Sign in to follow this  
ohgodhelp

Virtumonde Trojan :(

Recommended Posts

Something got in and has been causing all sorts of "you have a virus, buy our fake product" popups. Followed the steps, but the system restore point utility isn't working. I'm not too concerned, as if I do have to start over it'll give me a chance to set things up differently, but I would like to avoid the many hours of work it'd require to get everything fixed after reformatting. But if mistakes happen, I'll survive.

edit: gmer didn't seem to find anything, but maybe I'm doing it wrong.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:59 AM, on 2/19/2010
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\gmer.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\SysWow64\smss32.exe
O4 - HKLM\..\Run: [sadifosit] Rundll32.exe "c:\windows\system32\vupewoka.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Efonoqipofevi] rundll32.exe "C:\WINDOWS\MODENMVD.dll",Startup
O4 - HKCU\..\Run: [eventcreatexp.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eventcreatexp.exe
O4 - HKCU\..\Run: [Paladin Antivirus] "C:\Program Files (x86)\Paladin Antivirus\pav.exe" -noscan
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: Shortcut to pidgin.lnk = C:\Program Files (x86)\Pidgin\pidgin.exe
O4 - Startup: Teamspeak 2 RC2.lnk = C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.buy-security-essentials.com
O15 - Trusted Zone: http://*.download-soft-package.com
O15 - Trusted Zone: http://*.download-software-package.com
O15 - Trusted Zone: http://*.get-key-se10.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.buy-security-essentials.com (HKLM)
O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)
O15 - ESC Trusted Zone: [url="http://runonce.msn.com"]http://runonce.msn.com[/url]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{944C44C7-2DF1-496F-9075-FB92F9A12CAF}: NameServer = 83.149.115.157,4.2.2.1,192.168.10.1
O20 - AppInit_DLLs: hopefabe.dll c:\windows\system32\vupewoka.dll
O21 - SSODL: gikuvihid - {705c8702-2953-4700-85e2-372ac8232866} - c:\windows\SysWow64\vupewoka.dll
O21 - SSODL: dofobobas - {b6804095-fe8c-42ad-a5f9-974df2bf6ddf} - c:\windows\SysWow64\vupewoka.dll
O22 - SharedTaskScheduler: gahurihor - {705c8702-2953-4700-85e2-372ac8232866} - c:\windows\SysWow64\vupewoka.dll
O22 - SharedTaskScheduler: jugezatag - {b6804095-fe8c-42ad-a5f9-974df2bf6ddf} - c:\windows\SysWow64\vupewoka.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - D:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 7907 bytes Edited by ohgodhelp

Share this post


Link to post
Share on other sites
Hey [b]ohgodhelp[/b],

Welcome to [color="#0000FF"][b]Lavasoft Support Forum[/b][/color]! I'm [b]Ltangelic[/b] and I'll be helping you fix your computer problem. Sorry for the long wait, we have very limited number of staff here, and it can take a while before someone replies to your thread. Thanks for your patience in waiting. :)

Unfortunately, HijackThis is no longer enough to tackle the current infections. We need to run some more tools to scan deeper.

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to [url="http://www.mediafire.com/"][color="#FF0000"]Mediafire[/color][/url] and post the sharing link.

Download [url="http://oldtimer.geekstogo.com/OTS.exe"][b][color="red"]OTS[/color][/b][/url] to your Desktop[list]
[*]Close [b]ALL OTHER PROGRAMS[/b].
[*]Double-click on [b]OTS.exe[/b] to start the program.
[*]Check the box that says [b]Scan All Users[/b]
[*]Under Additional Scans check the following:[list]
[*]Reg - Shell Spawning

[*]File - Lop Check

[*]File - Purity Scan

[*]Evnt - EvtViewer (last 10)
[/list]
[*]Under custom scans copy and paste the following[list][b]netsvcs
%SYSTEMDRIVE%\*.exe
%ProgramFiles%\Movie Maker\*.dll
%ALLUSERSAPPDATA%\*.dll
%SYSTEMROOT%\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dll
%DriveLetter%\RECYCLER\*S-%d-%d-%d-%d%d%d-%d%d%d-%d%d%d-%d*.
%systemroot%\system32\*.dll /lockedfiles
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
c:\$recycle.bin\*.* /s
CREATERESTOREPOINT[/b]
[/list]
[*]Now click the [b]Run Scan[/b] button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete [b]Notepad[/b] will open with the report file loaded in it.
[*]Click the [b]Format[/b] menu and make sure that [b]Wordwrap[/b] is not checked. If it is then click on it to uncheck it.
[/list]Please [b]attach[/b] the log in your next post.

To attach a file, do the following:[list]
[*]Click [b]Add Reply[/b]
[*]Under the reply panel is the Attachments Panel
[*]Browse for the attachment file you want to upload, then click the green [b]Upload[/b] button
[*]Once it has uploaded, click the [b]Manage Current Attachments[/b] drop down box
[*]Click on [img]http://www.geekstogo.com/forum/style_images/11168623649/folder_attach_images/attach_add.png[/img] to insert the attachment into your post
[/list]

Share this post


Link to post
Share on other sites
Here's my scan. I though I had shut down Avira before running the scan, but the virus guard gave me a couple warnings during the scan. I hope this doesn't compromise the information, as I fear that Avira is the only thing preventing the infection from getting worse. If you need me to redo this I can, but it's late here now and I don't have the stamina to take care of this before bed.

Thanks for your help.

Share this post


Link to post
Share on other sites
Hey [b]ohgodhelp[/b],

Sincere apologies for the late reply, I'll get back to you with a fix by tomorrow. Thank you very much for your patience. :)

Share this post


Link to post
Share on other sites
Hey [b]ohgodhelp[/b],

From your log, you seem to have multiple anti-virus running on your computer. This is not recommended as multiple protection of the [b]same kind[/b] can cause conflicts and reduce the efficiency of the softwares. I would recommend that you [b]disable Avira[/b] and keep Comodo Internet Security updated and active.

There's indeed lots of virtumonde trojan on your computer, let's run some tools to remove them. :)

[color="#0000FF"][b]Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.[/b][/color]

Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) ([b]Comodo Internet Security[/b]) as it/they may hinder the tools from running. Instructions is in the link below:

[url="http://www.bleepingcomputer.com/forums/topic114351.html"]http://www.bleepingcomputer.com/forums/topic114351.html[/url]

[color="#8B0000"][b][size=5]1)[/size] Fix with OTM[/b][/color]

Please [b]download[/b] the [url="http://oldtimer.geekstogo.com/OTM.exe"][b][color="red"]OTM by OldTimer[/color][/b][/url].[list]
[*] [b]Save[/b] it to your [b]desktop[/b].
[*] Please double-click [b]OTM.exe[/b] to run it. (Vista users, please right click on [b]OTM.exe[/b] and select "Run as an [b]Administrator[/b]")
[*][b]Copy everything in the codebox below to the clipboard[/b] by highlighting [b]ALL[/b] of them and [b]pressing CTRL + C[/b] (or, after highlighting, right-click and choose [b]Copy[/b]):

[code]:Files
C:\WINDOWS\SysWOW64\hodajupi.dll
C:\WINDOWS\SysWow64\rabageha.DLL
C:\WINDOWS\SysWOW64\smss32.exe
C:\WINDOWS\MODENMVD.DLL
C:\WINDOWS\SysWOW64\winlogon32.exe
c:\WINDOWS\SysWOW64\vupewoka.dll
C:\WINDOWS\SysWow64\pipiwuhi.dll
C:\WINDOWS\SysWow64\titugivo.dll
C:\WINDOWS\SysWow64\gizokoro.dll
C:\WINDOWS\SysWow64\vonamaji.dll
C:\WINDOWS\SysWow64\serevudo.dll
C:\WINDOWS\SysWow64\nowuvaku.dll
C:\WINDOWS\SysWow64\hodajupi.dll
C:\WINDOWS\SysWow64\fonemike.dll
C:\WINDOWS\SysWow64\remowoka.dll
C:\WINDOWS\SysWow64\worayewu.dll
C:\WINDOWS\SysWow64\sosagatu.dll
C:\WINDOWS\SysWow64\rogibida.dll
C:\WINDOWS\SysWow64\loyegeho.dll
C:\WINDOWS\SysWow64\lehelojo.dll
C:\WINDOWS\SysWow64\piruraju
C:\WINDOWS\tasks\ocsgxisi.job
C:\WINDOWS\SysWow64\helpers32.dll
C:\WINDOWS\SysWow64\winlogon32.exe

:Reg
[HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{b602ff52-1748-497f-b4cd-11047a9f35a1}"=-
"{705c8702-2953-4700-85e2-372ac8232866}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{705c8702-2953-4700-85e2-372ac8232866}"=-
"{b602ff52-1748-497f-b4cd-11047a9f35a1}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-

:Commands
[purity]
[emptytemp]
[reboot][/code]

[*] Return to OTM, right click in the [b]"Paste Instructions for Items to be Moved"[/b] window (under the light [color="#FFFF00"][b]Yellow[/b][/color] bar) and choose [b]Paste[/b].
[*]Click the red [b][color="#FF0000"]Moveit![/color][/b] button.
[*]Copy everything in the "Results" window (under the [color="#00FF00"][b]Green[/b][/color] bar) to the clipboard by highlighting [b]ALL[/b] of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close [b]OTM[/b] and reboot your computer.
[/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose [b]Yes.[/b] In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

[color="#8B0000"][b][size=5]2)[/size] Remove rogue anti-virus[/b][/color]

From your log you seem to have [b]Paladin Anti-virus[/b] installed. I would highly recommend you to remove it as it is a rogue anti-spyware that either gives exaggerated reports, or gives false positives altogether. Please have a look at the following:

[url="http://www.bleepingcomputer.com/virus-removal/remove-paladin-antivirus"]http://www.bleepingcomputer.com/virus-remo...ladin-antivirus[/url]

[color="#8B0000"][b][size=5]3)[/size] Scan with Malwarebytes[/b][/color]

Please download Malwarebytes' Anti-Malware from [url="http://www.besttechie.net/tools/mbam-setup.exe"][color="#2E8B57"][b]Here[/b][/color][/url] or [url="http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html"][color="#2E8B57"][b]Here[/b][/color][/url]

Double Click mbam-setup.exe to install the application.[list]
[*]Make sure a checkmark is placed next to [b]Update Malwarebytes' Anti-Malware[/b] and [b]Launch Malwarebytes' Anti-Malware[/b], then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select "[b]Perform Quick Scan[/b]", then click [b]Scan[/b].
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that [b]everything is checked[/b], and click [b]Remove Selected[/b].
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
[/list]Extra Note:
[color="#2E8B57"][b]If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.[/b][/color]

[b]Next reply (please include in your post):[/b]

OTM.txt
MBAM scan log

Share this post


Link to post
Share on other sites
Comodo Internet Security crashed midupdate once, and hasn't worked for me since, it crashes if I try and do anything with it, and doesn't seem to stop anything as a firewall, which is what I originally installed it for, at the time I first got it I don't believe it offered virus protection. Regardless, it does nothing now, and I can't uninstall it, as it crashes during that, too... Anyway, I'll get these scans done now and see if I can't get it right this time. Things have gotten worse for my computer since I last posted, though, new warning are showing up and its difficult to get my computer to do what I tell it.
[code]All processes killed
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\SysWOW64\hodajupi.dll
C:\WINDOWS\SysWOW64\hodajupi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\rabageha.dll
C:\WINDOWS\SysWow64\rabageha.dll moved successfully.
C:\WINDOWS\SysWOW64\smss32.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\MODENMVD.dll
C:\WINDOWS\MODENMVD.dll moved successfully.
C:\WINDOWS\SysWOW64\winlogon32.exe moved successfully.
DllUnregisterServer procedure not found in c:\WINDOWS\SysWOW64\vupewoka.dll
c:\WINDOWS\SysWOW64\vupewoka.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\pipiwuhi.dll
C:\WINDOWS\SysWow64\pipiwuhi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\titugivo.dll
C:\WINDOWS\SysWow64\titugivo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\gizokoro.dll
C:\WINDOWS\SysWow64\gizokoro.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\vonamaji.dll
C:\WINDOWS\SysWow64\vonamaji.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\serevudo.dll
C:\WINDOWS\SysWow64\serevudo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\nowuvaku.dll
C:\WINDOWS\SysWow64\nowuvaku.dll moved successfully.
File/Folder C:\WINDOWS\SysWow64\hodajupi.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\fonemike.dll
C:\WINDOWS\SysWow64\fonemike.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\remowoka.dll
C:\WINDOWS\SysWow64\remowoka.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\worayewu.dll
C:\WINDOWS\SysWow64\worayewu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\sosagatu.dll
C:\WINDOWS\SysWow64\sosagatu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\rogibida.dll
C:\WINDOWS\SysWow64\rogibida.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\loyegeho.dll
C:\WINDOWS\SysWow64\loyegeho.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SysWow64\lehelojo.dll
C:\WINDOWS\SysWow64\lehelojo.dll moved successfully.
C:\WINDOWS\SysWow64\piruraju moved successfully.
C:\WINDOWS\tasks\ocsgxisi.job moved successfully.
File/Folder C:\WINDOWS\SysWow64\helpers32.dll not found.
File/Folder C:\WINDOWS\SysWow64\winlogon32.exe not found.
========== REGISTRY ==========
Unable to set value :

HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies

\System\\"DisableTaskMgr"|dword:00000000 /E!
Registry value

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{b602ff52-1748-49

7f-b4cd-11047a9f35a1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b602ff52-1748-497f-b4cd-11047a9f35a1}\ not found.
Registry value

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{705c8702-2953-47

00-85e2-372ac8232866} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{705c8702-2953-4700-85e2-372ac8232866}\ deleted

successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{705c8702-2953-4700-85e2-372ac8232866}"= not found.
Registry value

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d

0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ deleted

successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 30446312148 bytes
->Temporary Internet Files folder emptied: 101822593 bytes
->Java cache emptied: 78943823 bytes
->FireFox cache emptied: 74773897 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57095 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1114333 bytes
%systemroot%\System32 .tmp files removed: 4198569 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31278634 bytes
RecycleBin emptied: 448105107 bytes

Total Files Cleaned = 29,742.00 mb


OTM by OldTimer - Version 3.1.9.0 log created on 02262010_103543

Files moved on Reboot...

Registry entries deleted on Reboot...[/code]

On to the next steps!

Share this post


Link to post
Share on other sites
This is my malware bytes scan. Note that it is the 4th scan, as I had to do a full scan for removal of Paladin, a quick scan with avira guard enabled (after the reboots), and a quick scan after. Then I couldn't find the log, since it asked me to reboot again. So I ran another quick scan, which appears to be clean.
[code]Malwarebytes' Anti-Malware 1.44
Database version: 3796
Windows 5.2.3790 Service Pack 1
Internet Explorer 7.0.5730.13

2/26/2010 1:01:40 PM
mbam-log-2010-02-26 (13-01-40).txt

Scan type: Quick Scan
Objects scanned: 107604
Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)[/code]
What's next? I'm sure it's too soon for a clean bill of health.

Share this post


Link to post
Share on other sites
Hey [b]ohgodhelp[/b],

Can you re-run OTS and give me a new log (Please don't attach it but post it here instead)?

Share this post


Link to post
Share on other sites
I wasn't sure, so I ran it with the same settings as you provided in the second post. Avira has still been finding a few bad files, but performance-wise things have been much better. Thanks a lot for this help.

CODE
OTS logfile created on: 2/28/2010 12:01:24 PM - Run 2
OTS by OldTimer - Version 3.1.22.0     Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
64bit-Windows Server 2003  Service Pack 1 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.31 Gb Total Space | 72.53 Gb Free Space | 37.14% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 69.68 Gb Free Space | 23.78% Space Free | Partition Type: NTFS
Drive E: | 55.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 443.22 Gb Total Space | 122.92 Gb Free Space | 27.73% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THE-BL7D5N9D5A8
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Administrator\My Documents\Downloads\OTS.exe -> [2010/02/21 00:06:15 | 000,632,320 | ---- | M] (OldTimer Tools)
jucheck.exe -> C:\Program Files (x86)\Java\jre6\bin\jucheck.exe -> [2009/07/25 04:23:22 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe -> [2009/07/25 04:23:12 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.)
jqs.exe -> C:\Program Files (x86)\Java\jre6\bin\jqs.exe -> [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
avguard.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
sched.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
avgnt.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
rthdcpl.exe -> C:\WINDOWS\RTHDCPL.exe -> [2007/12/12 01:55:02 | 016,859,136 | R--- | M] (Realtek Semiconductor Corp.)
pdvdserv.exe -> C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe -> [2006/12/06 18:37:40 | 000,069,216 | ---- | M] (Cyberlink Corp.)
richvideo.exe -> C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -> [2005/08/08 13:54:00 | 000,167,936 | ---- | M] ()

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Administrator\My Documents\Downloads\OTS.exe -> [2010/02/21 00:06:15 | 000,632,320 | ---- | M] (OldTimer Tools)
guard32.dll -> C:\WINDOWS\SysWOW64\guard32.dll -> [2009/03/08 18:55:49 | 000,155,384 | ---- | M] ()
wininet.dll -> C:\WINDOWS\SysWOW64\wininet.dll -> [2009/03/03 13:43:34 | 000,826,368 | ---- | M] (Microsoft Corporation)
dnsapi.dll -> C:\WINDOWS\SysWOW64\dnsapi.dll -> [2008/06/21 02:29:30 | 000,158,208 | ---- | M] (Microsoft Corporation)
ibatibuxerugug.dll -> C:\WINDOWS\ibatibuxerugug.dll -> [2007/03/02 00:56:30 | 000,162,816 | ---- | M] ()
normaliz.dll -> C:\WINDOWS\SysWOW64\normaliz.dll -> [2006/06/29 08:05:44 | 000,023,552 | ---- | M] (Microsoft Corporation)
comres.dll -> C:\WINDOWS\SysWOW64\comres.dll -> [2005/03/25 07:00:00 | 000,796,672 | ---- | M] (Microsoft Corporation)
comdlg32.dll -> C:\WINDOWS\SysWOW64\comdlg32.dll -> [2005/03/25 07:00:00 | 000,281,088 | ---- | M] (Microsoft Corporation)
framedyn.dll -> C:\WINDOWS\SysWOW64\wbem\framedyn.dll -> [2005/03/25 07:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation)
msctfime.ime -> C:\WINDOWS\SysWOW64\MSCTFIME.IME -> [2005/03/25 07:00:00 | 000,177,152 | ---- | M] (Microsoft Corporation)
ws2help.dll -> C:\WINDOWS\SysWOW64\ws2help.dll -> [2005/03/25 07:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation)
fltlib.dll -> C:\WINDOWS\SysWOW64\fltlib.dll -> [2005/03/25 07:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.1830_x-ww_0213CDC8\comctl32.dll -> [2005/03/24 13:29:42 | 001,051,648 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
64bit-(cmdAgent)  [Auto | Running] -> C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -> [2009/03/08 18:55:05 | 001,043,192 | ---- | M] ()
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Stopped] -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2010/02/18 23:16:34 | 001,229,232 | ---- | M] (Lavasoft)
(DAUpdaterSvc) Dragon Age: Origins - Content Updater [On_Demand | Stopped] -> D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -> [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare)
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files (x86)\Java\jre6\bin\jqs.exe -> [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
(clr_optimization_v2.0.50727_64) .NET Runtime Optimization Service v2.0.50727_x64 [On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/25 10:13:48 | 000,093,184 | ---- | M] (Microsoft Corporation)
(aspnet_state) ASP.NET State Service [On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -> [2008/07/25 10:13:44 | 000,046,088 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -> [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation)
(RichVideo) Cyberlink RichVideo Service(CRVS) [Auto | Running] -> C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -> [2005/08/08 13:54:00 | 000,167,936 | ---- | M] ()
(IASJet) IAS Jet Database Access [On_Demand | Stopped] -> C:\WINDOWS\SysWOW64\iasrecst.dll -> [2005/03/25 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Auto | Running] -> C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -> [2005/03/25 07:00:00 | 000,077,824 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(avgio) avgio [Kernel | System | Running] -> C:\Program Files (x86)\Avira\AntiVir Desktop\avgio64.sys -> [2009/02/13 11:37:29 | 000,013,656 | ---- | M] (Avira GmbH)
({95808DC4-FA4A-4c74-92FE-5B863F82066B}) {95808DC4-FA4A-4c74-92FE-5B863F82066B} [Kernel | Auto | Running] -> C:\Program Files (x86)\CyberLink\PowerDVD0.fcl -> [2006/11/02 17:49:24 | 000,013,560 | ---- | M] (Cyberlink Corp.)
(mnmdd) mnmdd [Kernel | System | Running] -> C:\WINDOWS\SysWOW64\mnmdd.dll -> [2005/03/25 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation)

[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> ->
HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\hdp4e0ul.default\prefs.js ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 ->
extensions.enabledItems -> {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4 ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> [email protected]:1.5.1 ->
extensions.enabledItems -> {11B4695B-1FC3-4A19-B63B-2789EDDA7A35}:1.9.1 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\hdp4e0ul.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  ->
HKLM\software\mozilla\Firefox\Extensions\\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35} -> C:\Documents and Settings\Administrator\Local Settings\Application Data\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35} [C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35}] -> [2010/02/25 19:40:28 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions ->  ->
HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/02/19 09:31:43 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/02/19 09:31:43 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
  -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions -> [2009/01/28 20:22:28 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions -> [2010/02/27 13:15:02 | 000,000,000 | ---D | M]
Adblock Plus   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/01/09 22:10:23 | 000,000,000 | ---D | M]
Greasemonkey   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} -> [2009/12/13 19:24:14 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions\[email protected] -> [2010/01/21 00:55:20 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
  -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/02/27 13:15:02 | 000,000,000 | ---D | M]
Hosts file not found -> ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/12/21 18:27:44 | 000,075,200 | ---- | M] (Adobe Systems Incorporated)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/07/25 04:23:03 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/07/25 04:22:43 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Alcmtr" -> C:\WINDOWS\Alcmtr.exe [ALCMTR.EXE] -> [2005/05/03 05:43:28 | 000,069,632 | R--- | M] (Realtek Semiconductor Corp.)
"AlcWzrd" -> C:\WINDOWS\alcwzrd.exe [ALCWZRD.EXE] -> [2006/05/04 03:26:36 | 002,808,832 | R--- | M] (RealTek Semicoductor Corp.)
"COMODO Internet Security" -> C:\Program Files\Comodo\COMODO Internet Security\cfp.exe ["C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h] -> [2009/03/08 18:55:15 | 009,247,480 | ---- | M] ()
"NvCplDaemon" -> C:\WINDOWS\SysNative\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> File not found
"NvMediaCenter" -> C:\WINDOWS\SysNative\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> File not found
"nwiz" ->  [nwiz.exe /install] -> File not found
"RTHDCPL" -> C:\WINDOWS\RTHDCPL.exe [RTHDCPL.EXE] -> [2007/12/12 01:55:02 | 016,859,136 | R--- | M] (Realtek Semiconductor Corp.)
"SkyTel" -> C:\WINDOWS\SkyTel.exe [SkyTel.EXE] -> [2007/11/20 05:15:58 | 001,826,816 | R--- | M] (Realtek Semiconductor Corp.)
"SoundMan" -> C:\WINDOWS\SoundMan.exe [SOUNDMAN.EXE] -> [2006/07/21 03:14:36 | 000,086,016 | R--- | M] (Realtek Semiconductor Corp.)
"Start WingMan Profiler" -> C:\Program Files\Logitech\Gaming Software\LWEMon.exe [C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui] -> [2008/04/04 13:30:28 | 000,120,328 | ---- | M] (Logitech Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe ARM" -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] -> [2009/12/11 15:57:56 | 000,948,672 | R--- | M] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/12/22 01:57:28 | 000,035,760 | ---- | M] (Adobe Systems Incorporated)
"avgnt" -> C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
"LanguageShortcut" -> C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ["C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"] -> [2006/12/05 22:55:32 | 000,054,832 | ---- | M] ()
"QuickTime Task" -> C:\Program Files (x86)\QuickTime\qttask.exe ["C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime] -> [2009/05/26 16:18:30 | 000,413,696 | ---- | M] (Apple Inc.)
"RemoteControl" -> C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"] -> [2006/12/06 18:37:40 | 000,069,216 | ---- | M] (Cyberlink Corp.)
"SunJavaUpdateSched" -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe ["C:\Program Files (x86)\Java\jre6\bin\jusched.exe"] -> [2009/07/25 04:23:12 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.)
"Upabifexeme" -> C:\WINDOWS\ibatibuxerugug.DLL [rundll32.exe "C:\WINDOWS\ibatibuxerugug.dll",Startup] -> [2007/03/02 00:56:30 | 000,162,816 | ---- | M] ()
"WinampAgent" -> C:\Program Files (x86)\Winamp\winampa.exe ["C:\Program Files (x86)\Winamp\winampa.exe"] -> [2008/08/03 18:02:20 | 000,036,352 | ---- | M] ()
< RunOnce [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"tscuninstall" -> C:\WINDOWS\SysWow64\tscupgrd.exe [%systemroot%\system32\tscupgrd.exe] -> File not found
< RunOnce [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"tscuninstall" -> C:\WINDOWS\SysWow64\tscupgrd.exe [%systemroot%\system32\tscupgrd.exe] -> File not found
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"tscuninstall" -> C:\WINDOWS\SysWow64\tscupgrd.exe [%systemroot%\system32\tscupgrd.exe] -> File not found
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"tscuninstall" -> C:\WINDOWS\SysWow64\tscupgrd.exe [%systemroot%\system32\tscupgrd.exe] -> File not found
< Run [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DAEMON Tools Lite" -> C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe ["C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun] -> [2009/04/23 08:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd)
"Efonoqipofevi" -> C:\WINDOWS\MODENMVD.DLL [rundll32.exe "C:\WINDOWS\MODENMVD.dll",Startup] -> File not found
"Paladin Antivirus" -> C:\Program Files (x86)\Paladin Antivirus\pav.exe ["C:\Program Files (x86)\Paladin Antivirus\pav.exe" -noscan] -> File not found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe -> [2010/02/26 00:10:20 | 021,979,992 | ---- | M] ()
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to pidgin.lnk -> C:\Program Files (x86)\Pidgin\pidgin.exe -> [2007/12/07 13:53:28 | 000,044,658 | ---- | M] (The Pidgin developer community)
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Teamspeak 2 RC2.lnk -> C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe -> [2003/08/29 16:13:04 | 001,436,160 | ---- | M] (Dominating Bytes Design)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main
\Main\\"DisableFirstRunCustomize" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" ->  [1] -> File not found
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"EnableLUA" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\Software\Microsoft\Internet Explorer\Extensions\ ->
64bit-CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] ->
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.10.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{944C44C7-2DF1-496F-9075-FB92F9A12CAF}\\DhcpNameServer -> 192.168.10.1   (Realtek RTL8169/8110 Family Gigabit Ethernet NIC) ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
c:\windows\syswow64\pipiwuhi.dll -> c:\windows\syswow64\pipiwuhi.dll -> File not found
c:\windows\syswow64\vupewoka.dll -> c:\windows\syswow64\vupewoka.dll -> File not found
hodajupi.dll ->  -> File not found
c:\windows\syswow64\titugivo.dll -> c:\windows\syswow64\titugivo.dll -> File not found
c:\windows\syswow64\rabageha.dll -> c:\windows\syswow64\rabageha.dll -> File not found
c:\windows\syswow64\gizokoro.dll -> c:\windows\syswow64\gizokoro.dll -> File not found
*MultiFile Done* -> ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
64bit-*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
%SystemRoot%\system32\logonui.exe -> C:\WINDOWS\SysNative\logonui.exe -> File not found
*MultiFile Done* -> ->
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL "sysdm.cpl" ->  -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\SysWow64\explorer.exe -> [2005/03/25 07:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*System* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System ->
lsass.exe ->  -> File not found
*MultiFile Done* -> ->
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
crypt32chain ->  -> File not found
cryptnet ->  -> File not found
cscdll ->  -> File not found
dimsntfy ->  -> File not found
ScCertProp ->  -> File not found
Schedule ->  -> File not found
sclgntfy ->  -> File not found
SensLogn ->  -> File not found
termsrv ->  -> File not found
wlballoon ->  -> File not found
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
ScCertProp ->  -> File not found
Schedule ->  -> File not found
SensLogn ->  -> File not found
wlballoon ->  -> File not found
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKLM] -> C:\WINDOWS\SysNative\stobject.dll [SysTray] -> File not found
"{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKLM] -> C:\WINDOWS\SysNative\WPDShServiceObj.dll [WPDShServiceObj] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{267567d2-fbba-4019-94da-8470f88fb05d}" [HKLM] -> c:\windows\SysWow64\mopidupo.dll [dedosasab] -> File not found
"{705c8702-2953-4700-85e2-372ac8232866}" [HKLM] -> Reg Error: Key error. [gikuvihid] -> File not found
"{f4db9296-7c54-4444-bfea-4dc2d0073a57}" [HKLM] -> c:\windows\SysWow64\makezimu.dll [yiniketub] -> File not found
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
"{267567d2-fbba-4019-94da-8470f88fb05d}" [HKLM] -> c:\windows\SysWow64\mopidupo.dll [mujuzedij] -> File not found
"{705c8702-2953-4700-85e2-372ac8232866}" [HKLM] -> Reg Error: Key error. [gahurihor] -> File not found
"{f4db9296-7c54-4444-bfea-4dc2d0073a57}" [HKLM] -> c:\windows\SysWow64\makezimu.dll [gahurihor] -> File not found
< 64bit-ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] ->  [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
64bit-*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msapsspc.dll ->  -> File not found
schannel.dll ->  -> File not found
digest.dll ->  -> File not found
msnsspc.dll ->  -> File not found
*MultiFile Done* -> ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\SysWow64\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found
"C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox] -> [2010/02/26 00:10:20 | 021,979,992 | ---- | M] ()
"C:\Documents and Settings\Administrator\Desktop\OTM.exe" -> C:\Documents and Settings\Administrator\Desktop\OTM.exe [C:\Documents and Settings\Administrator\Desktop\OTM.exe:*:Enabled:OTM] -> [2010/02/26 10:33:49 | 000,504,832 | ---- | M] (OldTimer Tools)
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" -> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe:*:Enabled:avguard] -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
"C:\Program Files (x86)\CCP\EVE\bin\ExeFile.exe" -> C:\Program Files (x86)\CCP\EVE\bin\ExeFile.exe [C:\Program Files (x86)\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile] -> [2009/12/11 18:37:23 | 000,516,936 | ---- | M] (CCP hf.)
"C:\Program Files (x86)\DNA\btdna.exe" -> C:\Program Files (x86)\DNA\btdna.exe [C:\Program Files (x86)\DNA\btdna.exe:*:Enabled:DNA] -> [2009/03/10 10:25:20 | 000,318,272 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe" -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe [C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe:*:Enabled:AAWTray] -> [2010/02/18 23:16:36 | 000,815,184 | ---- | M] (Lavasoft)
"C:\Program Files (x86)\Pidgin\pidgin.exe" -> C:\Program Files (x86)\Pidgin\pidgin.exe [C:\Program Files (x86)\Pidgin\pidgin.exe:*:Enabled:Pidgin] -> [2007/12/07 13:53:28 | 000,044,658 | ---- | M] (The Pidgin developer community)
"C:\Program Files (x86)\RndLabs\BaboViolent 2\bv2.exe" -> C:\Program Files (x86)\RndLabs\BaboViolent 2\bv2.exe [C:\Program Files (x86)\RndLabs\BaboViolent 2\bv2.exe:*:Enabled:bv2] -> [2008/04/20 23:13:44 | 000,778,240 | ---- | M] ()
"C:\Program Files (x86)\SEGA\Medieval II Total War\medieval2.exe" -> C:\Program Files (x86)\SEGA\Medieval II Total War\medieval2.exe [C:\Program Files (x86)\SEGA\Medieval II Total War\medieval2.exe:*:Enabled:Medieval 2: Total War] -> [2009/01/29 15:20:30 | 019,779,584 | ---- | M] (The Creative Assembly Ltd)
"C:\Program Files (x86)\uTorrent\uTorrent.exe" -> C:\Program Files (x86)\uTorrent\uTorrent.exe [C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2010/02/12 22:28:03 | 000,319,280 | ---- | M] (BitTorrent, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\SysWow64\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2005/03/25 07:00:00 | 000,083,968 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\SysWOW64\javaw.exe" -> C:\WINDOWS\SysWOW64\javaw.exe [C:\WINDOWS\SysWOW64\javaw.exe:*:Enabled:javaw] -> [2009/07/25 04:23:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
"D:\EVE\bin\ExeFile.exe" -> D:\EVE\bin\ExeFile.exe [D:\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile] -> [2008/12/05 11:39:22 | 000,513,280 | ---- | M] (CCP hf.)
"D:\Games\Anno 1404\tools\Anno4Web.exe" -> D:\Games\Anno 1404\tools\Anno4Web.exe [D:\Games\Anno 1404\tools\Anno4Web.exe:*:Enabled:Anno4Web] -> [2009/05/23 15:48:00 | 001,320,232 | ---- | M] ()
"D:\Games\Dark Oberon\dark-oberon.exe" -> D:\Games\Dark Oberon\dark-oberon.exe [D:\Games\Dark Oberon\dark-oberon.exe:*:Enabled:dark-oberon] -> [2006/11/01 14:10:40 | 000,532,480 | ---- | M] ()
"D:\Games\Dead Space\Dead Space.exe" -> D:\Games\Dead Space\Dead Space.exe [D:\Games\Dead Space\Dead Space.exe:*:Disabled:Dead Space â„¢] -> [2008/11/01 09:17:11 | 013,733,888 | ---- | M] ()
"D:\Games\Dragon Age\bin_ship\daorigins.exe" -> D:\Games\Dragon Age\bin_ship\daorigins.exe [D:\Games\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game] -> [2009/11/02 02:57:00 | 009,909,480 | ---- | M] (BioWare)
"D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe" -> D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater] -> [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare)
"D:\Games\Dragon Age\DAOriginsLauncher.exe" -> D:\Games\Dragon Age\DAOriginsLauncher.exe [D:\Games\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher] -> [2009/08/10 10:59:08 | 001,246,440 | ---- | M] (BioWare)
"D:\Games\Glest_3.2.2\glest.exe" -> D:\Games\Glest_3.2.2\glest.exe [D:\Games\Glest_3.2.2\glest.exe:*:Enabled:glest] -> [2009/04/02 19:03:30 | 001,230,336 | ---- | M] ()
"D:\Games\Kane and Lynch Dead Men\kaneandlynch.exe" -> D:\Games\Kane and Lynch Dead Men\kaneandlynch.exe [D:\Games\Kane and Lynch Dead Men\kaneandlynch.exe:*:Enabled:Kane & Lynch: Dead Men] -> [2007/11/10 20:11:24 | 007,542,024 | ---- | M] (Io Interactive A/S)
"D:\Games\Mass Effect\Binaries\MassEffect.exe" -> D:\Games\Mass Effect\Binaries\MassEffect.exe [D:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game] -> [2008/05/29 17:34:19 | 048,956,922 | ---- | M] (BioWare)
"D:\Games\Mass Effect\MassEffectLauncher.exe" -> D:\Games\Mass Effect\MassEffectLauncher.exe [D:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher] -> [2008/05/07 11:19:36 | 000,730,344 | ---- | M] (BioWare)
"D:\Games\Operation Flashpoint - Dragon Rising\OFDR.exe" -> D:\Games\Operation Flashpoint - Dragon Rising\OFDR.exe [D:\Games\Operation Flashpoint - Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising] -> [2009/10/06 16:22:36 | 020,094,976 | ---- | M] (Codemasters Software Company Limited)
"D:\Games\Prototype\prototypef.exe" -> D:\Games\Prototype\prototypef.exe [D:\Games\Prototype\prototypef.exe:*:Enabled:Prototype(TM)] -> [2009/06/09 13:43:00 | 002,269,232 | ---- | M] (Activision)
"D:\Games\Warcraft III\Warcraft III.exe" -> D:\Games\Warcraft III\Warcraft III.exe [D:\Games\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III] -> [2009/04/14 16:00:10 | 000,274,432 | ---- | M] (Blizzard Entertainment)
"D:\Games\Wolfenstein\MP\Wolf2MP.exe" -> D:\Games\Wolfenstein\MP\Wolf2MP.exe [D:\Games\Wolfenstein\MP\Wolf2MP.exe:*:Enabled:Wolfenstein(TM)] -> [2009/07/22 18:46:40 | 006,399,248 | ---- | M] (Activision)
"D:\Games\Wolfenstein\MP\Wolf2MPLite.exe" -> D:\Games\Wolfenstein\MP\Wolf2MPLite.exe [D:\Games\Wolfenstein\MP\Wolf2MPLite.exe:*:Enabled:Wolfenstein(TM)] -> [2009/07/22 18:46:40 | 006,042,896 | ---- | M] (Activision)
"D:\Games\Worms Armageddon - New Edition\WA.exe" -> D:\Games\Worms Armageddon - New Edition\WA.exe [D:\Games\Worms Armageddon - New Edition\WA.exe:*:Enabled:Worms Armageddon] -> [2007/07/05 11:05:59 | 004,378,624 | ---- | M] (Team17 Software Ltd)
"D:\Steam\Steam.exe" -> D:\Steam\Steam.exe [D:\Steam\Steam.exe:*:Enabled:Steam] -> [2010/02/26 13:30:48 | 001,217,872 | ---- | M] (Valve Corporation)
"D:\Steam\steamapps\andre2account\the ship\ship.exe" -> D:\Steam\steamapps\andre2account\the ship\ship.exe [D:\Steam\steamapps\andre2account\the ship\ship.exe:*:Enabled:ship] -> [2009/04/03 17:46:35 | 000,090,112 | ---- | M] ()
"D:\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe" -> D:\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe [D:\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe:*:Enabled:AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity Demo] -> [2009/10/19 19:06:33 | 000,049,152 | ---- | M] ()
"D:\Steam\steamapps\common\battleforge\Bootstrapper.exe" -> D:\Steam\steamapps\common\battleforge\Bootstrapper.exe [D:\Steam\steamapps\common\battleforge\Bootstrapper.exe:*:Enabled:Battleforge Demo] -> [2009/08/13 12:12:36 | 005,797,240 | ---- | M] (EA Phenomic)
"D:\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe" -> D:\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe [D:\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:Bioshock] -> [2009/10/23 21:57:26 | 009,932,800 | ---- | M] ()
"D:\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe" -> D:\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe [D:\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe:*:Enabled:Blueberry Garden Demo] -> [2009/12/14 00:02:01 | 000,160,256 | ---- | M] (Erik Svedäng)
"D:\Steam\steamapps\common\champions online\Champions Online.exe" -> D:\Steam\steamapps\common\champions online\Champions Online.exe [D:\Steam\steamapps\common\champions online\Champions Online.exe:*:Enabled:Cryptic Game Launcher] -> File not found
"D:\Steam\steamapps\common\company of heroes\help.htm" -> D:\Steam\steamapps\common\company of heroes\help.htm [D:\Steam\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes] -> [2009/04/16 13:00:27 | 000,000,213 | ---- | M] ()
"D:\Steam\steamapps\common\company of heroes\RelicCOH.exe" -> D:\Steam\steamapps\common\company of heroes\RelicCOH.exe [D:\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes] -> [2009/12/24 02:10:25 | 009,266,056 | ---- | M] (THQ Canada Inc.)
"D:\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe" -> D:\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe [D:\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe:*:Enabled:Dangerous High School Girls in Trouble] -> [2009/12/24 00:15:36 | 000,038,400 | ---- | M] ()
"D:\Steam\steamapps\common\fallout 3\Fallout3.exe" -> D:\Steam\steamapps\common\fallout 3\Fallout3.exe [D:\Steam\steamapps\common\fallout 3\Fallout3.exe:*:Enabled:Fallout3] -> [2009/08/14 22:02:52 | 015,044,024 | ---- | M] (Bethesda Softworks)
"D:\Steam\steamapps\common\fallout 3\FalloutLauncher.exe" -> D:\Steam\steamapps\common\fallout 3\FalloutLauncher.exe [D:\Steam\steamapps\common\fallout 3\FalloutLauncher.exe:*:Enabled:Fallout 3] -> [2009/01/28 20:47:38 | 001,900,544 | ---- | M] (Bethesda Softworks)
"D:\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" -> D:\Steam\steamapps\common\killingfloor\System\KillingFloor.exe [D:\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor] -> [2009/11/04 21:05:47 | 000,192,512 | ---- | M] ()
"D:\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" -> D:\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe [D:\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2] -> [2009/11/03 19:51:14 | 000,385,024 | ---- | M] ()
"D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" -> D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe [D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2] -> [2009/11/17 08:47:27 | 000,385,024 | ---- | M] ()
"D:\Steam\steamapps\common\left 4 dead\left4dead.exe" -> D:\Steam\steamapps\common\left 4 dead\left4dead.exe [D:\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead] -> [2009/04/22 10:10:00 | 000,098,304 | ---- | M] ()
"D:\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe" -> D:\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe [D:\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe:*:Enabled:Oddworld: Abe's Exoddus] -> [2009/12/24 00:34:50 | 002,289,664 | ---- | M] (Oddworld Inhabitants, Inc.)
"D:\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe" -> D:\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe [D:\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe:*:Enabled:Oddworld: Abe's Oddysee] -> [2009/12/24 02:21:37 | 001,132,032 | ---- | M] (Oddworld Inhabitants, Inc.)
"D:\Steam\steamapps\common\raycatcher demo\Raycatcher.exe" -> D:\Steam\steamapps\common\raycatcher demo\Raycatcher.exe [D:\Steam\steamapps\common\raycatcher demo\Raycatcher.exe:*:Enabled:Raycatcher Demo] -> [2009/04/18 15:14:05 | 002,287,104 | ---- | M] (GarageGames)
"D:\Steam\steamapps\common\time gentlemen, please!\TGP.exe" -> D:\Steam\steamapps\common\time gentlemen, please!\TGP.exe [D:\Steam\steamapps\common\time gentlemen, please!\TGP.exe:*:Enabled:Time Gentlemen, Please!] -> [2010/01/10 18:46:02 | 074,077,811 | ---- | M] (Chris Jones)
"D:\Steam\steamapps\common\time gentlemen, please!\winsetup.exe" -> D:\Steam\steamapps\common\time gentlemen, please!\winsetup.exe [D:\Steam\steamapps\common\time gentlemen, please!\winsetup.exe:*:Enabled:Time Gentlemen, Please!] -> [2010/01/10 18:45:15 | 000,110,612 | ---- | M] (Chris Jones)
"D:\Steam\steamapps\common\tomb raider anniversary\tra.exe" -> D:\Steam\steamapps\common\tomb raider anniversary\tra.exe [D:\Steam\steamapps\common\tomb raider anniversary\tra.exe:*:Enabled:Tomb Raider: Anniversary] -> [2009/04/03 17:46:33 | 001,170,944 | ---- | M] (Eidos Inc.)
"D:\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe" -> D:\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe [D:\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe:*:Enabled:DOW2] -> File not found
"D:\Steam\steamapps\common\world of goo\WorldOfGoo.exe" -> D:\Steam\steamapps\common\world of goo\WorldOfGoo.exe [D:\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo] -> [2009/03/08 18:31:13 | 002,203,648 | ---- | M] ()
"D:\Steam\steamapps\[email protected]\age of chivalry\hl2.exe" -> D:\Steam\steamapps\[email protected]\age of chivalry\hl2.exe [D:\Steam\steamapps\[email protected]\age of chivalry\hl2.exe:*:Disabled:hl2] -> [2009/12/26 12:08:01 | 000,098,304 | ---- | M] ()
"D:\Steam\steamapps\[email protected]\counter-strike source\hl2.exe" -> D:\Steam\steamapps\[email protected]\counter-strike source\hl2.exe [D:\Steam\steamapps\[email protected]\counter-strike source\hl2.exe:*:Enabled:hl2] -> [2009/12/14 10:37:06 | 000,106,496 | ---- | M] ()
"D:\Steam\steamapps\[email protected]\day of defeat source\hl2.exe" -> D:\Steam\steamapps\[email protected]\day of defeat source\hl2.exe [D:\Steam\steamapps\[email protected]\day of defeat source\hl2.exe:*:Enabled:hl2] -> [2010/02/26 13:35:22 | 000,103,736 | ---- | M] ()
"D:\Steam\steamapps\[email protected]\dystopia\hl2.exe" -> D:\Steam\steamapps\[email protected]\dystopia\hl2.exe [D:\Steam\steamapps\[email protected]\dystopia\hl2.exe:*:Enabled:hl2] -> [2009/03/04 00:08:33 | 000,106,496 | ---- | M] ()
"D:\Steam\steamapps\[email protected]\eternal-silence\hl2.exe" -> D:\Steam\steamapps\[email protected]\eternal-silence\hl2.exe [D:\Steam\steamapps\[email protected]\eternal-silence\hl2.exe:*:Enabled:hl2] -> [2009/02/20 12:24:33 | 000,106,496 | ---- | M] ()
"D:\Steam\steamapps\[email protected]\pirates, vikings, and knights ii\hl2.exe" -> D:\Steam\steamapps\[email protected]\pirates, vikings, and knights ii\hl2.exe [D:\Steam\steamapps\[email protected]\pirates, vikings, and knights ii\hl2.exe:*:Enabled:hl2] -> [2010/02/14 21:25:43 | 000,098,304 | ---- | M] ()
"D:\Steam\steamapps\[email protected]\smashball\hl2.exe" -> D:\Steam\steamapps\[email protected]\smashball\hl2.exe [D:\Steam\steamapps\[email protected]\smashball\hl2.exe:*:Enabled:hl2] -> [2009/08/12 14:33:52 | 000,098,304 | ---- | M] ()
"D:\Steam\steamapps\[email protected]\team fortress 2\hl2.exe" -> D:\Steam\steamapps\[email protected]\team fortress 2\hl2.exe [D:\Steam\steamapps\[email protected]\team fortress 2\hl2.exe:*:Enabled:hl2] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> C:\WINDOWS\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/01/28 20:14:31 | 000,000,000 | ---- | M] ()
E:\Autorun.inf [[autorun] | Open=demo32.exe | Icon=Lws.Ico | ] -> E:\Autorun.inf [ CDFS ] -> [2007/10/15 14:03:27 | 000,000,040 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell
\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun
\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun\command
\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun\command\\"" -> H:\LaunchU3.exe [H:\LaunchU3.exe -a] -> File not found
\{885b927e-a78c-11de-83d9-00e04c77ba7a}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell
\{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell\AutoRun
\{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell
\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\AutoRun
\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\AutoRun\command
\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\AutoRun\command\\"" -> E:\Demo32.exe [E:\demo32.exe] -> [2007/07/13 16:08:54 | 000,509,464 | R--- | M] (InstallShield Software Corporation)
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
64bit-batfile [open] -> "%1" %* -> File not found
64bit-cmdfile [open] -> "%1" %* -> File not found
64bit-comfile [open] -> "%1" %* -> File not found
64bit-cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
64bit-htmlfile [edit] -> Reg Error: Key error.
64bit-inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> File not found
64bit-InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l -> File not found
64bit-piffile [open] -> "%1" %* -> File not found
64bit-regfile [merge] -> Reg Error: Key error.
64bit-scrfile [config] -> "%1" -> File not found
64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> File not found
64bit-scrfile [open] -> "%1" /S -> File not found
64bit-txtfile [edit] -> Reg Error: Key error.
64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> File not found
64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation)
64bit-Directory [Winamp.Bookmark] -> "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft)
64bit-Directory [Winamp.Enqueue] -> "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft)
64bit-Directory [Winamp.Play] -> "C:\Program Files (x86)\Winamp\winamp.exe" "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft)
64bit-Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation)
64bit-Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation)
64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation)
batfile [open] -> "%1" %* ->
cmdfile [open] -> "%1" %* ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
htmlfile [edit] -> Reg Error: Key error.
piffile [open] -> "%1" %* ->
regfile [merge] -> Reg Error: Key error.
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2005/03/25 07:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Error: Key error.
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->
Directory [find] -> %SystemRoot%\Explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation)
Directory [Winamp.Bookmark] -> "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft)
Directory [Winamp.Enqueue] -> "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft)
Directory [Winamp.Play] -> "C:\Program Files (x86)\Winamp\winamp.exe" "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft)
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 1/12/2010 11:49:31 AM Computer Name = THE-BL7D5N9D5A8 | Source = Application Hang | ID = 1002 -> Description = Hanging application hammer.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 1/21/2010 1:27:36 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application winamp.exe, version 5.5.4.2165, faulting module unknown, version 0.0.0.0, fault address 0x1390e114.
Application [ Error ] 1/30/2010 12:25:22 AM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application winamp.exe, version 5.5.4.2165, faulting module gen_ml.dll, version 0.0.0.0, fault address 0x0001c32b.
Application [ Error ] 2/5/2010 3:47:36 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application winamp.exe, version 5.5.4.2165, faulting module gdi32.dll, version 5.2.3790.3233, fault address 0x00015901.
Application [ Error ] 2/7/2010 9:29:29 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application towerclimb.exe, version 0.0.0.0, faulting module towerclimb.exe, version 0.0.0.0, fault address 0x000617b0.
Application [ Error ] 2/7/2010 9:34:51 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application towerclimb.exe, version 0.0.0.0, faulting module towerclimb.exe, version 0.0.0.0, fault address 0x000617b0.
Application [ Error ] 2/18/2010 11:31:45 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application rewmcxoans.tmp, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x02002222.
Application [ Error ] 2/18/2010 11:56:13 PM Computer Name = THE-BL7D5N9D5A8 | Source = VSS | ID = 8211 -> Description =
Application [ Error ] 2/19/2010 12:15:54 AM Computer Name = THE-BL7D5N9D5A8 | Source = Lavasoft Ad-Aware Service | ID = 0 -> Description =
Application [ Error ] 2/19/2010 10:18:37 AM Computer Name = THE-BL7D5N9D5A8 | Source = Application Hang | ID = 1002 -> Description = Hanging application eventcreatexp.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System [ Error ] 2/26/2010 1:44:49 PM Computer Name = THE-BL7D5N9D5A8 | Source = SideBySide | ID = 16842784 -> Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.  
System [ Error ] 2/26/2010 1:44:49 PM Computer Name = THE-BL7D5N9D5A8 | Source = SideBySide | ID = 16842811 -> Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.  Reference error message: The referenced assembly is not installed on your system.  .
System [ Error ] 2/26/2010 1:44:49 PM Computer Name = THE-BL7D5N9D5A8 | Source = SideBySide | ID = 16842811 -> Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\amd64_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6E02DFE5\MFC80U.DLL.  Reference error message: The referenced assembly is not installed on your system.  .
System [ Error ] 2/26/2010 1:45:21 PM Computer Name = THE-BL7D5N9D5A8 | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {555F3418-D99E-4E51-800A-6E89CFD8B1D7}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 2/26/2010 1:45:21 PM Computer Name = THE-BL7D5N9D5A8 | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {555F3418-D99E-4E51-800A-6E89CFD8B1D7}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 2/26/2010 1:56:08 PM Computer Name = THE-BL7D5N9D5A8 | Source = SideBySide | ID = 16842784 -> Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.  
System [ Error ] 2/26/2010 1:56:08 PM Computer Name = THE-BL7D5N9D5A8 | Source = SideBySide | ID = 16842811 -> Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.  Reference error message: The referenced assembly is not installed on your system.  .
System [ Error ] 2/26/2010 1:56:08 PM Computer Name = THE-BL7D5N9D5A8 | Source = SideBySide | ID = 16842811 -> Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\amd64_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6E02DFE5\MFC80U.DLL.  Reference error message: The referenced assembly is not installed on your system.  .
System [ Error ] 2/26/2010 1:56:34 PM Computer Name = THE-BL7D5N9D5A8 | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {555F3418-D99E-4E51-800A-6E89CFD8B1D7}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 2/26/2010 1:56:35 PM Computer Name = THE-BL7D5N9D5A8 | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {555F3418-D99E-4E51-800A-6E89CFD8B1D7}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.

[Files/Folders - Created Within 30 Days]
Malwarebytes -> C:\Documents and Settings\Administrator\Application Data\Malwarebytes -> [2010/02/26 10:48:45 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys -> [2010/02/26 10:48:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2010/02/26 10:48:39 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010/02/26 10:48:39 | 000,000,000 | ---D | C]
Explorer.exe.exe -> C:\Documents and Settings\Administrator\Desktop\Explorer.exe.exe -> [2010/02/26 10:47:07 | 005,061,512 | ---- | C] (Malwarebytes Corporation                                    )
_OTM -> C:\_OTM -> [2010/02/26 10:35:43 | 000,000,000 | ---D | C]
OTM.exe -> C:\Documents and Settings\Administrator\Desktop\OTM.exe -> [2010/02/26 10:33:02 | 000,504,832 | ---- | C] (OldTimer Tools)
{11B4695B-1FC3-4A19-B63B-2789EDDA7A35} -> C:\Documents and Settings\Administrator\Local Settings\Application Data\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35} -> [2010/02/25 19:40:28 | 000,000,000 | ---D | C]
ERDNT -> C:\WINDOWS\ERDNT -> [2010/02/19 10:02:45 | 000,000,000 | ---D | C]
Trend Micro -> C:\Program Files (x86)\Trend Micro -> [2010/02/19 09:58:42 | 000,000,000 | ---D | C]
{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> [2010/02/18 23:15:30 | 000,000,000 | -H-D | C]
Lavasoft -> C:\Program Files (x86)\Lavasoft -> [2010/02/18 23:15:11 | 000,000,000 | ---D | C]
Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft -> [2010/02/18 23:15:11 | 000,000,000 | ---D | C]
Securityessentials2010 -> C:\Program Files\Securityessentials2010 -> [2010/02/18 22:31:36 | 000,000,000 | ---D | C]
Pando Networks -> C:\Program Files (x86)\Pando Networks -> [2010/02/18 22:13:48 | 000,000,000 | ---D | C]
muweb.dll -> C:\WINDOWS\SysWow64\muweb.dll -> [2010/02/17 14:38:03 | 000,215,920 | ---- | C] (Microsoft Corporation)
Microsoft Silverlight -> C:\Program Files (x86)\Microsoft Silverlight -> [2010/02/16 20:01:32 | 000,000,000 | ---D | C]
Config.Msi -> C:\Config.Msi -> [2010/02/16 11:12:01 | 000,000,000 | -HSD | C]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/10/29 14:31:04 | 000,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/01/28 20:14:30 | 000,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2009/01/28 20:14:30 | 000,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/01/28 20:14:30 | 000,000,000 | --SD | M]

[Files/Folders - Modified Within 30 Days]
Bkopewahatewisu.dat -> C:\WINDOWS\Bkopewahatewisu.dat -> [2010/02/28 11:59:25 | 000,000,120 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/02/28 00:11:07 | 000,043,008 | ---- | M] ()
Fsicogica.bin -> C:\WINDOWS\Fsicogica.bin -> [2010/02/28 00:10:34 | 000,000,000 | ---- | M] ()
PUTTY.RND -> C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND -> [2010/02/27 16:33:06 | 000,000,600 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2010/02/26 13:29:59 | 000,000,496 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/02/26 12:56:04 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/02/26 12:56:03 | 000,002,048 | --S- | M] ()
ntuser.ini -> C:\Documents and Settings\Administrator\ntuser.ini -> [2010/02/26 12:54:55 | 000,000,178 | -HS- | M] ()
NTUSER.DAT -> C:\Documents and Settings\Administrator\NTUSER.DAT -> [2010/02/26 12:54:35 | 018,350,080 | -H-- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/26 10:51:05 | 000,000,738 | ---- | M] ()
Explorer.exe.exe -> C:\Documents and Settings\Administrator\Desktop\Explorer.exe.exe -> [2010/02/26 10:47:07 | 005,061,512 | ---- | M] (Malwarebytes Corporation                                    )
piruraju -> C:\WINDOWS\SysWow64\piruraju -> [2010/02/26 10:36:15 | 000,000,000 | -H-- | M] ()
OTM.exe -> C:\Documents and Settings\Administrator\Desktop\OTM.exe -> [2010/02/26 10:33:49 | 000,504,832 | ---- | M] (OldTimer Tools)
aaw7boot.cmd -> C:\aaw7boot.cmd -> [2010/02/26 09:24:42 | 000,000,954 | -H-- | M] ()
Dropbox.lnk -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk -> [2010/02/26 09:14:42 | 000,000,926 | ---- | M] ()
HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2010/02/19 09:58:42 | 000,001,800 | ---- | M] ()
Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2010/02/18 23:15:29 | 000,000,921 | ---- | M] ()
IconCache.db -> C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db -> [2010/02/18 23:00:58 | 002,096,656 | -H-- | M] ()
Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/02/16 11:12:37 | 000,001,771 | ---- | M] ()
av.jpg -> C:\Documents and Settings\Administrator\Desktop\av.jpg -> [2010/02/14 10:37:10 | 000,022,293 | ---- | M] ()
.recently-used.xbel -> C:\Documents and Settings\Administrator\.recently-used.xbel -> [2010/02/14 10:34:47 | 000,000,875 | ---- | M] ()
getoutdalf.jpg -> C:\Documents and Settings\Administrator\Desktop\getoutdalf.jpg -> [2010/02/14 10:34:32 | 000,083,355 | ---- | M] ()
Shortcut to putty.lnk -> C:\Documents and Settings\Administrator\Desktop\Shortcut to putty.lnk -> [2010/01/31 16:20:49 | 000,000,482 | ---- | M] ()
2 C:\Documents and Settings\Administrator\Local Settings\Temp\is-08JT5.tmp\_isetup\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\is-08JT5.tmp\_isetup\*.tmp ->

[Files - No Company Name]
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/26 10:48:43 | 000,000,738 | ---- | C] ()
piruraju -> C:\WINDOWS\SysWow64\piruraju -> [2010/02/26 10:36:15 | 000,000,000 | -H-- | C] ()
Bkopewahatewisu.dat -> C:\WINDOWS\Bkopewahatewisu.dat -> [2010/02/25 19:40:29 | 000,000,120 | ---- | C] ()
Fsicogica.bin -> C:\WINDOWS\Fsicogica.bin -> [2010/02/25 19:40:29 | 000,000,000 | ---- | C] ()
HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2010/02/19 09:58:42 | 000,001,800 | ---- | C] ()
aaw7boot.cmd -> C:\aaw7boot.cmd -> [2010/02/18 23:35:23 | 000,000,954 | -H-- | C] ()
Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2010/02/18 23:18:40 | 000,000,496 | ---- | C] ()
Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2010/02/18 23:15:29 | 000,000,921 | ---- | C] ()
Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/02/16 11:12:37 | 000,001,771 | ---- | C] ()
av.jpg -> C:\Documents and Settings\Administrator\Desktop\av.jpg -> [2010/02/14 10:37:10 | 000,022,293 | ---- | C] ()
.recently-used.xbel -> C:\Documents and Settings\Administrator\.recently-used.xbel -> [2010/02/14 10:34:47 | 000,000,875 | ---- | C] ()
getoutdalf.jpg -> C:\Documents and Settings\Administrator\Desktop\getoutdalf.jpg -> [2010/02/14 10:34:31 | 000,083,355 | ---- | C] ()
Shortcut to putty.lnk -> C:\Documents and Settings\Administrator\Desktop\Shortcut to putty.lnk -> [2010/01/31 16:20:49 | 000,000,482 | ---- | C] ()
WORDPAD.INI -> C:\WINDOWS\WORDPAD.INI -> [2009/05/25 21:44:55 | 000,000,754 | ---- | C] ()
WA.INI -> C:\WINDOWS\WA.INI -> [2009/05/23 22:43:42 | 000,000,122 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/03/10 10:25:50 | 000,000,238 | ---- | C] ()
BlendSettings.ini -> C:\WINDOWS\BlendSettings.ini -> [2009/02/20 14:32:42 | 000,000,023 | ---- | C] ()
FoxImager.dll -> C:\WINDOWS\SysWow64\FoxImager.dll -> [2009/02/17 18:29:59 | 000,323,584 | ---- | C] ()
PerfStringBackup.INI -> C:\WINDOWS\SysWow64\PerfStringBackup.INI -> [2009/01/29 00:16:32 | 000,553,690 | ---- | C] ()
Ascd_tmp.ini -> C:\WINDOWS\Ascd_tmp.ini -> [2009/01/28 21:03:03 | 000,006,274 | ---- | C] ()
ASUSHWIO.SYS -> C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS -> [2009/01/28 21:02:55 | 000,010,288 | ---- | C] ()
guard32.dll -> C:\WINDOWS\SysWow64\guard32.dll -> [2009/01/28 20:30:25 | 000,155,384 | ---- | C] ()
nview.dll -> C:\WINDOWS\SysWow64\nview.dll -> [2009/01/15 08:19:00 | 001,507,328 | ---- | C] ()
nvwimg.dll -> C:\WINDOWS\SysWow64\nvwimg.dll -> [2009/01/15 08:19:00 | 001,101,824 | ---- | C] ()
qt-dx331.dll -> C:\WINDOWS\SysWow64\qt-dx331.dll -> [2008/11/06 11:37:32 | 003,596,288 | ---- | C] ()
xlive.dll.cat -> C:\WINDOWS\SysWow64\xlive.dll.cat -> [2008/10/28 17:40:48 | 000,173,552 | ---- | C] ()
physxcudart_20.dll -> C:\WINDOWS\SysWow64\physxcudart_20.dll -> [2008/10/07 09:13:30 | 000,197,912 | ---- | C] ()
AgCPanelTraditionalChinese.dll -> C:\WINDOWS\SysWow64\AgCPanelTraditionalChinese.dll -> [2008/10/07 09:13:22 | 000,058,648 | ---- | C] ()
AgCPanelSwedish.dll -> C:\WINDOWS\SysWow64\AgCPanelSwedish.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] ()
AgCPanelSpanish.dll -> C:\WINDOWS\SysWow64\AgCPanelSpanish.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] ()
AgCPanelSimplifiedChinese.dll -> C:\WINDOWS\SysWow64\AgCPanelSimplifiedChinese.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] ()
AgCPanelPortugese.dll -> C:\WINDOWS\SysWow64\AgCPanelPortugese.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] ()
AgCPanelKorean.dll -> C:\WINDOWS\SysWow64\AgCPanelKorean.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] ()
AgCPanelJapanese.dll -> C:\WINDOWS\SysWow64\AgCPanelJapanese.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] ()
AgCPanelGerman.dll -> C:\WINDOWS\SysWow64\AgCPanelGerman.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] ()
AgCPanelFrench.dll -> C:\WINDOWS\SysWow64\AgCPanelFrench.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] ()
ibatibuxerugug.dll -> C:\WINDOWS\ibatibuxerugug.dll -> [2007/03/02 00:56:30 | 000,162,816 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] ()
quartz.dll -> C:\WINDOWS\SysWow64\quartz.dll -> [2005/03/25 07:00:00 | 001,291,264 | ---- | C] ()
qedwipes.dll -> C:\WINDOWS\SysWow64\qedwipes.dll -> [2005/03/25 07:00:00 | 000,733,696 | ---- | C] ()
qedit.dll -> C:\WINDOWS\SysWow64\qedit.dll -> [2005/03/25 07:00:00 | 000,512,512 | ---- | C] ()
dxmasf.dll -> C:\WINDOWS\SysWow64\dxmasf.dll -> [2005/03/25 07:00:00 | 000,498,742 | ---- | C] ()
encdec.dll -> C:\WINDOWS\SysWow64\encdec.dll -> [2005/03/25 07:00:00 | 000,396,288 | ---- | C] ()
qdvd.dll -> C:\WINDOWS\SysWow64\qdvd.dll -> [2005/03/25 07:00:00 | 000,385,536 | ---- | C] ()
msjetoledb40.dll -> C:\WINDOWS\SysWow64\msjetoledb40.dll -> [2005/03/25 07:00:00 | 000,355,112 | ---- | C] ()
qdv.dll -> C:\WINDOWS\SysWow64\qdv.dll -> [2005/03/25 07:00:00 | 000,279,040 | ---- | C] ()
sbe.dll -> C:\WINDOWS\SysWow64\sbe.dll -> [2005/03/25 07:00:00 | 000,276,992 | ---- | C] ()
ir32_32.dll -> C:\WINDOWS\SysWow64\ir32_32.dll -> [2005/03/25 07:00:00 | 000,199,168 | ---- | C] ()
qcap.dll -> C:\WINDOWS\SysWow64\qcap.dll -> [2005/03/25 07:00:00 | 000,192,512 | ---- | C] ()
msencode.dll -> C:\WINDOWS\SysWow64\msencode.dll -> [2005/03/25 07:00:00 | 000,114,688 | ---- | C] ()
amstream.dll -> C:\WINDOWS\SysWow64\amstream.dll -> [2005/03/25 07:00:00 | 000,072,704 | ---- | C] ()
mciqtz32.dll -> C:\WINDOWS\SysWow64\mciqtz32.dll -> [2005/03/25 07:00:00 | 000,062,464 | ---- | C] ()
devenum.dll -> C:\WINDOWS\SysWow64\devenum.dll -> [2005/03/25 07:00:00 | 000,061,440 | ---- | C] ()
tsd32.dll -> C:\WINDOWS\SysWow64\tsd32.dll -> [2005/03/25 07:00:00 | 000,016,896 | ---- | C] ()
msdmo.dll -> C:\WINDOWS\SysWow64\msdmo.dll -> [2005/03/25 07:00:00 | 000,014,336 | ---- | C] ()
msdxmlc.dll -> C:\WINDOWS\SysWow64\msdxmlc.dll -> [2005/03/25 07:00:00 | 000,004,126 | ---- | C] ()

[File - Lop Check]
.purple -> C:\Documents and Settings\Administrator\Application Data\.purple -> [2010/02/28 11:59:12 | 000,000,000 | ---D | M]
Bioshock -> C:\Documents and Settings\Administrator\Application Data\Bioshock -> [2010/02/07 20:14:34 | 000,000,000 | ---D | M]
DAEMON Tools -> C:\Documents and Settings\Administrator\Application Data\DAEMON Tools -> [2009/01/29 09:38:28 | 000,000,000 | ---D | M]
DAEMON Tools Lite -> C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite -> [2009/10/30 14:08:50 | 000,000,000 | ---D | M]
DAEMON Tools Pro -> C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro -> [2009/01/29 13:48:19 | 000,000,000 | ---D | M]
DNA -> C:\Documents and Settings\Administrator\Application Data\DNA -> [2009/03/10 10:38:12 | 000,000,000 | ---D | M]
Dropbox -> C:\Documents and Settings\Administrator\Application Data\Dropbox -> [2010/02/28 07:55:59 | 000,000,000 | ---D | M]
EVEMon -> C:\Documents and Settings\Administrator\Application Data\EVEMon -> [2010/02/28 11:57:52 | 000,000,000 | ---D | M]
gtk-2.0 -> C:\Documents and Settings\Administrator\Application Data\gtk-2.0 -> [2009/09/22 17:24:32 | 000,000,000 | ---D | M]
leafChat -> C:\Documents and Settings\Administrator\Application Data\leafChat -> [2010/02/28 11:57:30 | 000,000,000 | ---D | M]
LucasArts -> C:\Documents and Settings\Administrator\Application Data\LucasArts -> [2009/07/17 18:25:25 | 000,000,000 | ---D | M]
Mount&Blade -> C:\Documents and Settings\Administrator\Application Data\Mount&Blade -> [2009/02/02 05:32:29 | 000,000,000 | ---D | M]
Mumble -> C:\Documents and Settings\Administrator\Application Data\Mumble -> [2009/06/29 09:06:36 | 000,000,000 | ---D | M]
My Battle for Middle-earth(tm) II Files -> C:\Documents and Settings\Administrator\Application Data\My Battle for Middle-earth(tm) II Files -> [2009/10/09 14:17:12 | 000,000,000 | ---D | M]
PlayFirst -> C:\Documents and Settings\Administrator\Application Data\PlayFirst -> [2010/01/11 23:27:04 | 000,000,000 | ---D | M]
runic games -> C:\Documents and Settings\Administrator\Application Data\runic games -> [2009/11/05 19:20:31 | 000,000,000 | ---D | M]
RunningPillow -> C:\Documents and Settings\Administrator\Application Data\RunningPillow -> [2010/01/28 19:53:24 | 000,000,000 | ---D | M]
Slam Dunk Studios, LLC -> C:\Documents and Settings\Administrator\Application Data\Slam Dunk Studios, LLC -> [2009/04/18 15:15:40 | 000,000,000 | ---D | M]
Stardock -> C:\Documents and Settings\Administrator\Application Data\Stardock -> [2009/05/26 09:12:17 | 000,000,000 | ---D | M]
The Longest Journey Demo -> C:\Documents and Settings\Administrator\Application Data\The Longest Journey Demo -> [2009/05/31 09:51:27 | 000,000,000 | ---D | M]
Thinstall -> C:\Documents and Settings\Administrator\Application Data\Thinstall -> [2009/08/26 23:58:17 | 000,000,000 | ---D | M]
Ubisoft -> C:\Documents and Settings\Administrator\Application Data\Ubisoft -> [2009/10/12 11:34:45 | 000,000,000 | ---D | M]
uTorrent -> C:\Documents and Settings\Administrator\Application Data\uTorrent -> [2010/02/28 11:57:55 | 000,000,000 | ---D | M]
2DBoy -> C:\Documents and Settings\All Users\Application Data\2DBoy -> [2009/03/08 18:33:50 | 000,000,000 | ---D | M]
BioWare -> C:\Documents and Settings\All Users\Application Data\BioWare -> [2010/01/09 20:03:56 | 000,000,000 | ---D | M]
CCP -> C:\Documents and Settings\All Users\Application Data\CCP -> [2009/01/29 13:26:40 | 000,000,000 | ---D | M]
DAEMON Tools Lite -> C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite -> [2009/01/29 09:37:39 | 000,000,000 | ---D | M]
MumboJumbo -> C:\Documents and Settings\All Users\Application Data\MumboJumbo -> [2009/10/29 20:03:50 | 000,000,000 | ---D | M]
PlayFirst -> C:\Documents and Settings\All Users\Application Data\PlayFirst -> [2010/01/11 23:27:04 | 000,000,000 | ---D | M]
PopCap Games -> C:\Documents and Settings\All Users\Application Data\PopCap Games -> [2009/05/24 16:21:50 | 000,000,000 | ---D | M]
Redirected -> C:\Documents and Settings\All Users\Application Data\Redirected -> [2009/08/15 22:05:33 | 000,000,000 | ---D | M]
Stardock -> C:\Documents and Settings\All Users\Application Data\Stardock -> [2009/05/26 09:11:28 | 000,000,000 | ---D | M]
{1EB63B4B-5639-4477-8E24-05C31B5F8019} -> C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019} -> [2009/05/26 09:11:45 | 000,000,000 | -H-D | M]
{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> [2010/02/18 23:15:31 | 000,000,000 | -H-D | M]
Ad-Aware Update (Weekly).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job -> [2010/02/26 13:29:59 | 000,000,496 | ---- | M] ()
SchedLgU.Txt -> C:\WINDOWS\Tasks\SchedLgU.Txt -> [2010/02/26 12:54:59 | 000,032,526 | ---- | M] ()

[File - Purity Scan]

[Custom Scans]
< netsvcs >
< %SYSTEMDRIVE%\*.exe >
< %ProgramFiles%\Movie Maker\*.dll >
WMM2AE.dll -> C:\Program Files (x86)\Movie Maker\WMM2AE.dll -> [2005/03/25 07:00:00 | 000,167,936 | ---- | M] (Microsoft Corporation)
WMM2ERES.dll -> C:\Program Files (x86)\Movie Maker\WMM2ERES.dll -> [2005/03/25 07:00:00 | 000,003,072 | ---- | M] (Microsoft Corporation)
WMM2EXT.dll -> C:\Program Files (x86)\Movie Maker\WMM2EXT.dll -> [2005/03/25 07:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation)
WMM2FILT.dll -> C:\Program Files (x86)\Movie Maker\WMM2FILT.dll -> [2005/03/25 07:00:00 | 000,316,928 | ---- | M] (Microsoft Corporation)
WMM2FXA.dll -> C:\Program Files (x86)\Movie Maker\WMM2FXA.dll -> [2005/03/25 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation)
WMM2FXB.dll -> C:\Program Files (x86)\Movie Maker\WMM2FXB.dll -> [2005/03/25 07:00:00 | 000,328,192 | ---- | M] (Microsoft Corporation)
WMM2RES.dll -> C:\Program Files (x86)\Movie Maker\WMM2RES.dll -> [2005/03/25 07:00:00 | 004,255,744 | ---- | M] (Microsoft Corporation)
WMM2RES2.dll -> C:\Program Files (x86)\Movie Maker\WMM2RES2.dll -> [2005/03/25 07:00:00 | 000,004,608 | ---- | M] (Microsoft Corporation)
Invalid Environment Variable: ALLUSERSAPPDATA
< %SYSTEMROOT%\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dll >
custsat.dll -> C:\Program Files (x86)\Internet Explorer\custsat.dll -> [2006/09/06 17:42:40 | 000,033,792 | ---- | M] (Microsoft Corporation)
hmmapi.dll -> C:\Program Files (x86)\Internet Explorer\hmmapi.dll -> [2007/08/13 18:18:02 | 000,060,416 | ---- | M] (Microsoft Corporation)
ieproxy.dll -> C:\Program Files (x86)\Internet Explorer\ieproxy.dll -> [2007/08/13 18:43:14 | 000,287,744 | ---- | M] (Microsoft Corporation)
Invalid Environment Variable: DriveLetter
< %systemroot%\system32\*.dll /lockedfiles >
< MD5 Scans Start>
< %systemdrive%\AGP440.SYS  /md5 /s >
AGP440.sys : .cab file  -> C:\WINDOWS\SoftwareDistribution\Download\932544ac229fb6a2b092fd2bb1509ac0\amd64\sp2.cab:AGP440.sys -> [2007/02/18 11:01:10 | 011,678,589 | ---- | M] ()
< %systemdrive%\ATAPI.SYS  /md5 /s >
atapi.sys : .cab file  -> C:\WINDOWS\SoftwareDistribution\Download\932544ac229fb6a2b092fd2bb1509ac0\amd64\sp2.cab:atapi.sys -> [2007/02/18 11:01:10 | 011,678,589 | ---- | M] ()
< %systemdrive%\NETLOGON.DLL  /md5 /s >
netlogon.dll : MD5=9DA343027F3B72029AB499D3F7FFACAA -> C:\WINDOWS\SysWOW64\netlogon.dll -> [2005/03/25 07:00:00 | 000,419,328 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=9DA343027F3B72029AB499D3F7FFACAA -> C:\WINDOWS\SysWOW64\netlogon.dll -> [2005/03/25 07:00:00 | 000,419,328 | ---- | M] (Microsoft Corporation)
< %systemdrive%\SCECLI.DLL  /md5 /s >
scecli.dll : MD5=71FB876580530E7B0429312A8BCE5E04 -> C:\WINDOWS\SysWOW64\scecli.dll -> [2005/03/25 07:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=71FB876580530E7B0429312A8BCE5E04 -> C:\WINDOWS\SysWOW64\scecli.dll -> [2005/03/25 07:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< c:\$recycle.bin\*.* /s >
OTS cannot create restorepoints on Vista OSs!
< End of report >

Share this post


Link to post
Share on other sites
Hey [b]ohgodhelp[/b],

[quote]I wasn't sure, so I ran it with the same settings as you provided in the second post. Avira has still been finding a few bad files, but performance-wise things have been much better. Thanks a lot for this help.[/quote]

No worries, yes, there are still some things we need to remove here. Hang in there. :rolleyes:

[color="#0000FF"][b]Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.[/b][/color]

Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) ([b]Avira anti-virus[/b]) as it/they may hinder the tools from running. Instructions is in the link below:

[url="http://www.bleepingcomputer.com/forums/topic114351.html"]http://www.bleepingcomputer.com/forums/topic114351.html[/url]

[color="#8B0000"][b][size=5]1)[/size] Run OTM[/b][/color]
[list]
[*] Please double-click [b]OTM.exe[/b] to run it. (Vista users, please right click on [b]OTM.exe[/b] and select "Run as an [b]Administrator[/b]")
[*][b]Copy everything in the codebox below to the clipboard[/b] by highlighting [b]ALL[/b] of them and [b]pressing CTRL + C[/b] (or, after highlighting, right-click and choose [b]Copy[/b]):

[code]&#58;Files
C&#58;\WINDOWS\ibatibuxerugug.dll
C&#58;\Documents and Settings\Administrator\Desktop\Explorer.exe.exe
C&#58;\WINDOWS\Bkopewahatewisu.dat
C&#58;\WINDOWS\Fsicogica.bin
C&#58;\WINDOWS\SysWow64\piruraju
C&#58;\WINDOWS\SysWow64\msjetoledb40.dll

&#58;Reg
&#91;HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows&#93;
&#34;AppInit_Dlls&#34;=-
&#91;HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run&#93;
&#34;Efonoqipofevi&#34;=-
&#91;HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad&#93;
&#34;{267567d2-fbba-4019-94da-8470f88fb05d}&#34;=-
&#34;{f4db9296-7c54-4444-bfea-4dc2d0073a57}&#34;=-
&#91;HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler&#93;
&#34;{267567d2-fbba-4019-94da-8470f88fb05d}&#34;=-
&#34;{705c8702-2953-4700-85e2-372ac8232866}&#34;=-
&#34;{f4db9296-7c54-4444-bfea-4dc2d0073a57}&#34;=-

&#58;Commands
&#91;purity&#93;
&#91;emptytemp&#93;
&#91;reboot&#93;[/code]

[*] Return to OTM, right click in the [b]"Paste Instructions for Items to be Moved"[/b] window (under the light [color="#FFFF00"][b]Yellow[/b][/color] bar) and choose [b]Paste[/b].
[*]Click the red [b][color="#FF0000"]Moveit![/color][/b] button.
[*]Copy everything in the "Results" window (under the [color="#00FF00"][b]Green[/b][/color] bar) to the clipboard by highlighting [b]ALL[/b] of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close [b]OTM[/b]
[/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose [b]Yes.[/b] In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

[color="#8B0000"][b][size=5]2)[/size] Optional Removals[/b][/color]

From your log, you seem to have [b]BitTorrent DNA and uTorrent[/b] installed.

DNA and uTorrent are peer-to-peer programs which allows you to share files with other computers. While they are not harmful files in themselves, they bring unnecessary risks to your computer. Please have a look at the article below:

[url="http://www.microsoft.com/protect/data/downloadfileshare/filesharing.aspx"]http://www.microsoft.com/protect/data/down...ilesharing.aspx[/url]

Due to the dubious nature of these programs, it is [b]highly recommended[/b] that you remove the programs via [u]Add or Remove Programs[/u] in Control Panel and refrain from downloading these programs in the future. If you have made a decision to remove these programs, please do the following:

Please go to [b]Add or Remove Programs[/b] and remove the following (if present):

[b]uTorrent
BitTorrent DNA[/b]

Then use Windows Explorer and remove the following (if present):
[b]C:\Program Files\DNA
C:\Program Files\uTorrent
C:\Documents and Settings\Administrator\Application Data\uTorrent[/b]

Reboot your computer.

[b]Next reply (please include in your post):[/b]

Tell me how your computer is running
OTM.txt

Share this post


Link to post
Share on other sites
[code]All processes killed
========== FILES ==========
DllUnregisterServer procedure not found in C&#58;\WINDOWS\ibatibuxerugug.dll
C&#58;\WINDOWS\ibatibuxerugug.dll moved successfully.
C&#58;\Documents and Settings\Administrator\Desktop\Explorer.exe.exe moved successfully.
C&#58;\WINDOWS\Bkopewahatewisu.dat moved successfully.
C&#58;\WINDOWS\Fsicogica.bin moved successfully.
C&#58;\WINDOWS\SysWow64\piruraju moved successfully.
C&#58;\WINDOWS\SysWow64\msjetoledb40.dll moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Efonoqipofevi deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{267567d2-fbba-4019-94da-8470f88fb05d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{267567d2-fbba-4019-94da-8470f88fb05d}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{f4db9296-7c54-4444-bfea-4dc2d0073a57} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4db9296-7c54-4444-bfea-4dc2d0073a57}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{267567d2-fbba-4019-94da-8470f88fb05d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{267567d2-fbba-4019-94da-8470f88fb05d}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{705c8702-2953-4700-85e2-372ac8232866} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{705c8702-2953-4700-85e2-372ac8232866}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{f4db9296-7c54-4444-bfea-4dc2d0073a57} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4db9296-7c54-4444-bfea-4dc2d0073a57}\ not found.
========== COMMANDS ==========

&#91;EMPTYTEMP&#93;

User&#58; Administrator
->Temp folder emptied&#58; 9291887 bytes
->Temporary Internet Files folder emptied&#58; 31819703 bytes
->Java cache emptied&#58; 12122844 bytes
->FireFox cache emptied&#58; 88435073 bytes

User&#58; All Users

User&#58; Default User
->Temp folder emptied&#58; 0 bytes
->Temporary Internet Files folder emptied&#58; 33170 bytes

User&#58; LocalService
->Temp folder emptied&#58; 0 bytes
->Temporary Internet Files folder emptied&#58; 33170 bytes

User&#58; NetworkService
->Temp folder emptied&#58; 0 bytes
->Temporary Internet Files folder emptied&#58; 0 bytes

%systemdrive% .tmp files removed&#58; 0 bytes
%systemroot% .tmp files removed&#58; 0 bytes
%systemroot%\System32 .tmp files removed&#58; 0 bytes
%systemroot%\System32\drivers .tmp files removed&#58; 0 bytes
Windows Temp folder emptied&#58; 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied&#58; 33170 bytes
RecycleBin emptied&#58; 0 bytes

Total Files Cleaned = 135.00 mb


OTM by OldTimer - Version 3.1.9.0 log created on 03022010_091503

Files moved on Reboot...

Registry entries deleted on Reboot...[/code]

Computer seems to be running fine, though it has seemed to take an inordinate amount of time with its bootup since these problems started, in particular the time between the splash screen for my motherboard and the splash screen for windows has increased. Not that I had timed it before, and most of my recent reboots have been while doing these repairs, which might also have some effect. Or it could all be in my head. Other than that, all the fake security warnings are gone, and I haven't had any detections from Avira yet. I'll be sure to update if things take a turn for the worse.

Share this post


Link to post
Share on other sites
Hey [b]ohgodhelp[/b],

Not sure why you have having slow startups, but your logs look much better. :lol:

[color="#0000FF"][b]Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.[/b][/color]

Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) ([b]Avira anti-virus[/b]) as it/they may hinder the tools from running. Instructions is in the link below:

[url="http://www.bleepingcomputer.com/forums/topic114351.html"]http://www.bleepingcomputer.com/forums/topic114351.html[/url]

Please download [url="http://www2.gmer.net/mbr/mbr.exe"][color="#FF0000"][b]MBR.exe[/b][/color][/url] to your desktop. Double-click on it and it will produce a log on desktop (mbr.log). Please post the log in your next reply.

Share this post


Link to post
Share on other sites
Uh oh, I have a feeling this isn't what you were looking for.
[code]Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http&#58;//www.gmer.net

device&#58; opened successfully
user&#58; MBR read successfully
kernel&#58; error reading MBR[/code]
I tried it a few times, and nothing further occured.

Further, after rebooting to try it again, in case that may fix the problem (it didn't) I encountered a RUNDLL error window informing me that it tried to find c:\WINDOWS\ibatibuxerugug.dll but failed. Which is a good thing, I guess, but if it's still trying to run some of this hostile code, then there's probably something still wrong. Avira's full scan last night was clean, though. Edited by ohgodhelp

Share this post


Link to post
Share on other sites
Hey [b]ohgodhelp[/b],

Something isn't right, we need to do more scans.

Download [b][color="red"]RootRepeal[/color][/b] from one of the following locations and save it to your desktop:[list][b][url="http://ad13.geekstogo.com/RootRepeal.exe"]Link 1[/url][/b]
[b][url="http://download.bleepingcomputer.com/rootrepeal/RootRepeal.exe"]Link 2[/url][/b]
[b][url="http://rootrepeal.psikotick.com/RootRepeal.exe"]Link 3[/url][/b]
[/list][list]
[*]Double click [img]http://perplexus.geekstogo.com/rr_DesktopIcon.png[/img] to start the program
[*]Click on the [b]Report[/b] tab at the bottom of the program window
[*]Click the [img]http://perplexus.geekstogo.com/rr_Scan.png[/img] button
[*]In the [b]Select Scan[/b] dialog, check:[list][b][color="green"]
[*]Drivers
[*]Files
[*]Processes
[*]SSDT
[*]Stealth Objects
[*]Hidden Services
[*]Shadow SSDT[/color][/b]
[/list]
[*]Click the [b]OK[/b] button
[*]In the next dialog, select [b]all drives[/b] showing
[*]Click [b]OK[/b] to start the scan
[indent][i]Note: The scan can take some time. [b][color="red"]DO NOT[/color][/b] run any other programs while the scan is running[/i][/indent]
[*]When the scan is complete, click the [img]http://perplexus.geekstogo.com/rr_SaveReport.png[/img] button and save the report to your Desktop as [b]RootRepeal.txt[/b]
[*]Go to [b]File[/b], then [b]Exit[/b] to close the program
[/list]Post the contents of RootRepeal.txt in your next reply with a new OTS log (please [b]do not attach[/b] the OTS log and run with the previous settings I gave you).

Share this post


Link to post
Share on other sites
Hey [b]ohgodhelp[/b],

Apologies for the delay, I was busy the past few days. Let's try running GMER instead.

Download the [url="http://www.gmer.net/gmer.zip"][color="#FF0000"][b]GMER Rootkit Scanner[/b][/color][/url]. Unzip it to your Desktop.

[color="#FF0000"][b]Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.[/b][/color]

Double-click [b]gmer.exe[/b]. The program will begin to run.

[color="red"][b]**Caution**[/b]
These types of scans can produce false positives. Do NOT take any action on any [/color][color="#0000FF"]"<--- ROOKIT"[/color] [color="#FF0000"]entries unless advised![/color]

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.[list]
[*]Click [b]NO[/b]
[*]In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is [b]un-checked[/b].
[*]Now click the Scan button.
[i]Once the scan is complete, you may receive another notice about rootkit activity.[/i]
[*]Click OK.
[*]GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "[b]GMER.txt[/b]"
[*]Save it where you can easily find it, such as your desktop.
[/list]Post the contents of GMER.txt in your next reply along with a new OTS log.

Share this post


Link to post
Share on other sites
GMER.TXT:
CODE
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-08 00:05:52
Windows 5.2.3790 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]                                                                   771343423
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]                                                                   285507792
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]                                                                   2
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                                  C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                                  1
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                               0x10 0xE7 0xC4 0x28 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001                            
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC[email protected]                         0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC[email protected]                      0xBF 0xEA 0x12 0x9A ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001\gdq0                      
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001\[email protected]                 0x3A 0x1B 0x08 0xD5 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                    
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                                  0
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                               0xED 0xFD 0xA7 0x91 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001                            
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4[email protected]                      0x33 0x9C 0x57 0x39 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40                      
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4[email protected]                0xF6 0xD3 0x6C 0xE7 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]                                      C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]                                      1
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]                                   0x10 0xE7 0xC4 0x28 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001 (not active ControlSet)        
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC[email protected]                             0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC[email protected]                          0xBF 0xEA 0x12 0x9A ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001\gdq0 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001\[email protected]                     0x3A 0x1B 0x08 0xD5 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]                                      0
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]                                   0xED 0xFD 0xA7 0x91 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001 (not active ControlSet)        
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4[email protected]                          0x33 0x9C 0x57 0x39 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4[email protected]                    0xF6 0xD3 0x6C 0xE7 ...

---- EOF - GMER 1.0.15 ----


OTS:
CODE
OTS logfile created on: 3/8/2010 12:10:07 AM - Run 3
OTS by OldTimer - Version 3.1.22.0     Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003  Service Pack 1 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 76.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.31 Gb Total Space | 71.58 Gb Free Space | 36.65% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 66.02 Gb Free Space | 22.54% Space Free | Partition Type: NTFS
Drive E: | 55.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 443.22 Gb Total Space | 122.92 Gb Free Space | 27.73% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THE-BL7D5N9D5A8
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2010/02/21 00:06:15 | 000,632,320 | ---- | M] (OldTimer Tools)
jusched.exe -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe -> [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.)
jqs.exe -> C:\Program Files (x86)\Java\jre6\bin\jqs.exe -> [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
avguard.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
sched.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
avgnt.exe -> C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
rthdcpl.exe -> C:\WINDOWS\RTHDCPL.exe -> [2007/12/12 01:55:02 | 016,859,136 | R--- | M] (Realtek Semiconductor Corp.)
pdvdserv.exe -> C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe -> [2006/12/06 18:37:40 | 000,069,216 | ---- | M] (Cyberlink Corp.)
richvideo.exe -> C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -> [2005/08/08 13:54:00 | 000,167,936 | ---- | M] ()

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2010/02/21 00:06:15 | 000,632,320 | ---- | M] (OldTimer Tools)
guard32.dll -> C:\WINDOWS\SysWOW64\guard32.dll -> [2009/03/08 18:55:49 | 000,155,384 | ---- | M] ()
wininet.dll -> C:\WINDOWS\SysWOW64\wininet.dll -> [2009/03/03 13:43:34 | 000,826,368 | ---- | M] (Microsoft Corporation)
normaliz.dll -> C:\WINDOWS\SysWOW64\normaliz.dll -> [2006/06/29 08:05:44 | 000,023,552 | ---- | M] (Microsoft Corporation)
comres.dll -> C:\WINDOWS\SysWOW64\comres.dll -> [2005/03/25 07:00:00 | 000,796,672 | ---- | M] (Microsoft Corporation)
comdlg32.dll -> C:\WINDOWS\SysWOW64\comdlg32.dll -> [2005/03/25 07:00:00 | 000,281,088 | ---- | M] (Microsoft Corporation)
framedyn.dll -> C:\WINDOWS\SysWOW64\wbem\framedyn.dll -> [2005/03/25 07:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation)
msctfime.ime -> C:\WINDOWS\SysWOW64\MSCTFIME.IME -> [2005/03/25 07:00:00 | 000,177,152 | ---- | M] (Microsoft Corporation)
ws2help.dll -> C:\WINDOWS\SysWOW64\ws2help.dll -> [2005/03/25 07:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation)
fltlib.dll -> C:\WINDOWS\SysWOW64\fltlib.dll -> [2005/03/25 07:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.1830_x-ww_0213CDC8\comctl32.dll -> [2005/03/24 13:29:42 | 001,051,648 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
64bit-(cmdAgent)  [Auto | Running] -> C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -> [2009/03/08 18:55:05 | 001,043,192 | ---- | M] ()
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Stopped] -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2010/02/18 23:16:34 | 001,229,232 | ---- | M] (Lavasoft)
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files (x86)\Java\jre6\bin\jqs.exe -> [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
(DAUpdaterSvc) Dragon Age: Origins - Content Updater [On_Demand | Stopped] -> D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -> [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
(clr_optimization_v2.0.50727_64) .NET Runtime Optimization Service v2.0.50727_x64 [On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/25 10:13:48 | 000,093,184 | ---- | M] (Microsoft Corporation)
(aspnet_state) ASP.NET State Service [On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -> [2008/07/25 10:13:44 | 000,046,088 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -> [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation)
(RichVideo) Cyberlink RichVideo Service(CRVS) [Auto | Running] -> C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -> [2005/08/08 13:54:00 | 000,167,936 | ---- | M] ()
(IASJet) IAS Jet Database Access [On_Demand | Stopped] -> C:\WINDOWS\SysWOW64\iasrecst.dll -> [2005/03/25 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Auto | Running] -> C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -> [2005/03/25 07:00:00 | 000,077,824 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(avgio) avgio [Kernel | System | Running] -> C:\Program Files (x86)\Avira\AntiVir Desktop\avgio64.sys -> [2009/02/13 11:37:29 | 000,013,656 | ---- | M] (Avira GmbH)
({95808DC4-FA4A-4c74-92FE-5B863F82066B}) {95808DC4-FA4A-4c74-92FE-5B863F82066B} [Kernel | Auto | Running] -> C:\Program Files (x86)\CyberLink\PowerDVD0.fcl -> [2006/11/02 17:49:24 | 000,013,560 | ---- | M] (Cyberlink Corp.)
(mnmdd) mnmdd [Kernel | System | Running] -> C:\WINDOWS\SysWOW64\mnmdd.dll -> [2005/03/25 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation)

[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> ->
HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\hdp4e0ul.default\prefs.js ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 ->
extensions.enabledItems -> {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4 ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> [email protected]:1.5.1 ->
extensions.enabledItems -> {11B4695B-1FC3-4A19-B63B-2789EDDA7A35}:1.9.1 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\hdp4e0ul.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  ->
HKLM\software\mozilla\Firefox\Extensions\\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35} -> C:\Documents and Settings\Administrator\Local Settings\Application Data\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35} [C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35}] -> [2010/02/25 19:40:28 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions ->  ->
HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/02/19 09:31:43 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/03/02 09:17:54 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
  -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions -> [2009/01/28 20:22:28 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions -> [2010/03/07 14:29:50 | 000,000,000 | ---D | M]
Adblock Plus   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/01/09 22:10:23 | 000,000,000 | ---D | M]
Greasemonkey   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} -> [2009/12/13 19:24:14 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions\[email protected] -> [2010/01/21 00:55:20 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
  -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/03/07 14:29:50 | 000,000,000 | ---D | M]
Hosts file not found -> ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/12/21 18:27:44 | 000,075,200 | ---- | M] (Adobe Systems Incorporated)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/10/11 04:17:29 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/10/11 04:17:12 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Alcmtr" -> C:\WINDOWS\Alcmtr.exe [ALCMTR.EXE] -> [2005/05/03 05:43:28 | 000,069,632 | R--- | M] (Realtek Semiconductor Corp.)
"AlcWzrd" -> C:\WINDOWS\alcwzrd.exe [ALCWZRD.EXE] -> [2006/05/04 03:26:36 | 002,808,832 | R--- | M] (RealTek Semicoductor Corp.)
"COMODO Internet Security" -> C:\Program Files\Comodo\COMODO Internet Security\cfp.exe ["C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h] -> [2009/03/08 18:55:15 | 009,247,480 | ---- | M] ()
"NvCplDaemon" -> C:\WINDOWS\SysNative\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> File not found
"NvMediaCenter" -> C:\WINDOWS\SysNative\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> File not found
"nwiz" ->  [nwiz.exe /install] -> File not found
"RTHDCPL" -> C:\WINDOWS\RTHDCPL.exe [RTHDCPL.EXE] -> [2007/12/12 01:55:02 | 016,859,136 | R--- | M] (Realtek Semiconductor Corp.)
"SkyTel" -> C:\WINDOWS\SkyTel.exe [SkyTel.EXE] -> [2007/11/20 05:15:58 | 001,826,816 | R--- | M] (Realtek Semiconductor Corp.)
"SoundMan" -> C:\WINDOWS\SoundMan.exe [SOUNDMAN.EXE] -> [2006/07/21 03:14:36 | 000,086,016 | R--- | M] (Realtek Semiconductor Corp.)
"Start WingMan Profiler" -> C:\Program Files\Logitech\Gaming Software\LWEMon.exe [C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui] -> [2008/04/04 13:30:28 | 000,120,328 | ---- | M] (Logitech Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe ARM" -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] -> [2009/12/11 15:57:56 | 000,948,672 | R--- | M] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/12/22 01:57:28 | 000,035,760 | ---- | M] (Adobe Systems Incorporated)
"avgnt" -> C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
"LanguageShortcut" -> C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ["C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"] -> [2006/12/05 22:55:32 | 000,054,832 | ---- | M] ()
"QuickTime Task" -> C:\Program Files (x86)\QuickTime\qttask.exe ["C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime] -> [2009/05/26 16:18:30 | 000,413,696 | ---- | M] (Apple Inc.)
"RemoteControl" -> C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"] -> [2006/12/06 18:37:40 | 000,069,216 | ---- | M] (Cyberlink Corp.)
"SunJavaUpdateSched" -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe ["C:\Program Files (x86)\Java\jre6\bin\jusched.exe"] -> [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.)
"Upabifexeme" -> C:\WINDOWS\ibatibuxerugug.DLL [rundll32.exe "C:\WINDOWS\ibatibuxerugug.dll",Startup] -> File not found
"WinampAgent" -> C:\Program Files (x86)\Winamp\winampa.exe ["C:\Program Files (x86)\Winamp\winampa.exe"] -> [2008/08/03 18:02:20 | 000,036,352 | ---- | M] ()
< RunOnce [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"tscuninstall" -> C:\WINDOWS\SysWow64\tscupgrd.exe [%systemroot%\system32\tscupgrd.exe] -> File not found
< RunOnce [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"tscuninstall" -> C:\WINDOWS\SysWow64\tscupgrd.exe [%systemroot%\system32\tscupgrd.exe] -> File not found
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"tscuninstall" -> C:\WINDOWS\SysWow64\tscupgrd.exe [%systemroot%\system32\tscupgrd.exe] -> File not found
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"tscuninstall" -> C:\WINDOWS\SysWow64\tscupgrd.exe [%systemroot%\system32\tscupgrd.exe] -> File not found
< Run [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DAEMON Tools Lite" -> C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe ["C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun] -> [2009/04/23 08:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd)
"Paladin Antivirus" -> C:\Program Files (x86)\Paladin Antivirus\pav.exe ["C:\Program Files (x86)\Paladin Antivirus\pav.exe" -noscan] -> File not found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe -> [2010/02/26 00:10:20 | 021,979,992 | ---- | M] ()
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to pidgin.lnk -> C:\Program Files (x86)\Pidgin\pidgin.exe -> [2007/12/07 13:53:28 | 000,044,658 | ---- | M] (The Pidgin developer community)
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Teamspeak 2 RC2.lnk -> C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe -> [2003/08/29 16:13:04 | 001,436,160 | ---- | M] (Dominating Bytes Design)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main
\Main\\"DisableFirstRunCustomize" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" ->  [1] -> File not found
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"EnableLUA" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\Software\Microsoft\Internet Explorer\Extensions\ ->
64bit-CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2005/03/25 07:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\] > -> HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-4248368251-2417908090-1417925282-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.10.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{944C44C7-2DF1-496F-9075-FB92F9A12CAF}\\DhcpNameServer -> 192.168.10.1   (Realtek RTL8169/8110 Family Gigabit Ethernet NIC) ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
64bit-*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
%SystemRoot%\system32\logonui.exe -> C:\WINDOWS\SysNative\logonui.exe -> File not found
*MultiFile Done* -> ->
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL "sysdm.cpl" ->  -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\SysWow64\explorer.exe -> [2005/03/25 07:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*System* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System ->
lsass.exe ->  -> File not found
*MultiFile Done* -> ->
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
crypt32chain ->  -> File not found
cryptnet ->  -> File not found
cscdll ->  -> File not found
dimsntfy ->  -> File not found
ScCertProp ->  -> File not found
Schedule ->  -> File not found
sclgntfy ->  -> File not found
SensLogn ->  -> File not found
termsrv ->  -> File not found
wlballoon ->  -> File not found
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
ScCertProp ->  -> File not found
Schedule ->  -> File not found
SensLogn ->  -> File not found
wlballoon ->  -> File not found
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKLM] -> C:\WINDOWS\SysNative\stobject.dll [SysTray] -> File not found
"{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKLM] -> C:\WINDOWS\SysNative\WPDShServiceObj.dll [WPDShServiceObj] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{267567d2-fbba-4019-94da-8470f88fb05d}" [HKLM] -> Reg Error: Key error. [dedosasab] -> File not found
"{705c8702-2953-4700-85e2-372ac8232866}" [HKLM] -> Reg Error: Key error. [gikuvihid] -> File not found
"{f4db9296-7c54-4444-bfea-4dc2d0073a57}" [HKLM] -> Reg Error: Key error. [yiniketub] -> File not found
< 64bit-ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] ->  [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
64bit-*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msapsspc.dll ->  -> File not found
schannel.dll ->  -> File not found
digest.dll ->  -> File not found
msnsspc.dll ->  -> File not found
*MultiFile Done* -> ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\SysWow64\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found
"C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox] -> [2010/02/26 00:10:20 | 021,979,992 | ---- | M] ()
"C:\Documents and Settings\Administrator\Desktop\OTM.exe" -> C:\Documents and Settings\Administrator\Desktop\OTM.exe [C:\Documents and Settings\Administrator\Desktop\OTM.exe:*:Enabled:OTM] -> [2010/02/26 10:33:49 | 000,504,832 | ---- | M] (OldTimer Tools)
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" -> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe:*:Enabled:avguard] -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
"C:\Program Files (x86)\CCP\EVE\bin\ExeFile.exe" -> C:\Program Files (x86)\CCP\EVE\bin\ExeFile.exe [C:\Program Files (x86)\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile] -> [2009/12/11 18:37:23 | 000,516,936 | ---- | M] (CCP hf.)
"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe" -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe [C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe:*:Enabled:AAWTray] -> [2010/02/18 23:16:36 | 000,815,184 | ---- | M] (Lavasoft)
"C:\Program Files (x86)\Pidgin\pidgin.exe" -> C:\Program Files (x86)\Pidgin\pidgin.exe [C:\Program Files (x86)\Pidgin\pidgin.exe:*:Enabled:Pidgin] -> [2007/12/07 13:53:28 | 000,044,658 | ---- | M] (The Pidgin developer community)
"C:\Program Files (x86)\RndLabs\BaboViolent 2\bv2.exe" -> C:\Program Files (x86)\RndLabs\BaboViolent 2\bv2.exe [C:\Program Files (x86)\RndLabs\BaboViolent 2\bv2.exe:*:Enabled:bv2] -> [2008/04/20 23:13:44 | 000,778,240 | ---- | M] ()
"C:\Program Files (x86)\SEGA\Medieval II Total War\medieval2.exe" -> C:\Program Files (x86)\SEGA\Medieval II Total War\medieval2.exe [C:\Program Files (x86)\SEGA\Medieval II Total War\medieval2.exe:*:Enabled:Medieval 2: Total War] -> [2009/01/29 15:20:30 | 019,779,584 | ---- | M] (The Creative Assembly Ltd)
"C:\Program Files (x86)\uTorrent\uTorrent.exe" -> C:\Program Files (x86)\uTorrent\uTorrent.exe [C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2010/02/12 22:28:03 | 000,319,280 | ---- | M] (BitTorrent, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\SysWow64\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2005/03/25 07:00:00 | 000,083,968 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\SysWOW64\javaw.exe" -> C:\WINDOWS\SysWOW64\javaw.exe [C:\WINDOWS\SysWOW64\javaw.exe:*:Enabled:javaw] -> [2009/10/11 04:17:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
"D:\EVE\bin\ExeFile.exe" -> D:\EVE\bin\ExeFile.exe [D:\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile] -> [2008/12/05 11:39:22 | 000,513,280 | ---- | M] (CCP hf.)
"D:\Games\Anno 1404\tools\Anno4Web.exe" -> D:\Games\Anno 1404\tools\Anno4Web.exe [D:\Games\Anno 1404\tools\Anno4Web.exe:*:Enabled:Anno4Web] -> [2009/05/23 15:48:00 | 001,320,232 | ---- | M] ()
"D:\Games\Dark Oberon\dark-oberon.exe" -> D:\Games\Dark Oberon\dark-oberon.exe [D:\Games\Dark Oberon\dark-oberon.exe:*:Enabled:dark-oberon] -> [2006/11/01 14:10:40 | 000,532,480 | ---- | M] ()
"D:\Games\Dead Space\Dead Space.exe" -> D:\Games\Dead Space\Dead Space.exe [D:\Games\Dead Space\Dead Space.exe:*:Disabled:Dead Space â„¢] -> [2008/11/01 09:17:11 | 013,733,888 | ---- | M] ()
"D:\Games\Dragon Age\bin_ship\daorigins.exe" -> D:\Games\Dragon Age\bin_ship\daorigins.exe [D:\Games\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game] -> [2009/11/02 02:57:00 | 009,909,480 | ---- | M] (BioWare)
"D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe" -> D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater] -> [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare)
"D:\Games\Dragon Age\DAOriginsLauncher.exe" -> D:\Games\Dragon Age\DAOriginsLauncher.exe [D:\Games\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher] -> [2009/08/10 10:59:08 | 001,246,440 | ---- | M] (BioWare)
"D:\Games\Glest_3.2.2\glest.exe" -> D:\Games\Glest_3.2.2\glest.exe [D:\Games\Glest_3.2.2\glest.exe:*:Enabled:glest] -> [2009/04/02 19:03:30 | 001,230,336 | ---- | M] ()
"D:\Games\Kane and Lynch Dead Men\kaneandlynch.exe" -> D:\Games\Kane and Lynch Dead Men\kaneandlynch.exe [D:\Games\Kane and Lynch Dead Men\kaneandlynch.exe:*:Enabled:Kane & Lynch: Dead Men] -> [2007/11/10 20:11:24 | 007,542,024 | ---- | M] (Io Interactive A/S)
"D:\Games\Mass Effect\Binaries\MassEffect.exe" -> D:\Games\Mass Effect\Binaries\MassEffect.exe [D:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game] -> [2008/05/29 17:34:19 | 048,956,922 | ---- | M] (BioWare)
"D:\Games\Mass Effect\MassEffectLauncher.exe" -> D:\Games\Mass Effect\MassEffectLauncher.exe [D:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher] -> [2008/05/07 11:19:36 | 000,730,344 | ---- | M] (BioWare)
"D:\Games\Operation Flashpoint - Dragon Rising\OFDR.exe" -> D:\Games\Operation Flashpoint - Dragon Rising\OFDR.exe [D:\Games\Operation Flashpoint - Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising] -> [2009/10/06 16:22:36 | 020,094,976 | ---- | M] (Codemasters Software Company Limited)
"D:\Games\Prototype\prototypef.exe" -> D:\Games\Prototype\prototypef.exe [D:\Games\Prototype\prototypef.exe:*:Enabled:Prototype(TM)] -> [2009/06/09 13:43:00 | 002,269,232 | ---- | M] (Activision)
"D:\Games\Warcraft III\Warcraft III.exe" -> D:\Games\Warcraft III\Warcraft III.exe [D:\Games\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III] -> [2009/04/14 16:00:10 | 000,274,432 | ---- | M] (Blizzard Entertainment)
"D:\Games\Wolfenstein\MP\Wolf2MP.exe" -> D:\Games\Wolfenstein\MP\Wolf2MP.exe [D:\Games\Wolfenstein\MP\Wolf2MP.exe:*:Enabled:Wolfenstein(TM)] -> [2009/07/22 18:46:40 | 006,399,248 | ---- | M] (Activision)
"D:\Games\Wolfenstein\MP\Wolf2MPLite.exe" -> D:\Games\Wolfenstein\MP\Wolf2MPLite.exe [D:\Games\Wolfenstein\MP\Wolf2MPLite.exe:*:Enabled:Wolfenstein(TM)] -> [2009/07/22 18:46:40 | 006,042,896 | ---- | M] (Activision)
"D:\Games\Worms Armageddon - New Edition\WA.exe" -> D:\Games\Worms Armageddon - New Edition\WA.exe [D:\Games\Worms Armageddon - New Edition\WA.exe:*:Enabled:Worms Armageddon] -> [2007/07/05 11:05:59 | 004,378,624 | ---- | M] (Team17 Software Ltd)
"D:\Steam\Steam.exe" -> D:\Steam\Steam.exe [D:\Steam\Steam.exe:*:Enabled:Steam] -> [2010/02/26 13:30:48 | 001,217,872 | ---- | M] (Valve Corporation)
"D:\Steam\steamapps\andre2account\the ship\ship.exe" -> D:\Steam\steamapps\andre2account\the ship\ship.exe [D:\Steam\steamapps\andre2account\the ship\ship.exe:*:Enabled:ship] -> [2009/04/03 17:46:35 | 000,090,112 | ---- | M] ()
"D:\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe" -> D:\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe [D:\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe:*:Enabled:AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity Demo] -> [2009/10/19 19:06:33 | 000,049,152 | ---- | M] ()
"D:\Steam\steamapps\common\battleforge\Bootstrapper.exe" -> D:\Steam\steamapps\common\battleforge\Bootstrapper.exe [D:\Steam\steamapps\common\battleforge\Bootstrapper.exe:*:Enabled:Battleforge Demo] -> [2009/08/13 12:12:36 | 005,797,240 | ---- | M] (EA Phenomic)
"D:\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe" -> D:\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe [D:\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:Bioshock] -> [2009/10/23 21:57:26 | 009,932,800 | ---- | M] ()
"D:\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe" -> D:\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe [D:\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe:*:Enabled:Blueberry Garden Demo] -> [2009/12/14 00:02:01 | 000,160,256 | ---- | M] (Erik Svedäng)
"D:\Steam\steamapps\common\champions online\Champions Online.exe" -> D:\Steam\steamapps\common\champions online\Champions Online.exe [D:\Steam\steamapps\common\champions online\Champions Online.exe:*:Enabled:Cryptic Game Launcher] -> File not found
"D:\Steam\steamapps\common\company of heroes\help.htm" -> D:\Steam\steamapps\common\company of heroes\help.htm [D:\Steam\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes] -> [2009/04/16 13:00:27 | 000,000,213 | ---- | M] ()
"D:\Steam\steamapps\common\company of heroes\RelicCOH.exe" -> D:\Steam\steamapps\common\company of heroes\RelicCOH.exe [D:\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes] -> [2009/12/24 02:10:25 | 009,266,056 | ---- | M] (THQ Canada Inc.)
"D:\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe" -> D:\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe [D:\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe:*:Enabled:Dangerous High School Girls in Trouble] -> [2009/12/24 00:15:36 | 000,038,400 | ---- | M] ()
"D:\Steam\steamapps\common\fallout 3\Fallout3.exe" -> D:\Steam\steamapps\common\fallout 3\Fallout3.exe [D:\Steam\steamapps\common\fallout 3\Fallout3.exe:*:Enabled:Fallout3] -> [2009/08/14 22:02:52 | 015,044,024 | ---- | M] (Bethesda Softworks)
"D:\Steam\steamapps\common\fallout 3\FalloutLauncher.exe" -> D:\Steam\steamapps\common\fallout 3\FalloutLauncher.exe [D:\Steam\steamapps\common\fallout 3\FalloutLauncher.exe:*:Enabled:Fallout 3] -> [2009/01/28 20:47:38 | 001,900,544 | ---- | M] (Bethesda Softworks)
"D:\Steam\steamapps\common\just cause 2 demo\JustCause2.exe" -> D:\Steam\steamapps\common\just cause 2 demo\JustCause2.exe [D:\Steam\steamapps\common\just cause 2 demo\JustCause2.exe:*:Enabled:Just Cause 2 Demo] -> [2010/03/04 14:04:10 | 014,548,256 | ---- | M] (Avalanche Studios)
"D:\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" -> D:\Steam\steamapps\common\killingfloor\System\KillingFloor.exe [D:\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor] -> [2009/11/04 21:05:47 | 000,192,512 | ---- | M] ()
"D:\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" -> D:\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe [D:\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2] -> [2009/11/03 19:51:14 | 000,385,024 | ---- | M] ()
"D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" -> D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe [D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2] -> [2009/11/17 08:47:27 | 000,385,024 | ---- | M] ()
"D:\Steam\steamapps\common\left 4 dead\left4dead.exe" -> D:\Steam\steamapps\common\left 4 dead\left4dead.exe [D:\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead] -> [2009/04/22 10:10:00 | 000,098,304 | ---- | M] ()
"D:\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe" -> D:\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe [D:\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe:*:Enabled:Oddworld: Abe's Exoddus] -> [2009/12/24 00:34:50 | 002,289,664 | ---- | M] (Oddworld Inhabitants, Inc.)
"D:\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe" -> D:\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe [D:\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe:*:Enabled:Oddworld: Abe's Oddysee] -> [2009/12/24 02:21:37 | 001,132,032 | ---- | M] (Oddworld Inhabitants, Inc.)
"D:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe" -> D:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe [D:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta] -> [2010/03/07 21:02:26 | 024,492,032 | ---- | M] ()
"D:\Steam\steamapps\common\raycatcher demo\Raycatcher.exe" -> D:\Steam\steamapps\common\raycatcher demo\Raycatcher.exe [D:\Steam\steamapps\common\raycatcher demo\Raycatcher.exe:*:Enabled:Raycatcher Demo] -> [2009/04/18 15:14:05 | 002,287,104 | ---- | M] (GarageGames)
"D:\Steam\steamapps\common\time gentlemen, please!\TGP.exe" -> D:\Steam\steamapps\common\time gentlemen, please!\TGP.exe [D:\Steam\steamapps\common\time gentlemen, please!\TGP.exe:*:Enabled:Time Gentlemen, Please!] -> [2010/01/10 18:46:02 | 074,077,811 | ---- | M] (Chris Jones)
"D:\Steam\steamapps\common\time gentlemen, please!\winsetup.exe" -> D:\Steam\steamapps\common\time gentlemen, please!\winsetup.exe [D:\Steam\steamapps\common\time gentlemen, please!\winsetup.exe:*:Enabled:Time Gentlemen, Please!] -> [2010/01/10 18:45:15 | 000,110,612 | ---- | M] (Chris Jones)
"D:\Steam\steamapps\common\tomb raider anniversary\tra.exe" -> D:\Steam\steamapps\common\tomb raider anniversary\tra.exe [D:\Steam\steamapps\common\tomb raider anniversary\tra.exe:*:Enabled:Tomb Raider: Anniversary] -> [2009/04/03 17:46:33 | 001,170,944 | ---- | M] (Eidos Inc.)
"D:\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe" -> D:\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe [D:\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe:*:Enabled:DOW2] -> File not found
"D:\Steam\steamapps\common\world of goo\WorldOfGoo.exe" -> D:\Steam\steamapps\common\world of goo\WorldOfGoo.exe [D:\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo] -> [2009/03/08 18:31:13 | 002,203,648 | ---- | M] ()
"D:\Steam\steamapps\[email protected]\age of chivalry\hl2.exe" -> D:\Steam\steamapps\[email protected]\age of chivalry\hl2.exe [D:\Steam\steamapps\[email protected]\age of chivalry\hl2.exe:*:Disabled:hl2] -> [2009/12/26 12:08:01 | 000,098,304 | ---- | M] ()
"D:\Steam\steamapps\[email protected]\counter-strike source\hl2.exe" -> D:\Steam\steamapps\[email protected]\counter-strike source\hl2.exe [D:\Steam\steamapps\[email protected]\counter-strike source\hl2.exe:*:Enabled:hl2] -> [2009/12/14 10:37:06 | 000,106,496 | ---- | M] ()
"D:\Steam\steamapps\[email protected]\day of defeat source\hl2.exe" -> D:\Steam\steamapps\[email protected]\day of defeat source\hl2.exe [D:\Steam\steamapps\[email protected]\day of defeat source\hl2.exe:*:Enabled:hl2] -> [2010/03/07 16:19:36 | 000,103,736 | ---- | M] ()
"D:\Steam\steamapps\[email protected]\dystopia\hl2.exe" -> D:\Steam\steamapps\[email protected]\dystopia\hl2.exe [D:\Steam\steamapps\[email protected]\dystopia\hl2.exe:*:Enabled:hl2] -> [2009/03/04 00:08:33 | 000,106,496 | ---- | M] ()
"D:\Steam\steamapps\[email protected]\eternal-silence\hl2.exe" -> D:\Steam\steamapps\[email protected]\eternal-silence\hl2.exe [D:\Steam\steamapps\[email protected]\eternal-silence\hl2.exe:*:Enabled:hl2] -> [2009/02/20 12:24:33 | 000,106,496 | ---- | M] ()
"D:\Steam\steamapps\[email protected]\pirates, vikings, and knights ii\hl2.exe" -> D:\Steam\steamapps\[email protected]\pirates, vikings, and knights ii\hl2.exe [D:\Steam\steamapps\[email protected]\pirates, vikings, and knights ii\hl2.exe:*:Enabled:hl2] -> [2010/02/14 21:25:43 | 000,098,304 | ---- | M] ()
"D:\Steam\steamapps\[email protected]\smashball\hl2.exe" -> D:\Steam\steamapps\dri[email protected]\smashball\hl2.exe [D:\Steam\steamapps\[email protected]\smashball\hl2.exe:*:Enabled:hl2] -> [2009/08/12 14:33:52 | 000,098,304 | ---- | M] ()
"D:\Steam\steamapps\[email protected]\team fortress 2\hl2.exe" -> D:\Steam\steamapps\[email protected]\team fortress 2\hl2.exe [D:\Steam\steamapps\[email protected]\team fortress 2\hl2.exe:*:Enabled:hl2] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> C:\WINDOWS\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/01/28 20:14:31 | 000,000,000 | ---- | M] ()
E:\Autorun.inf [[autorun] | Open=demo32.exe | Icon=Lws.Ico | ] -> E:\Autorun.inf [ CDFS ] -> [2007/10/15 14:03:27 | 000,000,040 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell
\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun
\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun\command
\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun\command\\"" -> H:\LaunchU3.exe [H:\LaunchU3.exe -a] -> File not found
\{885b927e-a78c-11de-83d9-00e04c77ba7a}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell
\{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell\AutoRun
\{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell
\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\AutoRun
\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\AutoRun\command
\{b06a94d5-ed72-11dd-aaa5-806e6f6e6963}\Shell\AutoRun\command\\"" -> E:\Demo32.exe [E:\demo32.exe] -> [2007/07/13 16:08:54 | 000,509,464 | R--- | M] (InstallShield Software Corporation)
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
64bit-batfile [open] -> "%1" %* -> File not found
64bit-cmdfile [open] -> "%1" %* -> File not found
64bit-comfile [open] -> "%1" %* -> File not found
64bit-cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
64bit-htmlfile [edit] -> Reg Error: Key error.
64bit-inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> File not found
64bit-InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l -> File not found
64bit-piffile [open] -> "%1" %* -> File not found
64bit-regfile [merge] -> Reg Error: Key error.
64bit-scrfile [config] -> "%1" -> File not found
64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> File not found
64bit-scrfile [open] -> "%1" /S -> File not found
64bit-txtfile [edit] -> Reg Error: Key error.
64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> File not found
64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation)
64bit-Directory [Winamp.Bookmark] -> "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft)
64bit-Directory [Winamp.Enqueue] -> "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft)
64bit-Directory [Winamp.Play] -> "C:\Program Files (x86)\Winamp\winamp.exe" "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft)
64bit-Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation)
64bit-Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation)
64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation)
batfile [open] -> "%1" %* ->
cmdfile [open] -> "%1" %* ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
htmlfile [edit] -> Reg Error: Key error.
piffile [open] -> "%1" %* ->
regfile [merge] -> Reg Error: Key error.
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2005/03/25 07:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Error: Key error.
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->
Directory [find] -> %SystemRoot%\Explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation)
Directory [Winamp.Bookmark] -> "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft)
Directory [Winamp.Enqueue] -> "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft)
Directory [Winamp.Play] -> "C:\Program Files (x86)\Winamp\winamp.exe" "%1" -> [2008/08/03 18:04:00 | 001,345,376 | ---- | M] (Nullsoft)
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2005/03/25 07:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 1/21/2010 1:27:36 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application winamp.exe, version 5.5.4.2165, faulting module unknown, version 0.0.0.0, fault address 0x1390e114.
Application [ Error ] 1/30/2010 12:25:22 AM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application winamp.exe, version 5.5.4.2165, faulting module gen_ml.dll, version 0.0.0.0, fault address 0x0001c32b.
Application [ Error ] 2/5/2010 3:47:36 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application winamp.exe, version 5.5.4.2165, faulting module gdi32.dll, version 5.2.3790.3233, fault address 0x00015901.
Application [ Error ] 2/7/2010 9:29:29 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application towerclimb.exe, version 0.0.0.0, faulting module towerclimb.exe, version 0.0.0.0, fault address 0x000617b0.
Application [ Error ] 2/7/2010 9:34:51 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application towerclimb.exe, version 0.0.0.0, faulting module towerclimb.exe, version 0.0.0.0, fault address 0x000617b0.
Application [ Error ] 2/18/2010 11:31:45 PM Computer Name = THE-BL7D5N9D5A8 | Source = Application Error | ID = 1000 -> Description = Faulting application rewmcxoans.tmp, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x02002222.
Application [ Error ] 2/18/2010 11:56:13 PM Computer Name = THE-BL7D5N9D5A8 | Source = VSS | ID = 8211 -> Description =
Application [ Error ] 2/19/2010 12:15:54 AM Computer Name = THE-BL7D5N9D5A8 | Source = Lavasoft Ad-Aware Service | ID = 0 -> Description =
Application [ Error ] 2/19/2010 10:18:37 AM Computer Name = THE-BL7D5N9D5A8 | Source = Application Hang | ID = 1002 -> Description = Hanging application eventcreatexp.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2/28/2010 12:58:10 PM Computer Name = THE-BL7D5N9D5A8 | Source = Lavasoft Ad-Aware Service | ID = 0 -> Description =
System [ Error ] 3/3/2010 11:52:41 AM Computer Name = THE-BL7D5N9D5A8 | Source = Application Popup | ID = 1060 -> Description = \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software  vendor for a compatible version of the driver.
System [ Error ] 3/3/2010 11:54:26 AM Computer Name = THE-BL7D5N9D5A8 | Source = Application Popup | ID = 1060 -> Description = \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software  vendor for a compatible version of the driver.
System [ Error ] 3/3/2010 11:54:26 AM Computer Name = THE-BL7D5N9D5A8 | Source = Application Popup | ID = 1060 -> Description = \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software  vendor for a compatible version of the driver.
System [ Error ] 3/3/2010 11:57:03 AM Computer Name = THE-BL7D5N9D5A8 | Source = SideBySide | ID = 16842784 -> Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.  
System [ Error ] 3/3/2010 11:57:03 AM Computer Name = THE-BL7D5N9D5A8 | Source = SideBySide | ID = 16842811 -> Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.  Reference error message: The referenced assembly is not installed on your system.  .
System [ Error ] 3/3/2010 11:57:03 AM Computer Name = THE-BL7D5N9D5A8 | Source = SideBySide | ID = 16842811 -> Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\amd64_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6E02DFE5\MFC80U.DLL.  Reference error message: The referenced assembly is not installed on your system.  .
System [ Error ] 3/3/2010 11:57:27 AM Computer Name = THE-BL7D5N9D5A8 | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {555F3418-D99E-4E51-800A-6E89CFD8B1D7}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 3/3/2010 11:57:27 AM Computer Name = THE-BL7D5N9D5A8 | Source = DCOM | ID = 10016 -> Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID   {555F3418-D99E-4E51-800A-6E89CFD8B1D7}   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 3/3/2010 11:58:35 AM Computer Name = THE-BL7D5N9D5A8 | Source = Application Popup | ID = 1060 -> Description = \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software  vendor for a compatible version of the driver.
System [ Error ] 3/5/2010 2:43:27 PM Computer Name = THE-BL7D5N9D5A8 | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.10.102 for the Network Card with network address 00E04C77BA7A has been  denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message).

[Files/Folders - Created Within 30 Days]
RootRepeal.exe -> C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe -> [2010/03/04 10:29:55 | 000,472,064 | ---- | C] ( )
javaws.exe -> C:\WINDOWS\SysWow64\javaws.exe -> [2010/02/28 13:40:45 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.)
javaw.exe -> C:\WINDOWS\SysWow64\javaw.exe -> [2010/02/28 13:40:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
java.exe -> C:\WINDOWS\SysWow64\java.exe -> [2010/02/28 13:40:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
Malwarebytes -> C:\Documents and Settings\Administrator\Application Data\Malwarebytes -> [2010/02/26 10:48:45 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys -> [2010/02/26 10:48:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2010/02/26 10:48:39 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010/02/26 10:48:39 | 000,000,000 | ---D | C]
_OTM -> C:\_OTM -> [2010/02/26 10:35:43 | 000,000,000 | ---D | C]
OTM.exe -> C:\Documents and Settings\Administrator\Desktop\OTM.exe -> [2010/02/26 10:33:02 | 000,504,832 | ---- | C] (OldTimer Tools)
{11B4695B-1FC3-4A19-B63B-2789EDDA7A35} -> C:\Documents and Settings\Administrator\Local Settings\Application Data\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35} -> [2010/02/25 19:40:28 | 000,000,000 | ---D | C]
OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2010/02/21 00:06:15 | 000,632,320 | ---- | C] (OldTimer Tools)
ERDNT -> C:\WINDOWS\ERDNT -> [2010/02/19 10:02:45 | 000,000,000 | ---D | C]
Trend Micro -> C:\Program Files (x86)\Trend Micro -> [2010/02/19 09:58:42 | 000,000,000 | ---D | C]
{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> [2010/02/18 23:15:30 | 000,000,000 | -H-D | C]
Lavasoft -> C:\Program Files (x86)\Lavasoft -> [2010/02/18 23:15:11 | 000,000,000 | ---D | C]
Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft -> [2010/02/18 23:15:11 | 000,000,000 | ---D | C]
Securityessentials2010 -> C:\Program Files\Securityessentials2010 -> [2010/02/18 22:31:36 | 000,000,000 | ---D | C]
Pando Networks -> C:\Program Files (x86)\Pando Networks -> [2010/02/18 22:13:48 | 000,000,000 | ---D | C]
muweb.dll -> C:\WINDOWS\SysWow64\muweb.dll -> [2010/02/17 14:38:03 | 000,215,920 | ---- | C] (Microsoft Corporation)
Microsoft Silverlight -> C:\Program Files (x86)\Microsoft Silverlight -> [2010/02/16 20:01:32 | 000,000,000 | ---D | C]
Config.Msi -> C:\Config.Msi -> [2010/02/16 11:12:01 | 000,000,000 | -HSD | C]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/10/29 14:31:04 | 000,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/01/28 20:14:30 | 000,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2009/01/28 20:14:30 | 000,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/01/28 20:14:30 | 000,000,000 | --SD | M]

[Files/Folders - Modified Within 30 Days]
PUTTY.RND -> C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND -> [2010/03/07 23:45:29 | 000,000,600 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2010/03/07 23:17:41 | 000,000,496 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/03/07 21:07:09 | 000,046,080 | ---- | M] ()
Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/03/05 13:42:10 | 000,001,771 | ---- | M] ()
SCP-080.rtf -> C:\Documents and Settings\Administrator\My Documents\SCP-080.rtf -> [2010/03/05 12:44:02 | 000,003,192 | ---- | M] ()
RootRepeal.exe -> C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe -> [2010/03/04 10:29:55 | 000,472,064 | ---- | M] ( )
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/03/03 10:56:59 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/03/03 10:56:57 | 000,002,048 | --S- | M] ()
NTUSER.DAT -> C:\Documents and Settings\Administrator\NTUSER.DAT -> [2010/03/03 10:55:45 | 018,350,080 | -H-- | M] ()
ntuser.ini -> C:\Documents and Settings\Administrator\ntuser.ini -> [2010/03/03 10:55:45 | 000,000,178 | -HS- | M] ()
mbr.exe -> C:\Documents and Settings\Administrator\Desktop\mbr.exe -> [2010/03/03 10:49:25 | 000,077,312 | ---- | M] ()
.recently-used.xbel -> C:\Documents and Settings\Administrator\.recently-used.xbel -> [2010/02/28 21:46:15 | 000,001,557 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/26 10:51:05 | 000,000,738 | ---- | M] ()
OTM.exe -> C:\Documents and Settings\Administrator\Desktop\OTM.exe -> [2010/02/26 10:33:49 | 000,504,832 | ---- | M] (OldTimer Tools)
aaw7boot.cmd -> C:\aaw7boot.cmd -> [2010/02/26 09:24:42 | 000,000,954 | -H-- | M] ()
Dropbox.lnk -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk -> [2010/02/26 09:14:42 | 000,000,926 | ---- | M] ()
OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2010/02/21 00:06:15 | 000,632,320 | ---- | M] (OldTimer Tools)
HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2010/02/19 09:58:42 | 000,001,800 | ---- | M] ()
Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2010/02/18 23:15:29 | 000,000,921 | ---- | M] ()
IconCache.db -> C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db -> [2010/02/18 23:00:58 | 002,096,656 | -H-- | M] ()
av.jpg -> C:\Documents and Settings\Administrator\Desktop\av.jpg -> [2010/02/14 10:37:10 | 000,022,293 | ---- | M] ()
getoutdalf.jpg -> C:\Documents and Settings\Administrator\Desktop\getoutdalf.jpg -> [2010/02/14 10:34:32 | 000,083,355 | ---- | M] ()

[Files - No Company Name]
gmer.exe -> C:\Documents and Settings\Administrator\Desktop\gmer.exe -> [2010/03/07 23:46:20 | 000,293,376 | ---- | C] ()
SCP-080.rtf -> C:\Documents and Settings\Administrator\My Documents\SCP-080.rtf -> [2010/03/05 12:44:02 | 000,003,192 | ---- | C] ()
mbr.exe -> C:\Documents and Settings\Administrator\Desktop\mbr.exe -> [2010/03/03 10:49:23 | 000,077,312 | ---- | C] ()
.recently-used.xbel -> C:\Documents and Settings\Administrator\.recently-used.xbel -> [2010/02/28 21:46:15 | 000,001,557 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/26 10:48:43 | 000,000,738 | ---- | C] ()
HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2010/02/19 09:58:42 | 000,001,800 | ---- | C] ()
aaw7boot.cmd -> C:\aaw7boot.cmd -> [2010/02/18 23:35:23 | 000,000,954 | -H-- | C] ()
Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2010/02/18 23:18:40 | 000,000,496 | ---- | C] ()
Ad-Aware.lnk -> C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk -> [2010/02/18 23:15:29 | 000,000,921 | ---- | C] ()
Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/02/16 11:12:37 | 000,001,771 | ---- | C] ()
av.jpg -> C:\Documents and Settings\Administrator\Desktop\av.jpg -> [2010/02/14 10:37:10 | 000,022,293 | ---- | C] ()
getoutdalf.jpg -> C:\Documents and Settings\Administrator\Desktop\getoutdalf.jpg -> [2010/02/14 10:34:31 | 000,083,355 | ---- | C] ()
WORDPAD.INI -> C:\WINDOWS\WORDPAD.INI -> [2009/05/25 21:44:55 | 000,000,754 | ---- | C] ()
WA.INI -> C:\WINDOWS\WA.INI -> [2009/05/23 22:43:42 | 000,000,122 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/03/10 10:25:50 | 000,000,238 | ---- | C] ()
BlendSettings.ini -> C:\WINDOWS\BlendSettings.ini -> [2009/02/20 14:32:42 | 000,000,023 | ---- | C] ()
FoxImager.dll -> C:\WINDOWS\SysWow64\FoxImager.dll -> [2009/02/17 18:29:59 | 000,323,584 | ---- | C] ()
PerfStringBackup.INI -> C:\WINDOWS\SysWow64\PerfStringBackup.INI -> [2009/01/29 00:16:32 | 000,553,690 | ---- | C] ()
Ascd_tmp.ini -> C:\WINDOWS\Ascd_tmp.ini -> [2009/01/28 21:03:03 | 000,006,274 | ---- | C] ()
ASUSHWIO.SYS -> C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS -> [2009/01/28 21:02:55 | 000,010,288 | ---- | C] ()
guard32.dll -> C:\WINDOWS\SysWow64\guard32.dll -> [2009/01/28 20:30:25 | 000,155,384 | ---- | C] ()
nview.dll -> C:\WINDOWS\SysWow64\nview.dll -> [2009/01/15 08:19:00 | 001,507,328 | ---- | C] ()
nvwimg.dll -> C:\WINDOWS\SysWow64\nvwimg.dll -> [2009/01/15 08:19:00 | 001,101,824 | ---- | C] ()
qt-dx331.dll -> C:\WINDOWS\SysWow64\qt-dx331.dll -> [2008/11/06 11:37:32 | 003,596,288 | ---- | C] ()
xlive.dll.cat -> C:\WINDOWS\SysWow64\xlive.dll.cat -> [2008/10/28 17:40:48 | 000,173,552 | ---- | C] ()
physxcudart_20.dll -> C:\WINDOWS\SysWow64\physxcudart_20.dll -> [2008/10/07 09:13:30 | 000,197,912 | ---- | C] ()
AgCPanelTraditionalChinese.dll -> C:\WINDOWS\SysWow64\AgCPanelTraditionalChinese.dll -> [2008/10/07 09:13:22 | 000,058,648 | ---- | C] ()
AgCPanelSwedish.dll -> C:\WINDOWS\SysWow64\AgCPanelSwedish.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] ()
AgCPanelSpanish.dll -> C:\WINDOWS\SysWow64\AgCPanelSpanish.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] ()
AgCPanelSimplifiedChinese.dll -> C:\WINDOWS\SysWow64\AgCPanelSimplifiedChinese.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] ()
AgCPanelPortugese.dll -> C:\WINDOWS\SysWow64\AgCPanelPortugese.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] ()
AgCPanelKorean.dll -> C:\WINDOWS\SysWow64\AgCPanelKorean.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] ()
AgCPanelJapanese.dll -> C:\WINDOWS\SysWow64\AgCPanelJapanese.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] ()
AgCPanelGerman.dll -> C:\WINDOWS\SysWow64\AgCPanelGerman.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] ()
AgCPanelFrench.dll -> C:\WINDOWS\SysWow64\AgCPanelFrench.dll -> [2008/10/07 09:13:20 | 000,058,648 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] ()
quartz.dll -> C:\WINDOWS\SysWow64\quartz.dll -> [2005/03/25 07:00:00 | 001,291,264 | ---- | C] ()
qedwipes.dll -> C:\WINDOWS\SysWow64\qedwipes.dll -> [2005/03/25 07:00:00 | 000,733,696 | ---- | C] ()
qedit.dll -> C:\WINDOWS\SysWow64\qedit.dll -> [2005/03/25 07:00:00 | 000,512,512 | ---- | C] ()
dxmasf.dll -> C:\WINDOWS\SysWow64\dxmasf.dll -> [2005/03/25 07:00:00 | 000,498,742 | ---- | C] ()
encdec.dll -> C:\WINDOWS\SysWow64\encdec.dll -> [2005/03/25 07:00:00 | 000,396,288 | ---- | C] ()
qdvd.dll -> C:\WINDOWS\SysWow64\qdvd.dll -> [2005/03/25 07:00:00 | 000,385,536 | ---- | C] ()
msjetoledb40.dll -> C:\WINDOWS\SysWow64\msjetoledb40.dll -> [2005/03/25 07:00:00 | 000,355,112 | ---- | C] ()
qdv.dll -> C:\WINDOWS\SysWow64\qdv.dll -> [2005/03/25 07:00:00 | 000,279,040 | ---- | C] ()
sbe.dll -> C:\WINDOWS\SysWow64\sbe.dll -> [2005/03/25 07:00:00 | 000,276,992 | ---- | C] ()
ir32_32.dll -> C:\WINDOWS\SysWow64\ir32_32.dll -> [2005/03/25 07:00:00 | 000,199,168 | ---- | C] ()
qcap.dll -> C:\WINDOWS\SysWow64\qcap.dll -> [2005/03/25 07:00:00 | 000,192,512 | ---- | C] ()
msencode.dll -> C:\WINDOWS\SysWow64\msencode.dll -> [2005/03/25 07:00:00 | 000,114,688 | ---- | C] ()
amstream.dll -> C:\WINDOWS\SysWow64\amstream.dll -> [2005/03/25 07:00:00 | 000,072,704 | ---- | C] ()
mciqtz32.dll -> C:\WINDOWS\SysWow64\mciqtz32.dll -> [2005/03/25 07:00:00 | 000,062,464 | ---- | C] ()
devenum.dll -> C:\WINDOWS\SysWow64\devenum.dll -> [2005/03/25 07:00:00 | 000,061,440 | ---- | C] ()
tsd32.dll -> C:\WINDOWS\SysWow64\tsd32.dll -> [2005/03/25 07:00:00 | 000,016,896 | ---- | C] ()
msdmo.dll -> C:\WINDOWS\SysWow64\msdmo.dll -> [2005/03/25 07:00:00 | 000,014,336 | ---- | C] ()
msdxmlc.dll -> C:\WINDOWS\SysWow64\msdxmlc.dll -> [2005/03/25 07:00:00 | 000,004,126 | ---- | C] ()

[File - Lop Check]
.purple -> C:\Documents and Settings\Administrator\Application Data\.purple -> [2010/03/07 23:49:02 | 000,000,000 | ---D | M]
Bioshock -> C:\Documents and Settings\Administrator\Application Data\Bioshock -> [2010/02/07 20:14:34 | 000,000,000 | ---D | M]
DAEMON Tools -> C:\Documents and Settings\Administrator\Application Data\DAEMON Tools -> [2009/01/29 09:38:28 | 000,000,000 | ---D | M]
DAEMON Tools Lite -> C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite -> [2009/10/30 14:08:50 | 000,000,000 | ---D | M]
DAEMON Tools Pro -> C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro -> [2009/01/29 13:48:19 | 000,000,000 | ---D | M]
Dropbox -> C:\Documents and Settings\Administrator\Application Data\Dropbox -> [2010/03/03 10:57:27 | 000,000,000 | ---D | M]
EVEMon -> C:\Documents and Settings\Administrator\Application Data\EVEMon -> [2010/03/07 23:46:36 | 000,000,000 | ---D | M]
gtk-2.0 -> C:\Documents and Settings\Administrator\Application Data\gtk-2.0 -> [2009/09/22 17:24:32 | 000,000,000 | ---D | M]
leafChat -> C:\Documents and Settings\Administrator\Application Data\leafChat -> [2010/03/07 23:47:31 | 000,000,000 | ---D | M]
LucasArts -> C:\Documents and Settings\Administrator\Application Data\LucasArts -> [2009/07/17 18:25:25 | 000,000,000 | ---D | M]
Mount&Blade -> C:\Documents and Settings\Administrator\Application Data\Mount&Blade -> [2009/02/02 05:32:29 | 000,000,000 | ---D | M]
Mumble -> C:\Documents and Settings\Administrator\Application Data\Mumble -> [2009/06/29 09:06:36 | 000,000,000 | ---D | M]
My Battle for Middle-earth(tm) II Files -> C:\Documents and Settings\Administrator\Application Data\My Battle for Middle-earth(tm) II Files -> [2009/10/09 14:17:12 | 000,000,000 | ---D | M]
PlayFirst -> C:\Documents and Settings\Administrator\Application Data\PlayFirst -> [2010/01/11 23:27:04 | 000,000,000 | ---D | M]
runic games -> C:\Documents and Settings\Administrator\Application Data\runic games -> [2009/11/05 19:20:31 | 000,000,000 | ---D | M]
RunningPillow -> C:\Documents and Settings\Administrator\Application Data\RunningPillow -> [2010/01/28 19:53:24 | 000,000,000 | ---D | M]
Slam Dunk Studios, LLC -> C:\Documents and Settings\Administrator\Application Data\Slam Dunk Studios, LLC -> [2009/04/18 15:15:40 | 000,000,000 | ---D | M]
Stardock -> C:\Documents and Settings\Administrator\Application Data\Stardock -> [2009/05/26 09:12:17 | 000,000,000 | ---D | M]
The Longest Journey Demo -> C:\Documents and Settings\Administrator\Application Data\The Longest Journey Demo -> [2009/05/31 09:51:27 | 000,000,000 | ---D | M]
Thinstall -> C:\Documents and Settings\Administrator\Application Data\Thinstall -> [2009/08/26 23:58:17 | 000,000,000 | ---D | M]
Ubisoft -> C:\Documents and Settings\Administrator\Application Data\Ubisoft -> [2009/10/12 11:34:45 | 000,000,000 | ---D | M]
uTorrent -> C:\Documents and Settings\Administrator\Application Data\uTorrent -> [2010/03/04 17:56:00 | 000,000,000 | ---D | M]
2DBoy -> C:\Documents and Settings\All Users\Application Data\2DBoy -> [2009/03/08 18:33:50 | 000,000,000 | ---D | M]
BioWare -> C:\Documents and Settings\All Users\Application Data\BioWare -> [2010/01/09 20:03:56 | 000,000,000 | ---D | M]
CCP -> C:\Documents and Settings\All Users\Application Data\CCP -> [2009/01/29 13:26:40 | 000,000,000 | ---D | M]
DAEMON Tools Lite -> C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite -> [2009/01/29 09:37:39 | 000,000,000 | ---D | M]
MumboJumbo -> C:\Documents and Settings\All Users\Application Data\MumboJumbo -> [2009/10/29 20:03:50 | 000,000,000 | ---D | M]
PlayFirst -> C:\Documents and Settings\All Users\Application Data\PlayFirst -> [2010/01/11 23:27:04 | 000,000,000 | ---D | M]
PopCap Games -> C:\Documents and Settings\All Users\Application Data\PopCap Games -> [2009/05/24 16:21:50 | 000,000,000 | ---D | M]
Redirected -> C:\Documents and Settings\All Users\Application Data\Redirected -> [2009/08/15 22:05:33 | 000,000,000 | ---D | M]
Stardock -> C:\Documents and Settings\All Users\Application Data\Stardock -> [2009/05/26 09:11:28 | 000,000,000 | ---D | M]
{1EB63B4B-5639-4477-8E24-05C31B5F8019} -> C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019} -> [2009/05/26 09:11:45 | 000,000,000 | -H-D | M]
{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> [2010/02/18 23:15:31 | 000,000,000 | -H-D | M]
Ad-Aware Update (Weekly).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job -> [2010/03/07 23:17:41 | 000,000,496 | ---- | M] ()
SchedLgU.Txt -> C:\WINDOWS\Tasks\SchedLgU.Txt -> [2010/03/03 10:55:50 | 000,032,526 | ---- | M] ()

[File - Purity Scan]

[Custom Scans]
< netsvcs >
< %SYSTEMDRIVE%\*.exe >
< %ProgramFiles%\Movie Maker\*.dll >
WMM2AE.dll -> C:\Program Files (x86)\Movie Maker\WMM2AE.dll -> [2005/03/25 07:00:00 | 000,167,936 | ---- | M] (Microsoft Corporation)
WMM2ERES.dll -> C:\Program Files (x86)\Movie Maker\WMM2ERES.dll -> [2005/03/25 07:00:00 | 000,003,072 | ---- | M] (Microsoft Corporation)
WMM2EXT.dll -> C:\Program Files (x86)\Movie Maker\WMM2EXT.dll -> [2005/03/25 07:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation)
WMM2FILT.dll -> C:\Program Files (x86)\Movie Maker\WMM2FILT.dll -> [2005/03/25 07:00:00 | 000,316,928 | ---- | M] (Microsoft Corporation)
WMM2FXA.dll -> C:\Program Files (x86)\Movie Maker\WMM2FXA.dll -> [2005/03/25 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation)
WMM2FXB.dll -> C:\Program Files (x86)\Movie Maker\WMM2FXB.dll -> [2005/03/25 07:00:00 | 000,328,192 | ---- | M] (Microsoft Corporation)
WMM2RES.dll -> C:\Program Files (x86)\Movie Maker\WMM2RES.dll -> [2005/03/25 07:00:00 | 004,255,744 | ---- | M] (Microsoft Corporation)
WMM2RES2.dll -> C:\Program Files (x86)\Movie Maker\WMM2RES2.dll -> [2005/03/25 07:00:00 | 000,004,608 | ---- | M] (Microsoft Corporation)
Invalid Environment Variable: ALLUSERSAPPDATA
< %SYSTEMROOT%\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dll >
custsat.dll -> C:\Program Files (x86)\Internet Explorer\custsat.dll -> [2006/09/06 17:42:40 | 000,033,792 | ---- | M] (Microsoft Corporation)
hmmapi.dll -> C:\Program Files (x86)\Internet Explorer\hmmapi.dll -> [2007/08/13 18:18:02 | 000,060,416 | ---- | M] (Microsoft Corporation)
ieproxy.dll -> C:\Program Files (x86)\Internet Explorer\ieproxy.dll -> [2007/08/13 18:43:14 | 000,287,744 | ---- | M] (Microsoft Corporation)
Invalid Environment Variable: DriveLetter
< %systemroot%\system32\*.dll /lockedfiles >
< MD5 Scans Start>
< %systemdrive%\AGP440.SYS  /md5 /s >
AGP440.sys : .cab file  -> C:\WINDOWS\SoftwareDistribution\Download\932544ac229fb6a2b092fd2bb1509ac0\amd64\sp2.cab:AGP440.sys -> [2007/02/18 11:01:10 | 011,678,589 | ---- | M] ()
< %systemdrive%\ATAPI.SYS  /md5 /s >
atapi.sys : .cab file  -> C:\WINDOWS\SoftwareDistribution\Download\932544ac229fb6a2b092fd2bb1509ac0\amd64\sp2.cab:atapi.sys -> [2007/02/18 11:01:10 | 011,678,589 | ---- | M] ()
< %systemdrive%\NETLOGON.DLL  /md5 /s >
netlogon.dll : MD5=9DA343027F3B72029AB499D3F7FFACAA -> C:\WINDOWS\SysWOW64\netlogon.dll -> [2005/03/25 07:00:00 | 000,419,328 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=9DA343027F3B72029AB499D3F7FFACAA -> C:\WINDOWS\SysWOW64\netlogon.dll -> [2005/03/25 07:00:00 | 000,419,328 | ---- | M] (Microsoft Corporation)
< %systemdrive%\SCECLI.DLL  /md5 /s >
scecli.dll : MD5=71FB876580530E7B0429312A8BCE5E04 -> C:\WINDOWS\SysWOW64\scecli.dll -> [2005/03/25 07:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=71FB876580530E7B0429312A8BCE5E04 -> C:\WINDOWS\SysWOW64\scecli.dll -> [2005/03/25 07:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< c:\$recycle.bin\*.* /s >
OTS cannot create restorepoints on Vista OSs!
< End of report >

Share this post


Link to post
Share on other sites
Hey [b]ohgodhelp[/b],

Apologies for the delay.

Your logs look fine to me, how is your computer doing? Can you post screenshots of the warning messages you're getting? Thanks. :(

Share this post


Link to post
Share on other sites
Here's what I get at bootup. Aside from that, everything seems to be running smoothly as expected.

Thanks a lot for this help, you've really made my life much easier here.

Share this post


Link to post
Share on other sites
Hey [b]ohgodhelp[/b],

Please do the following:

Run OTS -[list]
[*]Under the [color="#0000FF"][b]Custom Scans/Fixes[/b][/color] box at the bottom, paste in the following

[code]&#58;OTS
&#34;Upabifexeme&#34; -> C&#58;\WINDOWS\ibatibuxerugug.DLL &#91;rundll32.exe &#34;C&#58;\WINDOWS\ibatibuxerugug.dll&#34;,Startup&#93; -> File not found

&#58;Commands
&#91;purity&#93;
&#91;emptytemp&#93;
&#91;Reboot&#93;[/code]

[*] Then click the Run Fix button at the top
[*] Let the program run unhindered, reboot the PC when it is done
[*] Open OTS again and click the Quick Scan button. Post the log it produces in your next reply.
[/list]
Please reply back if the warning message still pops up. :(

Share this post


Link to post
Share on other sites
Hey, do you still need assistance?

Share this post


Link to post
Share on other sites
Hey. Sorry, RL has been a little busy for me lately. The fix didn't work right the first time, and I thought I might have just been doing it wrong, but it still hasn't worked out. My OTS has a different window setup than your post implied. There's a separate "Custom Scans" from the "Paste Fix Here" window. I tried both, neither made a difference. Anyway, here is my latest scan.
[code]&#91;code&#93;
OTS logfile created on&#58; 3/16/2010 9&#58;52&#58;28 AM - Run 5
OTS by OldTimer - Version 3.1.22.0 Folder = C&#58;\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 1 &#40;Version = 5.2.3790&#41; - Type = NTWorkstation
Internet Explorer &#40;Version = 7.0.5730.13&#41;
Locale&#58; 00000409 | Country&#58; United States | Language&#58; ENU | Date Format&#58; M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location&#40;s&#41;&#58; C&#58;\pagefile.sys 2046 4092 &#91;binary data&#93;

%SystemDrive% = C&#58; | %SystemRoot% = C&#58;\WINDOWS | %ProgramFiles% = C&#58;\Program Files &#40;x86&#41;
Drive C&#58; | 195.31 Gb Total Space | 43.30 Gb Free Space | 22.17% Space Free | Partition Type&#58; NTFS
Drive D&#58; | 292.97 Gb Total Space | 48.88 Gb Free Space | 16.68% Space Free | Partition Type&#58; NTFS
Drive E&#58; | 55.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type&#58; CDFS
Drive F&#58; | 443.22 Gb Total Space | 122.67 Gb Free Space | 27.68% Space Free | Partition Type&#58; NTFS
G&#58; Drive not present or media not loaded
H&#58; Drive not present or media not loaded
I&#58; Drive not present or media not loaded

Computer Name&#58; THE-BL7D5N9D5A8
Current User Name&#58; Administrator
Logged in as Administrator.

Current Boot Mode&#58; Normal
Scan Mode&#58; Current user
Include 64bit Scans
Company Name Whitelist&#58; On
Skip Microsoft Files&#58; On
File Age = 14 Days
Quick Scan

&#91;Processes - Safe List&#93;
dropbox.exe -> C&#58;\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe -> &#91;2010/02/26 01&#58;10&#58;20 | 021,979,992 | ---- | M&#93; &#40;&#41;
ots.exe -> C&#58;\Documents and Settings\Administrator\Desktop\OTS.exe -> &#91;2010/02/21 01&#58;06&#58;15 | 000,632,320 | ---- | M&#93; &#40;OldTimer Tools&#41;
aawservice.exe -> C&#58;\Program Files &#40;x86&#41;\Lavasoft\Ad-Aware\AAWService.exe -> &#91;2010/02/19 00&#58;16&#58;34 | 001,229,232 | ---- | M&#93; &#40;Lavasoft&#41;
reader_sl.exe -> C&#58;\Program Files &#40;x86&#41;\Adobe\Reader 9.0\Reader\reader_sl.exe -> &#91;2009/12/22 02&#58;57&#58;28 | 000,035,760 | ---- | M&#93; &#40;Adobe Systems Incorporated&#41;
adobearm.exe -> C&#58;\Program Files &#40;x86&#41;\Common Files\Adobe\ARM\1.0\AdobeARM.exe -> &#91;2009/12/11 16&#58;57&#58;56 | 000,948,672 | R--- | M&#93; &#40;Adobe Systems Incorporated&#41;
jusched.exe -> C&#58;\Program Files &#40;x86&#41;\Java\jre6\bin\jusched.exe -> &#91;2009/10/11 05&#58;17&#58;36 | 000,149,280 | ---- | M&#93; &#40;Sun Microsystems, Inc.&#41;
jqs.exe -> C&#58;\Program Files &#40;x86&#41;\Java\jre6\bin\jqs.exe -> &#91;2009/10/11 05&#58;17&#58;35 | 000,153,376 | ---- | M&#93; &#40;Sun Microsystems, Inc.&#41;
avguard.exe -> C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\avguard.exe -> &#91;2009/07/21 14&#58;34&#58;33 | 000,185,089 | ---- | M&#93; &#40;Avira GmbH&#41;
sched.exe -> C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\sched.exe -> &#91;2009/05/13 16&#58;48&#58;22 | 000,108,289 | ---- | M&#93; &#40;Avira GmbH&#41;
daemon.exe -> C&#58;\Program Files &#40;x86&#41;\DAEMON Tools Lite\daemon.exe -> &#91;2009/04/23 09&#58;51&#58;38 | 000,691,656 | ---- | M&#93; &#40;DT Soft Ltd&#41;
avgnt.exe -> C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\avgnt.exe -> &#91;2009/03/02 13&#58;08&#58;47 | 000,209,153 | ---- | M&#93; &#40;Avira GmbH&#41;
winampa.exe -> C&#58;\Program Files &#40;x86&#41;\Winamp\winampa.exe -> &#91;2008/08/03 19&#58;02&#58;20 | 000,036,352 | ---- | M&#93; &#40;&#41;
rthdcpl.exe -> C&#58;\WINDOWS\RTHDCPL.exe -> &#91;2007/12/12 02&#58;55&#58;02 | 016,859,136 | R--- | M&#93; &#40;Realtek Semiconductor Corp.&#41;
pidgin.exe -> C&#58;\Program Files &#40;x86&#41;\Pidgin\pidgin.exe -> &#91;2007/12/07 14&#58;53&#58;28 | 000,044,658 | ---- | M&#93; &#40;The Pidgin developer community&#41;
pdvdserv.exe -> C&#58;\Program Files &#40;x86&#41;\CyberLink\PowerDVD\PDVDServ.exe -> &#91;2006/12/06 19&#58;37&#58;40 | 000,069,216 | ---- | M&#93; &#40;Cyberlink Corp.&#41;
richvideo.exe -> C&#58;\Program Files &#40;x86&#41;\CyberLink\Shared Files\RichVideo.exe -> &#91;2005/08/08 14&#58;54&#58;00 | 000,167,936 | ---- | M&#93; &#40;&#41;
teamspeak.exe -> C&#58;\Program Files &#40;x86&#41;\Teamspeak2_RC2\TeamSpeak.exe -> &#91;2003/08/29 17&#58;13&#58;04 | 001,436,160 | ---- | M&#93; &#40;Dominating Bytes Design&#41;

&#91;Modules - Safe List&#93;
ots.exe -> C&#58;\Documents and Settings\Administrator\Desktop\OTS.exe -> &#91;2010/02/21 01&#58;06&#58;15 | 000,632,320 | ---- | M&#93; &#40;OldTimer Tools&#41;
guard32.dll -> C&#58;\WINDOWS\SysWOW64\guard32.dll -> &#91;2009/03/08 19&#58;55&#58;49 | 000,155,384 | ---- | M&#93; &#40;&#41;
wininet.dll -> C&#58;\WINDOWS\SysWOW64\wininet.dll -> &#91;2009/03/03 14&#58;43&#58;34 | 000,826,368 | ---- | M&#93; &#40;Microsoft Corporation&#41;
normaliz.dll -> C&#58;\WINDOWS\SysWOW64\normaliz.dll -> &#91;2006/06/29 09&#58;05&#58;44 | 000,023,552 | ---- | M&#93; &#40;Microsoft Corporation&#41;
comres.dll -> C&#58;\WINDOWS\SysWOW64\comres.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,796,672 | ---- | M&#93; &#40;Microsoft Corporation&#41;
comdlg32.dll -> C&#58;\WINDOWS\SysWOW64\comdlg32.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,281,088 | ---- | M&#93; &#40;Microsoft Corporation&#41;
framedyn.dll -> C&#58;\WINDOWS\SysWOW64\wbem\framedyn.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,178,688 | ---- | M&#93; &#40;Microsoft Corporation&#41;
msctfime.ime -> C&#58;\WINDOWS\SysWOW64\MSCTFIME.IME -> &#91;2005/03/25 08&#58;00&#58;00 | 000,177,152 | ---- | M&#93; &#40;Microsoft Corporation&#41;
ws2help.dll -> C&#58;\WINDOWS\SysWOW64\ws2help.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,019,968 | ---- | M&#93; &#40;Microsoft Corporation&#41;
fltlib.dll -> C&#58;\WINDOWS\SysWOW64\fltlib.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,017,408 | ---- | M&#93; &#40;Microsoft Corporation&#41;
comctl32.dll -> C&#58;\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.1830_x-ww_0213CDC8\comctl32.dll -> &#91;2005/03/24 14&#58;29&#58;42 | 001,051,648 | ---- | M&#93; &#40;Microsoft Corporation&#41;

&#91;Win32 Services - Safe List&#93;
64bit-&#40;cmdAgent&#41; &#91;Auto | Running&#93; -> C&#58;\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -> &#91;2009/03/08 19&#58;55&#58;05 | 001,043,192 | ---- | M&#93; &#40;&#41;
&#40;Lavasoft Ad-Aware Service&#41; Lavasoft Ad-Aware Service &#91;Auto | Running&#93; -> C&#58;\Program Files &#40;x86&#41;\Lavasoft\Ad-Aware\AAWService.exe -> &#91;2010/02/19 00&#58;16&#58;34 | 001,229,232 | ---- | M&#93; &#40;Lavasoft&#41;
&#40;JavaQuickStarterService&#41; Java Quick Starter &#91;Auto | Running&#93; -> C&#58;\Program Files &#40;x86&#41;\Java\jre6\bin\jqs.exe -> &#91;2009/10/11 05&#58;17&#58;35 | 000,153,376 | ---- | M&#93; &#40;Sun Microsystems, Inc.&#41;
&#40;DAUpdaterSvc&#41; Dragon Age&#58; Origins - Content Updater &#91;On_Demand | Stopped&#93; -> D&#58;\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -> &#91;2009/07/26 07&#58;43&#58;14 | 000,025,832 | ---- | M&#93; &#40;BioWare&#41;
&#40;AntiVirService&#41; Avira AntiVir Guard &#91;Auto | Running&#93; -> C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\avguard.exe -> &#91;2009/07/21 14&#58;34&#58;33 | 000,185,089 | ---- | M&#93; &#40;Avira GmbH&#41;
&#40;AntiVirSchedulerService&#41; Avira AntiVir Scheduler &#91;Auto | Running&#93; -> C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\sched.exe -> &#91;2009/05/13 16&#58;48&#58;22 | 000,108,289 | ---- | M&#93; &#40;Avira GmbH&#41;
&#40;clr_optimization_v2.0.50727_64&#41; .NET Runtime Optimization Service v2.0.50727_x64 &#91;On_Demand | Stopped&#93; -> C&#58;\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> &#91;2008/07/25 11&#58;13&#58;48 | 000,093,184 | ---- | M&#93; &#40;Microsoft Corporation&#41;
&#40;aspnet_state&#41; ASP.NET State Service &#91;On_Demand | Stopped&#93; -> C&#58;\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -> &#91;2008/07/25 11&#58;13&#58;44 | 000,046,088 | ---- | M&#93; &#40;Microsoft Corporation&#41;
&#40;WMPNetworkSvc&#41; Windows Media Player Network Sharing Service &#91;On_Demand | Stopped&#93; -> C&#58;\Program Files &#40;x86&#41;\Windows Media Player\WMPNetwk.exe -> &#91;2006/10/18 20&#58;05&#58;24 | 000,913,408 | ---- | M&#93; &#40;Microsoft Corporation&#41;
&#40;RichVideo&#41; Cyberlink RichVideo Service&#40;CRVS&#41; &#91;Auto | Running&#93; -> C&#58;\Program Files &#40;x86&#41;\CyberLink\Shared Files\RichVideo.exe -> &#91;2005/08/08 14&#58;54&#58;00 | 000,167,936 | ---- | M&#93; &#40;&#41;
&#40;IASJet&#41; IAS Jet Database Access &#91;On_Demand | Stopped&#93; -> C&#58;\WINDOWS\SysWOW64\iasrecst.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,162,816 | ---- | M&#93; &#40;Microsoft Corporation&#41;
&#40;helpsvc&#41; Help and Support &#91;Auto | Running&#93; -> C&#58;\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,077,824 | ---- | M&#93; &#40;Microsoft Corporation&#41;

&#91;Registry - Safe List&#93;
< 64bit-Internet Explorer Settings &#91;HKEY_LOCAL_MACHINE\&#93; > -> ->
HKEY_LOCAL_MACHINE\&#58; Main\\&#34;Local Page&#34; -> %SystemRoot%\system32\blank.htm ->
< Internet Explorer Settings &#91;HKEY_LOCAL_MACHINE\&#93; > -> ->
HKEY_LOCAL_MACHINE\&#58; Main\\&#34;Local Page&#34; -> %SystemRoot%\system32\blank.htm ->
< Internet Explorer Settings &#91;HKEY_CURRENT_USER\&#93; > -> ->
HKEY_CURRENT_USER\&#58; &#34;ProxyEnable&#34; -> 0 ->
< FireFox Settings &#91;Prefs.js&#93; > -> C&#58;\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\hdp4e0ul.default\prefs.js ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}&#58;1.1.3 ->
extensions.enabledItems -> {e4a8a97b-f2ed-450b-b12d-ee082ba24781}&#58;0.8.20091209.4 ->
extensions.enabledItems -> [email protected]&#58;1.0 ->
extensions.enabledItems -> [email protected]&#58;1.5.1 ->
extensions.enabledItems -> {11B4695B-1FC3-4A19-B63B-2789EDDA7A35}&#58;1.9.1 ->
< FireFox Settings &#91;User.js&#93; > -> C&#58;\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\hdp4e0ul.default\user.js ->
< FireFox Extensions &#91;HKLM&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35} -> C&#58;\Documents and Settings\Administrator\Local Settings\Application Data\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35} &#91;C&#58;\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{11B4695B-1FC3-4A19-B63B-2789EDDA7A35}&#93; -> &#91;2010/02/25 20&#58;40&#58;28 | 000,000,000 | ---D | M&#93;
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components -> C&#58;\Program Files &#40;x86&#41;\Mozilla Firefox\components &#91;C&#58;\PROGRAM FILES &#40;X86&#41;\MOZILLA FIREFOX\COMPONENTS&#93; -> &#91;2010/03/11 16&#58;20&#58;24 | 000,000,000 | ---D | M&#93;
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins -> C&#58;\Program Files &#40;x86&#41;\Mozilla Firefox\plugins &#91;C&#58;\PROGRAM FILES &#40;X86&#41;\MOZILLA FIREFOX\PLUGINS&#93; -> &#91;2010/03/11 16&#58;20&#58;24 | 000,000,000 | ---D | M&#93;
< FireFox Extensions &#91;User Folders&#93; > ->
-> C&#58;\Documents and Settings\Administrator\Application Data\Mozilla\Extensions -> &#91;2009/01/28 21&#58;22&#58;28 | 000,000,000 | ---D | M&#93;
-> C&#58;\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions -> &#91;2010/03/14 20&#58;49&#58;54 | 000,000,000 | ---D | M&#93;
Adblock Plus -> C&#58;\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> &#91;2010/01/09 23&#58;10&#58;23 | 000,000,000 | ---D | M&#93;
Greasemonkey -> C&#58;\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} -> &#91;2009/12/13 20&#58;24&#58;14 | 000,000,000 | ---D | M&#93;
-> C&#58;\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hdp4e0ul.default\extensions\[email protected] -> &#91;2010/01/21 01&#58;55&#58;20 | 000,000,000 | ---D | M&#93;
< FireFox Extensions &#91;Program Folders&#93; > ->
-> C&#58;\Program Files &#40;x86&#41;\Mozilla Firefox\extensions -> &#91;2010/03/14 20&#58;49&#58;54 | 000,000,000 | ---D | M&#93;
Hosts file not found -> ->
< BHO&#39;s &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} &#91;HKLM&#93; -> C&#58;\Program Files &#40;x86&#41;\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll &#91;Adobe PDF Link Helper&#93; -> &#91;2009/12/21 19&#58;27&#58;44 | 000,075,200 | ---- | M&#93; &#40;Adobe Systems Incorporated&#41;
{DBC80044-A445-435b-BC74-9C25C1C588A9} &#91;HKLM&#93; -> C&#58;\Program Files &#40;x86&#41;\Java\jre6\bin\jp2ssv.dll &#91;Java&#40;tm&#41; Plug-In 2 SSV Helper&#93; -> &#91;2009/10/11 05&#58;17&#58;29 | 000,041,760 | ---- | M&#93; &#40;Sun Microsystems, Inc.&#41;
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} &#91;HKLM&#93; -> C&#58;\Program Files &#40;x86&#41;\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll &#91;JQSIEStartDetectorImpl Class&#93; -> &#91;2009/10/11 05&#58;17&#58;12 | 000,073,728 | ---- | M&#93; &#40;Sun Microsystems, Inc.&#41;
< 64bit-Run &#91;HKEY_LOCAL_MACHINE\&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
&#34;Alcmtr&#34; -> C&#58;\WINDOWS\Alcmtr.exe &#91;ALCMTR.EXE&#93; -> &#91;2005/05/03 06&#58;43&#58;28 | 000,069,632 | R--- | M&#93; &#40;Realtek Semiconductor Corp.&#41;
&#34;AlcWzrd&#34; -> C&#58;\WINDOWS\alcwzrd.exe &#91;ALCWZRD.EXE&#93; -> &#91;2006/05/04 04&#58;26&#58;36 | 002,808,832 | R--- | M&#93; &#40;RealTek Semicoductor Corp.&#41;
&#34;COMODO Internet Security&#34; -> C&#58;\Program Files\Comodo\COMODO Internet Security\cfp.exe &#91;&#34;C&#58;\Program Files\Comodo\COMODO Internet Security\cfp.exe&#34; -h&#93; -> &#91;2009/03/08 19&#58;55&#58;15 | 009,247,480 | ---- | M&#93; &#40;&#41;
&#34;NvCplDaemon&#34; -> C&#58;\WINDOWS\SysNative\NvCpl.DLL &#91;RUNDLL32.EXE C&#58;\WINDOWS\system32\NvCpl.dll,NvStartup&#93; -> File not found
&#34;NvMediaCenter&#34; -> C&#58;\WINDOWS\SysNative\NvMcTray.DLL &#91;RUNDLL32.EXE C&#58;\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit&#93; -> File not found
&#34;nwiz&#34; -> &#91;nwiz.exe /install&#93; -> File not found
&#34;RTHDCPL&#34; -> C&#58;\WINDOWS\RTHDCPL.exe &#91;RTHDCPL.EXE&#93; -> &#91;2007/12/12 02&#58;55&#58;02 | 016,859,136 | R--- | M&#93; &#40;Realtek Semiconductor Corp.&#41;
&#34;SkyTel&#34; -> C&#58;\WINDOWS\SkyTel.exe &#91;SkyTel.EXE&#93; -> &#91;2007/11/20 06&#58;15&#58;58 | 001,826,816 | R--- | M&#93; &#40;Realtek Semiconductor Corp.&#41;
&#34;SoundMan&#34; -> C&#58;\WINDOWS\SoundMan.exe &#91;SOUNDMAN.EXE&#93; -> &#91;2006/07/21 04&#58;14&#58;36 | 000,086,016 | R--- | M&#93; &#40;Realtek Semiconductor Corp.&#41;
&#34;Start WingMan Profiler&#34; -> C&#58;\Program Files\Logitech\Gaming Software\LWEMon.exe &#91;C&#58;\Program Files\Logitech\Gaming Software\LWEMon.exe /noui&#93; -> &#91;2008/04/04 14&#58;30&#58;28 | 000,120,328 | ---- | M&#93; &#40;Logitech Inc.&#41;
< Run &#91;HKEY_LOCAL_MACHINE\&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
&#34;Adobe ARM&#34; -> C&#58;\Program Files &#40;x86&#41;\Common Files\Adobe\ARM\1.0\AdobeARM.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\Common Files\Adobe\ARM\1.0\AdobeARM.exe&#34;&#93; -> &#91;2009/12/11 16&#58;57&#58;56 | 000,948,672 | R--- | M&#93; &#40;Adobe Systems Incorporated&#41;
&#34;Adobe Reader Speed Launcher&#34; -> C&#58;\Program Files &#40;x86&#41;\Adobe\Reader 9.0\Reader\Reader_sl.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\Adobe\Reader 9.0\Reader\Reader_sl.exe&#34;&#93; -> &#91;2009/12/22 02&#58;57&#58;28 | 000,035,760 | ---- | M&#93; &#40;Adobe Systems Incorporated&#41;
&#34;avgnt&#34; -> C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\avgnt.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\avgnt.exe&#34; /min&#93; -> &#91;2009/03/02 13&#58;08&#58;47 | 000,209,153 | ---- | M&#93; &#40;Avira GmbH&#41;
&#34;LanguageShortcut&#34; -> C&#58;\Program Files &#40;x86&#41;\CyberLink\PowerDVD\Language\Language.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\CyberLink\PowerDVD\Language\Language.exe&#34;&#93; -> &#91;2006/12/05 23&#58;55&#58;32 | 000,054,832 | ---- | M&#93; &#40;&#41;
&#34;QuickTime Task&#34; -> C&#58;\Program Files &#40;x86&#41;\QuickTime\qttask.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\QuickTime\qttask.exe&#34; -atboottime&#93; -> &#91;2009/05/26 17&#58;18&#58;30 | 000,413,696 | ---- | M&#93; &#40;Apple Inc.&#41;
&#34;RemoteControl&#34; -> C&#58;\Program Files &#40;x86&#41;\CyberLink\PowerDVD\PDVDServ.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\CyberLink\PowerDVD\PDVDServ.exe&#34;&#93; -> &#91;2006/12/06 19&#58;37&#58;40 | 000,069,216 | ---- | M&#93; &#40;Cyberlink Corp.&#41;
&#34;SunJavaUpdateSched&#34; -> C&#58;\Program Files &#40;x86&#41;\Java\jre6\bin\jusched.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\Java\jre6\bin\jusched.exe&#34;&#93; -> &#91;2009/10/11 05&#58;17&#58;36 | 000,149,280 | ---- | M&#93; &#40;Sun Microsystems, Inc.&#41;
&#34;Upabifexeme&#34; -> C&#58;\WINDOWS\ibatibuxerugug.DLL &#91;rundll32.exe &#34;C&#58;\WINDOWS\ibatibuxerugug.dll&#34;,Startup&#93; -> File not found
&#34;WinampAgent&#34; -> C&#58;\Program Files &#40;x86&#41;\Winamp\winampa.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\Winamp\winampa.exe&#34;&#93; -> &#91;2008/08/03 19&#58;02&#58;20 | 000,036,352 | ---- | M&#93; &#40;&#41;
< Run &#91;HKEY_CURRENT_USER\&#93; > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
&#34;DAEMON Tools Lite&#34; -> C&#58;\Program Files &#40;x86&#41;\DAEMON Tools Lite\daemon.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\DAEMON Tools Lite\daemon.exe&#34; -autorun&#93; -> &#91;2009/04/23 09&#58;51&#58;38 | 000,691,656 | ---- | M&#93; &#40;DT Soft Ltd&#41;
&#34;Paladin Antivirus&#34; -> C&#58;\Program Files &#40;x86&#41;\Paladin Antivirus\pav.exe &#91;&#34;C&#58;\Program Files &#40;x86&#41;\Paladin Antivirus\pav.exe&#34; -noscan&#93; -> File not found
< Administrator Startup Folder > -> C&#58;\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
C&#58;\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk -> C&#58;\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe -> &#91;2010/02/26 01&#58;10&#58;20 | 021,979,992 | ---- | M&#93; &#40;&#41;
C&#58;\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to pidgin.lnk -> C&#58;\Program Files &#40;x86&#41;\Pidgin\pidgin.exe -> &#91;2007/12/07 14&#58;53&#58;28 | 000,044,658 | ---- | M&#93; &#40;The Pidgin developer community&#41;
C&#58;\Documents and Settings\Administrator\Start Menu\Programs\Startup\Teamspeak 2 RC2.lnk -> C&#58;\Program Files &#40;x86&#41;\Teamspeak2_RC2\TeamSpeak.exe -> &#91;2003/08/29 17&#58;13&#58;04 | 001,436,160 | ---- | M&#93; &#40;Dominating Bytes Design&#41;
< All Users Startup Folder > -> C&#58;\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Software Policy Settings &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main
\Main\\&#34;DisableFirstRunCustomize&#34; -> &#91;1&#93; -> File not found
< CurrentVersion Policy Settings - Explorer &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\&#34;NoActiveDesktop&#34; -> &#91;1&#93; -> File not found
\\&#34;HonorAutoRunSetting&#34; -> &#91;1&#93; -> File not found
< CurrentVersion Policy Settings - System &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\&#34;EnableLUA&#34; -> &#91;0&#93; -> File not found
< CurrentVersion Policy Settings - Explorer &#91;HKEY_CURRENT_USER&#93; > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\&#34;NoDriveTypeAutoRun&#34; -> &#91;145&#93; -> File not found
< CurrentVersion Policy Settings - System &#91;HKEY_CURRENT_USER&#93; > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< 64bit-Internet Explorer Extensions &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{FB5F1910-F110-11d2-BB9E-00C04F795683}&#58;Exec &#91;HKLM&#93; -> C&#58;\Program Files\Messenger\msmsgs.exe &#91;Button&#58; Messenger&#93; -> &#91;2005/03/25 08&#58;00&#58;00 | 001,681,920 | ---- | M&#93; &#40;Microsoft Corporation&#41;
{FB5F1910-F110-11d2-BB9E-00C04F795683}&#58;Exec &#91;HKLM&#93; -> C&#58;\Program Files\Messenger\msmsgs.exe &#91;Menu&#58; Windows Messenger&#93; -> &#91;2005/03/25 08&#58;00&#58;00 | 001,681,920 | ---- | M&#93; &#40;Microsoft Corporation&#41;
< Internet Explorer Extensions &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{FB5F1910-F110-11d2-BB9E-00C04F795683}&#58;Exec &#91;HKLM&#93; -> C&#58;\Program Files\Messenger\msmsgs.exe &#91;Button&#58; Messenger&#93; -> &#91;2005/03/25 08&#58;00&#58;00 | 001,681,920 | ---- | M&#93; &#40;Microsoft Corporation&#41;
{FB5F1910-F110-11d2-BB9E-00C04F795683}&#58;Exec &#91;HKLM&#93; -> C&#58;\Program Files\Messenger\msmsgs.exe &#91;Menu&#58; Windows Messenger&#93; -> &#91;2005/03/25 08&#58;00&#58;00 | 001,681,920 | ---- | M&#93; &#40;Microsoft Corporation&#41;
< Internet Explorer Extensions &#91;HKEY_CURRENT_USER\&#93; > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
64bit-CmdMapping\\&#34;{FB5F1910-F110-11d2-BB9E-00C04F795683}&#34; &#91;HKLM&#93; -> C&#58;\Program Files\Messenger\msmsgs.exe &#91;Messenger&#93; -> &#91;2005/03/25 08&#58;00&#58;00 | 001,681,920 | ---- | M&#93; &#40;Microsoft Corporation&#41;
CmdMapping\\&#34;{FB5F1910-F110-11d2-BB9E-00C04F795683}&#34; &#91;HKLM&#93; -> C&#58;\Program Files\Messenger\msmsgs.exe &#91;Messenger&#93; -> &#91;2005/03/25 08&#58;00&#58;00 | 001,681,920 | ---- | M&#93; &#40;Microsoft Corporation&#41;
< 64bit-Internet Explorer Plugins &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http&#58;//activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Internet Explorer Plugins &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
&#34;&#34; -> http&#58;//
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
&#34;&#34; -> http&#58;//
< 64bit-Trusted Sites Domains &#91;HKEY_LOCAL_MACHINE\&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> &#91;Key&#93; 1 domain&#40;s&#41; found. ->
1 domain&#40;s&#41; and sub-domain&#40;s&#41; not assigned to a zone.
< 64bit-Trusted Sites Ranges &#91;HKEY_LOCAL_MACHINE\&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> &#91;Key&#93; 0 range&#40;s&#41; found. ->
< Trusted Sites Domains &#91;HKEY_LOCAL_MACHINE\&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> &#91;Key&#93; 3 domain&#40;s&#41; found. ->
1 domain&#40;s&#41; and sub-domain&#40;s&#41; not assigned to a zone.
< Trusted Sites Ranges &#91;HKEY_LOCAL_MACHINE\&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> &#91;Key&#93; 0 range&#40;s&#41; found. ->
< Trusted Sites Domains &#91;HKEY_CURRENT_USER\&#93; > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> &#91;Key&#93; 5 domain&#40;s&#41; found. ->
< Trusted Sites Ranges &#91;HKEY_CURRENT_USER\&#93; > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> &#91;Key&#93; 0 range&#40;s&#41; found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} &#91;HKLM&#93; -> http&#58;//java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab &#91;Java Plug-in 1.6.0_17&#93; ->
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} &#91;HKLM&#93; -> http&#58;//java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab &#91;Java Plug-in 1.6.0_17&#93; ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} &#91;HKLM&#93; -> http&#58;//java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab &#91;Java Plug-in 1.6.0_17&#93; ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} &#91;HKLM&#93; -> http&#58;//platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab &#91;Reg Error&#58; Key error.&#93; ->
< Name Servers &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.10.1 ->
< Name Servers &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{944C44C7-2DF1-496F-9075-FB92F9A12CAF}\\DhcpNameServer -> 192.168.10.1 &#40;Realtek RTL8169/8110 Family Gigabit Ethernet NIC&#41; ->
< 64bit-Winlogon settings &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C&#58;\WINDOWS\explorer.exe -> &#91;2005/03/25 08&#58;00&#58;00 | 001,364,480 | ---- | M&#93; &#40;Microsoft Corporation&#41;
*MultiFile Done* -> ->
64bit-*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
%SystemRoot%\system32\logonui.exe -> C&#58;\WINDOWS\SysNative\logonui.exe -> File not found
*MultiFile Done* -> ->
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL &#34;sysdm.cpl&#34; -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C&#58;\WINDOWS\SysWow64\explorer.exe -> &#91;2005/03/25 08&#58;00&#58;00 | 001,050,624 | ---- | M&#93; &#40;Microsoft Corporation&#41;
*MultiFile Done* -> ->
*System* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System ->
lsass.exe -> -> File not found
*MultiFile Done* -> ->
< 64bit-Winlogon\Notify settings &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
crypt32chain -> -> File not found
cryptnet -> -> File not found
cscdll -> -> File not found
dimsntfy -> -> File not found
ScCertProp -> -> File not found
Schedule -> -> File not found
sclgntfy -> -> File not found
SensLogn -> -> File not found
termsrv -> -> File not found
wlballoon -> -> File not found
< Winlogon\Notify settings &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
ScCertProp -> -> File not found
Schedule -> -> File not found
SensLogn -> -> File not found
wlballoon -> -> File not found
< 64bit-SSODL &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
&#34;{35CEC8A3-2BE6-11D2-8773-92E220524153}&#34; &#91;HKLM&#93; -> C&#58;\WINDOWS\SysNative\stobject.dll &#91;SysTray&#93; -> File not found
&#34;{AAA288BA-9A4C-45B0-95D7-94D524869DB5}&#34; &#91;HKLM&#93; -> C&#58;\WINDOWS\SysNative\WPDShServiceObj.dll &#91;WPDShServiceObj&#93; -> File not found
< SSODL &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
&#34;{267567d2-fbba-4019-94da-8470f88fb05d}&#34; &#91;HKLM&#93; -> Reg Error&#58; Key error. &#91;dedosasab&#93; -> File not found
&#34;{705c8702-2953-4700-85e2-372ac8232866}&#34; &#91;HKLM&#93; -> Reg Error&#58; Key error. &#91;gikuvihid&#93; -> File not found
&#34;{f4db9296-7c54-4444-bfea-4dc2d0073a57}&#34; &#91;HKLM&#93; -> Reg Error&#58; Key error. &#91;yiniketub&#93; -> File not found
< 64bit-ShellExecuteHooks &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
&#34;{AEB6717E-7E19-11d0-97EE-00C04FD91972}&#34; &#91;HKLM&#93; -> &#91;&#93; -> File not found
< SecurityProviders &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
64bit-*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msapsspc.dll -> -> File not found
schannel.dll -> -> File not found
digest.dll -> -> File not found
msnsspc.dll -> -> File not found
*MultiFile Done* -> ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
&#34;%windir%\system32\sessmgr.exe&#34; -> C&#58;\WINDOWS\SysWow64\sessmgr.exe &#91;%windir%\system32\sessmgr.exe&#58;*&#58;enabled&#58;@xpsp2res.dll,-22019&#93; -> File not found
&#34;C&#58;\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe&#34; -> C&#58;\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe &#91;C&#58;\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe&#58;*&#58;Enabled&#58;Dropbox&#93; -> &#91;2010/02/26 01&#58;10&#58;20 | 021,979,992 | ---- | M&#93; &#40;&#41;
&#34;C&#58;\Documents and Settings\Administrator\Desktop\OTM.exe&#34; -> C&#58;\Documents and Settings\Administrator\Desktop\OTM.exe &#91;C&#58;\Documents and Settings\Administrator\Desktop\OTM.exe&#58;*&#58;Enabled&#58;OTM&#93; -> &#91;2010/02/26 11&#58;33&#58;49 | 000,504,832 | ---- | M&#93; &#40;OldTimer Tools&#41;
&#34;C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\avguard.exe&#34; -> C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\avguard.exe &#91;C&#58;\Program Files &#40;x86&#41;\Avira\AntiVir Desktop\avguard.exe&#58;*&#58;Enabled&#58;avguard&#93; -> &#91;2009/07/21 14&#58;34&#58;33 | 000,185,089 | ---- | M&#93; &#40;Avira GmbH&#41;
&#34;C&#58;\Program Files &#40;x86&#41;\CCP\EVE\bin\ExeFile.exe&#34; -> C&#58;\Program Files &#40;x86&#41;\CCP\EVE\bin\ExeFile.exe &#91;C&#58;\Program Files &#40;x86&#41;\CCP\EVE\bin\ExeFile.exe&#58;*&#58;Enabled&#58;CCP ExeFile&#93; -> &#91;2009/12/11 19&#58;37&#58;23 | 000,516,936 | ---- | M&#93; &#40;CCP hf.&#41;
&#34;C&#58;\Program Files &#40;x86&#41;\Lavasoft\Ad-Aware\AAWTray.exe&#34; -> C&#58;\Program Files &#40;x86&#41;\Lavasoft\Ad-Aware\AAWTray.exe &#91;C&#58;\Program Files &#40;x86&#41;\Lavasoft\Ad-Aware\AAWTray.exe&#58;*&#58;Enabled&#58;AAWTray&#93; -> &#91;2010/02/19 00&#58;16&#58;36 | 000,815,184 | ---- | M&#93; &#40;Lavasoft&#41;
&#34;C&#58;\Program Files &#40;x86&#41;\Pidgin\pidgin.exe&#34; -> C&#58;\Program Files &#40;x86&#41;\Pidgin\pidgin.exe &#91;C&#58;\Program Files &#40;x86&#41;\Pidgin\pidgin.exe&#58;*&#58;Enabled&#58;Pidgin&#93; -> &#91;2007/12/07 14&#58;53&#58;28 | 000,044,658 | ---- | M&#93; &#40;The Pidgin developer community&#41;
&#34;C&#58;\Program Files &#40;x86&#41;\RndLabs\BaboViolent 2\bv2.exe&#34; -> C&#58;\Program Files &#40;x86&#41;\RndLabs\BaboViolent 2\bv2.exe &#91;C&#58;\Program Files &#40;x86&#41;\RndLabs\BaboViolent 2\bv2.exe&#58;*&#58;Enabled&#58;bv2&#93; -> &#91;2008/04/21 00&#58;13&#58;44 | 000,778,240 | ---- | M&#93; &#40;&#41;
&#34;C&#58;\Program Files &#40;x86&#41;\SEGA\Medieval II Total War\medieval2.exe&#34; -> C&#58;\Program Files &#40;x86&#41;\SEGA\Medieval II Total War\medieval2.exe &#91;C&#58;\Program Files &#40;x86&#41;\SEGA\Medieval II Total War\medieval2.exe&#58;*&#58;Enabled&#58;Medieval 2&#58; Total War&#93; -> &#91;2009/01/29 16&#58;20&#58;30 | 019,779,584 | ---- | M&#93; &#40;The Creative Assembly Ltd&#41;
&#34;C&#58;\Program Files &#40;x86&#41;\uTorrent\uTorrent.exe&#34; -> C&#58;\Program Files &#40;x86&#41;\uTorrent\uTorrent.exe &#91;C&#58;\Program Files &#40;x86&#41;\uTorrent\uTorrent.exe&#58;*&#58;Enabled&#58;µTorrent&#93; -> &#91;2010/03/14 15&#58;47&#58;20 | 000,319,792 | ---- | M&#93; &#40;BitTorrent, Inc.&#41;
&#34;C&#58;\WINDOWS\system32\dpvsetup.exe&#34; -> C&#58;\WINDOWS\SysWow64\dpvsetup.exe &#91;C&#58;\WINDOWS\system32\dpvsetup.exe&#58;*&#58;Enabled&#58;Microsoft DirectPlay Voice Test&#93; -> &#91;2005/03/25 08&#58;00&#58;00 | 000,083,968 | ---- | M&#93; &#40;Microsoft Corporation&#41;
&#34;C&#58;\WINDOWS\SysWOW64\javaw.exe&#34; -> C&#58;\WINDOWS\SysWOW64\javaw.exe &#91;C&#58;\WINDOWS\SysWOW64\javaw.exe&#58;*&#58;Enabled&#58;javaw&#93; -> &#91;2009/10/11 05&#58;17&#58;32 | 000,145,184 | ---- | M&#93; &#40;Sun Microsystems, Inc.&#41;
&#34;D&#58;\EVE\bin\ExeFile.exe&#34; -> D&#58;\EVE\bin\ExeFile.exe &#91;D&#58;\EVE\bin\ExeFile.exe&#58;*&#58;Enabled&#58;CCP ExeFile&#93; -> &#91;2008/12/05 12&#58;39&#58;22 | 000,513,280 | ---- | M&#93; &#40;CCP hf.&#41;
&#34;D&#58;\Games\Anno 1404\tools\Anno4Web.exe&#34; -> D&#58;\Games\Anno 1404\tools\Anno4Web.exe &#91;D&#58;\Games\Anno 1404\tools\Anno4Web.exe&#58;*&#58;Enabled&#58;Anno4Web&#93; -> &#91;2009/05/23 16&#58;48&#58;00 | 001,320,232 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Games\Dark Oberon\dark-oberon.exe&#34; -> D&#58;\Games\Dark Oberon\dark-oberon.exe &#91;D&#58;\Games\Dark Oberon\dark-oberon.exe&#58;*&#58;Enabled&#58;dark-oberon&#93; -> &#91;2006/11/01 15&#58;10&#58;40 | 000,532,480 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Games\Dead Space\Dead Space.exe&#34; -> D&#58;\Games\Dead Space\Dead Space.exe &#91;D&#58;\Games\Dead Space\Dead Space.exe&#58;*&#58;Disabled&#58;Dead Space â„¢&#93; -> &#91;2008/11/01 10&#58;17&#58;11 | 013,733,888 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Games\Dragon Age\bin_ship\daorigins.exe&#34; -> D&#58;\Games\Dragon Age\bin_ship\daorigins.exe &#91;D&#58;\Games\Dragon Age\bin_ship\daorigins.exe&#58;*&#58;Enabled&#58;Dragon Age Origins Game&#93; -> &#91;2009/11/02 03&#58;57&#58;00 | 009,909,480 | ---- | M&#93; &#40;BioWare&#41;
&#34;D&#58;\Games\Dragon Age\bin_ship\daupdatersvc.service.exe&#34; -> D&#58;\Games\Dragon Age\bin_ship\daupdatersvc.service.exe &#91;D&#58;\Games\Dragon Age\bin_ship\daupdatersvc.service.exe&#58;*&#58;Enabled&#58;Dragon Age Origins Updater&#93; -> &#91;2009/07/26 07&#58;43&#58;14 | 000,025,832 | ---- | M&#93; &#40;BioWare&#41;
&#34;D&#58;\Games\Dragon Age\DAOriginsLauncher.exe&#34; -> D&#58;\Games\Dragon Age\DAOriginsLauncher.exe &#91;D&#58;\Games\Dragon Age\DAOriginsLauncher.exe&#58;*&#58;Enabled&#58;Dragon Age Origins Launcher&#93; -> &#91;2009/08/10 11&#58;59&#58;08 | 001,246,440 | ---- | M&#93; &#40;BioWare&#41;
&#34;D&#58;\Games\Glest_3.2.2\glest.exe&#34; -> D&#58;\Games\Glest_3.2.2\glest.exe &#91;D&#58;\Games\Glest_3.2.2\glest.exe&#58;*&#58;Enabled&#58;glest&#93; -> &#91;2009/04/02 20&#58;03&#58;30 | 001,230,336 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Games\Kane and Lynch Dead Men\kaneandlynch.exe&#34; -> D&#58;\Games\Kane and Lynch Dead Men\kaneandlynch.exe &#91;D&#58;\Games\Kane and Lynch Dead Men\kaneandlynch.exe&#58;*&#58;Enabled&#58;Kane & Lynch&#58; Dead Men&#93; -> &#91;2007/11/10 21&#58;11&#58;24 | 007,542,024 | ---- | M&#93; &#40;Io Interactive A/S&#41;
&#34;D&#58;\Games\Mass Effect\Binaries\MassEffect.exe&#34; -> D&#58;\Games\Mass Effect\Binaries\MassEffect.exe &#91;D&#58;\Games\Mass Effect\Binaries\MassEffect.exe&#58;*&#58;Enabled&#58;Mass Effect Game&#93; -> &#91;2008/05/29 18&#58;34&#58;19 | 048,956,922 | ---- | M&#93; &#40;BioWare&#41;
&#34;D&#58;\Games\Mass Effect\MassEffectLauncher.exe&#34; -> D&#58;\Games\Mass Effect\MassEffectLauncher.exe &#91;D&#58;\Games\Mass Effect\MassEffectLauncher.exe&#58;*&#58;Enabled&#58;Mass Effect Launcher&#93; -> &#91;2008/05/07 12&#58;19&#58;36 | 000,730,344 | ---- | M&#93; &#40;BioWare&#41;
&#34;D&#58;\Games\Operation Flashpoint - Dragon Rising\OFDR.exe&#34; -> D&#58;\Games\Operation Flashpoint - Dragon Rising\OFDR.exe &#91;D&#58;\Games\Operation Flashpoint - Dragon Rising\OFDR.exe&#58;*&#58;Enabled&#58;OF Dragon Rising&#93; -> &#91;2009/10/06 17&#58;22&#58;36 | 020,094,976 | ---- | M&#93; &#40;Codemasters Software Company Limited&#41;
&#34;D&#58;\Games\Prototype\prototypef.exe&#34; -> D&#58;\Games\Prototype\prototypef.exe &#91;D&#58;\Games\Prototype\prototypef.exe&#58;*&#58;Enabled&#58;Prototype&#40;TM&#41;&#93; -> &#91;2009/06/09 14&#58;43&#58;00 | 002,269,232 | ---- | M&#93; &#40;Activision&#41;
&#34;D&#58;\Games\Warcraft III\Warcraft III.exe&#34; -> D&#58;\Games\Warcraft III\Warcraft III.exe &#91;D&#58;\Games\Warcraft III\Warcraft III.exe&#58;*&#58;Enabled&#58;Warcraft III&#93; -> &#91;2009/04/14 17&#58;00&#58;10 | 000,274,432 | ---- | M&#93; &#40;Blizzard Entertainment&#41;
&#34;D&#58;\Games\Wolfenstein\MP\Wolf2MP.exe&#34; -> D&#58;\Games\Wolfenstein\MP\Wolf2MP.exe &#91;D&#58;\Games\Wolfenstein\MP\Wolf2MP.exe&#58;*&#58;Enabled&#58;Wolfenstein&#40;TM&#41;&#93; -> &#91;2009/07/22 19&#58;46&#58;40 | 006,399,248 | ---- | M&#93; &#40;Activision&#41;
&#34;D&#58;\Games\Wolfenstein\MP\Wolf2MPLite.exe&#34; -> D&#58;\Games\Wolfenstein\MP\Wolf2MPLite.exe &#91;D&#58;\Games\Wolfenstein\MP\Wolf2MPLite.exe&#58;*&#58;Enabled&#58;Wolfenstein&#40;TM&#41;&#93; -> &#91;2009/07/22 19&#58;46&#58;40 | 006,042,896 | ---- | M&#93; &#40;Activision&#41;
&#34;D&#58;\Games\Worms Armageddon - New Edition\WA.exe&#34; -> D&#58;\Games\Worms Armageddon - New Edition\WA.exe &#91;D&#58;\Games\Worms Armageddon - New Edition\WA.exe&#58;*&#58;Enabled&#58;Worms Armageddon&#93; -> &#91;2007/07/05 12&#58;05&#58;59 | 004,378,624 | ---- | M&#93; &#40;Team17 Software Ltd&#41;
&#34;D&#58;\Steam\Steam.exe&#34; -> D&#58;\Steam\Steam.exe &#91;D&#58;\Steam\Steam.exe&#58;*&#58;Enabled&#58;Steam&#93; -> &#91;2010/02/26 14&#58;30&#58;48 | 001,217,872 | ---- | M&#93; &#40;Valve Corporation&#41;
&#34;D&#58;\Steam\steamapps\andre2account\the ship\ship.exe&#34; -> D&#58;\Steam\steamapps\andre2account\the ship\ship.exe &#91;D&#58;\Steam\steamapps\andre2account\the ship\ship.exe&#58;*&#58;Enabled&#58;ship&#93; -> &#91;2009/04/03 18&#58;46&#58;35 | 000,090,112 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe&#34; -> D&#58;\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe &#91;D&#58;\Steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\main.exe&#58;*&#58;Enabled&#58;AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity Demo&#93; -> &#91;2009/10/19 20&#58;06&#58;33 | 000,049,152 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\common\batman arkham asylum\Batman_Revoker.exe&#34; -> D&#58;\Steam\steamapps\common\batman arkham asylum\Batman_Revoker.exe &#91;D&#58;\Steam\steamapps\common\batman arkham asylum\Batman_Revoker.exe&#58;*&#58;Enabled&#58;Batman&#58; Arkham Asylum - License Revoking Tool&#93; -> &#91;2010/03/13 23&#58;10&#58;45 | 006,969,480 | ---- | M&#93; &#40;Sony DADC Austria AG&#41;
&#34;D&#58;\Steam\steamapps\common\batman arkham asylum\Binaries\BmLauncher.exe&#34; -> D&#58;\Steam\steamapps\common\batman arkham asylum\Binaries\BmLauncher.exe &#91;D&#58;\Steam\steamapps\common\batman arkham asylum\Binaries\BmLauncher.exe&#58;*&#58;Enabled&#58;Batman&#58; Arkham Asylum&#93; -> &#91;2010/03/13 23&#58;09&#58;54 | 008,578,312 | ---- | M&#93; &#40;Rocksteady Studios Ltd&#41;
&#34;D&#58;\Steam\steamapps\common\batman arkham asylum\Binaries\ShippingPC-BmGame.exe&#34; -> D&#58;\Steam\steamapps\common\batman arkham asylum\Binaries\ShippingPC-BmGame.exe &#91;D&#58;\Steam\steamapps\common\batman arkham asylum\Binaries\ShippingPC-BmGame.exe&#58;*&#58;Enabled&#58;BmGame&#93; -> &#91;2010/03/13 23&#58;44&#58;43 | 040,387,848 | ---- | M&#93; &#40;Rocksteady Studios Ltd&#41;
&#34;D&#58;\Steam\steamapps\common\battleforge\Bootstrapper.exe&#34; -> D&#58;\Steam\steamapps\common\battleforge\Bootstrapper.exe &#91;D&#58;\Steam\steamapps\common\battleforge\Bootstrapper.exe&#58;*&#58;Enabled&#58;Battleforge Demo&#93; -> &#91;2009/08/13 13&#58;12&#58;36 | 005,797,240 | ---- | M&#93; &#40;EA Phenomic&#41;
&#34;D&#58;\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe&#34; -> D&#58;\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe &#91;D&#58;\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe&#58;*&#58;Enabled&#58;Bioshock&#93; -> &#91;2009/10/23 22&#58;57&#58;26 | 009,932,800 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe&#34; -> D&#58;\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe &#91;D&#58;\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe&#58;*&#58;Enabled&#58;Blueberry Garden Demo&#93; -> &#91;2009/12/14 01&#58;02&#58;01 | 000,160,256 | ---- | M&#93; &#40;Erik Svedäng&#41;
&#34;D&#58;\Steam\steamapps\common\champions online\Champions Online.exe&#34; -> D&#58;\Steam\steamapps\common\champions online\Champions Online.exe &#91;D&#58;\Steam\steamapps\common\champions online\Champions Online.exe&#58;*&#58;Enabled&#58;Cryptic Game Launcher&#93; -> File not found
&#34;D&#58;\Steam\steamapps\common\company of heroes\help.htm&#34; -> D&#58;\Steam\steamapps\common\company of heroes\help.htm &#91;D&#58;\Steam\steamapps\common\company of heroes\help.htm&#58;*&#58;Enabled&#58;Company of Heroes&#93; -> &#91;2009/04/16 14&#58;00&#58;27 | 000,000,213 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\common\company of heroes\RelicCOH.exe&#34; -> D&#58;\Steam\steamapps\common\company of heroes\RelicCOH.exe &#91;D&#58;\Steam\steamapps\common\company of heroes\RelicCOH.exe&#58;*&#58;Enabled&#58;Company of Heroes&#93; -> &#91;2009/12/24 03&#58;10&#58;25 | 009,266,056 | ---- | M&#93; &#40;THQ Canada Inc.&#41;
&#34;D&#58;\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe&#34; -> D&#58;\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe &#91;D&#58;\Steam\steamapps\common\dangerous high school girls in trouble\prog\brigiton.exe&#58;*&#58;Enabled&#58;Dangerous High School Girls in Trouble&#93; -> &#91;2009/12/24 01&#58;15&#58;36 | 000,038,400 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\common\fallout 3\Fallout3.exe&#34; -> D&#58;\Steam\steamapps\common\fallout 3\Fallout3.exe &#91;D&#58;\Steam\steamapps\common\fallout 3\Fallout3.exe&#58;*&#58;Enabled&#58;Fallout3&#93; -> &#91;2009/08/14 23&#58;02&#58;52 | 015,044,024 | ---- | M&#93; &#40;Bethesda Softworks&#41;
&#34;D&#58;\Steam\steamapps\common\fallout 3\FalloutLauncher.exe&#34; -> D&#58;\Steam\steamapps\common\fallout 3\FalloutLauncher.exe &#91;D&#58;\Steam\steamapps\common\fallout 3\FalloutLauncher.exe&#58;*&#58;Enabled&#58;Fallout 3&#93; -> &#91;2009/01/28 21&#58;47&#58;38 | 001,900,544 | ---- | M&#93; &#40;Bethesda Softworks&#41;
&#34;D&#58;\Steam\steamapps\common\just cause 2 demo\JustCause2.exe&#34; -> D&#58;\Steam\steamapps\common\just cause 2 demo\JustCause2.exe &#91;D&#58;\Steam\steamapps\common\just cause 2 demo\JustCause2.exe&#58;*&#58;Enabled&#58;Just Cause 2 Demo&#93; -> &#91;2010/03/11 14&#58;28&#58;08 | 014,547,744 | ---- | M&#93; &#40;Avalanche Studios&#41;
&#34;D&#58;\Steam\steamapps\common\just cause\JCSetup.exe&#34; -> D&#58;\Steam\steamapps\common\just cause\JCSetup.exe &#91;D&#58;\Steam\steamapps\common\just cause\JCSetup.exe&#58;*&#58;Enabled&#58;Just Cause&#93; -> &#91;2010/03/14 01&#58;22&#58;20 | 000,196,608 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\common\just cause\JustCause.exe&#34; -> D&#58;\Steam\steamapps\common\just cause\JustCause.exe &#91;D&#58;\Steam\steamapps\common\just cause\JustCause.exe&#58;*&#58;Enabled&#58;Just Cause&#93; -> &#91;2010/03/14 01&#58;27&#58;21 | 001,846,272 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\common\killingfloor\System\KillingFloor.exe&#34; -> D&#58;\Steam\steamapps\common\killingfloor\System\KillingFloor.exe &#91;D&#58;\Steam\steamapps\common\killingfloor\System\KillingFloor.exe&#58;*&#58;Enabled&#58;Killing Floor&#93; -> &#91;2009/11/04 22&#58;05&#58;47 | 000,192,512 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe&#34; -> D&#58;\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe &#91;D&#58;\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe&#58;*&#58;Enabled&#58;left4dead2&#93; -> &#91;2009/11/03 20&#58;51&#58;14 | 000,385,024 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\common\left 4 dead 2\left4dead2.exe&#34; -> D&#58;\Steam\steamapps\common\left 4 dead 2\left4dead2.exe &#91;D&#58;\Steam\steamapps\common\left 4 dead 2\left4dead2.exe&#58;*&#58;Enabled&#58;Left 4 Dead 2&#93; -> &#91;2009/11/17 09&#58;47&#58;27 | 000,385,024 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\common\left 4 dead\left4dead.exe&#34; -> D&#58;\Steam\steamapps\common\left 4 dead\left4dead.exe &#91;D&#58;\Steam\steamapps\common\left 4 dead\left4dead.exe&#58;*&#58;Enabled&#58;Left 4 Dead&#93; -> &#91;2009/04/22 11&#58;10&#58;00 | 000,098,304 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe&#34; -> D&#58;\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe &#91;D&#58;\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe&#58;*&#58;Enabled&#58;Oddworld&#58; Abe&#39;s Exoddus&#93; -> &#91;2009/12/24 01&#58;34&#58;50 | 002,289,664 | ---- | M&#93; &#40;Oddworld Inhabitants, Inc.&#41;
&#34;D&#58;\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe&#34; -> D&#58;\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe &#91;D&#58;\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe&#58;*&#58;Enabled&#58;Oddworld&#58; Abe&#39;s Oddysee&#93; -> &#91;2009/12/24 03&#58;21&#58;37 | 001,132,032 | ---- | M&#93; &#40;Oddworld Inhabitants, Inc.&#41;
&#34;D&#58;\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe&#34; -> D&#58;\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe &#91;D&#58;\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe&#58;*&#58;Enabled&#58;R.U.S.E. Beta&#93; -> &#91;2010/03/11 19&#58;24&#58;45 | 024,486,912 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\common\raycatcher demo\Raycatcher.exe&#34; -> D&#58;\Steam\steamapps\common\raycatcher demo\Raycatcher.exe &#91;D&#58;\Steam\steamapps\common\raycatcher demo\Raycatcher.exe&#58;*&#58;Enabled&#58;Raycatcher Demo&#93; -> &#91;2009/04/18 16&#58;14&#58;05 | 002,287,104 | ---- | M&#93; &#40;GarageGames&#41;
&#34;D&#58;\Steam\steamapps\common\time gentlemen, please!\TGP.exe&#34; -> D&#58;\Steam\steamapps\common\time gentlemen, please!\TGP.exe &#91;D&#58;\Steam\steamapps\common\time gentlemen, please!\TGP.exe&#58;*&#58;Enabled&#58;Time Gentlemen, Please!&#93; -> &#91;2010/01/10 19&#58;46&#58;02 | 074,077,811 | ---- | M&#93; &#40;Chris Jones&#41;
&#34;D&#58;\Steam\steamapps\common\time gentlemen, please!\winsetup.exe&#34; -> D&#58;\Steam\steamapps\common\time gentlemen, please!\winsetup.exe &#91;D&#58;\Steam\steamapps\common\time gentlemen, please!\winsetup.exe&#58;*&#58;Enabled&#58;Time Gentlemen, Please!&#93; -> &#91;2010/01/10 19&#58;45&#58;15 | 000,110,612 | ---- | M&#93; &#40;Chris Jones&#41;
&#34;D&#58;\Steam\steamapps\common\tomb raider anniversary\tra.exe&#34; -> D&#58;\Steam\steamapps\common\tomb raider anniversary\tra.exe &#91;D&#58;\Steam\steamapps\common\tomb raider anniversary\tra.exe&#58;*&#58;Enabled&#58;Tomb Raider&#58; Anniversary&#93; -> &#91;2009/04/03 18&#58;46&#58;33 | 001,170,944 | ---- | M&#93; &#40;Eidos Inc.&#41;
&#34;D&#58;\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe&#34; -> D&#58;\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe &#91;D&#58;\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe&#58;*&#58;Enabled&#58;DOW2&#93; -> File not found
&#34;D&#58;\Steam\steamapps\common\world of goo\WorldOfGoo.exe&#34; -> D&#58;\Steam\steamapps\common\world of goo\WorldOfGoo.exe &#91;D&#58;\Steam\steamapps\common\world of goo\WorldOfGoo.exe&#58;*&#58;Enabled&#58;World of Goo&#93; -> &#91;2009/03/08 19&#58;31&#58;13 | 002,203,648 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\[email protected]\age of chivalry\hl2.exe&#34; -> D&#58;\Steam\steamapps\[email protected]\age of chivalry\hl2.exe &#91;D&#58;\Steam\steamapps\[email protected]\age of chivalry\hl2.exe&#58;*&#58;Disabled&#58;hl2&#93; -> &#91;2009/12/26 13&#58;08&#58;01 | 000,098,304 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\[email protected]\counter-strike source\hl2.exe&#34; -> D&#58;\Steam\steamapps\[email protected]\counter-strike source\hl2.exe &#91;D&#58;\Steam\steamapps\[email protected]\counter-strike source\hl2.exe&#58;*&#58;Enabled&#58;hl2&#93; -> &#91;2009/12/14 11&#58;37&#58;06 | 000,106,496 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\[email protected]\day of defeat source\hl2.exe&#34; -> D&#58;\Steam\steamapps\[email protected]\day of defeat source\hl2.exe &#91;D&#58;\Steam\steamapps\[email protected]\day of defeat source\hl2.exe&#58;*&#58;Enabled&#58;hl2&#93; -> &#91;2010/03/15 20&#58;00&#58;13 | 000,103,736 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\[email protected]\dystopia\hl2.exe&#34; -> D&#58;\Steam\steamapps\[email protected]\dystopia\hl2.exe &#91;D&#58;\Steam\steamapps\[email protected]\dystopia\hl2.exe&#58;*&#58;Enabled&#58;hl2&#93; -> &#91;2009/03/04 01&#58;08&#58;33 | 000,106,496 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\[email protected]\eternal-silence\hl2.exe&#34; -> D&#58;\Steam\steamapps\[email protected]\eternal-silence\hl2.exe &#91;D&#58;\Steam\steamapps\[email protected]\eternal-silence\hl2.exe&#58;*&#58;Enabled&#58;hl2&#93; -> &#91;2009/02/20 13&#58;24&#58;33 | 000,106,496 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\[email protected]\pirates, vikings, and knights ii\hl2.exe&#34; -> D&#58;\Steam\steamapps\[email protected]\pirates, vikings, and knights ii\hl2.exe &#91;D&#58;\Steam\steamapps\[email protected]\pirates, vikings, and knights ii\hl2.exe&#58;*&#58;Enabled&#58;hl2&#93; -> &#91;2010/02/14 22&#58;25&#58;43 | 000,098,304 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\[email protected]\smashball\hl2.exe&#34; -> D&#58;\Steam\steamapps\[email protected]\smashball\hl2.exe &#91;D&#58;\Steam\steamapps\[email protected]\smashball\hl2.exe&#58;*&#58;Enabled&#58;hl2&#93; -> &#91;2009/08/12 15&#58;33&#58;52 | 000,098,304 | ---- | M&#93; &#40;&#41;
&#34;D&#58;\Steam\steamapps\[email protected]\team fortress 2\hl2.exe&#34; -> D&#58;\Steam\steamapps\[email protected]\team fortress 2\hl2.exe &#91;D&#58;\Steam\steamapps\[email protected]\team fortress 2\hl2.exe&#58;*&#58;Enabled&#58;hl2&#93; -> File not found
< SafeBoot AlternateShell &#91;HKEY_LOCAL_MACHINE&#93; > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting &#91;HKEY_LOCAL_MACHINE&#93;> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
&#34;AutoRun&#34; -> 1 ->
&#34;DisplayName&#34; -> CD-ROM Driver ->
&#34;ImagePath&#34; -> C&#58;\WINDOWS\SysNative\DRIVERS\cdrom.sys &#91;system32\DRIVERS\cdrom.sys&#93; -> File not found
< Drives with AutoRun files > -> ->
C&#58;\AUTOEXEC.BAT &#91;&#93; -> C&#58;\AUTOEXEC.BAT &#91; NTFS &#93; -> &#91;2009/01/28 21&#58;14&#58;31 | 000,000,000 | ---- | M&#93; &#40;&#41;
E&#58;\Autorun.inf &#91;&#91;autorun&#93; | Open=demo32.exe | Icon=Lws.Ico | &#93; -> E&#58;\Autorun.inf &#91; CDFS &#93; -> &#91;2007/10/15 15&#58;03&#58;27 | 000,000,040 | R--- | M&#93; &#40;&#41;
< MountPoints2 &#91;HKEY_CURRENT_USER&#93; > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell
\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\\&#34;&#34; -> &#91;AutoRun&#93; -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun
\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun\\&#34;&#34; -> &#91;Auto&Play&#93; -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun\command
\{6ac48988-0c3b-11de-a0a3-00e04c77ba7a}\Shell\AutoRun\command\\&#34;&#34; -> H&#58;\LaunchU3.exe &#91;H&#58;\LaunchU3.exe -a&#93; -> File not found
\{885b927e-a78c-11de-83d9-00e04c77ba7a}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell
\{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell\\&#34;&#34; -> &#91;AutoRun&#93; -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell\AutoRun
\{885b927e-a78c-11de-83d9-00e04c77ba7a}\Shell\AutoRun\\&#34;&#34; -> &#91;Auto&Play&#93; -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\&#91;command&#93;\command ->
64bit-comfile &#91;open&#93; -> &#34;%1&#34; %* -> File not found
64bit-exefile &#91;open&#93; -> &#34;%1&#34; %* -> File not found
comfile &#91;open&#93; -> &#34;%1&#34; %* ->
exefile &#91;open&#93; -> &#34;%1&#34; %* ->


&#91;Files/Folders - Created Within 14 Days&#93;
Comical -> C&#58;\Program Files &#40;x86&#41;\Comical -> &#91;2010/03/14 23&#58;36&#58;47 | 000,000,000 | ---D | C&#93;
JustCause -> C&#58;\Documents and Settings\Administrator\My Documents\JustCause -> &#91;2010/03/14 15&#58;03&#58;51 | 000,000,000 | ---D | C&#93;
_OTS -> C&#58;\_OTS -> &#91;2010/03/12 20&#58;16&#58;34 | 000,000,000 | ---D | C&#93;
RootRepeal.exe -> C&#58;\Documents and Settings\Administrator\Desktop\RootRepeal.exe -> &#91;2010/03/04 11&#58;29&#58;55 | 000,472,064 | ---- | C&#93; &#40; &#41;
Microsoft -> C&#58;\Documents and Settings\LocalService\Application Data\Microsoft -> &#91;2009/10/29 15&#58;31&#58;04 | 000,000,000 | --SD | M&#93;
Microsoft -> C&#58;\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> &#91;2009/01/28 21&#58;14&#58;30 | 000,000,000 | --SD | M&#93;
Microsoft -> C&#58;\Documents and Settings\NetworkService\Application Data\Microsoft -> &#91;2009/01/28 21&#58;14&#58;30 | 000,000,000 | --SD | M&#93;
Microsoft -> C&#58;\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> &#91;2009/01/28 21&#58;14&#58;30 | 000,000,000 | --SD | M&#93;

&#91;Files/Folders - Modified Within 14 Days&#93;
Ad-Aware Update &#40;Weekly&#41;.job -> C&#58;\WINDOWS\tasks\Ad-Aware Update &#40;Weekly&#41;.job -> &#91;2010/03/16 09&#58;53&#58;52 | 000,000,496 | ---- | M&#93; &#40;&#41;
SA.DAT -> C&#58;\WINDOWS\tasks\SA.DAT -> &#91;2010/03/16 09&#58;51&#58;57 | 000,000,006 | -H-- | M&#93; &#40;&#41;
bootstat.dat -> C&#58;\WINDOWS\bootstat.dat -> &#91;2010/03/16 09&#58;51&#58;56 | 000,002,048 | --S- | M&#93; &#40;&#41;
NTUSER.DAT -> C&#58;\Documents and Settings\Administrator\NTUSER.DAT -> &#91;2010/03/16 09&#58;50&#58;42 | 018,350,080 | -H-- | M&#93; &#40;&#41;
ntuser.ini -> C&#58;\Documents and Settings\Administrator\ntuser.ini -> &#91;2010/03/16 09&#58;50&#58;42 | 000,000,178 | -HS- | M&#93; &#40;&#41;
PUTTY.RND -> C&#58;\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND -> &#91;2010/03/16 00&#58;32&#58;49 | 000,000,600 | ---- | M&#93; &#40;&#41;
.recently-used.xbel -> C&#58;\Documents and Settings\Administrator\.recently-used.xbel -> &#91;2010/03/15 23&#58;14&#58;51 | 000,005,761 | ---- | M&#93; &#40;&#41;
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C&#58;\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> &#91;2010/03/15 23&#58;14&#58;40 | 000,062,976 | ---- | M&#93; &#40;&#41;
6416_124306430616_628425616_2338583_6738809_n.jpg -> C&#58;\Documents and Settings\Administrator\Desktop\6416_124306430616_628425616_2338583_6738809_n.jpg -> &#91;2010/03/09 18&#58;51&#58;16 | 000,086,213 | ---- | M&#93; &#40;&#41;
8127_152408343582_627158582_2838317_4272532_n.jpg -> C&#58;\Documents and Settings\Administrator\Desktop\8127_152408343582_627158582_2838317_4272532_n.jpg -> &#91;2010/03/09 18&#58;49&#58;32 | 000,030,257 | ---- | M&#93; &#40;&#41;
EVEMon_Settings_2138.xml.bak -> C&#58;\Documents and Settings\Administrator\My Documents\EVEMon_Settings_2138.xml.bak -> &#91;2010/03/09 17&#58;58&#58;34 | 000,326,163 | ---- | M&#93; &#40;&#41;
Adobe Reader 9.lnk -> C&#58;\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> &#91;2010/03/05 14&#58;42&#58;10 | 000,001,771 | ---- | M&#93; &#40;&#41;
SCP-080.rtf -> C&#58;\Documents and Settings\Administrator\My Documents\SCP-080.rtf -> &#91;2010/03/05 13&#58;44&#58;02 | 000,003,192 | ---- | M&#93; &#40;&#41;
RootRepeal.exe -> C&#58;\Documents and Settings\Administrator\Desktop\RootRepeal.exe -> &#91;2010/03/04 11&#58;29&#58;55 | 000,472,064 | ---- | M&#93; &#40; &#41;
mbr.exe -> C&#58;\Documents and Settings\Administrator\Desktop\mbr.exe -> &#91;2010/03/03 11&#58;49&#58;25 | 000,077,312 | ---- | M&#93; &#40;&#41;
18 C&#58;\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C&#58;\Documents and Settings\Administrator\Local Settings\Temp\*.tmp ->

&#91;Files - No Company Name&#93;
.recently-used.xbel -> C&#58;\Documents and Settings\Administrator\.recently-used.xbel -> &#91;2010/03/15 23&#58;14&#58;51 | 000,005,761 | ---- | C&#93; &#40;&#41;
EVEMon_Settings_2138.xml.bak -> C&#58;\Documents and Settings\Administrator\My Documents\EVEMon_Settings_2138.xml.bak -> &#91;2010/03/09 19&#58;53&#58;54 | 000,326,163 | ---- | C&#93; &#40;&#41;
6416_124306430616_628425616_2338583_6738809_n.jpg -> C&#58;\Documents and Settings\Administrator\Desktop\6416_124306430616_628425616_2338583_6738809_n.jpg -> &#91;2010/03/09 18&#58;51&#58;16 | 000,086,213 | ---- | C&#93; &#40;&#41;
8127_152408343582_627158582_2838317_4272532_n.jpg -> C&#58;\Documents and Settings\Administrator\Desktop\8127_152408343582_627158582_2838317_4272532_n.jpg -> &#91;2010/03/09 18&#58;49&#58;32 | 000,030,257 | ---- | C&#93; &#40;&#41;
gmer.exe -> C&#58;\Documents and Settings\Administrator\Desktop\gmer.exe -> &#91;2010/03/08 00&#58;46&#58;20 | 000,293,376 | ---- | C&#93; &#40;&#41;
SCP-080.rtf -> C&#58;\Documents and Settings\Administrator\My Documents\SCP-080.rtf -> &#91;2010/03/05 13&#58;44&#58;02 | 000,003,192 | ---- | C&#93; &#40;&#41;
mbr.exe -> C&#58;\Documents and Settings\Administrator\Desktop\mbr.exe -> &#91;2010/03/03 11&#58;49&#58;23 | 000,077,312 | ---- | C&#93; &#40;&#41;
xlive.dll.cat -> C&#58;\WINDOWS\SysWow64\xlive.dll.cat -> &#91;2009/07/14 18&#58;15&#58;00 | 000,178,432 | ---- | C&#93; &#40;&#41;
WORDPAD.INI -> C&#58;\WINDOWS\WORDPAD.INI -> &#91;2009/05/25 22&#58;44&#58;55 | 000,000,754 | ---- | C&#93; &#40;&#41;
WA.INI -> C&#58;\WINDOWS\WA.INI -> &#91;2009/05/23 23&#58;43&#58;42 | 000,000,122 | ---- | C&#93; &#40;&#41;
wininit.ini -> C&#58;\WINDOWS\wininit.ini -> &#91;2009/03/10 11&#58;25&#58;50 | 000,000,238 | ---- | C&#93; &#40;&#41;
BlendSettings.ini -> C&#58;\WINDOWS\BlendSettings.ini -> &#91;2009/02/20 15&#58;32&#58;42 | 000,000,023 | ---- | C&#93; &#40;&#41;
FoxImager.dll -> C&#58;\WINDOWS\SysWow64\FoxImager.dll -> &#91;2009/02/17 19&#58;29&#58;59 | 000,323,584 | ---- | C&#93; &#40;&#41;
PerfStringBackup.INI -> C&#58;\WINDOWS\SysWow64\PerfStringBackup.INI -> &#91;2009/01/29 01&#58;16&#58;32 | 000,553,690 | ---- | C&#93; &#40;&#41;
Ascd_tmp.ini -> C&#58;\WINDOWS\Ascd_tmp.ini -> &#91;2009/01/28 22&#58;03&#58;03 | 000,006,274 | ---- | C&#93; &#40;&#41;
ASUSHWIO.SYS -> C&#58;\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS -> &#91;2009/01/28 22&#58;02&#58;55 | 000,010,288 | ---- | C&#93; &#40;&#41;
guard32.dll -> C&#58;\WINDOWS\SysWow64\guard32.dll -> &#91;2009/01/28 21&#58;30&#58;25 | 000,155,384 | ---- | C&#93; &#40;&#41;
nview.dll -> C&#58;\WINDOWS\SysWow64\nview.dll -> &#91;2009/01/15 09&#58;19&#58;00 | 001,507,328 | ---- | C&#93; &#40;&#41;
nvwimg.dll -> C&#58;\WINDOWS\SysWow64\nvwimg.dll -> &#91;2009/01/15 09&#58;19&#58;00 | 001,101,824 | ---- | C&#93; &#40;&#41;
qt-dx331.dll -> C&#58;\WINDOWS\SysWow64\qt-dx331.dll -> &#91;2008/11/06 12&#58;37&#58;32 | 003,596,288 | ---- | C&#93; &#40;&#41;
physxcudart_20.dll -> C&#58;\WINDOWS\SysWow64\physxcudart_20.dll -> &#91;2008/10/07 10&#58;13&#58;30 | 000,197,912 | ---- | C&#93; &#40;&#41;
AgCPanelTraditionalChinese.dll -> C&#58;\WINDOWS\SysWow64\AgCPanelTraditionalChinese.dll -> &#91;2008/10/07 10&#58;13&#58;22 | 000,058,648 | ---- | C&#93; &#40;&#41;
AgCPanelSwedish.dll -> C&#58;\WINDOWS\SysWow64\AgCPanelSwedish.dll -> &#91;2008/10/07 10&#58;13&#58;20 | 000,058,648 | ---- | C&#93; &#40;&#41;
AgCPanelSpanish.dll -> C&#58;\WINDOWS\SysWow64\AgCPanelSpanish.dll -> &#91;2008/10/07 10&#58;13&#58;20 | 000,058,648 | ---- | C&#93; &#40;&#41;
AgCPanelSimplifiedChinese.dll -> C&#58;\WINDOWS\SysWow64\AgCPanelSimplifiedChinese.dll -> &#91;2008/10/07 10&#58;13&#58;20 | 000,058,648 | ---- | C&#93; &#40;&#41;
AgCPanelPortugese.dll -> C&#58;\WINDOWS\SysWow64\AgCPanelPortugese.dll -> &#91;2008/10/07 10&#58;13&#58;20 | 000,058,648 | ---- | C&#93; &#40;&#41;
AgCPanelKorean.dll -> C&#58;\WINDOWS\SysWow64\AgCPanelKorean.dll -> &#91;2008/10/07 10&#58;13&#58;20 | 000,058,648 | ---- | C&#93; &#40;&#41;
AgCPanelJapanese.dll -> C&#58;\WINDOWS\SysWow64\AgCPanelJapanese.dll -> &#91;2008/10/07 10&#58;13&#58;20 | 000,058,648 | ---- | C&#93; &#40;&#41;
AgCPanelGerman.dll -> C&#58;\WINDOWS\SysWow64\AgCPanelGerman.dll -> &#91;2008/10/07 10&#58;13&#58;20 | 000,058,648 | ---- | C&#93; &#40;&#41;
AgCPanelFrench.dll -> C&#58;\WINDOWS\SysWow64\AgCPanelFrench.dll -> &#91;2008/10/07 10&#58;13&#58;20 | 000,058,648 | ---- | C&#93; &#40;&#41;
GlobalUserInterface.CompositeFont -> C&#58;\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> &#91;2006/06/29 15&#58;58&#58;52 | 000,030,808 | ---- | C&#93; &#40;&#41;
GlobalSansSerif.CompositeFont -> C&#58;\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> &#91;2006/06/29 15&#58;53&#58;56 | 000,026,489 | ---- | C&#93; &#40;&#41;
GlobalSerif.CompositeFont -> C&#58;\WINDOWS\Fonts\GlobalSerif.CompositeFont -> &#91;2006/04/18 16&#58;39&#58;28 | 000,029,779 | ---- | C&#93; &#40;&#41;
GlobalMonospace.CompositeFont -> C&#58;\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> &#91;2006/04/18 16&#58;39&#58;28 | 000,026,040 | ---- | C&#93; &#40;&#41;
quartz.dll -> C&#58;\WINDOWS\SysWow64\quartz.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 001,291,264 | ---- | C&#93; &#40;&#41;
qedwipes.dll -> C&#58;\WINDOWS\SysWow64\qedwipes.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,733,696 | ---- | C&#93; &#40;&#41;
qedit.dll -> C&#58;\WINDOWS\SysWow64\qedit.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,512,512 | ---- | C&#93; &#40;&#41;
dxmasf.dll -> C&#58;\WINDOWS\SysWow64\dxmasf.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,498,742 | ---- | C&#93; &#40;&#41;
encdec.dll -> C&#58;\WINDOWS\SysWow64\encdec.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,396,288 | ---- | C&#93; &#40;&#41;
qdvd.dll -> C&#58;\WINDOWS\SysWow64\qdvd.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,385,536 | ---- | C&#93; &#40;&#41;
msjetoledb40.dll -> C&#58;\WINDOWS\SysWow64\msjetoledb40.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,355,112 | ---- | C&#93; &#40;&#41;
qdv.dll -> C&#58;\WINDOWS\SysWow64\qdv.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,279,040 | ---- | C&#93; &#40;&#41;
sbe.dll -> C&#58;\WINDOWS\SysWow64\sbe.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,276,992 | ---- | C&#93; &#40;&#41;
ir32_32.dll -> C&#58;\WINDOWS\SysWow64\ir32_32.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,199,168 | ---- | C&#93; &#40;&#41;
qcap.dll -> C&#58;\WINDOWS\SysWow64\qcap.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,192,512 | ---- | C&#93; &#40;&#41;
msencode.dll -> C&#58;\WINDOWS\SysWow64\msencode.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,114,688 | ---- | C&#93; &#40;&#41;
amstream.dll -> C&#58;\WINDOWS\SysWow64\amstream.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,072,704 | ---- | C&#93; &#40;&#41;
mciqtz32.dll -> C&#58;\WINDOWS\SysWow64\mciqtz32.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,062,464 | ---- | C&#93; &#40;&#41;
devenum.dll -> C&#58;\WINDOWS\SysWow64\devenum.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,061,440 | ---- | C&#93; &#40;&#41;
tsd32.dll -> C&#58;\WINDOWS\SysWow64\tsd32.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,016,896 | ---- | C&#93; &#40;&#41;
msdmo.dll -> C&#58;\WINDOWS\SysWow64\msdmo.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,014,336 | ---- | C&#93; &#40;&#41;
msdxmlc.dll -> C&#58;\WINDOWS\SysWow64\msdxmlc.dll -> &#91;2005/03/25 08&#58;00&#58;00 | 000,004,126 | ---- | C&#93; &#40;&#41;

&#91;File - Lop Check&#93;
.purple -> C&#58;\Documents and Settings\Administrator\Application Data\.purple -> &#91;2010/03/16 09&#58;53&#58;31 | 000,000,000 | ---D | M&#93;
Bioshock -> C&#58;\Documents and Settings\Administrator\Application Data\Bioshock -> &#91;2010/02/07 21&#58;14&#58;34 | 000,000,000 | ---D | M&#93;
DAEMON Tools -> C&#58;\Documents and Settings\Administrator\Application Data\DAEMON Tools -> &#91;2009/01/29 10&#58;38&#58;28 | 000,000,000 | ---D | M&#93;
DAEMON Tools Lite -> C&#58;\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite -> &#91;2009/10/30 15&#58;08&#58;50 | 000,000,000 | ---D | M&#93;
DAEMON Tools Pro -> C&#58;\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro -> &#91;2009/01/29 14&#58;48&#58;19 | 000,000,000 | ---D | M&#93;
Dropbox -> C&#58;\Documents and Settings\Administrator\Application Data\Dropbox -> &#91;2010/03/16 09&#58;52&#58;25 | 000,000,000 | ---D | M&#93;
EVEMon -> C&#58;\Documents and Settings\Administrator\Application Data\EVEMon -> &#91;2010/03/09 19&#58;54&#58;23 | 000,000,000 | ---D | M&#93;
gtk-2.0 -> C&#58;\Documents and Settings\Administrator\Application Data\gtk-2.0 -> &#91;2010/03/11 11&#58;05&#58;26 | 000,000,000 | ---D | M&#93;
leafChat -> C&#58;\Documents and Settings\Administrator\Application Data\leafChat -> &#91;2010/03/15 18&#58;02&#58;22 | 000,000,000 | ---D | M&#93;
LucasArts -> C&#58;\Documents and Settings\Administrator\Application Data\LucasArts -> &#91;2009/07/17 19&#58;25&#58;25 | 000,000,000 | ---D | M&#93;
Mount&Blade -> C&#58;\Documents and Settings\Administrator\Application Data\Mount&Blade -> &#91;2009/02/02 06&#58;32&#58;29 | 000,000,000 | ---D | M&#93;
Mumble -> C&#58;\Documents and Settings\Administrator\Application Data\Mumble -> &#91;2009/06/29 10&#58;06&#58;36 | 000,000,000 | ---D | M&#93;
My Battle for Middle-earth&#40;tm&#41; II Files -> C&#58;\Documents and Settings\Administrator\Application Data\My Battle for Middle-earth&#40;tm&#41; II Files -> &#91;2009/10/09 15&#58;17&#58;12 | 000,000,000 | ---D | M&#93;
PlayFirst -> C&#58;\Documents and Settings\Administrator\Application Data\PlayFirst -> &#91;2010/01/12 00&#58;27&#58;04 | 000,000,000 | ---D | M&#93;
runic games -> C&#58;\Documents and Settings\Administrator\Application Data\runic games -> &#91;2009/11/05 20&#58;20&#58;31 | 000,000,000 | ---D | M&#93;
RunningPillow -> C&#58;\Documents and Settings\Administrator\Application Data\RunningPillow -> &#91;2010/01/28 20&#58;53&#58;24 | 000,000,000 | ---D | M&#93;
Slam Dunk Studios, LLC -> C&#58;\Documents and Settings\Administrator\Application Data\Slam Dunk Studios, LLC -> &#91;2009/04/18 16&#58;15&#58;40 | 000,000,000 | ---D | M&#93;
Stardock -> C&#58;\Documents and Settings\Administrator\Application Data\Stardock -> &#91;2009/05/26 10&#58;12&#58;17 | 000,000,000 | ---D | M&#93;
The Longest Journey Demo -> C&#58;\Documents and Settings\Administrator\Application Data\The Longest Journey Demo -> &#91;2009/05/31 10&#58;51&#58;27 | 000,000,000 | ---D | M&#93;
Thinstall -> C&#58;\Documents and Settings\Administrator\Application Data\Thinstall -> &#91;2009/08/27 00&#58;58&#58;17 | 000,000,000 | ---D | M&#93;
Ubisoft -> C&#58;\Documents and Settings\Administrator\Application Data\Ubisoft -> &#91;2010/03/09 20&#58;04&#58;52 | 000,000,000 | ---D | M&#93;
uTorrent -> C&#58;\Documents and Settings\Administrator\Application Data\uTorrent -> &#91;2010/03/16 09&#58;47&#58;46 | 000,000,000 | ---D | M&#93;
2DBoy -> C&#58;\Documents and Settings\All Users\Application Data\2DBoy -> &#91;2009/03/08 19&#58;33&#58;50 | 000,000,000 | ---D | M&#93;
BioWare -> C&#58;\Documents and Settings\All Users\Application Data\BioWare -> &#91;2010/01/09 21&#58;03&#58;56 | 000,000,000 | ---D | M&#93;
CCP -> C&#58;\Documents and Settings\All Users\Application Data\CCP -> &#91;2009/01/29 14&#58;26&#58;40 | 000,000,000 | ---D | M&#93;
DAEMON Tools Lite -> C&#58;\Documents and Settings\All Users\Application Data\DAEMON Tools Lite -> &#91;2009/01/29 10&#58;37&#58;39 | 000,000,000 | ---D | M&#93;
MumboJumbo -> C&#58;\Documents and Settings\All Users\Application Data\MumboJumbo -> &#91;2009/10/29 21&#58;03&#58;50 | 000,000,000 | ---D | M&#93;
PlayFirst -> C&#58;\Documents and Settings\All Users\Application Data\PlayFirst -> &#91;2010/01/12 00&#58;27&#58;04 | 000,000,000 | ---D | M&#93;
PopCap Games -> C&#58;\Documents and Settings\All Users\Application Data\PopCap Games -> &#91;2009/05/24 17&#58;21&#58;50 | 000,000,000 | ---D | M&#93;
Redirected -> C&#58;\Documents and Settings\All Users\Application Data\Redirected -> &#91;2009/08/15 23&#58;05&#58;33 | 000,000,000 | ---D | M&#93;
Stardock -> C&#58;\Documents and Settings\All Users\Application Data\Stardock -> &#91;2009/05/26 10&#58;11&#58;28 | 000,000,000 | ---D | M&#93;
{1EB63B4B-5639-4477-8E24-05C31B5F8019} -> C&#58;\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019} -> &#91;2009/05/26 10&#58;11&#58;45 | 000,000,000 | -H-D | M&#93;
{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> C&#58;\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} -> &#91;2010/02/19 00&#58;15&#58;31 | 000,000,000 | -H-D | M&#93;
Ad-Aware Update &#40;Weekly&#41;.job -> C&#58;\WINDOWS\Tasks\Ad-Aware Update &#40;Weekly&#41;.job -> &#91;2010/03/16 09&#58;53&#58;52 | 000,000,496 | ---- | M&#93; &#40;&#41;
SchedLgU.Txt -> C&#58;\WINDOWS\Tasks\SchedLgU.Txt -> &#91;2010/03/16 09&#58;50&#58;47 | 000,032,526 | ---- | M&#93; &#40;&#41;

&#91;File - Purity Scan&#93;

< End of report >[/code]
The same warning message is still popping up, but otherwise, things are great.

Share this post


Link to post
Share on other sites
Hey [b]ohgodhelp[/b],

Apologies, I made a small mistake in my previous fix. Let's do it again. ;)

[color="#0000FF"][b]Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.[/b][/color]

Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) ([b]Avira anti-virus[/b]) as it/they may hinder the tools from running. Instructions is in the link below:

[url="http://www.bleepingcomputer.com/forums/topic114351.html"]http://www.bleepingcomputer.com/forums/topic114351.html[/url]

[color="#8B0000"][b][size=5]1)[/size] Run OTM[/b][/color]
[list]
[*] Please double-click [b]OTM.exe[/b] to run it. (Vista users, please right click on [b]OTM.exe[/b] and select "Run as an [b]Administrator[/b]")
[*][b]Copy everything in the codebox below to the clipboard[/b] by highlighting [b]ALL[/b] of them and [b]pressing CTRL + C[/b] (or, after highlighting, right-click and choose [b]Copy[/b]):

[code]&#58;Reg
&#91;HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run&#93;
&#34;Upabifexeme&#34;=-

&#58;Commands
&#91;purity&#93;
&#91;emptytemp&#93;
&#91;reboot&#93;[/code]

[*] Return to OTM, right click in the [b]"Paste Instructions for Items to be Moved"[/b] window (under the light [color="#FFFF00"][b]Yellow[/b][/color] bar) and choose [b]Paste[/b].
[*]Click the red [b][color="#FF0000"]Moveit![/color][/b] button.
[*]Copy everything in the "Results" window (under the [color="#00FF00"][b]Green[/b][/color] bar) to the clipboard by highlighting [b]ALL[/b] of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close [b]OTM[/b]
[/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose [b]Yes.[/b] In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

[color="#8B0000"][b][size=5]2)[/size] Run Kaspersky Webscanner[/b][/color]

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under [b]Upgrading Java[/b], to download and install the latest vesion.

[b]Upgrading Java[/b]:[list]
[*]Download the latest version of [url="http://java.sun.com/javase/downloads/index.jsp"][b][color="Red"]Java SE Runtime Environment (JRE)JRE 6 Update 18[/color][/b][/url].
[*]Click the "[b]Download[/b]" button to the right.
[*]Select your Platform and check the box that says: "[b]I agree to the Java SE Runtime Environment 6 License Agreement.[/b]".
[*]Click on [b]Continue[/b].
[*]Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
[*]Close any programs you may have running - especially your web browser.
[*]Go to [b]Start[/b] > [b]Control Panel[/b], double-click on [b]Add/Remove [/b]programs and remove all older versions of Java.
[*]Check any item with Java Runtime Environment [b](JRE or J2SE)[/b] in the name.
[*]Click the Remove or Change/Remove button.
[*]Repeat as many times as necessary to remove each Java version.
[*]Reboot your computer once all Java components are removed.
[*]Make sure the C:\Program Files\JAVA folder is removed.
[*]Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the [b]jre-6u18-windows-i586.exe[/b] and select "Run as an Administrator.")
[/list][i][b]THEN[/b][/i]

Please do an online scan with [url="http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html"][color="#3333FF"]Kaspersky WebScanner[/color][/url][list=1]
[*]Read through the requirements and privacy statement and click on [b]Accept[/b] button.
[*]It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click [b]Run[/b].
[*]When the downloads have finished, click on [b]Settings[/b].
[*]Make sure the following is checked.[list][b]Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases[/b]
[/list]
[*]Click on [b]My Computer[/b] under [b]Scan[/b].
[*]Once the scan is complete, it will display the results. Click on [b]View Scan Report[/b].
[*]You will see a list of infected items there. Click on [b]Save Report As...[/b].
[*]Save this report to a convenient place. Change the [b]Files of type[/b] to [b]Text file (.txt)[/b] before clicking on the [b]Save[/b] button.
[*]Please post this log in your next reply.
[/list]
[b]Next reply (please include in your post):[/b]

OTM.txt
Kaspersky scan log

<Insert lnstructions here>

Share this post


Link to post
Share on other sites
[code]All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Upabifexeme deleted successfully.
========== COMMANDS ==========

&#91;EMPTYTEMP&#93;

User&#58; Administrator
->Temp folder emptied&#58; 417700920 bytes
->Temporary Internet Files folder emptied&#58; 13482759 bytes
->Java cache emptied&#58; 12463608 bytes
->FireFox cache emptied&#58; 58776965 bytes

User&#58; All Users

User&#58; Default User
->Temp folder emptied&#58; 0 bytes
->Temporary Internet Files folder emptied&#58; 33170 bytes

User&#58; LocalService
->Temp folder emptied&#58; 0 bytes
->Temporary Internet Files folder emptied&#58; 33170 bytes

User&#58; NetworkService
->Temp folder emptied&#58; 0 bytes
->Temporary Internet Files folder emptied&#58; 0 bytes

%systemdrive% .tmp files removed&#58; 0 bytes
%systemroot% .tmp files removed&#58; 0 bytes
%systemroot%\System32 .tmp files removed&#58; 0 bytes
%systemroot%\System32\drivers .tmp files removed&#58; 0 bytes
Windows Temp folder emptied&#58; 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied&#58; 0 bytes
RecycleBin emptied&#58; 33619245 bytes

Total Files Cleaned = 511.00 mb


OTM by OldTimer - Version 3.1.9.0 log created on 03172010_121405

Files moved on Reboot...
File C&#58;\Documents and Settings\Administrator\Local Settings\Temp\hsperfdata_Administrator\3204 not found!

Registry entries deleted on Reboot...[/code]
Kaspersky is not working for me. It caused Firefox to freeze up on me twice. Then I remembered the last time I used Kaspersky I had to use Internet Explorer instead of Firefox. When I tried that, it told me that it does not work under 64-bit operating systems. I'll try running the scan in firefox again tonight, and hope it doesn't freeze up after a few hour, but I'm not expecting any different results.

Share this post


Link to post
Share on other sites
Hi [b]ohgodhelp[/b],

Is the error message still popping up? ;) If Kaspersky doesn't work, try the following:

Please run a free online scan with the [url="http://www.eset.com/onlinescan/"][b][color="blue"]ESET Online Scanner[/color][/b][/url]
[b][i]Note[/b]: You will need to use Internet Explorer for this scan[/i][list]
[*]Tick the box next to [b]YES, I accept the Terms of Use[/b]
[*]Click [b]Start[/b]
[*]When asked, allow the ActiveX control to install
[*]Click [b]Start[/b]
[*]Make sure that the options [b]Remove found threats[/b] and the option [b]Scan unwanted applications[/b] is checked
[*]Click [b]Scan[/b] (This scan can take several hours, so please be patient)
[*]Once the scan is completed, you may close the window
[*]Use [b]Notepad[/b] to open the logfile located at C:\Program Files\EsetOnlineScanner\[b]log.txt[/b]
[*]Copy and paste that log as a reply to this topic
[/list]

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this