Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Overkill and Being Killed By Rootkits


  • This topic is locked This topic is locked

#31
photopony

photopony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Okay! So I got it to the boot screen that has all the options, apparently when it restarts it doesnt give you the full boot screen so you had to catch it before it started restarting itself every couple of minutes.

1. Tried to run Last Good, crashed at login screen as usual.
2. Tried to load last backup (AGES AND AGES AGO) crashed at normal login.
3. Tried to repair computer, crashed at login screen.
4. Tried to check for memory errors. Crashed at login screen :)

Im I just going to have to wipe it? I haven't found my boot discs yet. :unsure:|
  • 0

Advertisements


#32
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you game to keep trying ?

Run OTS again and this time I will look at another file required for boot

Paste the following into the custon scan box and run a quick scan

/md5start
shell32.*
/md5stop

  • 0

#33
photopony

photopony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Okay running OTS. Still in safemode with networking. Can you recommend a better operating system if I do have to wipe? I thought Windows 7 was free???

OTS logfile created on: 6/12/2011 11:51:45 AM - Run 1
OTS by OldTimer - Version 3.1.43.0     Folder = C:\Users\Hegemon\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.71 Gb Total Space | 263.35 Gb Free Space | 72.41% Space Free | Partition Type: NTFS
Drive D: | 8.90 Gb Total Space | 1.00 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HEGEMON-PC
Current User Name: Hegemon
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Quick Scan
 
[Processes - Safe List]
ots.exe -> C:\Users\Hegemon\Downloads\OTS.exe -> [2011/05/31 08:32:57 | 000,645,632 | ---- | M] (OldTimer Tools)
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited)
aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2011/05/13 02:11:03 | 001,191,216 | ---- | M] (Lavasoft Limited)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2011/05/10 05:20:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
awsc.exe -> C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe -> [2011/04/29 12:11:58 | 000,994,304 | ---- | M] ()
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
 
[Modules - Safe List]
ots.exe -> C:\Users\Hegemon\Downloads\OTS.exe -> [2011/05/31 08:32:57 | 000,645,632 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll -> [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(XAudioService) XAudioService [Disabled | Stopped] ->  -> File not found
(getPlusHelper) getPlusHelper [Unknown | Stopped] ->  -> File not found
(AntiVirService) Avira AntiVir Guard [Auto | Stopped] ->  -> File not found
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Stopped] ->  -> File not found
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited)
(avast! Antivirus) avast! Antivirus [Auto | Stopped] -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software)
(FontCache) Windows Font Cache Service [Auto | Stopped] -> C:\Windows\System32\FntCache.dll -> [2011/02/22 06:33:09 | 000,797,696 | ---- | M] (Microsoft Corporation)
(FreeAgentGoNext Service) Seagate Service [Disabled | Stopped] -> C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -> [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC)
(ioloSystemService) iolo System Service [Disabled | Stopped] -> C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -> [2009/02/06 18:16:54 | 000,712,048 | ---- | M] ()
(ioloFileInfoList) iolo FileInfoList Service [Disabled | Stopped] -> C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -> [2009/02/06 18:16:54 | 000,712,048 | ---- | M] ()
(NMSAccessU) NMSAccessU [Auto | Stopped] -> C:\Program Files\CDBurnerXP\NMSAccessU.exe -> [2007/10/12 09:34:56 | 000,071,096 | ---- | M] ()
(PSI_SVC_2) Protexis Licensing V2 [Disabled | Stopped] -> C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.)
(ProtexisLicensing) ProtexisLicensing [Auto | Stopped] -> C:\Windows\System32\PSIService.exe -> [2006/11/02 21:40:12 | 000,174,656 | ---- | M] ()
(AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [Disabled | Stopped] -> C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [2006/09/14 07:56:06 | 000,102,400 | ---- | M] ()
(Remote UI Service) Intel(R) Remoting Service [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -> [2006/09/11 16:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation)
(MCLServiceATL) Intel(R) Application Tracker [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -> [2006/09/11 16:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation)
(ISSM) Intel(R) Software Services Manager [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -> [2006/09/11 15:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation)
(AlertService) Intel(R) Alert Service [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -> [2006/09/11 15:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation)
(DQLWinService) DQLWinService [Disabled | Stopped] -> C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -> [2006/09/03 10:32:28 | 000,208,896 | ---- | M] ()
(M1 Server) Intel(R) Viiv(TM) Media Server [On_Demand | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -> [2006/08/31 23:47:56 | 000,026,624 | ---- | M] ()
(IntelDHSvcConf) Intel DH Service [Auto | Stopped] -> C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -> [2006/05/10 09:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation)
 
[Driver Services - Safe List]
(MBAMSwissArmy) MBAMSwissArmy [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation)
(aswSnx) aswSnx [File_System | System | Stopped] -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software)
(aswSP) aswSP [Kernel | System | Stopped] -> C:\Windows\System32\drivers\aswSP.sys -> [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software)
(aswTdi) avast! Network Shield Support [Kernel | System | Stopped] -> C:\Windows\System32\drivers\aswTdi.sys -> [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software)
(aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\System32\drivers\aswRdr.sys -> [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software)
(aswMonFlt) aswMonFlt [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2011/05/10 04:59:44 | 000,053,592 | ---- | M] (AVAST Software)
(aswFsBlk) aswFsBlk [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software)
(Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\Lbd.sys -> [2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB)
(ElRawDisk) ElRawDisk [Kernel | System | Stopped] -> C:\Windows\System32\drivers\elrawdsk.sys -> [2008/12/09 15:26:50 | 000,020,392 | ---- | M] (EldoS Corporation)
(atksgt) atksgt [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\atksgt.sys -> [2008/04/02 21:38:05 | 000,278,984 | ---- | M] ()
(lirsgt) lirsgt [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\lirsgt.sys -> [2008/04/02 21:38:04 | 000,025,416 | ---- | M] ()
(nvlddmkm) nvlddmkm [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2007/08/27 17:59:00 | 007,574,976 | ---- | M] (NVIDIA Corporation)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\e1e6032.sys -> [2007/04/13 06:22:56 | 000,228,224 | ---- | M] (Intel Corporation)
(HCW85BDA) Hauppauge WinTV 885 Video Capture [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\HCW85BDA.sys -> [2007/04/09 13:45:08 | 000,959,104 | ---- | M] (Hauppauge Computer Works)
(VSTHWBS2) VSTHWBS2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\VSTBS23.SYS -> [2006/11/02 00:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.)
(MRVW245) Linksys Wireless-N USB Network Adapter WUSB300N [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\MRVW245.sys -> [2006/09/28 09:57:04 | 000,489,216 | ---- | M] (Marvell Semiconductor, Inc)
(Ps2) Ps2 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\PS2.sys -> [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.facebook.com/ -> 
HKEY_CURRENT_USER\: Main\\"StartPageCache" ->  -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Hegemon\AppData\Roaming\Mozilla\FireFox\Profiles\rw2r8886.default\prefs.js -> 
browser.startup.homepage -> "http://www.facebook.com/" ->
extensions.enabledItems -> [email protected]:1.0.0.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->
extensions.enabledItems -> {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 ->
extensions.enabledItems -> [email protected]:1.85.20100407 ->
< FireFox Settings [User.js] > -> C:\Users\Hegemon\AppData\Roaming\Mozilla\FireFox\Profiles\rw2r8886.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15} -> C:\USERS\HEGEMON\APPDATA\LOCAL\{6FE89A81-12F9-4AC2-BEB8-009C4405ED15} -> 
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\AVAST Software\Avast\WebRep\FF [C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF] -> [2011/05/17 10:06:59 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/05/10 05:21:18 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2011/05/15 19:34:49 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Extensions -> [2008/09/14 20:32:04 | 000,000,000 | ---D | M]
  -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/07/04 20:11:05 | 000,000,000 | ---D | M]
Zynga Community Toolbar   -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} -> [2011/05/23 22:54:56 | 000,000,000 | ---D | M]
  -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected] -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M]
  -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected] -> [2010/05/31 09:39:04 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2011/05/02 22:27:55 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/06/11 15:56:48 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/12/01 09:51:09 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} -> [2011/01/24 10:34:44 | 000,000,000 | ---D | M]
No name found ->  -> File not found
avast! WebRep -> C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF -> [2011/05/17 10:06:59 | 000,000,000 | ---D | M]
IE Tab + -> C:\USERS\HEGEMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RW2R8886.DEFAULT\EXTENSIONS\[email protected] -> [2011/06/03 23:07:14 | 000,000,000 | ---D | M]
Ancestry.com Advanced Image Viewer -> C:\USERS\HEGEMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RW2R8886.DEFAULT\EXTENSIONS\[email protected] -> [2010/05/31 09:39:04 | 000,000,000 | ---D | M]
< FireFox Plugins [Program Folders] > -> 
 npImgCtl.dll -> C:\Users\Hegemon\AppData\Roaming\Mozilla\Firefox\Profiles\rw2r8886.default\extensions\[email protected]\plugins\npImgCtl.dll -> [2009/01/07 13:46:34 | 000,200,704 | ---- | M] (Ancestry.com)
< HOSTS File > ([2011/06/05 10:05:23 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\System32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2011/01/21 13:43:07 | 000,061,888 | ---- | M] (Adobe Systems Incorporated)
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/05/10 05:10:54 | 000,819,840 | ---- | M] (AVAST Software)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/05/10 05:10:54 | 000,819,840 | ---- | M] (AVAST Software)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Photo Downloader" -> C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"] -> [2006/09/14 07:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated)
"avast" -> C:\Program Files\AVAST Software\Avast\avastUI.exe ["C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui] -> [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software)
"avgnt" ->  ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> File not found
"Malwarebytes' Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation)
"MaxMenuMgr" -> C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe ["C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"] -> [2009/05/01 14:35:10 | 000,185,640 | ---- | M] (Seagate LLC)
"Symantec PIF AlertEng" ->  ["C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"] -> File not found
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation)
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/04/29 11:47:18 | 003,600,384 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel ->  [res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
www_oovoo.com [https] -> Trusted sites -> 
rhap-app-4-0_real.com [https] -> Trusted sites -> 
rhapreg_real.com [https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{049A470D-F818-4E34-B14D-E4E237DADCF8} [HKLM] -> http://www.shockwave.com/content/fashiondash/sis/fashiondashweb.1.0.0.21.cab [CPlayFirstFashionDasControl Object] -> 
{055B4212-4C81-448E-AFA9-C3CA4AAE8F95} [HKLM] -> http://www.shockwave.com/content/dairydash/sis/DairyDashWeb.1.0.0.12.cab [CPlayFirstDairyDashWControl Object] -> 
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] -> 
{21BB8360-F943-447E-98F3-3C22345375A7} [HKLM] -> http://www.shockwave.com/content/chocolatier/sis/ChocolatierWeb.1.0.0.13.cab [CPlayFirstChocolatierControl Object] -> 
{26B2A5DA-BFD6-422F-A89A-28A54C74B12B} [HKLM] -> http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab [Photo Upload Plugin Class] -> 
{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://www.costcophotocenter.com/CostcoActivia.cab [Snapfish Activia] -> 
{44990B00-3C9D-426D-81DF-AAB636FA4345} [HKLM] -> https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab [Symantec Configuration Class] -> 
{459E93B6-150E-45D5-8D4B-45C66FC035FE} [HKLM] -> http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx [Reg Error: Key error.] -> 
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab [Reg Error: Key error.] -> 
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [HKLM] -> http://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab [Image Uploader Control] -> 
{6F15128C-E66A-490C-B848-5000B5ABEEAC} [HKLM] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab [HP Download Manager] -> 
{74EF5274-F439-2168-B543-14745B625C72} [HKLM] -> http://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab [CPlayFirstWeddingDasControl Object] -> 
{8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Facebook Photo Uploader 5 Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> 
{A1662FB6-39BE-41BB-ACDC-0448FB1B5817} [HKLM] -> http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab [Photo Upload Plugin Class] -> 
{B516CA4E-A5BA-405C-AFCF-A97F08CC7429} [HKLM] -> http://www.shockwave.com/content/burgershop/sis/EggoKitchen/GoBitGamesPlayer_v5.cab [GoBit Games Player] -> 
{C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} [HKLM] -> http://www.shockwave.com/content/petshophop/sis/petshophopweb.1.0.0.17.cab [CPlayFirstPetShopHopControl Object] -> 
{C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} [HKLM] -> http://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab [GameTap Web Updater] -> 
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> 
{D54160C3-DB7B-4534-9B65-190EE4A9C7F7} [HKLM] -> http://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab [SproutLauncherCtrl Class] -> 
{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab [Facebook Photo Uploader 4] -> 
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [HKLM] -> http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab [Reg Error: Key error.] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
{E93E9DF0-3E59-4331-A269-F1E077C66F00} [HKLM] -> http://cnn-5.vo.llnwd.net/c1/static/client/browserplayer/gtplugin.cab [Reg Error: Key error.] -> 
{EFD1E13D-1CB3-4545-B754-CA410FE7734F} [HKLM] -> http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab? [Photo Upload Plugin Class] -> 
{FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} [HKLM] -> http://www.shockwave.com/content/chocolatierdecadence/sis/Chocolatier3Web.1.0.0.6.cab [CPlayFirstChocolatieControl Object] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{57F6B19F-1831-46AA-BB54-2AC85578153C}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12   (Linksys Wireless-N USB Network Adapter WUSB300N) -> 
{A08F0F5B-3FBA-4925-A9AB-426258AF9CB3}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12   (Linksys Wireless-N USB Network Adapter WUSB300N) -> 
{AE2CABB7-2FEA-4E51-AD14-E22CD361C404}\\DhcpNameServer -> 68.105.28.11 68.105.29.11 68.105.28.12   (Linksys Wireless-N USB Network Adapter WUSB300N) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" ->  [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\autoexec.bat [ NTFS ] -> [2007/06/23 11:46:47 | 000,000,074 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<key>\shell\[command]\command -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> Reg Error: Key error. -> File not found
 
 
[Files/Folders - Created Within 30 Days]
 _OTS -> C:\_OTS -> [2011/06/06 09:23:07 | 000,000,000 | ---D | C]
 RK_Quarantine -> C:\Users\Hegemon\Desktop\RK_Quarantine -> [2011/06/05 17:16:32 | 000,000,000 | ---D | C]
 Kaspersky Lab -> C:\ProgramData\Kaspersky Lab -> [2011/06/05 10:22:29 | 000,000,000 | ---D | C]
 6002082.sys -> C:\Windows\System32\drivers\6002082.sys -> [2011/06/05 10:21:59 | 000,311,312 | ---- | C] (Kaspersky Lab)
 60020821.sys -> C:\Windows\System32\drivers\60020821.sys -> [2011/06/05 10:21:59 | 000,128,016 | ---- | C] (Kaspersky Lab)
 60020822.sys -> C:\Windows\System32\drivers\60020822.sys -> [2011/06/05 10:21:59 | 000,037,392 | ---- | C] (Kaspersky Lab)
 Virus Removal Tool -> C:\Users\Hegemon\Desktop\Virus Removal Tool -> [2011/06/05 10:21:59 | 000,000,000 | ---D | C]
 temp -> C:\Windows\temp -> [2011/06/05 10:06:31 | 000,000,000 | ---D | C]
 temp -> C:\Users\Hegemon\AppData\Local\temp -> [2011/06/05 10:06:30 | 000,000,000 | ---D | C]
 $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2011/06/05 10:06:08 | 000,000,000 | -HSD | C]
 SWREG.exe -> C:\Windows\SWREG.exe -> [2011/06/05 09:53:48 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\Windows\SWSC.exe -> [2011/06/05 09:53:48 | 000,406,528 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2011/06/05 09:53:48 | 000,060,416 | ---- | C] (NirSoft)
 ERDNT -> C:\Windows\ERDNT -> [2011/06/05 09:51:53 | 000,000,000 | ---D | C]
 Qoobox -> C:\Qoobox -> [2011/06/05 06:47:26 | 000,000,000 | ---D | C]
 _OTL -> C:\_OTL -> [2011/06/03 23:00:57 | 000,000,000 | ---D | C]
 Sophos -> C:\Program Files\Sophos -> [2011/05/31 11:00:39 | 000,000,000 | ---D | C]
 380CANON -> C:\Users\Hegemon\Desktop\380CANON -> [2011/05/30 12:06:20 | 000,000,000 | ---D | C]
 379CANON -> C:\Users\Hegemon\Desktop\379CANON -> [2011/05/30 11:30:24 | 000,000,000 | ---D | C]
 WindowsSearch -> C:\ProgramData\WindowsSearch -> [2011/05/28 08:48:19 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2011/05/28 06:46:51 | 000,000,000 | ---D | C]
 Lbd.sys -> C:\Windows\System32\drivers\Lbd.sys -> [2011/05/26 18:55:14 | 000,064,512 | ---- | C] (Lavasoft AB)
 Lavasoft -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft -> [2011/05/26 18:55:09 | 000,000,000 | ---D | C]
 Lavasoft -> C:\Program Files\Lavasoft -> [2011/05/26 18:55:09 | 000,000,000 | ---D | C]
 avast! Free Antivirus -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus -> [2011/05/17 10:07:26 | 000,000,000 | ---D | C]
 aswSnx.sys -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/05/17 10:07:24 | 000,441,176 | ---- | C] (AVAST Software)
 avastSS.scr -> C:\Windows\avastSS.scr -> [2011/05/17 10:06:50 | 000,040,112 | ---- | C] (AVAST Software)
 AVAST Software -> C:\Program Files\AVAST Software -> [2011/05/17 10:06:31 | 000,000,000 | ---D | C]
 AVAST Software -> C:\ProgramData\AVAST Software -> [2011/05/17 10:05:58 | 000,000,000 | ---D | C]
 OEM Links -> C:\ProgramData\OEM Links -> [2011/05/16 07:46:33 | 000,000,000 | ---D | C]
 MicroWorld -> C:\ProgramData\MicroWorld -> [2011/05/16 07:46:32 | 000,000,000 | ---D | C]
 killproc.exe -> C:\Windows\killproc.exe -> [2011/05/16 07:46:27 | 000,145,928 | ---- | C] (MicroWorld Technologies Inc.)
 contf64.dll -> C:\Windows\System32\contf64.dll -> [2011/05/16 07:46:06 | 002,161,672 | ---- | C] (MicroWorld Technologies Inc.)
 contfilt.dll -> C:\Windows\System32\contfilt.dll -> [2011/05/16 07:46:06 | 001,792,520 | ---- | C] (MicroWorld Technologies Inc.)
 mwnsp64.dll -> C:\Windows\System32\mwnsp64.dll -> [2011/05/16 07:46:06 | 000,221,704 | ---- | C] (MicroWorld Technologies Inc.)
 mwnsp.dll -> C:\Windows\System32\mwnsp.dll -> [2011/05/16 07:46:06 | 000,186,888 | ---- | C] (MicroWorld Technologies Inc.)
 mwtsp64.dll -> C:\Windows\System32\mwtsp64.dll -> [2011/05/16 07:46:05 | 000,687,624 | ---- | C] (MicroWorld Technologies Inc.)
 mwtsp.dll -> C:\Windows\System32\mwtsp.dll -> [2011/05/16 07:46:05 | 000,580,104 | ---- | C] (MicroWorld Technologies Inc.)
 inst_tspx.exe -> C:\Windows\inst_tspx.exe -> [2011/05/16 07:46:05 | 000,249,352 | ---- | C] (MicroWorld Technologies Inc.)
 inst_tsp.exe -> C:\Windows\inst_tsp.exe -> [2011/05/16 07:46:05 | 000,174,600 | ---- | C] (MicroWorld Technologies Inc.)
 ZIPDLL.DLL -> C:\Windows\System32\ZIPDLL.DLL -> [2011/05/16 07:46:05 | 000,137,224 | ---- | C] (MWTI)
 UNZDLL.DLL -> C:\Windows\System32\UNZDLL.DLL -> [2011/05/16 07:46:05 | 000,132,104 | ---- | C] (MWTI)
 MicroWorld -> C:\Program Files\Common Files\MicroWorld -> [2011/05/16 07:46:03 | 000,000,000 | ---D | C]
 eScan -> C:\Program Files\eScan -> [2011/05/16 07:46:03 | 000,000,000 | ---D | C]
 iwn2k3ek.exe -> C:\Users\Hegemon\Desktop\iwn2k3ek.exe -> [2011/05/16 07:45:44 | 149,100,720 | ---- | C] (MicroWorld Technologies Inc.                                )
 Malwarebytes -> C:\Users\Hegemon\AppData\Roaming\Malwarebytes -> [2011/05/16 07:19:37 | 000,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/16 07:19:30 | 000,039,984 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/05/16 07:19:30 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/05/16 07:19:29 | 000,000,000 | ---D | C]
 mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/05/16 07:19:27 | 000,022,712 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2011/05/16 07:19:27 | 000,000,000 | ---D | C]
 CCleaner.exe -> C:\Users\Hegemon\Desktop\CCleaner.exe -> [2011/05/15 16:12:09 | 001,578,736 | ---- | C] (Piriform Ltd)
 
[Files/Folders - Modified Within 30 Days]
 perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2011/06/12 02:15:15 | 000,603,516 | ---- | M] ()
 perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2011/06/12 02:15:15 | 000,103,586 | ---- | M] ()
 Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2011/06/12 02:13:00 | 000,000,384 | ---- | M] ()
 rp_stats.dat -> C:\Windows\System32\rp_stats.dat -> [2011/06/12 02:12:53 | 000,000,064 | ---- | M] ()
 rp_rules.dat -> C:\Windows\System32\rp_rules.dat -> [2011/06/12 02:12:53 | 000,000,044 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2011/06/12 02:10:52 | 000,067,584 | --S- | M] ()
 temppf.sys -> C:\Windows\System32\temppf.sys -> [2011/06/12 02:10:42 | 268,435,456 | -HS- | M] ()
 d3d9caps.dat -> C:\Users\Hegemon\AppData\Local\d3d9caps.dat -> [2011/06/09 03:00:28 | 000,000,680 | ---- | M] ()
 setup_9.0.0.722_05.06.2011_20-46.lnk -> C:\Users\Hegemon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_05.06.2011_20-46.lnk -> [2011/06/05 10:22:29 | 000,002,169 | ---- | M] ()
 OTS.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\OTS.exe - Shortcut.lnk -> [2011/06/05 10:14:41 | 000,000,517 | ---- | M] ()
 hosts -> C:\Windows\System32\drivers\etc\hosts -> [2011/06/05 10:05:23 | 000,000,027 | ---- | M] ()
 ComboFix.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\ComboFix.exe - Shortcut.lnk -> [2011/06/05 09:54:10 | 000,000,548 | ---- | M] ()
 MBR.dat -> C:\Users\Hegemon\Desktop\MBR.dat -> [2011/06/04 18:04:05 | 000,000,512 | ---- | M] ()
 aswMBR.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\aswMBR.exe - Shortcut.lnk -> [2011/06/04 18:02:03 | 000,000,536 | ---- | M] ()
 MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/06/04 17:42:35 | 195,192,043 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/04 17:15:27 | 000,003,568 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/04 17:15:27 | 000,003,568 | -H-- | M] ()
 mcs.rma -> C:\Users\Hegemon\AppData\Roaming\mcs.rma -> [2011/06/02 11:32:06 | 000,870,128 | ---- | M] ()
 F20116 -> C:\Users\Hegemon\AppData\Roaming\F20116 -> [2011/06/02 11:32:06 | 000,000,004 | ---- | M] ()
 thug.jpg -> C:\Users\Hegemon\Desktop\thug.jpg -> [2011/05/31 20:57:50 | 000,783,393 | ---- | M] ()
 SPIKE.jpg -> C:\Users\Hegemon\Desktop\SPIKE.jpg -> [2011/05/31 20:50:13 | 001,295,450 | ---- | M] ()
 ntuser.pol -> C:\ProgramData\ntuser.pol -> [2011/05/29 10:12:43 | 000,000,258 | RHS- | M] ()
 mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation)
 Windows Media Player.lnk -> C:\Users\Hegemon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> [2011/05/28 05:01:13 | 000,000,940 | ---- | M] ()
 lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2011/05/26 18:57:26 | 000,016,432 | ---- | M] ()
 Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2011/05/26 18:55:15 | 000,000,939 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Hegemon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/05/22 17:57:27 | 000,047,104 | ---- | M] ()
 avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2011/05/17 10:07:26 | 000,001,831 | ---- | M] ()
 config.nt -> C:\Windows\System32\config.nt -> [2011/05/17 10:07:23 | 000,002,577 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/05/16 22:15:22 | 000,000,908 | ---- | M] ()
 Win.Bak.Ini -> C:\Windows\Win.Bak.Ini -> [2011/05/16 07:50:00 | 000,002,141 | ---- | M] ()
 winsbak2.reg -> C:\Windows\winsbak2.reg -> [2011/05/16 07:46:49 | 000,194,492 | ---- | M] ()
 winsbak.reg -> C:\Windows\winsbak.reg -> [2011/05/16 07:46:49 | 000,023,946 | ---- | M] ()
 iwn2k3ek.exe -> C:\Users\Hegemon\Desktop\iwn2k3ek.exe -> [2011/05/16 07:08:06 | 149,100,720 | ---- | M] (MicroWorld Technologies Inc.                                )
 EE64.B7F -> C:\Users\Hegemon\AppData\Roaming\EE64.B7F -> [2011/05/15 20:21:19 | 000,009,177 | ---- | M] ()
 ODBCINST.INI -> C:\Windows\ODBCINST.INI -> [2011/05/15 19:29:30 | 000,000,209 | ---- | M] ()
 2 C:\Users\Hegemon\AppData\Local\temp\*.tmp files -> C:\Users\Hegemon\AppData\Local\temp\*.tmp -> 
 
[Files - No Company Name]
 setup_9.0.0.722_05.06.2011_20-46.lnk -> C:\Users\Hegemon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_05.06.2011_20-46.lnk -> [2011/06/05 10:22:29 | 000,002,169 | ---- | C] ()
 OTS.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\OTS.exe - Shortcut.lnk -> [2011/06/05 10:14:41 | 000,000,517 | ---- | C] ()
 ComboFix.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\ComboFix.exe - Shortcut.lnk -> [2011/06/05 09:54:10 | 000,000,548 | ---- | C] ()
 PEV.exe -> C:\Windows\PEV.exe -> [2011/06/05 09:53:48 | 000,256,512 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2011/06/05 09:53:48 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2011/06/05 09:53:48 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2011/06/05 09:53:48 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2011/06/05 09:53:48 | 000,068,096 | ---- | C] ()
 aswMBR.exe - Shortcut.lnk -> C:\Users\Hegemon\Desktop\aswMBR.exe - Shortcut.lnk -> [2011/06/04 18:02:03 | 000,000,536 | ---- | C] ()
 temppf.sys -> C:\Windows\System32\temppf.sys -> [2011/06/04 17:59:06 | 268,435,456 | -HS- | C] ()
 MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/06/04 17:42:35 | 195,192,043 | ---- | C] ()
 MBR.dat -> C:\Users\Hegemon\Desktop\MBR.dat -> [2011/06/03 23:18:04 | 000,000,512 | ---- | C] ()
 Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2011/06/02 08:39:51 | 000,000,384 | ---- | C] ()
 thug.jpg -> C:\Users\Hegemon\Desktop\thug.jpg -> [2011/05/31 20:57:50 | 000,783,393 | ---- | C] ()
 SPIKE.jpg -> C:\Users\Hegemon\Desktop\SPIKE.jpg -> [2011/05/31 20:50:12 | 001,295,450 | ---- | C] ()
 ntuser.pol -> C:\ProgramData\ntuser.pol -> [2011/05/29 10:12:43 | 000,000,258 | RHS- | C] ()
 Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2011/05/26 18:55:15 | 000,000,939 | ---- | C] ()
 avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2011/05/17 10:07:26 | 000,001,831 | ---- | C] ()
 d3d9caps.dat -> C:\Users\Hegemon\AppData\Local\d3d9caps.dat -> [2011/05/17 09:57:32 | 000,000,680 | ---- | C] ()
 winsbak2.reg -> C:\Windows\winsbak2.reg -> [2011/05/16 07:46:49 | 000,194,492 | ---- | C] ()
 winsbak.reg -> C:\Windows\winsbak.reg -> [2011/05/16 07:46:49 | 000,023,946 | ---- | C] ()
 wget.exe -> C:\Windows\System32\wget.exe -> [2011/05/16 07:46:04 | 000,338,176 | ---- | C] ()
 curl.exe -> C:\Windows\System32\curl.exe -> [2011/05/16 07:46:04 | 000,293,896 | ---- | C] ()
 unrar.dll -> C:\Windows\System32\unrar.dll -> [2011/05/16 07:46:04 | 000,172,040 | ---- | C] ()
 Win.Bak.Ini -> C:\Windows\Win.Bak.Ini -> [2011/05/16 07:45:56 | 000,002,141 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/05/16 07:19:30 | 000,000,908 | ---- | C] ()
 EE64.B7F -> C:\Users\Hegemon\AppData\Roaming\EE64.B7F -> [2011/05/14 12:23:18 | 000,009,177 | ---- | C] ()
 rp_stats.dat -> C:\Windows\System32\rp_stats.dat -> [2011/05/08 10:07:30 | 000,000,064 | ---- | C] ()
 rp_rules.dat -> C:\Windows\System32\rp_rules.dat -> [2011/05/08 10:07:30 | 000,000,044 | ---- | C] ()
 lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2010/12/26 14:30:47 | 000,016,432 | ---- | C] ()
 HPHins15.dat -> C:\Windows\HPHins15.dat -> [2010/05/12 09:45:50 | 000,121,318 | ---- | C] ()
 hphmdl15.dat -> C:\Windows\hphmdl15.dat -> [2010/05/12 09:45:50 | 000,002,885 | ---- | C] ()
 hpwscr14.dat -> C:\Windows\hpwscr14.dat -> [2010/01/04 12:43:49 | 000,012,858 | ---- | C] ()
 hpwins14.dat -> C:\Windows\hpwins14.dat -> [2010/01/04 12:30:00 | 000,179,441 | ---- | C] ()
 hpwmdl14.dat -> C:\Windows\hpwmdl14.dat -> [2010/01/04 12:30:00 | 000,001,108 | ---- | C] ()
 cdplayer.ini -> C:\Windows\cdplayer.ini -> [2010/01/02 15:45:52 | 000,001,056 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/12/16 22:51:22 | 000,008,192 | ---- | C] ()
 SIntfNT.dll -> C:\Windows\System32\SIntfNT.dll -> [2009/12/08 20:05:57 | 000,021,840 | ---- | C] ()
 SIntf32.dll -> C:\Windows\System32\SIntf32.dll -> [2009/12/08 20:05:57 | 000,017,212 | ---- | C] ()
 SIntf16.dll -> C:\Windows\System32\SIntf16.dll -> [2009/12/08 20:05:57 | 000,012,067 | ---- | C] ()
 StructuredQuerySchema.bin -> C:\Windows\System32\StructuredQuerySchema.bin -> [2009/12/05 10:26:36 | 000,107,612 | ---- | C] ()
 EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/12/05 10:26:35 | 000,117,248 | ---- | C] ()
 .zreglib -> C:\ProgramData\.zreglib -> [2009/12/04 20:16:26 | 000,000,040 | -HS- | C] ()
 KGyGaAvL.sys -> C:\ProgramData\KGyGaAvL.sys -> [2009/11/17 00:16:58 | 000,000,952 | -HS- | C] ()
 D1CEAE08F7.sys -> C:\ProgramData\D1CEAE08F7.sys -> [2009/11/17 00:16:58 | 000,000,088 | RHS- | C] ()
 Incinerator.dll -> C:\Windows\System32\Incinerator.dll -> [2009/11/07 21:25:10 | 000,933,208 | ---- | C] ()
 mfc45.dll -> C:\Windows\System32\mfc45.dll -> [2009/11/07 21:24:08 | 000,074,703 | ---- | C] ()
 StructuredQuerySchemaTrivial.bin -> C:\Windows\System32\StructuredQuerySchemaTrivial.bin -> [2009/05/28 10:09:29 | 000,018,904 | ---- | C] ()
 wklnhst.dat -> C:\Users\Hegemon\AppData\Roaming\wklnhst.dat -> [2009/05/11 11:06:12 | 000,000,000 | ---- | C] ()
 hash.dat -> C:\ProgramData\hash.dat -> [2009/04/11 10:44:34 | 000,000,032 | R--- | C] ()
 F20116 -> C:\Users\Hegemon\AppData\Roaming\F20116 -> [2009/03/15 18:57:23 | 000,000,004 | ---- | C] ()
 mcs.rma -> C:\Users\Hegemon\AppData\Roaming\mcs.rma -> [2009/03/15 18:57:22 | 000,870,128 | ---- | C] ()
 yukon.ini -> C:\Windows\yukon.ini -> [2008/10/03 21:47:14 | 000,000,446 | ---- | C] ()
 iPlayer.INI -> C:\Windows\iPlayer.INI -> [2008/04/07 18:13:38 | 000,000,000 | ---- | C] ()
 atksgt.sys -> C:\Windows\System32\drivers\atksgt.sys -> [2008/04/02 21:38:05 | 000,278,984 | ---- | C] ()
 lirsgt.sys -> C:\Windows\System32\drivers\lirsgt.sys -> [2008/04/02 21:38:04 | 000,025,416 | ---- | C] ()
 D1CEAE08F7.sys -> C:\Windows\System32\D1CEAE08F7.sys -> [2008/02/28 21:33:36 | 000,000,088 | RHS- | C] ()
 KGyGaAvL.sys -> C:\Windows\System32\KGyGaAvL.sys -> [2008/02/28 21:33:35 | 000,000,952 | -HS- | C] ()
 d3dx.dat -> C:\Windows\d3dx.dat -> [2007/11/16 21:13:29 | 000,004,096 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Hegemon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2007/11/15 21:08:47 | 000,047,104 | ---- | C] ()
 AVSDVDPlayer.m3u -> C:\Users\Hegemon\AppData\Roaming\AVSDVDPlayer.m3u -> [2007/08/28 19:38:21 | 000,000,000 | ---- | C] ()
 xvidcore.dll -> C:\Windows\System32\xvidcore.dll -> [2007/08/28 19:30:47 | 000,524,288 | ---- | C] ()
 xvidvfw.dll -> C:\Windows\System32\xvidvfw.dll -> [2007/08/28 19:30:47 | 000,139,264 | ---- | C] ()
 SI.bin -> C:\Windows\System32\SI.bin -> [2007/08/25 21:41:11 | 000,000,001 | ---- | C] ()
 nsreg.dat -> C:\Windows\nsreg.dat -> [2007/08/25 18:30:26 | 000,000,335 | ---- | C] ()
 ODBCINST.INI -> C:\Windows\ODBCINST.INI -> [2007/08/13 23:28:07 | 000,000,209 | ---- | C] ()
 WLAN.INI -> C:\Windows\System32\WLAN.INI -> [2007/08/13 20:37:57 | 000,000,859 | ---- | C] ()
 hpqins13.dat -> C:\Windows\hpqins13.dat -> [2007/06/23 11:39:04 | 000,103,521 | ---- | C] ()
 hcwxds.dll -> C:\Windows\System32\hcwxds.dll -> [2007/06/23 11:30:18 | 000,066,048 | ---- | C] ()
 OsdRemove.exe -> C:\Windows\System32\OsdRemove.exe -> [2007/06/23 11:22:39 | 000,061,440 | ---- | C] ()
 pythoncom24.dll -> C:\Windows\System32\pythoncom24.dll -> [2007/06/23 11:19:53 | 000,327,680 | ---- | C] ()
 pywintypes24.dll -> C:\Windows\System32\pywintypes24.dll -> [2007/06/23 11:19:53 | 000,102,400 | ---- | C] ()
 px.ini -> C:\Windows\System32\px.ini -> [2007/03/06 01:47:24 | 000,000,000 | ---- | C] ()
 CddbPlaylist2Roxio.dll -> C:\Windows\System32\CddbPlaylist2Roxio.dll -> [2007/01/12 07:07:48 | 000,520,192 | ---- | C] ()
 CddbFileTaggerRoxio.dll -> C:\Windows\System32\CddbFileTaggerRoxio.dll -> [2007/01/12 07:07:48 | 000,204,800 | ---- | C] ()
 PSIService.exe -> C:\Windows\System32\PSIService.exe -> [2006/11/02 21:40:12 | 000,174,656 | ---- | C] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2006/11/02 05:57:28 | 000,067,584 | --S- | C] ()
 FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2006/11/02 05:47:37 | 000,377,984 | ---- | C] ()
 sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 05:35:32 | 000,005,632 | ---- | C] ()
 perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2006/11/02 03:33:01 | 000,603,516 | ---- | C] ()
 perfi009.dat -> C:\Windows\System32\perfi009.dat -> [2006/11/02 03:33:01 | 000,287,440 | ---- | C] ()
 perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2006/11/02 03:33:01 | 000,103,586 | ---- | C] ()
 perfd009.dat -> C:\Windows\System32\perfd009.dat -> [2006/11/02 03:33:01 | 000,030,674 | ---- | C] ()
 dssec.dat -> C:\Windows\System32\dssec.dat -> [2006/11/02 03:23:21 | 000,215,943 | ---- | C] ()
 mib.bin -> C:\Windows\mib.bin -> [2006/11/02 01:58:30 | 000,043,131 | ---- | C] ()
 NOISE.DAT -> C:\Windows\System32\NOISE.DAT -> [2006/11/02 01:19:00 | 000,000,741 | ---- | C] ()
 pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 00:40:29 | 000,013,750 | ---- | C] ()
 mlang.dat -> C:\Windows\System32\mlang.dat -> [2006/11/02 00:25:31 | 000,673,088 | ---- | C] ()
 secdrv.sys -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/01 23:37:21 | 000,011,376 | ---- | C] ()
 cpuinf32.dll -> C:\Windows\System32\cpuinf32.dll -> [2006/06/23 10:09:34 | 000,019,968 | R--- | C] ()
 EyeCand3.INI -> C:\Windows\EyeCand3.INI -> [2001/07/13 07:04:00 | 000,373,248 | ---- | C] ()
 iyvu9_32.dll -> C:\Windows\System32\iyvu9_32.dll -> [1997/06/13 19:56:08 | 000,056,832 | ---- | C] ()
 
[File - Lop Check]
 1morebee -> C:\Users\Hegemon\AppData\Roaming\1morebee -> [2010/03/11 23:53:59 | 000,000,000 | ---D | M]
 acccore -> C:\Users\Hegemon\AppData\Roaming\acccore -> [2011/03/22 19:27:11 | 000,000,000 | ---D | M]
 Anthropics -> C:\Users\Hegemon\AppData\Roaming\Anthropics -> [2010/06/09 21:59:02 | 000,000,000 | ---D | M]
 EleFun Games -> C:\Users\Hegemon\AppData\Roaming\EleFun Games -> [2010/02/14 23:18:53 | 000,000,000 | ---D | M]
 freshgames -> C:\Users\Hegemon\AppData\Roaming\freshgames -> [2010/06/18 09:16:33 | 000,000,000 | ---D | M]
 Gaijin Ent -> C:\Users\Hegemon\AppData\Roaming\Gaijin Ent -> [2008/10/12 20:11:06 | 000,000,000 | ---D | M]
 Gamelab -> C:\Users\Hegemon\AppData\Roaming\Gamelab -> [2010/04/29 16:26:42 | 000,000,000 | ---D | M]
 GetRightToGo -> C:\Users\Hegemon\AppData\Roaming\GetRightToGo -> [2010/06/02 09:50:42 | 000,000,000 | ---D | M]
 iolo -> C:\Users\Hegemon\AppData\Roaming\iolo -> [2009/11/07 21:24:03 | 000,000,000 | ---D | M]
 Leadertech -> C:\Users\Hegemon\AppData\Roaming\Leadertech -> [2009/08/18 21:11:50 | 000,000,000 | ---D | M]
 My Games -> C:\Users\Hegemon\AppData\Roaming\My Games -> [2010/12/28 14:19:38 | 000,000,000 | ---D | M]
 ooVoo Details -> C:\Users\Hegemon\AppData\Roaming\ooVoo Details -> [2009/04/19 00:25:18 | 000,000,000 | ---D | M]
 Opera -> C:\Users\Hegemon\AppData\Roaming\Opera -> [2008/01/06 18:54:24 | 000,000,000 | ---D | M]
 PlayFirst -> C:\Users\Hegemon\AppData\Roaming\PlayFirst -> [2011/01/13 00:25:54 | 000,000,000 | ---D | M]
 Pogo Games -> C:\Users\Hegemon\AppData\Roaming\Pogo Games -> [2010/12/12 22:37:07 | 000,000,000 | ---D | M]
 Snapfish -> C:\Users\Hegemon\AppData\Roaming\Snapfish -> [2007/12/30 18:09:27 | 000,000,000 | ---D | M]
 Template -> C:\Users\Hegemon\AppData\Roaming\Template -> [2009/05/11 11:06:13 | 000,000,000 | ---D | M]
 WinBatch -> C:\Users\Hegemon\AppData\Roaming\WinBatch -> [2010/09/07 08:19:55 | 000,000,000 | ---D | M]
 Ad-Aware Update (Weekly).job -> C:\Windows\Tasks\Ad-Aware Update (Weekly).job -> [2011/06/12 02:13:00 | 000,000,384 | ---- | M] ()
 SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2011/06/07 18:35:56 | 000,032,600 | ---- | M] ()
 
[File - Purity Scan]
 
[Custom Scans]
< MD5 Scans Start>
< %systemdrive%\SHELL32.DLL  /md5 /s >
 shell32.dll : MD5=028EF93B746FF370DFE35711A7569647 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22839_none_6c9b67c92b29b17c\shell32.dll -> [2011/01/21 08:04:53 | 011,587,584 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=048B65EC931A39A5F42016BE04775274 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18588_none_6bdab74c123589c2\shell32.dll -> [2011/01/21 08:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=0A8317FF6D77DA369C34F88693373A6C -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16386_none_69f268e21510dceb\shell32.dll -> [2006/11/02 02:46:13 | 011,314,688 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=221565A0217045A61D179B438BC4AC8A -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.22574_none_6e51988f2874f7b1\shell32.dll -> [2011/01/21 09:27:57 | 011,588,096 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=276AA16A23029F559BAB104011F97340 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.21081_none_6a76e5db2e332307\shell32.dll -> [2009/07/10 05:06:47 | 011,321,856 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=32C0C48A029F5EB94A609CE5F2D43BEB -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18063_none_6dd1c3ce0f502e03\shell32.dll -> [2009/07/10 04:47:42 | 011,584,512 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=33AE914C24F546AABF281BA7B138186D -> C:\Windows\System32\shell32.dll -> [2011/01/21 09:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=33AE914C24F546AABF281BA7B138186D -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18393_none_6db159bc0f68794b\shell32.dll -> [2011/01/21 09:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=33E9CE9110597F1A47BA18B96EAFA6FA -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18000_none_6c292ade11fbedbf\shell32.dll -> [2008/01/19 00:36:10 | 011,580,416 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=3D58E32AA9A5C7F408D97675C81C9AED -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20822_none_6ab8eba52e01644f\shell32.dll -> [2008/04/23 21:40:28 | 011,319,808 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=43466A7FF452883B68F52B963023949C -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18005_none_6e14a3ea0f1db90b\shell32.dll -> [2009/04/10 23:28:24 | 011,584,000 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=4A21B11997C1F14D8707C8C501CA59A7 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22303_none_6cb5cc532b16d3dc\shell32.dll -> [2008/11/06 05:59:27 | 011,582,976 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=4F72C8F593AAB1B83FB5D62CBFBB51F9 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20951_none_6a977d7d2e1a9bf2\shell32.dll -> [2008/11/06 05:59:14 | 011,320,832 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=5D62692EEB77E32F67A966F1BDEB551B -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18167_none_6bef4f42122643ed\shell32.dll -> [2008/11/06 06:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=61509AF47F663A6EA941492ED181D60C -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_6bea4bea122ac813\shell32.dll -> [2008/04/23 21:58:20 | 011,580,416 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=7BA541CD1EAFB4D38DBA594FCF611A62 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20628_none_6abee9952dfc020b\shell32.dll -> [2007/08/29 23:33:27 | 011,315,200 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=81A20AC0051ADA6F9FC58FA620BE4A78 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22467_none_6c78efd92b43de05\shell32.dll -> [2009/07/10 04:59:03 | 011,584,512 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=82A0A2AB2C637C11F28C1E37F76A284E -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22166_none_6c77e9dd2b44cd39\shell32.dll -> [2008/04/23 21:45:45 | 011,581,440 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=895F23DE1778E6AADE0DEEBCC2E6AC0A -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.22454_none_6e6736812864c2a8\shell32.dll -> [2010/07/26 11:04:15 | 011,587,072 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=91640C342AD09936D0E4B7EBDDB12091 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18287_none_6dc028ea0f5cc58f\shell32.dll -> [2010/07/26 08:51:48 | 011,584,512 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=93FDB7E073B00D0BB7DF7182D882539F -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16883_none_69ef7182151382a9\shell32.dll -> [2009/07/10 05:17:37 | 011,316,224 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=AF54933386F459CEC04AC91C49423B25 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16513_none_6a3b1b4414dac79d\shell32.dll -> [2007/08/29 23:33:25 | 011,315,200 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=CDE0D181CF5E5DD7E7C032A15365799C -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22735_none_6c9764bb2b2d4ef9\shell32.dll -> [2010/07/26 09:56:52 | 011,586,560 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=CF1D75E7B4A7CC6D2A21FE64C9E50A12 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16774_none_69fb3fd2150a82e8\shell32.dll -> [2008/11/06 05:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=DD2F953D9DCAAF080F724803A8121CE6 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18505_none_6c2e35ce11f75e35\shell32.dll -> [2010/07/26 09:55:26 | 011,581,440 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=E19E22CD00EA110B0CE2C13777CEF92C -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.22169_none_6e616255286865d7\shell32.dll -> [2009/07/10 04:49:50 | 011,584,512 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=EB85D49F3129EBED4993E800521715DD -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18287_none_6bd9b150123678f6\shell32.dll -> [2009/07/10 05:20:59 | 011,581,440 | ---- | M] (Microsoft Corporation)
 shell32.dll : MD5=FF37AF2D5DCAFC00BC46AF07B53699B0 -> C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16680_none_69ec6cd815163c56\shell32.dll -> [2008/04/23 21:51:39 | 011,315,712 | ---- | M] (Microsoft Corporation)
< %systemdrive%\SHELL32.DLL.MUI  /md5 /s >
 shell32.dll.mui : MD5=19814EB0E8E8A1143FF1D08E01850829 -> C:\Windows\winsxs\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.0.6000.20951_en-us_58181938f4fa5227\shell32.dll.mui -> [2008/11/06 05:58:23 | 000,557,056 | ---- | M] (Microsoft Corporation)
 shell32.dll.mui : MD5=1BD74525DEF8D3BF748EDF8B8B2221A8 -> C:\Windows\winsxs\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.0.6000.21097_en-us_57f2b366f5158d37\shell32.dll.mui -> [2009/07/30 16:09:23 | 000,557,056 | ---- | M] (Microsoft Corporation)
 shell32.dll.mui : MD5=3BAF89E33CF839720399AFDB7316C863 -> C:\Windows\winsxs\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.0.6000.16386_en-us_5773049ddbf09320\shell32.dll.mui -> [2006/11/02 05:41:26 | 000,557,056 | ---- | M] (Microsoft Corporation)
 shell32.dll.mui : MD5=CDA08164EACCDA67384FBA1CBEB08BE3 -> C:\Windows\winsxs\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.0.6000.20822_en-us_58398760f4e11a84\shell32.dll.mui -> [2008/04/23 21:41:02 | 000,557,056 | ---- | M] (Microsoft Corporation)
 shell32.dll.mui : Unable to obtain MD5  -> C:\Windows\System32\en-US\shell32.dll.mui -> [2008/01/19 00:28:56 | 000,561,152 | ---- | M] (Microsoft Corporation)
 shell32.dll.mui : Unable to obtain MD5  -> C:\Windows\winsxs\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.0.6001.18000_en-us_59a9c699d8dba3f4\shell32.dll.mui -> [2008/01/19 00:28:56 | 000,561,152 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
 
[Alternate Data Streams]
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F798BF2E
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:42D29305
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C4671424
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9C6A9B00
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:6371CFDB
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:BF5EAC0C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:837546C7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8F16601E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DF0F61BB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2BAAE818
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D6C31E03
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:26FE5B17
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5AEA68EE
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:AD7C3EFB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFB5119F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFD2D4A7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E23D0CEC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E4FBF8BD
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B12FF3F2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9EE2AB9
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:30759574
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:C210B4D5
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:68FB0053
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:12CF331A
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:8F84BF39
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:FB2DC8A5
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:3D857D30
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:25EFDD27
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:CBCF563D
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:261B2A7E
< End of report >

  • 0

#34
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Darn that is in the right place and legit

As for windows 7 - current prices here are about £58 or in the US about $90

I would recommend that over and above Vista, I have been running it on my 10 year old computer now since it was released with nary a problem

I must admit I am currently out of ideas - I will ask some colleagues to see if they have any idea
  • 0

#35
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP