTasks.sys -> [2011/05/31 19:35:39 | 000,018,816 | ---- | C] (Sophos Plc) Sophos -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos -> [2011/05/31 11:00:41 | 000,000,000 | ---D | C] Sophos -> C:\Program Files\Sophos -> [2011/05/31 11:00:39 | 000,000,000 | ---D | C] WindowsSearch -> C:\ProgramData\WindowsSearch -> [2011/05/28 08:48:19 | 000,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\Users\Hegemon\AppData\Roaming\SUPERAntiSpyware.com -> [2011/05/28 06:46:51 | 000,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2011/05/28 06:46:51 | 000,000,000 | ---D | C] SUPERAntiSpyware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware -> [2011/05/28 06:46:16 | 000,000,000 | ---D | C] SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2011/05/28 06:46:13 | 000,000,000 | ---D | C] Lbd.sys -> C:\Windows\System32\drivers\Lbd.sys -> [2011/05/26 18:55:14 | 000,064,512 | ---- | C] (Lavasoft AB) Lavasoft -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft -> [2011/05/26 18:55:09 | 000,000,000 | ---D | C] Lavasoft -> C:\Program Files\Lavasoft -> [2011/05/26 18:55:09 | 000,000,000 | ---D | C] NEWORLEANS -> C:\Users\Hegemon\Desktop\NEWORLEANS -> [2011/05/19 22:59:36 | 000,000,000 | ---D | C] New Folder -> C:\Users\Hegemon\Desktop\New Folder -> [2011/05/19 09:24:31 | 000,000,000 | ---D | C] CONEXANT -> C:\Program Files\CONEXANT -> [2011/05/17 11:59:33 | 000,000,000 | ---D | C] avast! Free Antivirus -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus -> [2011/05/17 10:07:26 | 000,000,000 | ---D | C] aswSnx.sys -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/05/17 10:07:24 | 000,441,176 | ---- | C] (AVAST Software) avastSS.scr -> C:\Windows\avastSS.scr -> [2011/05/17 10:06:50 | 000,040,112 | ---- | C] (AVAST Software) AVAST Software -> C:\Program Files\AVAST Software -> [2011/05/17 10:06:31 | 000,000,000 | ---D | C] AVAST Software -> C:\ProgramData\AVAST Software -> [2011/05/17 10:05:58 | 000,000,000 | ---D | C] OEM Links -> C:\ProgramData\OEM Links -> [2011/05/16 07:46:33 | 000,000,000 | ---D | C] MicroWorld -> C:\ProgramData\MicroWorld -> [2011/05/16 07:46:32 | 000,000,000 | ---D | C] killproc.exe -> C:\Windows\killproc.exe -> [2011/05/16 07:46:27 | 000,145,928 | ---- | C] (MicroWorld Technologies Inc.) contf64.dll -> C:\Windows\System32\contf64.dll -> [2011/05/16 07:46:06 | 002,161,672 | ---- | C] (MicroWorld Technologies Inc.) contfilt.dll -> C:\Windows\System32\contfilt.dll -> [2011/05/16 07:46:06 | 001,792,520 | ---- | C] (MicroWorld Technologies Inc.) mwnsp64.dll -> C:\Windows\System32\mwnsp64.dll -> [2011/05/16 07:46:06 | 000,221,704 | ---- | C] (MicroWorld Technologies Inc.) mwnsp.dll -> C:\Windows\System32\mwnsp.dll -> [2011/05/16 07:46:06 | 000,186,888 | ---- | C] (MicroWorld Technologies Inc.) mwtsp64.dll -> C:\Windows\System32\mwtsp64.dll -> [2011/05/16 07:46:05 | 000,687,624 | ---- | C] (MicroWorld Technologies Inc.) mwtsp.dll -> C:\Windows\System32\mwtsp.dll -> [2011/05/16 07:46:05 | 000,580,104 | ---- | C] (MicroWorld Technologies Inc.) inst_tspx.exe -> C:\Windows\inst_tspx.exe -> [2011/05/16 07:46:05 | 000,249,352 | ---- | C] (MicroWorld Technologies Inc.) inst_tsp.exe -> C:\Windows\inst_tsp.exe -> [2011/05/16 07:46:05 | 000,174,600 | ---- | C] (MicroWorld Technologies Inc.) ZIPDLL.DLL -> C:\Windows\System32\ZIPDLL.DLL -> [2011/05/16 07:46:05 | 000,137,224 | ---- | C] (MWTI) UNZDLL.DLL -> C:\Windows\System32\UNZDLL.DLL -> [2011/05/16 07:46:05 | 000,132,104 | ---- | C] (MWTI) MicroWorld -> C:\Program Files\Common Files\MicroWorld -> [2011/05/16 07:46:03 | 000,000,000 | ---D | C] eScan -> C:\Program Files\eScan -> [2011/05/16 07:46:03 | 000,000,000 | ---D | C] iwn2k3ek.exe -> C:\Users\Hegemon\Desktop\iwn2k3ek.exe -> [2011/05/16 07:45:44 | 149,100,720 | ---- | C] (MicroWorld Technologies Inc. ) Malwarebytes -> C:\Users\Hegemon\AppData\Roaming\Malwarebytes -> [2011/05/16 07:19:37 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/16 07:19:30 | 000,039,984 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/05/16 07:19:30 | 000,000,000 | ---D | C] Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/05/16 07:19:29 | 000,000,000 | ---D | C] mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/05/16 07:19:27 | 000,022,712 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2011/05/16 07:19:27 | 000,000,000 | ---D | C] CCleaner.exe -> C:\Users\Hegemon\Desktop\CCleaner.exe -> [2011/05/15 16:12:09 | 001,578,736 | ---- | C] (Piriform Ltd) Lang -> C:\Users\Hegemon\Desktop\Lang -> [2011/05/15 16:11:59 | 000,000,000 | ---D | C] Avira -> C:\Users\Hegemon\AppData\Roaming\Avira -> [2011/05/14 12:29:04 | 000,000,000 | ---D | C] HORSECAMP -> C:\Users\Hegemon\Desktop\HORSECAMP -> [2011/05/07 08:16:26 | 000,000,000 | ---D | C] [Files/Folders - Modified Within 30 Days] avptool_sysinfo.zip - Shortcut.lnk -> C:\Users\Hegemon\Desktop\avptool_sysinfo.zip - Shortcut.lnk -> [2011/06/05 13:11:18 | 000,000,925 | ---- | M] () setup_9.0.0.722_05.06.2011_20-46.lnk -> C:\Users\Hegemon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_05.06.2011_20-46.lnk -> [2011/06/05 10:22:29 | 000,002,169 | ---- | M] () OTS.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\OTS.exe - Shortcut.lnk -> [2011/06/05 10:14:41 | 000,000,517 | ---- | M] () perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2011/06/05 10:14:16 | 000,603,516 | ---- | M] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2011/06/05 10:14:16 | 000,103,586 | ---- | M] () Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2011/06/05 10:11:35 | 000,000,384 | ---- | M] () rp_stats.dat -> C:\Windows\System32\rp_stats.dat -> [2011/06/05 10:11:27 | 000,000,064 | ---- | M] () rp_rules.dat -> C:\Windows\System32\rp_rules.dat -> [2011/06/05 10:11:27 | 000,000,044 | ---- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2011/06/05 10:10:02 | 000,067,584 | --S- | M] () temppf.sys -> C:\Windows\System32\temppf.sys -> [2011/06/05 10:09:53 | 268,435,456 | -HS- | M] () hosts -> C:\Windows\System32\drivers\etc\hosts -> [2011/06/05 10:05:23 | 000,000,027 | ---- | M] () ComboFix.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\ComboFix.exe - Shortcut.lnk -> [2011/06/05 09:54:10 | 000,000,548 | ---- | M] () MBR.dat -> C:\Users\Hegemon\Desktop\MBR.dat -> [2011/06/04 18:04:05 | 000,000,512 | ---- | M] () aswMBR.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\aswMBR.exe - Shortcut.lnk -> [2011/06/04 18:02:03 | 000,000,536 | ---- | M] () MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/06/04 17:42:35 | 195,192,043 | ---- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/04 17:15:27 | 000,003,568 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/04 17:15:27 | 000,003,568 | -H-- | M] () mcs.rma -> C:\Users\Hegemon\AppData\Roaming\mcs.rma -> [2011/06/02 11:32:06 | 000,870,128 | ---- | M] () F20116 -> C:\Users\Hegemon\AppData\Roaming\F20116 -> [2011/06/02 11:32:06 | 000,000,004 | ---- | M] () vs.jpg -> C:\Users\Hegemon\Desktop\vs.jpg -> [2011/05/31 21:10:01 | 003,295,350 | ---- | M] () thug.jpg -> C:\Users\Hegemon\Desktop\thug.jpg -> [2011/05/31 20:57:50 | 000,783,393 | ---- | M] () SPIKE.jpg -> C:\Users\Hegemon\Desktop\SPIKE.jpg -> [2011/05/31 20:50:13 | 001,295,450 | ---- | M] () ntuser.pol -> C:\ProgramData\ntuser.pol -> [2011/05/29 10:12:43 | 000,000,258 | RHS- | M] () mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2011/05/28 06:46:16 | 000,001,802 | ---- | M] () Windows Media Player.lnk -> C:\Users\Hegemon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> [2011/05/28 05:01:13 | 000,000,940 | ---- | M] () lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2011/05/26 18:57:26 | 000,016,432 | ---- | M] () Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2011/05/26 18:55:15 | 000,000,939 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Hegemon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/05/22 17:57:27 | 000,047,104 | ---- | M] () avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2011/05/17 10:07:26 | 000,001,831 | ---- | M] () config.nt -> C:\Windows\System32\config.nt -> [2011/05/17 10:07:23 | 000,002,577 | ---- | M] () d3d9caps.dat -> C:\Users\Hegemon\AppData\Local\d3d9caps.dat -> [2011/05/17 09:57:32 | 000,000,680 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/05/16 22:15:22 | 000,000,908 | ---- | M] () Win.Bak.Ini -> C:\Windows\Win.Bak.Ini -> [2011/05/16 07:50:00 | 000,002,141 | ---- | M] () winsbak2.reg -> C:\Windows\winsbak2.reg -> [2011/05/16 07:46:49 | 000,194,492 | ---- | M] () winsbak.reg -> C:\Windows\winsbak.reg -> [2011/05/16 07:46:49 | 000,023,946 | ---- | M] () iwn2k3ek.exe -> C:\Users\Hegemon\Desktop\iwn2k3ek.exe -> [2011/05/16 07:08:06 | 149,100,720 | ---- | M] (MicroWorld Technologies Inc. ) EE64.B7F -> C:\Users\Hegemon\AppData\Roaming\EE64.B7F -> [2011/05/15 20:21:19 | 000,009,177 | ---- | M] () ODBCINST.INI -> C:\Windows\ODBCINST.INI -> [2011/05/15 19:29:30 | 000,000,209 | ---- | M] () FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2011/05/11 20:26:13 | 000,377,984 | ---- | M] () avastSS.scr -> C:\Windows\avastSS.scr -> [2011/05/10 05:10:59 | 000,040,112 | ---- | M] (AVAST Software) aswBoot.exe -> C:\Windows\System32\aswBoot.exe -> [2011/05/10 05:10:55 | 000,199,304 | ---- | M] (AVAST Software) aswSnx.sys -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) aswSP.sys -> C:\Windows\System32\drivers\aswSP.sys -> [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) aswTdi.sys -> C:\Windows\System32\drivers\aswTdi.sys -> [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) aswRdr.sys -> C:\Windows\System32\drivers\aswRdr.sys -> [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) aswMonFlt.sys -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2011/05/10 04:59:44 | 000,053,592 | ---- | M] (AVAST Software) aswFsBlk.sys -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) [Files - No Company Name] avptool_sysinfo.zip - Shortcut.lnk -> C:\Users\Hegemon\Desktop\avptool_sysinfo.zip - Shortcut.lnk -> [2011/06/05 13:11:18 | 000,000,925 | ---- | C] () setup_9.0.0.722_05.06.2011_20-46.lnk -> C:\Users\Hegemon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_05.06.2011_20-46.lnk -> [2011/06/05 10:22:29 | 000,002,169 | ---- | C] () OTS.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\OTS.exe - Shortcut.lnk -> [2011/06/05 10:14:41 | 000,000,517 | ---- | C] () ComboFix.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\ComboFix.exe - Shortcut.lnk -> [2011/06/05 09:54:10 | 000,000,548 | ---- | C] () PEV.exe -> C:\Windows\PEV.exe -> [2011/06/05 09:53:48 | 000,256,512 | ---- | C] () MBR.exe -> C:\Windows\MBR.exe -> [2011/06/05 09:53:48 | 000,208,896 | ---- | C] () sed.exe -> C:\Windows\sed.exe -> [2011/06/05 09:53:48 | 000,098,816 | ---- | C] () grep.exe -> C:\Windows\grep.exe -> [2011/06/05 09:53:48 | 000,080,412 | ---- | C] () zip.exe -> C:\Windows\zip.exe -> [2011/06/05 09:53:48 | 000,068,096 | ---- | C] () aswMBR.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\aswMBR.exe - Shortcut.lnk -> [2011/06/04 18:02:03 | 000,000,536 | ---- | C] () temppf.sys -> C:\Windows\System32\temppf.sys -> [2011/06/04 17:59:06 | 268,435,456 | -HS- | C] () MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/06/04 17:42:35 | 195,192,043 | ---- | C] () MBR.dat -> C:\Users\Hegemon\Desktop\MBR.dat -> [2011/06/03 23:18:04 | 000,000,512 | ---- | C] () Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2011/06/02 08:39:51 | 000,000,384 | ---- | C] () vs.jpg -> C:\Users\Hegemon\Desktop\vs.jpg -> [2011/05/31 21:09:59 | 003,295,350 | ---- | C] () thug.jpg -> C:\Users\Hegemon\Desktop\thug.jpg -> [2011/05/31 20:57:50 | 000,783,393 | ---- | C] () SPIKE.jpg -> C:\Users\Hegemon\Desktop\SPIKE.jpg -> [2011/05/31 20:50:12 | 001,295,450 | ---- | C] () ntuser.pol -> C:\ProgramData\ntuser.pol -> [2011/05/29 10:12:43 | 000,000,258 | RHS- | C] () SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2011/05/28 06:46:16 | 000,001,802 | ---- | C] () Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2011/05/26 18:55:15 | 000,000,939 | ---- | C] () avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2011/05/17 10:07:26 | 000,001,831 | ---- | C] () d3d9caps.dat -> C:\Users\Hegemon\AppData\Local\d3d9caps.dat -> [2011/05/17 09:57:32 | 000,000,680 | ---- | C] () winsbak2.reg -> C:\Windows\winsbak2.reg -> [2011/05/16 07:46:49 | 000,194,492 | ---- | C] () winsbak.reg -> C:\Windows\winsbak.reg -> [2011/05/16 07:46:49 | 000,023,946 | ---- | C] () wget.exe -> C:\Windows\System32\wget.exe -> [2011/05/16 07:46:04 | 000,338,176 | ---- | C] () curl.exe -> C:\Windows\System32\curl.exe -> [2011/05/16 07:46:04 | 000,293,896 | ---- | C] () unrar.dll -> C:\Windows\System32\unrar.dll -> [2011/05/16 07:46:04 | 000,172,040 | ---- | C] () Win.Bak.Ini -> C:\Windows\Win.Bak.Ini -> [2011/05/16 07:45:56 | 000,002,141 | ---- | C] () Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/05/16 07:19:30 | 000,000,908 | ---- | C] () EE64.B7F -> C:\Users\Hegemon\AppData\Roaming\EE64.B7F -> [2011/05/14 12:23:18 | 000,009,177 | ---- | C] () Mozilla Firefox.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> [2011/05/10 05:21:31 | 000,000,860 | ---- | C] () rp_stats.dat -> C:\Windows\System32\rp_stats.dat -> [2011/05/08 10:07:30 | 000,000,064 | ---- | C] () rp_rules.dat -> C:\Windows\System32\rp_rules.dat -> [2011/05/08 10:07:30 | 000,000,044 | ---- | C] () lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2010/12/26 14:30:47 | 000,016,432 | ---- | C] () HPHins15.dat -> C:\Windows\HPHins15.dat -> [2010/05/12 09:45:50 | 000,121,318 | ---- | C] () hphmdl15.dat -> C:\Windows\hphmdl15.dat -> [2010/05/12 09:45:50 | 000,002,885 | ---- | C] () hpwscr14.dat -> C:\Windows\hpwscr14.dat -> [2010/01/04 12:43:49 | 000,012,858 | ---- | C] () hpwins14.dat -> C:\Windows\hpwins14.dat -> [2010/01/04 12:30:00 | 000,179,441 | ---- | C] () hpwmdl14.dat -> C:\Windows\hpwmdl14.dat -> [2010/01/04 12:30:00 | 000,001,108 | ---- | C] () cdplayer.ini -> C:\Windows\cdplayer.ini -> [2010/01/02 15:45:52 | 000,001,056 | ---- | C] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/12/16 22:51:22 | 000,008,192 | ---- | C] () SIntfNT.dll -> C:\Windows\System32\SIntfNT.dll -> [2009/12/08 20:05:57 | 000,021,840 | ---- | C] () SIntf32.dll -> C:\Windows\System32\SIntf32.dll -> [2009/12/08 20:05:57 | 000,017,212 | ---- | C] () SIntf16.dll -> C:\Windows\System32\SIntf16.dll -> [2009/12/08 20:05:57 | 000,012,067 | ---- | C] () StructuredQuerySchema.bin -> C:\Windows\System32\StructuredQuerySchema.bin -> [2009/12/05 10:26:36 | 000,107,612 | ---- | C] () EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/12/05 10:26:35 | 000,117,248 | ---- | C] () .zreglib -> C:\ProgramData\.zreglib -> [2009/12/04 20:16:26 | 000,000,040 | -HS- | C] () KGyGaAvL.sys -> C:\ProgramData\KGyGaAvL.sys -> [2009/11/17 00:16:58 | 000,000,952 | -HS- | C] () D1CEAE08F7.sys -> C:\ProgramData\D1CEAE08F7.sys -> [2009/11/17 00:16:58 | 000,000,088 | RHS- | C] () Incinerator.dll -> C:\Windows\System32\Incinerator.dll -> [2009/11/07 21:25:10 | 000,933,208 | ---- | C] () mfc45.dll -> C:\Windows\System32\mfc45.dll -> [2009/11/07 21:24:08 | 000,074,703 | ---- | C] () StructuredQuerySchemaTrivial.bin -> C:\Windows\System32\StructuredQuerySchemaTrivial.bin -> [2009/05/28 10:09:29 | 000,018,904 | ---- | C] () wklnhst.dat -> C:\Users\Hegemon\AppData\Roaming\wklnhst.dat -> [2009/05/11 11:06:12 | 000,000,000 | ---- | C] () hash.dat -> C:\ProgramData\hash.dat -> [2009/04/11 10:44:34 | 000,000,032 | R--- | C] () F20116 -> C:\Users\Hegemon\AppData\Roaming\F20116 -> [2009/03/15 18:57:23 | 000,000,004 | ---- | C] () mcs.rma -> C:\Users\Hegemon\AppData\Roaming\mcs.rma -> [2009/03/15 18:57:22 | 000,870,128 | ---- | C] () yukon.ini -> C:\Windows\yukon.ini -> [2008/10/03 21:47:14 | 000,000,446 | ---- | C] () iPlayer.INI -> C:\Windows\iPlayer.INI -> [2008/04/07 18:13:38 | 000,000,000 | ---- | C] () atksgt.sys -> C:\Windows\System32\drivers\atksgt.sys -> [2008/04/02 21:38:05 | 000,278,984 | ---- | C] () lirsgt.sys -> C:\Windows\System32\drivers\lirsgt.sys -> [2008/04/02 21:38:04 | 000,025,416 | ---- | C] () D1CEAE08F7.sys -> C:\Windows\System32\D1CEAE08F7.sys -> [2008/02/28 21:33:36 | 000,000,088 | RHS- | C] () KGyGaAvL.sys -> C:\Windows\System32\KGyGaAvL.sys -> [2008/02/28 21:33:35 | 000,000,952 | -HS- | C] () d3dx.dat -> C:\Windows\d3dx.dat -> [2007/11/16 21:13:29 | 000,004,096 | ---- | C] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Hegemon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2007/11/15 21:08:47 | 000,047,104 | ---- | C] () AVSDVDPlayer.m3u -> C:\Users\Hegemon\AppData\Roaming\AVSDVDPlayer.m3u -> [2007/08/28 19:38:21 | 000,000,000 | ---- | C] () xvidcore.dll -> C:\Windows\System32\xvidcore.dll -> [2007/08/28 19:30:47 | 000,524,288 | ---- | C] () xvidvfw.dll -> C:\Windows\System32\xvidvfw.dll -> [2007/08/28 19:30:47 | 000,139,264 | ---- | C] () SI.bin -> C:\Windows\System32\SI.bin -> [2007/08/25 21:41:11 | 000,000,001 | ---- | C] () nsreg.dat -> C:\Windows\nsreg.dat -> [2007/08/25 18:30:26 | 000,000,335 | ---- | C] () ODBCINST.INI -> C:\Windows\ODBCINST.INI -> [2007/08/13 23:28:07 | 000,000,209 | ---- | C] () WLAN.INI -> C:\Windows\System32\WLAN.INI -> [2007/08/13 20:37:57 | 000,000,859 | ---- | C] () hpqins13.dat -> C:\Windows\hpqins13.dat -> [2007/06/23 11:39:04 | 000,103,521 | ---- | C] () hcwxds.dll -> C:\Windows\System32\hcwxds.dll -> [2007/06/23 11:30:18 | 000,066,048 | ---- | C] () OsdRemove.exe -> C:\Windows\System32\OsdRemove.exe -> [2007/06/23 11:22:39 | 000,061,440 | ---- | C] () pythoncom24.dll -> C:\Windows\System32\pythoncom24.dll -> [2007/06/23 11:19:53 | 000,327,680 | ---- | C] () pywintypes24.dll -> C:\Windows\System32\pywintypes24.dll -> [2007/06/23 11:19:53 | 000,102,400 | ---- | C] () px.ini -> C:\Windows\System32\px.ini -> [2007/03/06 01:47:24 | 000,000,000 | ---- | C] () CddbPlaylist2Roxio.dll -> C:\Windows\System32\CddbPlaylist2Roxio.dll -> [2007/01/12 07:07:48 | 000,520,192 | ---- | C] () CddbFileTaggerRoxio.dll -> C:\Windows\System32\CddbFileTaggerRoxio.dll -> [2007/01/12 07:07:48 | 000,204,800 | ---- | C] () PSIService.exe -> C:\Windows\System32\PSIService.exe -> [2006/11/02 21:40:12 | 000,174,656 | ---- | C] () bootstat.dat -> C:\Windows\bootstat.dat -> [2006/11/02 05:57:28 | 000,067,584 | --S- | C] () FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2006/11/02 05:47:37 | 000,377,984 | ---- | C] () sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 05:35:32 | 000,005,632 | ---- | C] () perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2006/11/02 03:33:01 | 000,603,516 | ---- | C] () perfi009.dat -> C:\Windows\System32\perfi009.dat -> [2006/11/02 03:33:01 | 000,287,440 | ---- | C] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2006/11/02 03:33:01 | 000,103,586 | ---- | C] () perfd009.dat -> C:\Windows\System32\perfd009.dat -> [2006/11/02 03:33:01 | 000,030,674 | ---- | C] () dssec.dat -> C:\Windows\System32\dssec.dat -> [2006/11/02 03:23:21 | 000,215,943 | ---- | C] () mib.bin -> C:\Windows\mib.bin -> [2006/11/02 01:58:30 | 000,043,131 | ---- | C] () NOISE.DAT -> C:\Windows\System32\NOISE.DAT -> [2006/11/02 01:19:00 | 000,000,741 | ---- | C] () pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () mlang.dat -> C:\Windows\System32\mlang.dat -> [2006/11/02 00:25:31 | 000,673,088 | ---- | C] () secdrv.sys -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/01 23:37:21 | 000,011,376 | ---- | C] () cpuinf32.dll -> C:\Windows\System32\cpuinf32.dll -> [2006/06/23 10:09:34 | 000,019,968 | R--- | C] () EyeCand3.INI -> C:\Windows\EyeCand3.INI -> [2001/07/13 07:04:00 | 000,373,248 | ---- | C] () iyvu9_32.dll -> C:\Windows\System32\iyvu9_32.dll -> [1997/06/13 19:56:08 | 000,056,832 | ---- | C] () [File - Lop Check] 1morebee -> C:\Users\Hegemon\AppData\Roaming\1morebee -> [2010/03/11 23:53:59 | 000,000,000 | ---D | M] acccore -> C:\Users\Hegemon\AppData\Roaming\acccore -> [2011/03/22 19:27:11 | 000,000,000 | ---D | M] Anthropics -> C:\Users\Hegemon\AppData\Roaming\Anthropics -> [2010/06/09 21:59:02 | 000,000,000 | ---D | M] EleFun Games -> C:\Users\Hegemon\AppData\Roaming\EleFun Games -> [2010/02/14 23:18:53 | 000,000,000 | ---D | M] freshgames -> C:\Users\Hegemon\AppData\Roaming\freshgames -> [2010/06/18 09:16:33 | 000,000,000 | ---D | M] Gaijin Ent -> C:\Users\Hegemon\AppData\Roaming\Gaijin Ent -> [2008/10/12 20:11:06 | 000,000,000 | ---D | M] Gamelab -> C:\Users\Hegemon\AppData\Roaming\Gamelab -> [2010/04/29 16:26:42 | 000,000,000 | ---D | M] GetRightToGo -> C:\Users\Hegemon\AppData\Roaming\GetRightToGo -> [2010/06/02 09:50:42 | 000,000,000 | ---D | M] iolo -> C:\Users\Hegemon\AppData\Roaming\iolo -> [2009/11/07 21:24:03 | 000,000,000 | ---D | M] Leadertech -> C:\Users\Hegemon\AppData\Roaming\Leadertech -> [2009/08/18 21:11:50 | 000,000,000 | ---D | M] My Games -> C:\Users\Hegemon\AppData\Roaming\My Games -> [2010/12/28 14:19:38 | 000,000,000 | ---D | M] ooVoo Details -> C:\Users\Hegemon\AppData\Roaming\ooVoo Details -> [2009/04/19 00:25:18 | 000,000,000 | ---D | M] Opera -> C:\Users\Hegemon\AppData\Roaming\Opera -> [2008/01/06 18:54:24 | 000,000,000 | ---D | M] PlayFirst -> C:\Users\Hegemon\AppData\Roaming\PlayFirst -> [2011/01/13 00:25:54 | 000,000,000 | ---D | M] Pogo Games -> C:\Users\Hegemon\AppData\Roaming\Pogo Games -> [2010/12/12 22:37:07 | 000,000,000 | ---D | M] Snapfish -> C:\Users\Hegemon\AppData\Roaming\Snapfish -> [2007/12/30 18:09:27 | 000,000,000 | ---D | M] Template -> C:\Users\Hegemon\AppData\Roaming\Template -> [2009/05/11 11:06:13 | 000,000,000 | ---D | M] WinBatch -> C:\Users\Hegemon\AppData\Roaming\WinBatch -> [2010/09/07 08:19:55 | 000,000,000 | ---D | M] Ad-Aware Update (Weekly).job -> C:\Windows\Tasks\Ad-Aware Update (Weekly).job -> [2011/06/05 10:11:35 | 000,000,384 | ---- | M] () SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2011/06/04 16:26:13 | 000,032,550 | ---- | M] () [File - Purity Scan] [Custom Scans] < MD5 Scans Start> < %systemdrive%\VOLSNAP.INF /md5 /s > volsnap.inf : MD5=E5EE5E075DAB1367001C467C70E8C580 -> C:\Windows\inf\volsnap.inf -> [2006/11/02 03:25:18 | 000,001,790 | ---- | M] () volsnap.inf : MD5=E5EE5E075DAB1367001C467C70E8C580 -> C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.inf -> [2006/11/01 23:35:04 | 000,001,790 | ---- | M] () < %systemdrive%\VOLSNAP.INF_LOC /md5 /s > volsnap.inf_loc : MD5=F040058B592FE682204B2FC15DDEAC0D -> C:\Windows\System32\DriverStore\en-US\volsnap.inf_loc -> [2006/11/02 05:41:18 | 000,000,198 | ---- | M] () volsnap.inf_loc : MD5=F040058B592FE682204B2FC15DDEAC0D -> C:\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_112c68f98452eff6\volsnap.inf_loc -> [2006/11/02 05:41:18 | 000,000,198 | ---- | M] () < %systemdrive%\VOLSNAP.PNF /md5 /s > volsnap.PNF : MD5=9CAA187CCD63073AD6C2ABD5254B3E61 -> C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.PNF -> [2007/08/12 18:46:46 | 000,004,940 | ---- | M] () volsnap.PNF : MD5=AF3ECC6605451900858CBFCFD9434EBD -> C:\Windows\inf\volsnap.PNF -> [2007/08/12 18:46:46 | 000,004,940 | ---- | M] () < %systemdrive%\VOLSNAP.SYS /md5 /s > volsnap.sys : MD5=11EF6C1CAEF76B685233450A126125D6 -> C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys -> [2006/11/02 02:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) volsnap.sys : MD5=147281C01FCB1DF9252DE2A10D5E7093 -> C:\Windows\System32\drivers\volsnap.sys -> [2009/04/10 23:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) volsnap.sys : MD5=147281C01FCB1DF9252DE2A10D5E7093 -> C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys -> [2009/04/10 23:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) volsnap.sys : MD5=147281C01FCB1DF9252DE2A10D5E7093 -> C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys -> [2009/04/10 23:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) volsnap.sys : MD5=327639D2EC931B057F3826A51ADC73E9 -> C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys -> [2008/01/09 10:25:05 | 000,211,000 | ---- | M] (Microsoft Corporation) volsnap.sys : MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -> C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys -> [2008/01/09 10:25:05 | 000,211,000 | ---- | M] (Microsoft Corporation) volsnap.sys : MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -> C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys -> [2008/01/09 10:25:05 | 000,211,000 | ---- | M] (Microsoft Corporation) volsnap.sys : MD5=D8B4A53DD2769F226B3EB374374987C9 -> C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys -> [2008/01/19 00:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) volsnap.sys : MD5=D8B4A53DD2769F226B3EB374374987C9 -> C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys -> [2008/01/19 00:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) < %systemdrive%\VOLSNAP.SYS.MUI /md5 /s > volsnap.sys.mui : MD5=2A3DEAD70397152006B4E3CED20B41C4 -> C:\Windows\System32\drivers\en-US\volsnap.sys.mui -> [2008/01/19 00:36:32 | 000,032,768 | ---- | M] (Microsoft Corporation) volsnap.sys.mui : MD5=2A3DEAD70397152006B4E3CED20B41C4 -> C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7b264a38bff55d35\volsnap.sys.mui -> [2008/01/19 00:36:32 | 000,032,768 | ---- | M] (Microsoft Corporation) volsnap.sys.mui : MD5=F9B09F7E31E49004666C9B3EB0BEBD94 -> C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_78ef883cc30a4c61\volsnap.sys.mui -> [2006/11/02 05:41:23 | 000,014,848 | ---- | M] (Microsoft Corporation) < MD5 Scans End> [Alternate Data Streams] @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F798BF2E @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:42D29305 @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C4671424 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9C6A9B00 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:6371CFDB @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:BF5EAC0C @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:837546C7 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8F16601E @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DF0F61BB @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2BAAE818 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D6C31E03 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:26FE5B17 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5AEA68EE @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:AD7C3EFB @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFB5119F @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFD2D4A7 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E23D0CEC @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E4FBF8BD @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B12FF3F2 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9EE2AB9 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:30759574 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:C210B4D5 @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:68FB0053 @Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:12CF331A @Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:8F84BF39 @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:FB2DC8A5 @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:3D857D30 @Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:25EFDD27 @Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:CBCF563D @Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:261B2A7E < End of report >
Finished : << RKreport[1].txt >>
RKreport[1].txt
#19
Posted 05 June 2011 - 06:41 PM
photopony
- Topic Starter
-
- Member
-
- 19 posts
Member
No Normal Mode still, and there is no option for Last Good when I am in the boot screen.
#20
Posted 06 June 2011 - 03:26 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK this should get you back in now
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls] [Registry - Safe List] < RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce YN -> "GrpConv" -> C:\Windows\System32\grpconv.exe [grpconv -o] < File Associations - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>\ YN -> .exe [@ = exefile] -> "C:\Windows\system32\config\systemprofile\AppData\Local\rpf.exe" -a "%1" %* YN -> .exe [@ = exefile] -> "C:\Windows\system32\config\systemprofile\AppData\Local\rpf.exe" -a "%1" %* [Files/Folders - Created Within 30 Days] NY -> New Folder -> C:\Users\Hegemon\Desktop\New Folder [Empty Temp Folders] [EmptyFlash] [CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
#21
Posted 06 June 2011 - 10:48 AM
photopony
- Topic Starter
-
- Member
-
- 19 posts
Member
Okay so I ran the fix but it never gave me the ok option, it simply said that it needed to restart to fully delete the files. I tried to reboot in normal and it crashed just the same.
#22
Posted 06 June 2011 - 11:22 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Does the screen state anything when it crashes ?
Could you run OTS again please and paste the following in the scan box then press the scan button
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer /s
Could you run OTS again please and paste the following in the scan box then press the scan button
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer /s
#23
Posted 06 June 2011 - 07:55 PM
photopony
- Topic Starter
-
- Member
-
- 19 posts
Member
No it doesn't state anything at all, it starts to go to the normal startup login screen (like user login) and then just goes black and restarts. No blue screen of death or anything, then it restarts to the black boot screen that offers me Safe Mode, Safe Mode w/Networking, and Normal Mode but no Last good or anything like that.
Windows Security Center still wont start.
Here is the report you requested. If I havent already, thank you so much for your continued support and dedication to fixing my computer! I realllllly appreciate it!
Windows Security Center still wont start.
Here is the report you requested. If I havent already, thank you so much for your continued support and dedication to fixing my computer! I realllllly appreciate it!
OTS logfile created on: 6/6/2011 6:34:42 PM - Run 1 OTS by OldTimer - Version 3.1.43.0 Folder = C:\Users\Hegemon\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 363.71 Gb Total Space | 263.43 Gb Free Space | 72.43% Space Free | Partition Type: NTFS Drive D: | 8.90 Gb Total Space | 1.00 Gb Free Space | 11.25% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HEGEMON-PC Current User Name: Hegemon Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Users\Hegemon\Downloads\OTS.exe -> [2011/05/31 08:32:57 | 000,645,632 | ---- | M] (OldTimer Tools) aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2011/05/13 02:11:03 | 001,191,216 | ---- | M] (Lavasoft Limited) firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2011/05/10 05:20:45 | 000,924,632 | ---- | M] (Mozilla Corporation) awsc.exe -> C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe -> [2011/04/29 12:11:58 | 000,994,304 | ---- | M] () explorer.exe -> C:\Windows\explorer.exe -> [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) [Modules - Safe List] ots.exe -> C:\Users\Hegemon\Downloads\OTS.exe -> [2011/05/31 08:32:57 | 000,645,632 | ---- | M] (OldTimer Tools) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll -> [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (getPlusHelper) getPlusHelper [Unknown | Stopped] -> -> File not found (Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) (avast! Antivirus) avast! Antivirus [Auto | Stopped] -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) (AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Stopped] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2011/04/27 03:32:55 | 000,136,360 | ---- | M] (Avira GmbH) (AntiVirService) Avira AntiVir Guard [Auto | Stopped] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) (FontCache) Windows Font Cache Service [Auto | Stopped] -> C:\Windows\System32\FntCache.dll -> [2011/02/22 06:33:09 | 000,797,696 | ---- | M] (Microsoft Corporation) (FreeAgentGoNext Service) Seagate Service [Disabled | Stopped] -> C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -> [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) (ioloSystemService) iolo System Service [Disabled | Stopped] -> C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -> [2009/02/06 18:16:54 | 000,712,048 | ---- | M] () (ioloFileInfoList) iolo FileInfoList Service [Disabled | Stopped] -> C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -> [2009/02/06 18:16:54 | 000,712,048 | ---- | M] () (NMSAccessU) NMSAccessU [Auto | Stopped] -> C:\Program Files\CDBurnerXP\NMSAccessU.exe -> [2007/10/12 09:34:56 | 000,071,096 | ---- | M] () (PSI_SVC_2) Protexis Licensing V2 [Disabled | Stopped] -> C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) (ProtexisLicensing) ProtexisLicensing [Auto | Stopped] -> C:\Windows\System32\PSIService.exe -> [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () (AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [Disabled | Stopped] -> C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () (Remote UI Service) Intel(R) Remoting Service [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -> [2006/09/11 16:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation) (MCLServiceATL) Intel(R) Application Tracker [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -> [2006/09/11 16:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation) (ISSM) Intel(R) Software Services Manager [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -> [2006/09/11 15:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation) (AlertService) Intel(R) Alert Service [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -> [2006/09/11 15:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation) (DQLWinService) DQLWinService [Disabled | Stopped] -> C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -> [2006/09/03 10:32:28 | 000,208,896 | ---- | M] () (M1 Server) Intel(R) Viiv(TM) Media Server [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -> [2006/08/31 23:47:56 | 000,026,624 | ---- | M] () (IntelDHSvcConf) Intel DH Service [Auto | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -> [2006/05/10 09:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation) [Driver Services - Safe List] (MBAMSwissArmy) MBAMSwissArmy [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) (aswSnx) aswSnx [File_System | System | Stopped] -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) (aswSP) aswSP [Kernel | System | Stopped] -> C:\Windows\System32\drivers\aswSP.sys -> [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) (aswTdi) avast! Network Shield Support [Kernel | System | Stopped] -> C:\Windows\System32\drivers\aswTdi.sys -> [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) (aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\System32\drivers\aswRdr.sys -> [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) (aswMonFlt) aswMonFlt [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2011/05/10 04:59:44 | 000,053,592 | ---- | M] (AVAST Software) (aswFsBlk) aswFsBlk [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) (Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\Lbd.sys -> [2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) (avipbb) avipbb [Kernel | System | Stopped] -> C:\Windows\System32\drivers\avipbb.sys -> [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) (avgntflt) avgntflt [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\avgntflt.sys -> [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) (ssmdrv) ssmdrv [Kernel | System | Stopped] -> C:\Windows\System32\drivers\ssmdrv.sys -> [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) (SAVRKBootTasks) Boot Tasks Driver [Kernel | System | Running] -> C:\Windows\System32\SAVRKBootTasks.sys -> [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) (SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (SASDIFSV) SASDIFSV [Kernel | System | Stopped] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (avgio) avgio [Kernel | System | Stopped] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) (ElRawDisk) ElRawDisk [Kernel | System | Stopped] -> C:\Windows\System32\drivers\elrawdsk.sys -> [2008/12/09 15:26:50 | 000,020,392 | ---- | M] (EldoS Corporation) (HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\HSXHWBS2.sys -> [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) (HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\HSX_DP.sys -> [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) (atksgt) atksgt [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\atksgt.sys -> [2008/04/02 21:38:05 | 000,278,984 | ---- | M] () (lirsgt) lirsgt [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\lirsgt.sys -> [2008/04/02 21:38:04 | 000,025,416 | ---- | M] () (XAudio) XAudio [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\XAudio.sys -> [2007/10/18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) (nvlddmkm) nvlddmkm [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2007/08/27 17:59:00 | 007,574,976 | ---- | M] (NVIDIA Corporation) (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\e1e6032.sys -> [2007/04/13 06:22:56 | 000,228,224 | ---- | M] (Intel Corporation) (HCW85BDA) Hauppauge WinTV 885 Video Capture [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\HCW85BDA.sys -> [2007/04/09 13:45:08 | 000,959,104 | ---- | M] (Hauppauge Computer Works) (VSTHWBS2) VSTHWBS2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\VSTBS23.SYS -> [2006/11/02 00:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) (MRVW245) Linksys Wireless-N USB Network Adapter WUSB300N [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\MRVW245.sys -> [2006/09/28 09:57:04 | 000,489,216 | ---- | M] (Marvell Semiconductor, Inc) (Ps2) Ps2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\PS2.sys -> [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\: Main\\"Start Page" -> http://www.facebook.com/ -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\: Main\\"StartPageCache" -> -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Users\Hegemon\AppData\Roaming\Mozilla\FireFox\Profiles\rw2r8886.default\prefs.js -> browser.startup.homepage -> "http://www.facebook.com/" -> extensions.enabledItems -> [email protected]:1.0.0.1 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 -> extensions.enabledItems -> {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 -> extensions.enabledItems -> [email protected]:1.85.20100407 -> < FireFox Settings [User.js] > -> C:\Users\Hegemon\AppData\Roaming\Mozilla\FireFox\Profiles\rw2r8886.default\user.js -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15} -> C:\USERS\HEGEMON\APPDATA\LOCAL\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15} -> HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\AVAST Software\Avast\WebRep\FF [C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF] -> [2011/05/17 10:06:59 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/05/10 05:21:18 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2011/05/15 19:34:49 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Extensions -> [2008/09/14 20:32:04 | 000,000,000 | ---D | M] -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M] Microsoft .NET Framework Assistant -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/07/04 20:11:05 | 000,000,000 | ---D | M] Zynga Community Toolbar -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} -> [2011/05/23 22:54:56 | 000,000,000 | ---D | M] -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected] -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M] -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected] -> [2010/05/31 09:39:04 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Program Files\Mozilla Firefox\extensions -> [2011/05/02 22:27:55 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/06/11 15:56:48 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/12/01 09:51:09 | 000,000,000 | ---D | M] Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} -> [2011/01/24 10:34:44 | 000,000,000 | ---D | M] No name found -> -> File not found avast! WebRep -> C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF -> [2011/05/17 10:06:59 | 000,000,000 | ---D | M] IE Tab + -> C:\USERS\HEGEMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RW2R8886.DEFAULT\EXTENSIONS\[email protected] -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M] Ancestry.com Advanced Image Viewer -> C:\USERS\HEGEMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RW2R8886.DEFAULT\EXTENSIONS\[email protected] -> [2010/05/31 09:39:04 | 000,000,000 | ---D | M] < FireFox Plugins [Program Folders] > -> npImgCtl.dll -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected]\plugins\npImgCtl.dll -> [2009/01/07 13:46:34 | 000,200,704 | ---- | M] (Ancestry.com) < HOSTS File > ([2011/06/05 10:05:23 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\System32\drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2011/01/21 13:43:07 | 000,061,888 | ---- | M] (Adobe Systems Incorporated) {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/05/10 05:10:54 | 000,819,840 | ---- | M] (AVAST Software) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/05/10 05:10:54 | 000,819,840 | ---- | M] (AVAST Software) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Adobe Photo Downloader" -> C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"] -> [2006/09/14 07:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated) "avast" -> C:\Program Files\AVAST Software\Avast\avastUI.exe ["C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui] -> [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software) "avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) "Malwarebytes' Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) "MaxMenuMgr" -> C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe ["C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"] -> [2009/05/01 14:35:10 | 000,185,640 | ---- | M] (Seagate LLC) "Symantec PIF AlertEng" -> ["C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"] -> File not found "Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2011/05/23 08:00:06 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) < Software Policy Settings [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"HideSCAHealth" -> [1] -> File not found \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"HideSCAHealth" -> [1] -> File not found \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/04/29 11:47:18 | 003,600,384 | ---- | M] (Google Inc.) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/04/29 11:47:18 | 003,600,384 | ---- | M] (Google Inc.) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/04/29 11:47:18 | 003,600,384 | ---- | M] (Google Inc.) E&xport to Microsoft Excel -> [res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> www_oovoo.com [https] -> Trusted sites -> rhap-app-4-0_real.com [https] -> Trusted sites -> rhapreg_real.com [https] -> Trusted sites -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\] > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {049A470D-F818-4E34-B14D-E4E237DADCF8} [HKLM] -> http://www.shockwave.com/content/fashiondash/sis/fashiondashweb.1.0.0.21.cab [CPlayFirstFashionDasControl Object] -> {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} [HKLM] -> http://www.shockwave.com/content/dairydash/sis/DairyDashWeb.1.0.0.12.cab [CPlayFirstDairyDashWControl Object] -> {0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] -> {21BB8360-F943-447E-98F3-3C22345375A7} [HKLM] -> http://www.shockwave.com/content/chocolatier/sis/ChocolatierWeb.1.0.0.13.cab [CPlayFirstChocolatierControl Object] -> {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} [HKLM] -> http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab [Photo Upload Plugin Class] -> {406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://www.costcophotocenter.com/CostcoActivia.cab [Snapfish Activia] -> {44990B00-3C9D-426D-81DF-AAB636FA4345} [HKLM] -> https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab [Symantec Configuration Class] -> {459E93B6-150E-45D5-8D4B-45C66FC035FE} [HKLM] -> http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx [Reg Error: Key error.] -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab [Reg Error: Key error.] -> {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [HKLM] -> http://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab [Image Uploader Control] -> {6F15128C-E66A-490C-B848-5000B5ABEEAC} [HKLM] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab [HP Download Manager] -> {74EF5274-F439-2168-B543-14745B625C72} [HKLM] -> http://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab [CPlayFirstWeddingDasControl Object] -> {8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Facebook Photo Uploader 5 Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} [HKLM] -> http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab [Photo Upload Plugin Class] -> {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} [HKLM] -> http://www.shockwave.com/content/burgershop/sis/EggoKitchen/GoBitGamesPlayer_v5.cab [GoBit Games Player] -> {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} [HKLM] -> http://www.shockwave.com/content/petshophop/sis/petshophopweb.1.0.0.17.cab [CPlayFirstPetShopHopControl Object] -> {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} [HKLM] -> http://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab [GameTap Web Updater] -> {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} [HKLM] -> http://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab [SproutLauncherCtrl Class] -> {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab [Facebook Photo Uploader 4] -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [HKLM] -> http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab [Reg Error: Key error.] -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> {E93E9DF0-3E59-4331-A269-F1E077C66F00} [HKLM] -> http://cnn-5.vo.llnwd.net/c1/static/client/browserplayer/gtplugin.cab [Reg Error: Key error.] -> {EFD1E13D-1CB3-4545-B754-CA410FE7734F} [HKLM] -> http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab? [Photo Upload Plugin Class] -> {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} [HKLM] -> http://www.shockwave.com/content/chocolatierdecadence/sis/Chocolatier3Web.1.0.0.6.cab [CPlayFirstChocolatieControl Object] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {57F6B19F-1831-46AA-BB54-2AC85578153C}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 (Linksys Wireless-N USB Network Adapter WUSB300N) -> {A08F0F5B-3FBA-4925-A9AB-426258AF9CB3}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 (Linksys Wireless-N USB Network Adapter WUSB300N) -> {AE2CABB7-2FEA-4E51-AD14-E22CD361C404}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 (Linksys Wireless-N USB Network Adapter WUSB300N) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -> [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\autoexec.bat [ NTFS ] -> [2007/06/23 11:46:47 | 000,000,074 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < Registry Shell Spawning - Select to Repair > -> HKEY_USERS\S-1-5-21-2498361419-362477064-2844661445-1001_Classes\<key>\shell\[command]\command -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>\ -> .exe [@ = exefile] -> "C:\Windows\system32\config\systemprofile\AppData\Local\rpf.exe" -a "%1" %* -> .exe [@ = exefile] -> "C:\Windows\system32\config\systemprofile\AppData\Local\rpf.exe" -a "%1" %* -> .com [@ = ComFile] -> Reg Error: Key error. -> File not found [Files/Folders - Created Within 30 Days] _OTS -> C:\_OTS -> [2011/06/06 09:23:07 | 000,000,000 | ---D | C] RK_Quarantine -> C:\Users\Hegemon\Desktop\RK_Quarantine -> [2011/06/05 17:16:32 | 000,000,000 | ---D | C] Kaspersky Lab -> C:\ProgramData\Kaspersky Lab -> [2011/06/05 10:22:29 | 000,000,000 | ---D | C] 6002082.sys -> C:\Windows\System32\drivers\6002082.sys -> [2011/06/05 10:21:59 | 000,311,312 | ---- | C] (Kaspersky Lab) 60020821.sys -> C:\Windows\System32\drivers\60020821.sys -> [2011/06/05 10:21:59 | 000,128,016 | ---- | C] (Kaspersky Lab) 60020822.sys -> C:\Windows\System32\drivers\60020822.sys -> [2011/06/05 10:21:59 | 000,037,392 | ---- | C] (Kaspersky Lab) Virus Removal Tool -> C:\Users\Hegemon\Desktop\Virus Removal Tool -> [2011/06/05 10:21:59 | 000,000,000 | ---D | C] temp -> C:\Windows\temp -> [2011/06/05 10:06:31 | 000,000,000 | ---D | C] temp -> C:\Users\Hegemon\AppData\Local\temp -> [2011/06/05 10:06:30 | 000,000,000 | ---D | C] $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2011/06/05 10:06:08 | 000,000,000 | -HSD | C] SWREG.exe -> C:\Windows\SWREG.exe -> [2011/06/05 09:53:48 | 000,518,144 | ---- | C] (SteelWerX) SWSC.exe -> C:\Windows\SWSC.exe -> [2011/06/05 09:53:48 | 000,406,528 | ---- | C] (SteelWerX) NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2011/06/05 09:53:48 | 000,060,416 | ---- | C] (NirSoft) ERDNT -> C:\Windows\ERDNT -> [2011/06/05 09:51:53 | 000,000,000 | ---D | C] Qoobox -> C:\Qoobox -> [2011/06/05 06:47:26 | 000,000,000 | ---D | C] _OTL -> C:\_OTL -> [2011/06/03 23:00:57 | 000,000,000 | ---D | C] SAVRKBootTasks.sys -> C:\Windows\System32\SAVRKBootTasks.sys -> [2011/05/31 19:35:39 | 000,018,816 | ---- | C] (Sophos Plc) Sophos -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos -> [2011/05/31 11:00:41 | 000,000,000 | ---D | C] Sophos -> C:\Program Files\Sophos -> [2011/05/31 11:00:39 | 000,000,000 | ---D | C] WindowsSearch -> C:\ProgramData\WindowsSearch -> [2011/05/28 08:48:19 | 000,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\Users\Hegemon\AppData\Roaming\SUPERAntiSpyware.com -> [2011/05/28 06:46:51 | 000,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2011/05/28 06:46:51 | 000,000,000 | ---D | C] SUPERAntiSpyware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware -> [2011/05/28 06:46:16 | 000,000,000 | ---D | C] SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2011/05/28 06:46:13 | 000,000,000 | ---D | C] Lbd.sys -> C:\Windows\System32\drivers\Lbd.sys -> [2011/05/26 18:55:14 | 000,064,512 | ---- | C] (Lavasoft AB) Lavasoft -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft -> [2011/05/26 18:55:09 | 000,000,000 | ---D | C] Lavasoft -> C:\Program Files\Lavasoft -> [2011/05/26 18:55:09 | 000,000,000 | ---D | C] NEWORLEANS -> C:\Users\Hegemon\Desktop\NEWORLEANS -> [2011/05/19 22:59:36 | 000,000,000 | ---D | C] CONEXANT -> C:\Program Files\CONEXANT -> [2011/05/17 11:59:33 | 000,000,000 | ---D | C] FlashPlayerCPLApp.cpl -> C:\Windows\System32\FlashPlayerCPLApp.cpl -> [2011/05/17 11:36:54 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) avast! Free Antivirus -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus -> [2011/05/17 10:07:26 | 000,000,000 | ---D | C] aswSnx.sys -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/05/17 10:07:24 | 000,441,176 | ---- | C] (AVAST Software) avastSS.scr -> C:\Windows\avastSS.scr -> [2011/05/17 10:06:50 | 000,040,112 | ---- | C] (AVAST Software) AVAST Software -> C:\Program Files\AVAST Software -> [2011/05/17 10:06:31 | 000,000,000 | ---D | C] AVAST Software -> C:\ProgramData\AVAST Software -> [2011/05/17 10:05:58 | 000,000,000 | ---D | C] OEM Links -> C:\ProgramData\OEM Links -> [2011/05/16 07:46:33 | 000,000,000 | ---D | C] MicroWorld -> C:\ProgramData\MicroWorld -> [2011/05/16 07:46:32 | 000,000,000 | ---D | C] killproc.exe -> C:\Windows\killproc.exe -> [2011/05/16 07:46:27 | 000,145,928 | ---- | C] (MicroWorld Technologies Inc.) contf64.dll -> C:\Windows\System32\contf64.dll -> [2011/05/16 07:46:06 | 002,161,672 | ---- | C] (MicroWorld Technologies Inc.) contfilt.dll -> C:\Windows\System32\contfilt.dll -> [2011/05/16 07:46:06 | 001,792,520 | ---- | C] (MicroWorld Technologies Inc.) mwnsp64.dll -> C:\Windows\System32\mwnsp64.dll -> [2011/05/16 07:46:06 | 000,221,704 | ---- | C] (MicroWorld Technologies Inc.) mwnsp.dll -> C:\Windows\System32\mwnsp.dll -> [2011/05/16 07:46:06 | 000,186,888 | ---- | C] (MicroWorld Technologies Inc.) mwtsp64.dll -> C:\Windows\System32\mwtsp64.dll -> [2011/05/16 07:46:05 | 000,687,624 | ---- | C] (MicroWorld Technologies Inc.) mwtsp.dll -> C:\Windows\System32\mwtsp.dll -> [2011/05/16 07:46:05 | 000,580,104 | ---- | C] (MicroWorld Technologies Inc.) inst_tspx.exe -> C:\Windows\inst_tspx.exe -> [2011/05/16 07:46:05 | 000,249,352 | ---- | C] (MicroWorld Technologies Inc.) inst_tsp.exe -> C:\Windows\inst_tsp.exe -> [2011/05/16 07:46:05 | 000,174,600 | ---- | C] (MicroWorld Technologies Inc.) ZIPDLL.DLL -> C:\Windows\System32\ZIPDLL.DLL -> [2011/05/16 07:46:05 | 000,137,224 | ---- | C] (MWTI) UNZDLL.DLL -> C:\Windows\System32\UNZDLL.DLL -> [2011/05/16 07:46:05 | 000,132,104 | ---- | C] (MWTI) sporder.dll -> C:\Windows\System32\sporder.dll -> [2011/05/16 07:46:05 | 000,013,840 | ---- | C] (Microsoft Corporation) sporder.dll -> C:\Windows\sporder.dll -> [2011/05/16 07:46:05 | 000,013,840 | ---- | C] (Microsoft Corporation) sporder.exe -> C:\Windows\sporder.exe -> [2011/05/16 07:46:05 | 000,013,056 | ---- | C] (Microsoft Corporation) MicroWorld -> C:\Program Files\Common Files\MicroWorld -> [2011/05/16 07:46:03 | 000,000,000 | ---D | C] eScan -> C:\Program Files\eScan -> [2011/05/16 07:46:03 | 000,000,000 | ---D | C] iwn2k3ek.exe -> C:\Users\Hegemon\Desktop\iwn2k3ek.exe -> [2011/05/16 07:45:44 | 149,100,720 | ---- | C] (MicroWorld Technologies Inc. ) Malwarebytes -> C:\Users\Hegemon\AppData\Roaming\Malwarebytes -> [2011/05/16 07:19:37 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/16 07:19:30 | 000,039,984 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/05/16 07:19:30 | 000,000,000 | ---D | C] Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/05/16 07:19:29 | 000,000,000 | ---D | C] mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/05/16 07:19:27 | 000,022,712 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2011/05/16 07:19:27 | 000,000,000 | ---D | C] CCleaner.exe -> C:\Users\Hegemon\Desktop\CCleaner.exe -> [2011/05/15 16:12:09 | 001,578,736 | ---- | C] (Piriform Ltd) Lang -> C:\Users\Hegemon\Desktop\Lang -> [2011/05/15 16:11:59 | 000,000,000 | ---D | C] juxguhhj.sys -> C:\Windows\System32\drivers\juxguhhj.sys -> [2011/05/15 03:24:01 | 000,041,680 | ---- | C] (Microsoft Corporation) Avira -> C:\Users\Hegemon\AppData\Roaming\Avira -> [2011/05/14 12:29:04 | 000,000,000 | ---D | C] [Files/Folders - Modified Within 30 Days] perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2011/06/06 18:25:06 | 000,603,516 | ---- | M] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2011/06/06 18:25:06 | 000,103,586 | ---- | M] () Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2011/06/06 18:22:15 | 000,000,384 | ---- | M] () rp_stats.dat -> C:\Windows\System32\rp_stats.dat -> [2011/06/06 18:22:10 | 000,000,064 | ---- | M] () rp_rules.dat -> C:\Windows\System32\rp_rules.dat -> [2011/06/06 18:22:10 | 000,000,044 | ---- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2011/06/06 18:20:51 | 000,067,584 | --S- | M] () temppf.sys -> C:\Windows\System32\temppf.sys -> [2011/06/06 18:20:41 | 268,435,456 | -HS- | M] () avptool_sysinfo.zip - Shortcut.lnk -> C:\Users\Hegemon\Desktop\avptool_sysinfo.zip - Shortcut.lnk -> [2011/06/05 13:11:18 | 000,000,925 | ---- | M] () setup_9.0.0.722_05.06.2011_20-46.lnk -> C:\Users\Hegemon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_05.06.2011_20-46.lnk -> [2011/06/05 10:22:29 | 000,002,169 | ---- | M] () OTS.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\OTS.exe - Shortcut.lnk -> [2011/06/05 10:14:41 | 000,000,517 | ---- | M] () hosts -> C:\Windows\System32\drivers\etc\hosts -> [2011/06/05 10:05:23 | 000,000,027 | ---- | M] () ComboFix.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\ComboFix.exe - Shortcut.lnk -> [2011/06/05 09:54:10 | 000,000,548 | ---- | M] () MBR.dat -> C:\Users\Hegemon\Desktop\MBR.dat -> [2011/06/04 18:04:05 | 000,000,512 | ---- | M] () aswMBR.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\aswMBR.exe - Shortcut.lnk -> [2011/06/04 18:02:03 | 000,000,536 | ---- | M] () MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/06/04 17:42:35 | 195,192,043 | ---- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/04 17:15:27 | 000,003,568 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/04 17:15:27 | 000,003,568 | -H-- | M] () mcs.rma -> C:\Users\Hegemon\AppData\Roaming\mcs.rma -> [2011/06/02 11:32:06 | 000,870,128 | ---- | M] () F20116 -> C:\Users\Hegemon\AppData\Roaming\F20116 -> [2011/06/02 11:32:06 | 000,000,004 | ---- | M] () thug.jpg -> C:\Users\Hegemon\Desktop\thug.jpg -> [2011/05/31 20:57:50 | 000,783,393 | ---- | M] () SPIKE.jpg -> C:\Users\Hegemon\Desktop\SPIKE.jpg -> [2011/05/31 20:50:13 | 001,295,450 | ---- | M] () ntuser.pol -> C:\ProgramData\ntuser.pol -> [2011/05/29 10:12:43 | 000,000,258 | RHS- | M] () mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2011/05/28 06:46:16 | 000,001,802 | ---- | M] () Windows Media Player.lnk -> C:\Users\Hegemon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> [2011/05/28 05:01:13 | 000,000,940 | ---- | M] () lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2011/05/26 18:57:26 | 000,016,432 | ---- | M] () Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2011/05/26 18:55:15 | 000,000,939 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Hegemon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/05/22 17:57:27 | 000,047,104 | ---- | M] () FlashPlayerCPLApp.cpl -> C:\Windows\System32\FlashPlayerCPLApp.cpl -> [2011/05/17 11:36:54 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2011/05/17 10:07:26 | 000,001,831 | ---- | M] () config.nt -> C:\Windows\System32\config.nt -> [2011/05/17 10:07:23 | 000,002,577 | ---- | M] () d3d9caps.dat -> C:\Users\Hegemon\AppData\Local\d3d9caps.dat -> [2011/05/17 09:57:32 | 000,000,680 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/05/16 22:15:22 | 000,000,908 | ---- | M] () Win.Bak.Ini -> C:\Windows\Win.Bak.Ini -> [2011/05/16 07:50:00 | 000,002,141 | ---- | M] () winsbak2.reg -> C:\Windows\winsbak2.reg -> [2011/05/16 07:46:49 | 000,194,492 | ---- | M] () winsbak.reg -> C:\Windows\winsbak.reg -> [2011/05/16 07:46:49 | 000,023,946 | ---- | M] () iwn2k3ek.exe -> C:\Users\Hegemon\Desktop\iwn2k3ek.exe -> [2011/05/16 07:08:06 | 149,100,720 | ---- | M] (MicroWorld Technologies Inc. ) EE64.B7F -> C:\Users\Hegemon\AppData\Roaming\EE64.B7F -> [2011/05/15 20:21:19 | 000,009,177 | ---- | M] () ODBCINST.INI -> C:\Windows\ODBCINST.INI -> [2011/05/15 19:29:30 | 000,000,209 | ---- | M] () juxguhhj.sys -> C:\Windows\System32\drivers\juxguhhj.sys -> [2011/05/15 03:24:02 | 000,041,680 | ---- | M] (Microsoft Corporation) FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2011/05/11 20:26:13 | 000,377,984 | ---- | M] () avastSS.scr -> C:\Windows\avastSS.scr -> [2011/05/10 05:10:59 | 000,040,112 | ---- | M] (AVAST Software) aswBoot.exe -> C:\Windows\System32\aswBoot.exe -> [2011/05/10 05:10:55 | 000,199,304 | ---- | M] (AVAST Software) aswSnx.sys -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) aswSP.sys -> C:\Windows\System32\drivers\aswSP.sys -> [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) aswTdi.sys -> C:\Windows\System32\drivers\aswTdi.sys -> [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) aswRdr.sys -> C:\Windows\System32\drivers\aswRdr.sys -> [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) aswMonFlt.sys -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2011/05/10 04:59:44 | 000,053,592 | ---- | M] (AVAST Software) aswFsBlk.sys -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) [Files - No Company Name] avptool_sysinfo.zip - Shortcut.lnk -> C:\Users\Hegemon\Desktop\avptool_sysinfo.zip - Shortcut.lnk -> [2011/06/05 13:11:18 | 000,000,925 | ---- | C] () setup_9.0.0.722_05.06.2011_20-46.lnk -> C:\Users\Hegemon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_05.06.2011_20-46.lnk -> [2011/06/05 10:22:29 | 000,002,169 | ---- | C] () OTS.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\OTS.exe - Shortcut.lnk -> [2011/06/05 10:14:41 | 000,000,517 | ---- | C] () ComboFix.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\ComboFix.exe - Shortcut.lnk -> [2011/06/05 09:54:10 | 000,000,548 | ---- | C] () PEV.exe -> C:\Windows\PEV.exe -> [2011/06/05 09:53:48 | 000,256,512 | ---- | C] () MBR.exe -> C:\Windows\MBR.exe -> [2011/06/05 09:53:48 | 000,208,896 | ---- | C] () sed.exe -> C:\Windows\sed.exe -> [2011/06/05 09:53:48 | 000,098,816 | ---- | C] () grep.exe -> C:\Windows\grep.exe -> [2011/06/05 09:53:48 | 000,080,412 | ---- | C] () zip.exe -> C:\Windows\zip.exe -> [2011/06/05 09:53:48 | 000,068,096 | ---- | C] () aswMBR.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\aswMBR.exe - Shortcut.lnk -> [2011/06/04 18:02:03 | 000,000,536 | ---- | C] () temppf.sys -> C:\Windows\System32\temppf.sys -> [2011/06/04 17:59:06 | 268,435,456 | -HS- | C] () MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/06/04 17:42:35 | 195,192,043 | ---- | C] () MBR.dat -> C:\Users\Hegemon\Desktop\MBR.dat -> [2011/06/03 23:18:04 | 000,000,512 | ---- | C] () Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2011/06/02 08:39:51 | 000,000,384 | ---- | C] () thug.jpg -> C:\Users\Hegemon\Desktop\thug.jpg -> [2011/05/31 20:57:50 | 000,783,393 | ---- | C] () SPIKE.jpg -> C:\Users\Hegemon\Desktop\SPIKE.jpg -> [2011/05/31 20:50:12 | 001,295,450 | ---- | C] () ntuser.pol -> C:\ProgramData\ntuser.pol -> [2011/05/29 10:12:43 | 000,000,258 | RHS- | C] () SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2011/05/28 06:46:16 | 000,001,802 | ---- | C] () Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2011/05/26 18:55:15 | 000,000,939 | ---- | C] () avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2011/05/17 10:07:26 | 000,001,831 | ---- | C] () d3d9caps.dat -> C:\Users\Hegemon\AppData\Local\d3d9caps.dat -> [2011/05/17 09:57:32 | 000,000,680 | ---- | C] () winsbak2.reg -> C:\Windows\winsbak2.reg -> [2011/05/16 07:46:49 | 000,194,492 | ---- | C] () winsbak.reg -> C:\Windows\winsbak.reg -> [2011/05/16 07:46:49 | 000,023,946 | ---- | C] () wget.exe -> C:\Windows\System32\wget.exe -> [2011/05/16 07:46:04 | 000,338,176 | ---- | C] () curl.exe -> C:\Windows\System32\curl.exe -> [2011/05/16 07:46:04 | 000,293,896 | ---- | C] () unrar.dll -> C:\Windows\System32\unrar.dll -> [2011/05/16 07:46:04 | 000,172,040 | ---- | C] () Win.Bak.Ini -> C:\Windows\Win.Bak.Ini -> [2011/05/16 07:45:56 | 000,002,141 | ---- | C] () Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/05/16 07:19:30 | 000,000,908 | ---- | C] () EE64.B7F -> C:\Users\Hegemon\AppData\Roaming\EE64.B7F -> [2011/05/14 12:23:18 | 000,009,177 | ---- | C] () Mozilla Firefox.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> [2011/05/10 05:21:31 | 000,000,860 | ---- | C] () rp_stats.dat -> C:\Windows\System32\rp_stats.dat -> [2011/05/08 10:07:30 | 000,000,064 | ---- | C] () rp_rules.dat -> C:\Windows\System32\rp_rules.dat -> [2011/05/08 10:07:30 | 000,000,044 | ---- | C] () lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2010/12/26 14:30:47 | 000,016,432 | ---- | C] () HPHins15.dat -> C:\Windows\HPHins15.dat -> [2010/05/12 09:45:50 | 000,121,318 | ---- | C] () hphmdl15.dat -> C:\Windows\hphmdl15.dat -> [2010/05/12 09:45:50 | 000,002,885 | ---- | C] () hpwscr14.dat -> C:\Windows\hpwscr14.dat -> [2010/01/04 12:43:49 | 000,012,858 | ---- | C] () hpwins14.dat -> C:\Windows\hpwins14.dat -> [2010/01/04 12:30:00 | 000,179,441 | ---- | C] () hpwmdl14.dat -> C:\Windows\hpwmdl14.dat -> [2010/01/04 12:30:00 | 000,001,108 | ---- | C] () cdplayer.ini -> C:\Windows\cdplayer.ini -> [2010/01/02 15:45:52 | 000,001,056 | ---- | C] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/12/16 22:51:22 | 000,008,192 | ---- | C] () SIntfNT.dll -> C:\Windows\System32\SIntfNT.dll -> [2009/12/08 20:05:57 | 000,021,840 | ---- | C] () SIntf32.dll -> C:\Windows\System32\SIntf32.dll -> [2009/12/08 20:05:57 | 000,017,212 | ---- | C] () SIntf16.dll -> C:\Windows\System32\SIntf16.dll -> [2009/12/08 20:05:57 | 000,012,067 | ---- | C] () StructuredQuerySchema.bin -> C:\Windows\System32\StructuredQuerySchema.bin -> [2009/12/05 10:26:36 | 000,107,612 | ---- | C] () EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/12/05 10:26:35 | 000,117,248 | ---- | C] () .zreglib -> C:\ProgramData\.zreglib -> [2009/12/04 20:16:26 | 000,000,040 | -HS- | C] () KGyGaAvL.sys -> C:\ProgramData\KGyGaAvL.sys -> [2009/11/17 00:16:58 | 000,000,952 | -HS- | C] () D1CEAE08F7.sys -> C:\ProgramData\D1CEAE08F7.sys -> [2009/11/17 00:16:58 | 000,000,088 | RHS- | C] () Incinerator.dll -> C:\Windows\System32\Incinerator.dll -> [2009/11/07 21:25:10 | 000,933,208 | ---- | C] () mfc45.dll -> C:\Windows\System32\mfc45.dll -> [2009/11/07 21:24:08 | 000,074,703 | ---- | C] () StructuredQuerySchemaTrivial.bin -> C:\Windows\System32\StructuredQuerySchemaTrivial.bin -> [2009/05/28 10:09:29 | 000,018,904 | ---- | C] () wklnhst.dat -> C:\Users\Hegemon\AppData\Roaming\wklnhst.dat -> [2009/05/11 11:06:12 | 000,000,000 | ---- | C] () hash.dat -> C:\ProgramData\hash.dat -> [2009/04/11 10:44:34 | 000,000,032 | R--- | C] () F20116 -> C:\Users\Hegemon\AppData\Roaming\F20116 -> [2009/03/15 18:57:23 | 000,000,004 | ---- | C] () mcs.rma -> C:\Users\Hegemon\AppData\Roaming\mcs.rma -> [2009/03/15 18:57:22 | 000,870,128 | ---- | C] () yukon.ini -> C:\Windows\yukon.ini -> [2008/10/03 21:47:14 | 000,000,446 | ---- | C] () iPlayer.INI -> C:\Windows\iPlayer.INI -> [2008/04/07 18:13:38 | 000,000,000 | ---- | C] () atksgt.sys -> C:\Windows\System32\drivers\atksgt.sys -> [2008/04/02 21:38:05 | 000,278,984 | ---- | C] () lirsgt.sys -> C:\Windows\System32\drivers\lirsgt.sys -> [2008/04/02 21:38:04 | 000,025,416 | ---- | C] () D1CEAE08F7.sys -> C:\Windows\System32\D1CEAE08F7.sys -> [2008/02/28 21:33:36 | 000,000,088 | RHS- | C] () KGyGaAvL.sys -> C:\Windows\System32\KGyGaAvL.sys -> [2008/02/28 21:33:35 | 000,000,952 | -HS- | C] () d3dx.dat -> C:\Windows\d3dx.dat -> [2007/11/16 21:13:29 | 000,004,096 | ---- | C] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Hegemon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2007/11/15 21:08:47 | 000,047,104 | ---- | C] () AVSDVDPlayer.m3u -> C:\Users\Hegemon\AppData\Roaming\AVSDVDPlayer.m3u -> [2007/08/28 19:38:21 | 000,000,000 | ---- | C] () xvidcore.dll -> C:\Windows\System32\xvidcore.dll -> [2007/08/28 19:30:47 | 000,524,288 | ---- | C] () xvidvfw.dll -> C:\Windows\System32\xvidvfw.dll -> [2007/08/28 19:30:47 | 000,139,264 | ---- | C] () SI.bin -> C:\Windows\System32\SI.bin -> [2007/08/25 21:41:11 | 000,000,001 | ---- | C] () nsreg.dat -> C:\Windows\nsreg.dat -> [2007/08/25 18:30:26 | 000,000,335 | ---- | C] () ODBCINST.INI -> C:\Windows\ODBCINST.INI -> [2007/08/13 23:28:07 | 000,000,209 | ---- | C] () WLAN.INI -> C:\Windows\System32\WLAN.INI -> [2007/08/13 20:37:57 | 000,000,859 | ---- | C] () hpqins13.dat -> C:\Windows\hpqins13.dat -> [2007/06/23 11:39:04 | 000,103,521 | ---- | C] () hcwxds.dll -> C:\Windows\System32\hcwxds.dll -> [2007/06/23 11:30:18 | 000,066,048 | ---- | C] () OsdRemove.exe -> C:\Windows\System32\OsdRemove.exe -> [2007/06/23 11:22:39 | 000,061,440 | ---- | C] () pythoncom24.dll -> C:\Windows\System32\pythoncom24.dll -> [2007/06/23 11:19:53 | 000,327,680 | ---- | C] () pywintypes24.dll -> C:\Windows\System32\pywintypes24.dll -> [2007/06/23 11:19:53 | 000,102,400 | ---- | C] () px.ini -> C:\Windows\System32\px.ini -> [2007/03/06 01:47:24 | 000,000,000 | ---- | C] () CddbPlaylist2Roxio.dll -> C:\Windows\System32\CddbPlaylist2Roxio.dll -> [2007/01/12 07:07:48 | 000,520,192 | ---- | C] () CddbFileTaggerRoxio.dll -> C:\Windows\System32\CddbFileTaggerRoxio.dll -> [2007/01/12 07:07:48 | 000,204,800 | ---- | C] () PSIService.exe -> C:\Windows\System32\PSIService.exe -> [2006/11/02 21:40:12 | 000,174,656 | ---- | C] () bootstat.dat -> C:\Windows\bootstat.dat -> [2006/11/02 05:57:28 | 000,067,584 | --S- | C] () FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2006/11/02 05:47:37 | 000,377,984 | ---- | C] () sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 05:35:32 | 000,005,632 | ---- | C] () perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2006/11/02 03:33:01 | 000,603,516 | ---- | C] () perfi009.dat -> C:\Windows\System32\perfi009.dat -> [2006/11/02 03:33:01 | 000,287,440 | ---- | C] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2006/11/02 03:33:01 | 000,103,586 | ---- | C] () perfd009.dat -> C:\Windows\System32\perfd009.dat -> [2006/11/02 03:33:01 | 000,030,674 | ---- | C] () dssec.dat -> C:\Windows\System32\dssec.dat -> [2006/11/02 03:23:21 | 000,215,943 | ---- | C] () mib.bin -> C:\Windows\mib.bin -> [2006/11/02 01:58:30 | 000,043,131 | ---- | C] () NOISE.DAT -> C:\Windows\System32\NOISE.DAT -> [2006/11/02 01:19:00 | 000,000,741 | ---- | C] () pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () mlang.dat -> C:\Windows\System32\mlang.dat -> [2006/11/02 00:25:31 | 000,673,088 | ---- | C] () secdrv.sys -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/01 23:37:21 | 000,011,376 | ---- | C] () cpuinf32.dll -> C:\Windows\System32\cpuinf32.dll -> [2006/06/23 10:09:34 | 000,019,968 | R--- | C] () EyeCand3.INI -> C:\Windows\EyeCand3.INI -> [2001/07/13 07:04:00 | 000,373,248 | ---- | C] () iyvu9_32.dll -> C:\Windows\System32\iyvu9_32.dll -> [1997/06/13 19:56:08 | 000,056,832 | ---- | C] () [Custom Scans] < HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer /s > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"BindDirectlyToPropertySetStorage" -> [0] -> File not found \\"NoDriveTypeAutoRun" -> [145] -> File not found [Alternate Data Streams] @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F798BF2E @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:42D29305 @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C4671424 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9C6A9B00 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:6371CFDB @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:BF5EAC0C @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:837546C7 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8F16601E @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DF0F61BB @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2BAAE818 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D6C31E03 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:26FE5B17 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5AEA68EE @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:AD7C3EFB @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFB5119F @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFD2D4A7 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E23D0CEC @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E4FBF8BD @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B12FF3F2 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9EE2AB9 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:30759574 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:C210B4D5 @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:68FB0053 @Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:12CF331A @Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:8F84BF39 @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:FB2DC8A5 @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:3D857D30 @Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:25EFDD27 @Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:CBCF563D @Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:261B2A7E < End of report >
#24
Posted 07 June 2011 - 06:46 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
! It is not a problem as I dislike malwareIf I havent already, thank you so much for your continued support and dedication to fixing my computer! I realllllly appreciate it
If I havent already, thank you so much for your continued support and dedication to fixing my computer! I realllllly appreciate it!
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls] [Registry - Safe List] < File Associations - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>\ YN -> .exe [@ = exefile] -> "C:\Windows\system32\config\systemprofile\AppData\Local\rpf.exe" -a "%1" %* YN -> .exe [@ = exefile] -> "C:\Windows\system32\config\systemprofile\AppData\Local\rpf.exe" -a "%1" %* [Files/Folders - Created Within 30 Days] NY -> juxguhhj.sys -> C:\Windows\System32\drivers\juxguhhj.sys [Files/Folders - Modified Within 30 Days] NY -> juxguhhj.sys -> C:\Windows\System32\drivers\juxguhhj.sys [Custom Items] :Files C:\Windows\system32\config\systemprofile\AppData\Local\rpf.exe :end [Empty Temp Folders] [EmptyFlash] [CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
#25
Posted 07 June 2011 - 11:18 AM
photopony
- Topic Starter
-
- Member
-
- 19 posts
Member
So, I ran the fix like you said, and it never gave me the "Okay" screen you were talking about, it just says that it needs to restart to finish removing the files.
It won't restart in normal mode still
(((
It won't restart in normal mode still
(((
#26
Posted 07 June 2011 - 11:24 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
When you are at the safe mode menu is there an option called repair my computer ?
If not we will install the recovery console and see if we can use that to repair it
If not we will install the recovery console and see if we can use that to repair it
#27
Posted 07 June 2011 - 12:33 PM
photopony
- Topic Starter
-
- Member
-
- 19 posts
Member
There is no option in the safe mode menu to repair
#28
Posted 07 June 2011 - 12:38 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
In that case lets make one shall we 
Once this has run once it will permanently be on your system..
Download the recovery console ISO from Here
Also download Imgburn from here and install
Once Imgburn is installed double click the ISO to burn to disc
Allow it to do its thing and then try a reboot to normal windows
If this fails we will go for a clean boot
Once this has run once it will permanently be on your system.. Download the recovery console ISO from Here
Also download Imgburn from here and install
Once Imgburn is installed double click the ISO to burn to disc
- Insert the disc reboot your computer and select start from the cd
- Select Repair your computer.
- Select the operating system you want to repair, and then click Next.
- Select Startup repair
Allow it to do its thing and then try a reboot to normal windows
If this fails we will go for a clean boot
#29
Posted 10 June 2011 - 12:02 PM
photopony
- Topic Starter
-
- Member
-
- 19 posts
Member
I am still trying to get the CDROM to work to burn the files Sorry it is taking so long!
Sorry it is taking so long!
#30
Posted 10 June 2011 - 12:26 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Time is not a problem for me - 'Onest
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
