Find your solution!

Muffin723 · 31-Oct-2009, 06:16 PM #1

i have a trojan.fakealert ... i do not understand what it is fully ... but i have read that it slows down my computer. i need help on removining it for free as i'm under age to buy a removal product. i have windows vista.
thanks you.

NeonFx · 01-Nov-2009, 01:08 AM #2

Hello there

Welcome to the Tech Support Guy forums.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.

Please note the following:

The fixes are specific to your problem and should only be used on this machine.
Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Step 1

Download OTS to your Desktop

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Under Additional Scans check the following:
- Reg - Desktop Components
- Reg - Disabled MS Config Items
- Reg - NetSvcs
- Reg - Shell Spawning
- Reg - Uninstall List
- File - Lop Check
- File - Purity Scan
- Evnt - EvtViewer (last 10)
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post. To do so click on the blue "Reply" button or "Go Advanced" and click on the "Manage Attachments" button

To ensure that I get all the information this log will need to be attached. If it is too large to attach then upload it to Mediafire and post the sharing link.

Step 2

Download RootRepeal from one of the following locations and save it to your desktop:

Link 1
Link 2
Link 3

Double click to start the program
Click on the Report tab at the bottom of the program window
Click the button
In the Select Scan dialog, check:
- Shadow SSDT
Click the OK button
In the next dialog, select all drives showing
Click OK to start the scan
Note: The scan can take some time. DO NOT run any other programs while the scan is running
When the scan is complete, click the button and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

Muffin723 · 01-Nov-2009, 12:39 PM #3

i m finding it hard to upload so i will give u bit by bit.

Muffin723 · 01-Nov-2009, 12:40 PM #4

[code]
OTS logfile created on: 01/11/2009 17:20:26 - Run 1
OTS by OldTimer - Version 3.1.1.6 Folder = C:\Users\m\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NUR1KGU
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.55% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.35 Gb Total Space | 134.58 Gb Free Space | 60.80% Space Free | Partition Type: NTFS
Drive D: | 11.53 Gb Total Space | 2.22 Gb Free Space | 19.26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: M-PC
Current User Name: m
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
seccenter.exe -> C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe -> File not found
ots[1].exe -> C:\Users\Muffin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NUR1KGU\OTS[1].exe -> File not found
a2service.exe -> C:\Program Files\a-squared Free\a2service.exe -> [2009/09/27 08:36:40 | 01,858,144 | ---- | M] (Emsi Software GmbH)
iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/08/27 05:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/08/27 05:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/08/27 05:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/08/27 05:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation)
googletoolbaruser_32.exe -> C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe -> [2009/08/26 13:40:38 | 00,277,104 | ---- | M] (Google Inc.)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/07/31 14:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> [2009/07/26 15:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation)
flashutil10c.exe -> C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe -> [2009/07/18 03:12:12 | 00,257,440 | R--- | M] (Adobe Systems, Inc.)
rthdvcpl.exe -> C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -> [2009/06/09 09:25:54 | 07,539,232 | ---- | M] (Realtek Semiconductor)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.)
seaport.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> C:\Windows\System32\wbem\WmiPrvSE.exe -> [2009/04/11 06:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation)
werfault.exe -> C:\Windows\System32\WerFault.exe -> [2009/04/11 06:28:11 | 00,217,088 | ---- | M] (Microsoft Corporation)
sidebar.exe -> C:\Program Files\Windows Sidebar\sidebar.exe -> [2009/04/11 06:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 06:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation)
wlidsvc.exe -> C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -> [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation)
wlidsvcm.exe -> C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE -> [2009/03/30 15:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation)
presentationfontcache.exe -> C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2009/02/18 18:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation)
wltuser.exe -> C:\Program Files\Windows Live\Toolbar\wltuser.exe -> [2009/02/06 17:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation)
wlcomm.exe -> C:\Program Files\Windows Live\Contacts\wlcomm.exe -> [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation)
googletoolbarnotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2009/01/07 17:42:41 | 00,039,408 | ---- | M] (Google Inc.)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
nvvsvc.exe -> C:\Windows\System32\nvvsvc.exe -> [2008/12/04 02:42:00 | 00,203,296 | ---- | M] (NVIDIA Corporation)
groovemonitor.exe -> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe -> [2008/10/25 10:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation)
hphc_service.exe -> c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe -> [2008/10/09 07:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard)
syntphelper.exe -> C:\Program Files\Synaptics\SynTP\SynTPHelper.exe -> [2008/06/20 15:37:44 | 00,103,720 | ---- | M] (Synaptics, Inc.)
syntpenh.exe -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> [2008/06/20 15:37:34 | 01,316,136 | ---- | M] (Synaptics, Inc.)
iaantmon.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2008/04/15 16:54:42 | 00,354,840 | ---- | M] (Intel Corporation)
iaanotif.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2008/04/15 16:54:40 | 00,178,712 | ---- | M] (Intel Corporation)
ehtray.exe -> C:\Windows\ehome\ehtray.exe -> [2008/01/21 02:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation)
ehmsas.exe -> C:\Windows\ehome\ehmsas.exe -> [2008/01/21 02:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation)
qpcapsvc.exe -> C:\Program Files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe -> [2007/12/20 02:28:34 | 00,271,760 | ---- | M] ()
qpsched.exe -> C:\Program Files\Hp\QuickPlay\Kernel\TV\QPSched.exe -> [2007/12/20 02:28:34 | 00,112,016 | ---- | M] ()
qpservice.exe -> C:\Program Files\Hp\QuickPlay\QPService.exe -> [2007/12/20 02:27:50 | 00,468,264 | ---- | M] (CyberLink Corp.)
qlbctrl.exe -> C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe -> [2007/09/19 21:31:34 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
hpwamain.exe -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe -> [2007/09/13 16:47:52 | 00,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpkbdapp.exe -> C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe -> [2007/09/04 20:54:20 | 00,554,320 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
lssrvc.exe -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2007/08/23 16:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company)
avp.exe -> C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe -> [2007/08/23 13:16:26 | 00,200,768 | ---- | M] (PCSecurityShield)
avp.exe -> C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe -> [2007/08/23 13:16:26 | 00,200,768 | ---- | M] (PCSecurityShield)
hpqtoaster.exe -> C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe -> [2007/05/16 18:43:06 | 00,677,432 | R--- | M] ()
richvideo.exe -> C:\Program Files\CyberLink\Shared Files\RichVideo.exe -> [2007/01/09 10:25:30 | 00,272,024 | ---- | M] ()
wifimsg.exe -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe -> [2007/01/08 23:53:06 | 00,311,296 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpqwmiex.exe -> C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -> [2006/05/02 23:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.)

[Win32 Services - Safe List]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.)
(a2free) a-squared Free Service [Win32_Own | Auto | Running] -> C:\Program Files\a-squared Free\a2service.exe -> [2009/09/27 08:36:40 | 01,858,144 | ---- | M] (Emsi Software GmbH)
(gupdate1c9f7c6f5ee4420) gupdate1c9f7c6f5ee4420 [Win32_Own | Auto | Stopped] -> C:\Program Files\Google\Update\GoogleUpdate.exe -> [2009/06/28 08:03:32 | 00,133,104 | ---- | M] (Google Inc.)
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Stopped] -> C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -> [2009/06/02 09:10:08 | 00,637,952 | ---- | M] (Nokia.)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.)
(SeaPort) SeaPort [Win32_Own | Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
(gusvc) Google Software Updater [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/04/24 18:23:08 | 00,182,768 | ---- | M] (Google)
(Eventlog) Windows Event Log [Win32_Shared | Auto | Running] -> C:\Windows\System32\wevtsvc.dll -> [2009/04/11 06:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation)
(wlidsvc) Windows Live ID Sign-in Assistant [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/03/30 04:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Running] -> C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2009/02/18 18:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2009/02/18 18:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2009/02/18 18:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(nvsvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> C:\Windows\System32\nvvsvc.exe -> [2008/12/04 02:42:00 | 00,203,296 | ---- | M] (NVIDIA Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation)
(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -> [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation)
(HP Health Check Service) HP Health Check Service [Win32_Own | Auto | Running] -> c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -> [2008/10/09 07:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard)
(IAANTMON) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2008/04/15 16:54:42 | 00,354,840 | ---- | M] (Intel Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/21 02:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation)
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehrecvr.exe -> [2008/01/21 02:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation)
(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/21 02:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation)
(QPCapSvc) QuickPlay Background Capture Service (QBCS) [Win32_Own | Auto | Running] -> C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -> [2007/12/20 02:28:34 | 00,271,760 | ---- | M] ()
(QPSched) QuickPlay Task Scheduler (QTS) [Win32_Own | Auto | Running] -> C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -> [2007/12/20 02:28:34 | 00,112,016 | ---- | M] ()
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2007/08/23 16:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company)
(AVP) The Shield Deluxe 2008 [Win32_Own | Auto | Running] -> C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe -> [2007/08/23 13:16:26 | 00,200,768 | ---- | M] (PCSecurityShield)
(Com4Qlb) Com4Qlb [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -> [2007/03/05 17:30:06 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> C:\Program Files\CyberLink\Shared Files\RichVideo.exe -> [2007/01/09 10:25:30 | 00,272,024 | ---- | M] ()
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2006/11/02 12:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 12:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 22:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] -> C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -> [2006/05/02 23:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)

[Driver Services - Safe List]
(BDSelfPr) BDSelfPr [Kernel | Unknown | Running] -> -> File not found
(bdftdif) bdftdif [Kernel | Unknown | Running] -> -> File not found
(bdfsfltr) bdfsfltr [File_System | Unknown | Running] -> -> File not found
(bdfm) bdfm [File_System | Unknown | Running] -> -> File not found
(KLIF) KLIF [File_System | System | Running] -> C:\Windows\System32\drivers\klif.sys -> [2009/10/03 14:43:55 | 00,115,992 | ---- | M] (Kaspersky Lab)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\RTKVHDA.sys -> [2009/06/09 09:13:42 | 02,366,752 | ---- | M] (Realtek Semiconductor Corp.)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usbaapl.sys -> [2009/05/29 12:36:16 | 00,039,424 | ---- | M] (Apple, Inc.)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\GEARAspiWDM.sys -> [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.)
(usbser) Nokia USB Serial Port [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usbser.sys -> [2009/04/11 04:42:54 | 00,027,648 | ---- | M] (Microsoft Corporation)
(nmwcdnsu) Nokia USB Flashing Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nmwcdnsu.sys -> [2009/03/19 13:48:18 | 00,136,704 | ---- | M] (Nokia)
(nmwcdnsuc) Nokia USB Flashing Generic [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nmwcdnsuc.sys -> [2009/03/19 13:48:12 | 00,008,320 | ---- | M] (Nokia)
(UsbserFilt) UsbserFilt [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usbser_lowerfltj.sys -> [2009/02/09 07:37:56 | 00,007,808 | ---- | M] (Nokia)
(upperdev) upperdev [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usbser_lowerflt.sys -> [2009/02/09 07:37:48 | 00,007,808 | ---- | M] (Nokia)
(nmwcdc) Nokia USB Generic [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ccdcmbo.sys -> [2009/02/09 07:37:46 | 00,022,016 | ---- | M] (Nokia)
(nmwcd) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ccdcmb.sys -> [2009/02/09 07:37:46 | 00,017,664 | ---- | M] (Nokia)
(nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2008/12/04 02:42:00 | 07,606,688 | ---- | M] (NVIDIA Corporation)
(NETw5v32) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\NETw5v32.sys -> [2008/11/17 15:40:22 | 03,668,480 | ---- | M] (Intel Corporation)
(pccsmcfd) PCCS Mode Change Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\pccsmcfd.sys -> [2008/08/26 09:26:12 | 00,018,816 | ---- | M] (Nokia)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\SynTP.sys -> [2008/06/20 15:37:38 | 00,200,112 | ---- | M] (Synaptics, Inc.)
(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\iaStor.sys -> [2008/04/15 16:53:44 | 00,312,344 | ---- | M] (Intel Corporation)
(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Rtlh86.sys -> [2008/01/24 23:46:40 | 00,106,496 | ---- | M] (Realtek Corporation )
(MegaSR) MegaSR [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasr.sys -> [2008/01/21 02:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2008/01/21 02:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2008/01/21 02:23:27 | 00,031,288 | ---- | M] (LSI Corporation)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2008/01/21 02:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2008/01/21 02:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2008/01/21 02:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2008/01/21 02:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2008/01/21 02:23:25 | 00,089,656 | ---- | M] (LSI Logic)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2008/01/21 02:23:24 | 01,122,360 | ---- | M] (QLogic Corporation)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2008/01/21 02:23:24 | 00,118,784 | ---- | M] (Intel Corporation)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2008/01/21 02:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\VSTCNXT3.SYS -> [2008/01/21 02:23:23 | 00,654,336 | ---- | M] (Conexant Systems, Inc.)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2008/01/21 02:23:23 | 00,235,064 | ---- | M] (Intel Corporation)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2008/01/21 02:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2008/01/21 02:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2008/01/21 02:23:23 | 00,096,312 | ---- | M] (LSI Logic)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2008/01/21 02:23:23 | 00,096,312 | ---- | M] (LSI Logic)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2008/01/21 02:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\VSTDPV3.SYS -> [2008/01/21 02:23:22 | 00,987,648 | ---- | M] (Conexant Systems, Inc.)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2008/01/21 02:23:22 | 00,342,584 | ---- | M] (Emulex)
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\VSTAZL3.SYS -> [2008/01/21 02:23:22 | 00,200,704 | ---- | M] (Conexant Systems, Inc.)
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2008/01/21 02:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.)
(nvraid) NVIDIA nForce RAID Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2008/01/21 02:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2008/01/21 02:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation)
(NETw3v32) Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\NETw3v32.sys -> [2008/01/21 02:23:20 | 02,225,664 | ---- | M] (Intel Corporation)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2008/01/21 02:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2008/01/21 02:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2008/01/21 02:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2008/01/21 02:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.)
(NETw4v32) Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\NETw4v32.sys -> [2007/10/31 18:36:32 | 02,252,800 | ---- | M] (Intel Corporation)
(rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rimmptsk.sys -> [2007/08/08 19:42:08 | 00,045,568 | ---- | M] (REDC)
(hwdatacard) Huawei DataCard USB Modem and USB Serial [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ewusbmdm.sys -> [2007/08/08 10:07:42 | 00,101,504 | ---- | M] (Huawei Technologies Co., Ltd.)
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rixdptsk.sys -> [2007/07/30 10:54:02 | 00,038,400 | ---- | M] (REDC)
(rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rimsptsk.sys -> [2007/07/30 09:42:58 | 00,043,008 | ---- | M] (REDC)
(HpqRemHid) HP Remote Control HID Device [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HpqRemHid.sys -> [2007/07/11 17:30:22 | 00,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(HpqKbFiltr) HpqKbFilter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HpqKbFiltr.sys -> [2007/06/19 00:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(kl1) kl1 [Kernel | System | Running] -> C:\Windows\System32\drivers\kl1.sys -> [2007/03/03 20:39:06 | 00,110,360 | ---- | M] (Kaspersky Lab)
(KLIM6) Kaspersky Anti-Virus NDIS 6 Filter [Kernel | System | Running] -> C:\Windows\System32\drivers\klim6.sys -> [2007/01/25 19:33:22 | 00,020,760 | ---- | M] (Kaspersky Lab)
(smserial) smserial [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\smserial.sys -> [2007/01/17 13:38:52 | 00,983,936 | ---- | M] (Motorola Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\Windows\system32\Drivers\PxHelp20.sys -> [2006/11/02 16:57:04 | 00,036,624 | ---- | M] (Sonic Solutions)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 09:50:35 | 00,106,088 | ---- | M] (QLogic Corporation)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 09:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 09:50:19 | 00,045,160 | ---- | M] (IBM Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 09:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 09:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 09:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 09:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 09:50:05 | 00,035,944 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 09:50:03 | 00,034,920 | ---- | M] (LSI Logic)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 09:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 09:49:56 | 00,031,848 | ---- | M] (LSI Logic)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 08:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 08:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 08:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 08:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 08:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 08:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 07:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nvm60x32.sys -> [2006/11/02 07:30:56 | 00,429,056 | ---- | M] (NVIDIA Corporation)
(BCM43XV) Broadcom Extensible 802.11 Network Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\BCMWL6.SYS -> [2006/11/02 07:30:53 | 00,464,384 | ---- | M] (Broadcom Corporation)
(secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/02 06:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

Muffin723 · 01-Nov-2009, 12:41 PM #5

[Modules - Safe List]
ots[1].exe -> C:\Users\Muffin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NUR1KGU\OTS[1].exe -> File not found
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll -> [2009/04/11 06:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation)
r3hook.dll -> C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\r3hook.dll -> [2007/03/09 19:51:16 | 00,061,440 | ---- | M] (Kaspersky Lab)
scrchpg.dll -> C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scrchpg.dll -> [2007/03/09 19:48:32 | 00,147,520 | ---- | M] (Kaspersky Lab)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\] > -> ->
HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop ->
HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\: Main\\"Local Page" -> C:\Windows\system32\blank.htm ->
HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\: Main\\"Search Page" -> http://www.google.com ->
HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\: Main\\"Start Page" -> http://www.google.co.uk/ ->
HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\: Main\\"StartPageCache" -> 1 ->
HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar] -> File not found
HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\: "ProxyOverride" -> *.local ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com -> C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\bkmrksync [C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\] -> File not found
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\DotNetAssistantExtension [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> File not found
< FireFox Extensions [User Folders] > ->
< HOSTS File > (761 bytes and 20 lines) -> C:\Windows\System32\drivers\etc\HOSTS ->
Reset Hosts
127.0.0.1 localhost
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar Helper] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 22:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{4AFC04A3-B551-4B68-9BEB-8677D90150D9} [HKLM] -> C:\Windows\System32\wincontrol.dll [&Research] -> File not found
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 10:36:18 | 00,137,600 | ---- | M] (Microsoft Corporation)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 14:19:32 | 02,217,848 | ---- | M] (Microsoft Corporation)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live ID Sign-in Helper] -> [2009/03/30 15:31:54 | 00,403,824 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2009/08/26 13:39:27 | 00,256,112 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [Google Toolbar Notifier BHO] -> [2009/10/08 16:41:07 | 00,762,864 | ---- | M] (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [Google Dictionary Compression sdch] -> [2009/08/26 13:38:40 | 00,458,736 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/07/31 14:23:13 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 17:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 17:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009/08/26 13:39:27 | 00,256,112 | ---- | M] (Google Inc.)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\] > -> HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 17:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009/08/26 13:39:27 | 00,256,112 | ---- | M] (Google Inc.)
WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/10/15 00:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"AppleSyncNotifier" -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> [2009/08/13 14:51:42 | 00,177,440 | ---- | M] (Apple Inc.)
"AVP" -> C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe ["C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe"] -> [2007/08/23 13:16:26 | 00,200,768 | ---- | M] (PCSecurityShield)
"GrooveMonitor" -> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2008/10/25 10:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation)
"HP Health Check Scheduler" -> c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2008/10/09 07:58:56 | 00,075,008 | ---- | M] (Hewlett-Packard)
"hpWirelessAssistant" -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe ["C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"] -> [2007/09/13 16:47:52 | 00,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"IAAnotif" -> C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe ["C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"] -> [2008/04/15 16:54:40 | 00,178,712 | ---- | M] (Intel Corporation)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.)
"NvCplDaemon" -> C:\Windows\System32\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2008/12/04 02:42:00 | 13,556,256 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\Windows\System32\NvMcTray.DLL [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/12/04 02:42:00 | 00,092,704 | ---- | M] (NVIDIA Corporation)
"OnScreenDisplay" -> C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ["C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe"] -> [2007/09/04 20:54:20 | 00,554,320 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
"QlbCtrl" -> ["%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start] -> File not found
"QPService" -> C:\Program Files\HP\QuickPlay\QPService.exe ["C:\Program Files\HP\QuickPlay\QPService.exe"] -> [2007/12/20 02:27:50 | 00,468,264 | ---- | M] (CyberLink Corp.)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/09/05 00:54:42 | 00,417,792 | ---- | M] (Apple Inc.)
"RtHDVCpl" -> C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe] -> [2009/06/09 09:25:54 | 07,539,232 | ---- | M] (Realtek Semiconductor)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/07/31 14:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
"SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"] -> [2008/06/20 15:37:34 | 01,316,136 | ---- | M] (Synaptics, Inc.)
"UCam_Menu" -> C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe ["C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"] -> [2007/08/17 06:13:28 | 00,218,408 | ---- | M] (CyberLink Corp.)
"WAWifiMessage" -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe ["C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"] -> [2007/01/08 23:53:06 | 00,311,296 | ---- | M] (Hewlett-Packard Development Company, L.P.)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files\Windows Sidebar\sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2009/04/11 06:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 06:28:23 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files\Windows Sidebar\sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2009/04/11 06:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 06:28:23 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\] > -> HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"EA Core" -> C:\Program Files\Electronic Arts\EA Link\Core.exe ["C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent] -> File not found
"ehTray.exe" -> C:\Windows\ehome\ehtray.exe [C:\Windows\ehome\ehTray.exe] -> [2008/01/21 02:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation)
"msnmsgr" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/07/26 15:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation)
"Sidebar" -> C:\Program Files\Windows Sidebar\sidebar.exe ["C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun] -> [2009/04/11 06:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation)
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2009/01/07 17:42:41 | 00,039,408 | ---- | M] (Google Inc.)
"systeminit.exe" -> C:\Users\m\AppData\Local\Temp\systeminit.exe [C:\Users\m\AppData\Local\Temp\systeminit.exe] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explo rer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explo rer
\\"BindDirectlyToPropertySetStorage" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Syste m ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Syste m
\\"ConsentPromptBehaviorAdmin" -> [2] -> File not found
\\"ConsentPromptBehaviorUser" -> [1] -> File not found
\\"EnableInstallerDetection" -> [1] -> File not found
\\"EnableLUA" -> [1] -> File not found
\\"EnableSecureUIAPaths" -> [1] -> File not found
\\"EnableVirtualization" -> [1] -> File not found
\\"PromptOnSecureDesktop" -> [1] -> File not found
\\"ValidateAdminCodeSignatures" -> [0] -> File not found
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"scforceoption" -> [0] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"FilterAdministratorToken" -> [0] -> File not found
\\"EnableUIADesktopToggle" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Syste m\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\] > -> HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000] -> [2009/05/04 07:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:{85E0B171-04FA-11D1-B7DA-00A0C90348D6} [HKLM] -> C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll [Button: Web Anti-Virus statistics] -> [2007/08/23 12:56:54 | 00,241,728 | ---- | M] (PCSecurityShield)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/07/26 19:17:14 | 00,186,192 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/07/26 19:17:14 | 00,186,192 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 06:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 06:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 03:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPre fix
"" -> http://

Muffin723 · 01-Nov-2009, 12:42 PM #6

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\] > -> HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\] > -> HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/downlo...eckControl.cab [Windows Genuine Advantage Validation Tool] ->
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://download.macromedia.com/pub/s...irector/sw.cab [Shockwave ActiveX Control] ->
{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} [HKLM] -> http://dl.tvunetworks.com/TVUAx.cab [CTVUAxCtrl Object] ->
{4871A87A-BFDD-4106-8153-FFDE2BAC2967} [HKLM] -> http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab [DLM Control] ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} [HKLM] -> http://download.divx.com/player/DivXBrowserPlugin.cab [DivXBrowserPlugin Object] ->
{8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/...Uploader55.cab [Facebook Photo Uploader 5 Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_16] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get.../ultrashim.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_16] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_16] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] ->
{EDFCB7CB-942C-4822-AF14-F0B687409848} [HKLM] -> http://cdnimg.piczo.com/images/uploa...t_uploader.cab [Image Uploader Control] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapt ers\ ->
{CA416AA5-6787-423D-995B-FD11229B8A46}\\DhcpNameServer -> 192.168.2.1 (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\PCSECU~1\THESHI~1\r3hook.dll -> C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\r3hook.dll -> [2007/03/09 19:51:16 | 00,061,440 | ---- | M] (Kaspersky Lab)
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 06:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
klogon -> C:\Windows\System32\klogon.dll -> [2007/08/23 13:03:48 | 00,204,864 | ---- | M] (PCSecurityShield)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 14:19:32 | 02,217,848 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\autoexec.bat [ NTFS ] -> [2008/03/07 15:43:13 | 00,000,074 | ---- | M] ()
D:\AUTOMODE [@echo off | IF EXIST C:\ST_RP\MANUALMODE ECHO MANUAL BATCH MODE ALREADY SET ! | IF NOT EXIST C:\ST_RP\MANUALMODE ECHO SET TO MANUAL BATCH EXECUTION ! | IF NOT EXIST C:\ST_RP\MANUALMODE IF EXIST C:\ST_RP\AUTOMODE DEL C:\ST_RP\AUTOMODE /F > NUL | IF NOT EXIST C:\ST_RP\MANUALMODE COPY C:\ST_RP\SET_AUTO_MODE.CMD C:\ST_RP\MANUALMODE > NUL | ECHO. | ] -> D:\AUTOMODE [ NTFS ] -> [2005/09/11 15:18:54 | 00,000,340 | -HS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2 ->
\{6d8ad00d-f11a-11dd-81b7-001e68a25524}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{6d8ad00d-f11a-11dd-81b7-001e68a25524}\shell\AutoRun\command
\{6d8ad00d-f11a-11dd-81b7-001e68a25524}\shell\AutoRun\command\\"" -> F:\ckwxkwg.exe [F:\ckwxkwg.exe] -> File not found
\{6d8ad00d-f11a-11dd-81b7-001e68a25524}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{6d8ad00d-f11a-11dd-81b7-001e68a25524}\shell\explore\Command
\{6d8ad00d-f11a-11dd-81b7-001e68a25524}\shell\explore\Command\\"" -> F:\ckwxkwg.exe [F:\ckwxkwg.exe] -> File not found
\{6d8ad00d-f11a-11dd-81b7-001e68a25524}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{6d8ad00d-f11a-11dd-81b7-001e68a25524}\shell\open\Command
\{6d8ad00d-f11a-11dd-81b7-001e68a25524}\shell\open\Command\\"" -> F:\ckwxkwg.exe [F:\ckwxkwg.exe] -> File not found
\{72b705e0-237b-11de-ae87-001e68a25524}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{72b705e0-237b-11de-ae87-001e68a25524}\shell\AutoRun\command
\{72b705e0-237b-11de-ae87-001e68a25524}\shell\AutoRun\command\\"" -> F:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe [F:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe] -> File not found
\{72b705e0-237b-11de-ae87-001e68a25524}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{72b705e0-237b-11de-ae87-001e68a25524}\shell\open\command
\{72b705e0-237b-11de-ae87-001e68a25524}\shell\open\command\\"" -> F:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe [F:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe] -> File not found
\{75a8b331-7f78-11dd-91cf-001e68a25524}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{75a8b331-7f78-11dd-91cf-001e68a25524}\shell
\{75a8b331-7f78-11dd-91cf-001e68a25524}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{75a8b331-7f78-11dd-91cf-001e68a25524}\shell\AutoRun\command
\{75a8b331-7f78-11dd-91cf-001e68a25524}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe] -> File not found
\{75a8b35a-7f78-11dd-91cf-001e68a25524}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{75a8b35a-7f78-11dd-91cf-001e68a25524}\shell
\{75a8b35a-7f78-11dd-91cf-001e68a25524}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{75a8b35a-7f78-11dd-91cf-001e68a25524}\shell\AutoRun\command
\{75a8b35a-7f78-11dd-91cf-001e68a25524}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found

[Files/Folders - Created Within 30 Days]
C:\Users\m\AppData\Roaming\BitDefender -> C:\Users\Muffin\AppData\Roaming\BitDefender -> [2009/10/31 22:55:38 | 00,000,000 | ---D | C]
BitDefender -> C:\ProgramData\BitDefender -> [2009/10/31 22:54:36 | 00,000,000 | ---D | C]
C:\ProgramData\BitDefender -> C:\ProgramData\BitDefender -> [2009/10/31 22:54:36 | 00,000,000 | ---D | C]
C:\Program Files\BitDefender -> C:\Program Files\BitDefender -> [2009/10/31 22:54:36 | 00,000,000 | ---D | C]
Config.Msi -> C:\Config.Msi -> [2009/10/31 22:54:31 | 00,000,000 | -HSD | C]
C:\Program Files\Common Files\BitDefender -> C:\Program Files\Common Files\BitDefender -> [2009/10/31 22:49:03 | 00,000,000 | ---D | C]
C:\Users\m\AppData\Local\Threat Expert -> C:\Users\Muffin\AppData\Local\Threat Expert -> [2009/10/31 22:01:57 | 00,000,000 | ---D | C]
C:\Program Files\Trend Micro -> C:\Program Files\Trend Micro -> [2009/10/31 21:52:47 | 00,000,000 | ---D | C]
C:\Program Files\iPod -> C:\Program Files\iPod -> [2009/10/31 21:24:47 | 00,000,000 | ---D | C]
C:\Program Files\iTunes -> C:\Program Files\iTunes -> [2009/10/31 21:24:44 | 00,000,000 | ---D | C]
wmp.dll -> C:\Windows\System32\wmp.dll -> [2009/10/29 19:57:10 | 10,627,584 | ---- | C] (Microsoft Corporation)
unregmp2.exe -> C:\Windows\System32\unregmp2.exe -> [2009/10/29 19:57:07 | 00,310,784 | ---- | C] (Microsoft Corporation)
wmploc.DLL -> C:\Windows\System32\wmploc.DLL -> [2009/10/29 19:57:04 | 08,147,456 | ---- | C] (Microsoft Corporation)
wups2.dll -> C:\Windows\System32\wups2.dll -> [2009/10/27 13:38:07 | 00,044,768 | ---- | C] (Microsoft Corporation)
wucltux.dll -> C:\Windows\System32\wucltux.dll -> [2009/10/27 13:38:06 | 02,421,760 | ---- | C] (Microsoft Corporation)
wuaueng.dll -> C:\Windows\System32\wuaueng.dll -> [2009/10/27 13:38:06 | 01,929,952 | ---- | C] (Microsoft Corporation)
wuauclt.exe -> C:\Windows\System32\wuauclt.exe -> [2009/10/27 13:38:06 | 00,053,472 | ---- | C] (Microsoft Corporation)
wuapi.dll -> C:\Windows\System32\wuapi.dll -> [2009/10/27 13:37:05 | 00,575,704 | ---- | C] (Microsoft Corporation)
wudriver.dll -> C:\Windows\System32\wudriver.dll -> [2009/10/27 13:37:05 | 00,087,552 | ---- | C] (Microsoft Corporation)
wups.dll -> C:\Windows\System32\wups.dll -> [2009/10/27 13:37:05 | 00,035,552 | ---- | C] (Microsoft Corporation)
wuwebv.dll -> C:\Windows\System32\wuwebv.dll -> [2009/10/27 13:36:53 | 00,171,608 | ---- | C] (Microsoft Corporation)
wuapp.exe -> C:\Windows\System32\wuapp.exe -> [2009/10/27 13:36:53 | 00,033,792 | ---- | C] (Microsoft Corporation)
Unit 4 -> C:\Users\m\Desktop\Unit 4 -> [2009/10/22 16:04:53 | 00,000,000 | ---D | C]
javaws.exe -> C:\Windows\System32\javaws.exe -> [2009/10/21 16:37:25 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.)
javaw.exe -> C:\Windows\System32\javaw.exe -> [2009/10/21 16:37:25 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
java.exe -> C:\Windows\System32\java.exe -> [2009/10/21 16:37:25 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
mshtml.dll -> C:\Windows\System32\mshtml.dll -> [2009/10/16 18:38:24 | 05,940,224 | ---- | C] (Microsoft Corporation)
ieframe.dll -> C:\Windows\System32\ieframe.dll -> [2009/10/16 18:38:23 | 11,069,440 | ---- | C] (Microsoft Corporation)
iertutil.dll -> C:\Windows\System32\iertutil.dll -> [2009/10/16 18:38:22 | 01,985,536 | ---- | C] (Microsoft Corporation)
urlmon.dll -> C:\Windows\System32\urlmon.dll -> [2009/10/16 18:38:22 | 01,208,832 | ---- | C] (Microsoft Corporation)
wininet.dll -> C:\Windows\System32\wininet.dll -> [2009/10/16 18:38:22 | 00,916,480 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\System32\msfeeds.dll -> [2009/10/16 18:38:22 | 00,594,432 | ---- | C] (Microsoft Corporation)
occache.dll -> C:\Windows\System32\occache.dll -> [2009/10/16 18:38:22 | 00,206,848 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2009/10/16 18:38:21 | 01,638,912 | ---- | C] (Microsoft Corporation)
inetcpl.cpl -> C:\Windows\System32\inetcpl.cpl -> [2009/10/16 18:38:21 | 01,469,440 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\System32\iedkcs32.dll -> [2009/10/16 18:38:21 | 00,387,584 | ---- | C] (Microsoft Corporation)
iepeers.dll -> C:\Windows\System32\iepeers.dll -> [2009/10/16 18:38:21 | 00,184,320 | ---- | C] (Microsoft Corporation)
ie4uinit.exe -> C:\Windows\System32\ie4uinit.exe -> [2009/10/16 18:38:21 | 00,173,056 | ---- | C] (Microsoft Corporation)
ieui.dll -> C:\Windows\System32\ieui.dll -> [2009/10/16 18:38:21 | 00,164,352 | ---- | C] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2009/10/16 18:38:21 | 00,133,632 | ---- | C] (Microsoft Corporation)
iesysprep.dll -> C:\Windows\System32\iesysprep.dll -> [2009/10/16 18:38:21 | 00,109,056 | ---- | C] (Microsoft Corporation)
iesetup.dll -> C:\Windows\System32\iesetup.dll -> [2009/10/16 18:38:21 | 00,071,680 | ---- | C] (Microsoft Corporation)
iernonce.dll -> C:\Windows\System32\iernonce.dll -> [2009/10/16 18:38:21 | 00,055,808 | ---- | C] (Microsoft Corporation)
msfeedsbs.dll -> C:\Windows\System32\msfeedsbs.dll -> [2009/10/16 18:38:21 | 00,055,296 | ---- | C] (Microsoft Corporation)
jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2009/10/16 18:38:21 | 00,025,600 | ---- | C] (Microsoft Corporation)
msfeedssync.exe -> C:\Windows\System32\msfeedssync.exe -> [2009/10/16 18:38:21 | 00,013,312 | ---- | C] (Microsoft Corporation)
msv1_0.dll -> C:\Windows\System32\msv1_0.dll -> [2009/10/16 18:38:06 | 00,218,624 | ---- | C] (Microsoft Corporation)
ntkrnlpa.exe -> C:\Windows\System32\ntkrnlpa.exe -> [2009/10/16 18:38:00 | 03,600,456 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> C:\Windows\System32\ntoskrnl.exe -> [2009/10/16 18:38:00 | 03,548,216 | ---- | C] (Microsoft Corporation)
msasn1.dll -> C:\Windows\System32\msasn1.dll -> [2009/10/16 18:37:35 | 00,060,928 | ---- | C] (Microsoft Corporation)
srv2.sys -> C:\Windows\System32\drivers\srv2.sys -> [2009/10/16 18:37:00 | 00,144,896 | ---- | C] (Microsoft Corporation)
WMSPDMOD.DLL -> C:\Windows\System32\WMSPDMOD.DLL -> [2009/10/16 18:32:14 | 00,604,672 | ---- | C] (Microsoft Corporation)
Ilford pics -> C:\Users\m\Desktop\Ilford pics -> [2009/10/11 12:04:15 | 00,000,000 | ---D | C]
YEAR 11 -> C:\Users\m\Desktop\YEAR 11 -> [2009/10/09 17:22:21 | 00,000,000 | ---D | C]
Baacck up -> C:\Users\m\Desktop\Baacck up -> [2009/10/08 17:56:34 | 00,000,000 | ---D | C]
Office Genuine Advantage -> C:\ProgramData\Office Genuine Advantage -> [2009/10/07 19:29:15 | 00,000,000 | ---D | C]
C:\ProgramData\Office Genuine Advantage -> C:\ProgramData\Office Genuine Advantage -> [2009/10/07 19:29:15 | 00,000,000 | ---D | C]
Office Genuine Advantage -> C:\Users\m\Office Genuine Advantage -> [2009/10/07 19:29:12 | 00,000,000 | ---D | C]
kerberos.dll -> C:\Windows\System32\kerberos.dll -> [2009/10/07 19:15:18 | 00,499,712 | ---- | C] (Microsoft Corporation)
wdigest.dll -> C:\Windows\System32\wdigest.dll -> [2009/10/07 19:15:17 | 00,175,104 | ---- | C] (Microsoft Corporation)
schannel.dll -> C:\Windows\System32\schannel.dll -> [2009/10/07 19:15:16 | 00,270,848 | ---- | C] (Microsoft Corporation)
lsasrv.dll -> C:\Windows\System32\lsasrv.dll -> [2009/10/07 19:15:15 | 01,259,008 | ---- | C] (Microsoft Corporation)
ksecdd.sys -> C:\Windows\System32\drivers\ksecdd.sys -> [2009/10/07 19:15:15 | 00,439,864 | ---- | C] (Microsoft Corporation)
secur32.dll -> C:\Windows\System32\secur32.dll -> [2009/10/07 19:15:14 | 00,072,704 | ---- | C] (Microsoft Corporation)
lsass.exe -> C:\Windows\System32\lsass.exe -> [2009/10/07 19:15:14 | 00,009,728 | ---- | C] (Microsoft Corporation)
klif.sys -> C:\Windows\System32\drivers\klif.sys -> [2009/10/03 14:43:55 | 00,115,992 | ---- | C] (Kaspersky Lab)
New Folder -> C:\ProgramData\New Folder -> [2009/10/03 14:34:51 | 00,000,000 | ---D | C]
C:\ProgramData\New Folder -> C:\ProgramData\New Folder -> [2009/10/03 14:34:51 | 00,000,000 | ---D | C]
C:\Program Files\Microsoft Office Outlook Connector -> C:\Program Files\Microsoft Office Outlook Connector -> [2009/10/03 13:04:47 | 00,000,000 | ---D | C]
C:\Program Files\Microsoft Sync Framework -> C:\Program Files\Microsoft Sync Framework -> [2009/10/03 13:04:03 | 00,000,000 | ---D | C]
C:\Program Files\Microsoft SQL Server Compact Edition -> C:\Program Files\Microsoft SQL Server Compact Edition -> [2009/10/03 13:02:20 | 00,000,000 | ---D | C]
C:\Program Files\Microsoft -> C:\Program Files\Microsoft -> [2009/10/03 13:01:26 | 00,000,000 | ---D | C]
MpSigStub.exe -> C:\Windows\System32\MpSigStub.exe -> [2009/10/02 18:17:09 | 00,195,440 | ---- | C] (Microsoft Corporation)

[Files/Folders - Modified Within 30 Days]
ntuser.dat -> C:\Users\m\ntuser.dat -> [2009/11/01 17:23:59 | 03,407,872 | -HS- | M] ()
fidbox.dat -> C:\Windows\System32\drivers\fidbox.dat -> [2009/11/01 17:21:28 | 08,123,168 | -HS- | M] ()
bdod.bin -> C:\Windows\System32\bdod.bin -> [2009/11/01 16:54:45 | 00,081,984 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/11/01 16:50:56 | 24,661,410 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/11/01 16:50:55 | 12,718,740 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2009/11/01 16:50:51 | 00,004,888 | ---- | M] ()
hpqp.ini -> C:\Users\Public\Documents\hpqp.ini -> [2009/11/01 16:48:04 | 00,001,413 | ---- | M] ()
nvModes.001 -> C:\ProgramData\nvModes.001 -> [2009/11/01 16:45:29 | 00,027,459 | ---- | M] ()
nvModes.001 -> C:\ProgramData\nvModes.001 -> [2009/11/01 16:45:29 | 00,027,459 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2009/11/01 16:44:33 | 00,000,880 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/11/01 16:43:59 | 00,003,344 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/11/01 16:43:59 | 00,003,344 | -H-- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/11/01 16:43:53 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/11/01 16:43:43 | 00,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/11/01 16:43:40 | 32,195,78880 | -HS- | M] ()
fidbox.idx -> C:\Windows\System32\drivers\fidbox.idx -> [2009/11/01 16:42:51 | 00,106,352 | -HS- | M] ()
ntuser.dat{a201812a-51d6-11de-9737-001e68a25524}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\m\ntuser.dat{a201812a-51d6-11de-9737-001e68a25524}.TMContainer00000000000000000001.regtrans-ms -> [2009/11/01 16:42:49 | 00,524,288 | -HS- | M] ()
ntuser.dat{a201812a-51d6-11de-9737-001e68a25524}.TM.blf -> C:\Users\m\ntuser.dat{a201812a-51d6-11de-9737-001e68a25524}.TM.blf -> [2009/11/01 16:42:49 | 00,065,536 | -HS- | M] ()
IconCache.db -> C:\Users\m\AppData\Local\IconCache.db -> [2009/11/01 16:42:19 | 02,392,677 | -H-- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2009/11/01 16:38:02 | 00,000,884 | ---- | M] ()
ProductTweaks.xml -> C:\Windows\System32\ProductTweaks.xml -> [2009/10/31 22:59:14 | 00,000,850 | ---- | M] ()
user_gensett.xml -> C:\Windows\System32\user_gensett.xml -> [2009/10/31 22:59:14 | 00,000,385 | ---- | M] ()
bitdefnder keys.docx -> C:\Users\m\Documents\bitdefnder keys.docx -> [2009/10/31 22:34:40 | 00,010,243 | ---- | M] ()
Microsoft Office Word 2007.lnk -> C:\Users\m\Desktop\Microsoft Office Word 2007.lnk -> [2009/10/31 22:33:58 | 00,002,627 | ---- | M] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2009/10/31 21:25:47 | 00,001,804 | ---- | M] ()
User_Feed_Synchronization-{CBA5FD6D-B830-4123-88F3-8762709A0DA1}.job -> C:\Windows\tasks\User_Feed_Synchronization-{CBA5FD6D-B830-4123-88F3-8762709A0DA1}.job -> [2009/10/31 21:16:23 | 00,000,410 | -H-- | M] ()
nvModes.dat -> C:\ProgramData\nvModes.dat -> [2009/10/31 19:47:08 | 00,027,459 | ---- | M] ()
nvModes.dat -> C:\ProgramData\nvModes.dat -> [2009/10/31 19:47:08 | 00,027,459 | ---- | M] ()
HPCeeScheduleForm.job -> C:\Windows\tasks\HPCeeScheduleForm.job -> [2009/10/31 19:46:14 | 00,000,306 | ---- | M] ()
jagex_runescape_preferences2.dat -> C:\Users\m\jagex_runescape_preferences2.dat -> [2009/10/31 18:52:47 | 00,000,063 | ---- | M] ()
jagex_runescape_preferences.dat -> C:\Users\m\jagex_runescape_preferences.dat -> [2009/10/31 17:59:11 | 00,000,038 | ---- | M] ()
klin.dat -> C:\Windows\System32\drivers\klin.dat -> [2009/10/14 17:54:21 | 00,108,059 | ---- | M] ()
klick.dat -> C:\Windows\System32\drivers\klick.dat -> [2009/10/14 17:54:21 | 00,095,259 | ---- | M] ()
Ghost N stuff.lnk -> C:\Users\m\Desktop\Ghost N stuff.lnk -> [2009/10/13 19:51:54 | 00,000,457 | ---- | M] ()
Recycling poem.doc -> C:\Users\m\Documents\Recycling poem.doc -> [2009/10/10 20:09:38 | 00,027,136 | ---- | M] ()
Twisters.docx -> C:\Users\m\Documents\Twisters.docx -> [2009/10/05 19:25:35 | 00,011,090 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\m\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/10/04 12:24:21 | 00,058,368 | ---- | M] ()
klif.sys -> C:\Windows\System32\drivers\klif.sys -> [2009/10/03 14:43:55 | 00,115,992 | ---- | M] (Kaspersky Lab)
mrt.exe -> C:\Windows\System32\mrt.exe -> [2009/10/02 18:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation)

[Files - No Company Name]
bdod.bin -> C:\Windows\System32\bdod.bin -> [2009/10/31 23:16:52 | 00,081,984 | ---- | C] ()
ProductTweaks.xml -> C:\Windows\System32\ProductTweaks.xml -> [2009/10/31 22:59:14 | 00,000,850 | ---- | C] ()
user_gensett.xml -> C:\Windows\System32\user_gensett.xml -> [2009/10/31 22:59:14 | 00,000,385 | ---- | C] ()
fidbox.idx -> C:\Windows\System32\drivers\fidbox.idx -> [2009/10/31 22:58:48 | 00,106,352 | -HS- | C] ()
fidbox.dat -> C:\Windows\System32\drivers\fidbox.dat -> [2009/10/31 22:58:39 | 08,027,040 | -HS- | C] ()
bitdefnder keys.docx -> C:\Users\m\Documents\bitdefnder keys.docx -> [2009/10/31 22:34:38 | 00,010,243 | ---- | C] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2009/10/31 21:25:47 | 00,001,804 | ---- | C] ()
HPCeeScheduleForm.job -> C:\Windows\tasks\HPCeeScheduleForm.job -> [2009/10/31 18:35:33 | 00,000,306 | ---- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/10/29 17:48:46 | 32,195,78880 | -HS- | C] ()
Ghost N stuff.lnk -> C:\Users\m\Desktop\Ghost N stuff.lnk -> [2009/10/13 19:51:54 | 00,000,457 | ---- | C] ()
Recycling poem.doc -> C:\Users\m\Documents\Recycling poem.doc -> [2009/10/10 20:09:36 | 00,027,136 | ---- | C] ()
Twisters.docx -> C:\Users\m\Documents\Twisters.docx -> [2009/10/05 19:25:35 | 00,011,090 | ---- | C] ()
klin.dat -> C:\Windows\System32\drivers\klin.dat -> [2009/10/03 14:45:19 | 00,108,059 | ---- | C] ()
klick.dat -> C:\Windows\System32\drivers\klick.dat -> [2009/10/03 14:45:19 | 00,095,259 | ---- | C] ()
EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/09/24 17:28:54 | 00,117,248 | ---- | C] ()
OGACheckControl.dll -> C:\Windows\System32\OGACheckControl.dll -> [2009/08/03 14:07:42 | 00,403,816 | ---- | C] ()
ODBC.INI -> C:\Windows\ODBC.INI -> [2009/03/25 17:05:52 | 00,000,376 | ---- | C] ()
xlive.dll.cat -> C:\Windows\System32\xlive.dll.cat -> [2008/10/22 04:29:06 | 00,173,550 | ---- | C] ()
zlib1.dll -> C:\Windows\System32\zlib1.dll -> [2007/10/31 09:39:54 | 00,059,904 | ---- | C] ()
sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 12:35:32 | 00,005,632 | ---- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 10:23:31 | 00,000,331 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 10:23:31 | 00,000,219 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 07:40:29 | 00,013,750 | ---- | C] ()
WdfCoInstaller01000.dll -> C:\Windows\System32\WdfCoInstaller01000.dll -> [2006/03/09 09:58:00 | 01,060,424 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP

1B5B4F1
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP

FC5A2B2
< End of report >
[/code]

NeonFx · 01-Nov-2009, 03:50 PM #7

You attached it just fine in your first reply.

Do you have the results from step 2?

Muffin723 · 01-Nov-2009, 04:22 PM #8

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/01 20:57
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8330D000 Size: 843776 File Visible: No Signed: -
Status: -
Name: rootrepeal[1].sys
Image Path: C:\Windows\system32\drivers\rootrepeal[1].sys
Address: 0x9CE43000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
Path: C:\System Volume Information\{08514087-b0e3-11de-90eb-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{0cb8dc6f-c646-11de-990a-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{33c8c062-b292-11de-9173-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{44de5733-c4b3-11de-aa1c-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{9253f975-bf3c-11de-8087-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{9beb1123-b374-11de-a81e-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{abf0d5c1-c705-11de-9a8a-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{abf0e00c-c705-11de-9a8a-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{abf0e4a2-c705-11de-9a8a-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{aef158f8-ba7c-11de-b836-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{db878c8d-b019-11de-92ea-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{e7785a70-b749-11de-ba2f-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{e9da3d03-b027-11de-9248-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{ea58e649-b426-11de-ac82-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{ed8cab3a-c663-11de-9b8c-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{f2624ba0-c2fc-11de-8a76-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{f26253e7-c2fc-11de-8a76-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{fa855317-b021-11de-99d3-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{482ba422-c4c4-11de-8543-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{d848ec5d-be76-11de-8b35-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{4a00678d-c573-11de-9c61-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{55deb59f-bcdf-11de-b589-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{6884156b-b025-11de-9149-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{712b5935-b034-11de-a94e-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{78dc7f9d-be5e-11de-a1c2-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\System Volume Information\{8c1a4517-ba81-11de-8b57-001e68a25524}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
Path: C:\Windows\PLA\System\System Diagnostics.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: c:\windows\system32\drivers\fidbox.dat
Status: Allocation size mismatch (API: 8388608, Raw: 8339456)
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870. 0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.5072 7.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.2102 2.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818. 0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.5072 7.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.5072 7.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.5 0727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_n one_3658456fda6654f6.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.5 0727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e 18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378 f_4.20.9849.0_none_a6e7a8e20e9863b4.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e 18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848. 0_none_b7e811287b298060.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e 3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.5072 7.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e 3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e 3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.5072 7.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378 f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.5072 7.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.5072 7.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378 f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e 3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849. 0_none_b7e911727b2899b7.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e 18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.5072 7.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e 3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_n one_365945b9da656e4d.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.5 0727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.5 0727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e 3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378 f_4.20.9848.0_none_a6e6a8980e994a5d.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e 3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e 3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.5072 7.1801_none_d088a2ec442ef17b.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.5072 7.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e 18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e 3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e 3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e 3b_8.0.50727.1801_none_516953ad0f4d16c4.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.18005_none_b5c807ab2d93d82 9\System Diagnostics.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cd d\System Diagnostics.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.
Path: C:\Windows\winsxs\x86_microsoft-windows-p..ting-spooler-client_31bf3856ad364e35_6.0.6002.18005_none_95196f2b15cf9bd2\$$DeleteMe.win spool.drv.01ca5b1bdb311196.0006
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-busenumservice_31bf3856ad364e35_6.0.6001.18000_none_77fe3055cc02641a\$$Dele teMe.wpdbusenum.dll.01ca5b1bda7e8a76.0002
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.16720_none_04c87b54ba 4ac535\UNINST~1.SQL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.20883_none_ee0091f8d3 ed0a28\UNINST~1.SQL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.18111_none_04a3600aba 9cd1d6\UNINST~1.SQL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.22230_none_edd7d0a6d4 424ae9\UNINST~1.SQL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369 ae496\APPCON~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369 ae496\APPSET~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369 ae496\CREATE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369 ae496\DEBUGA~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369 ae496\DEFINE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369 ae496\EDITAP~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369 ae496\MANAGE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369 ae496\SMTPSE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503 d2989\APPCON~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503 d2989\APPSET~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503 d2989\CREATE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503 d2989\DEBUGA~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503 d2989\DEFINE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503 d2989\EDITAP~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503 d2989\MANAGE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503 d2989\SMTPSE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36e cf137\APPCON~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36e cf137\APPSET~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36e cf137\CREATE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36e cf137\DEBUGA~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36e cf137\DEFINE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36e cf137\EDITAP~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36e cf137\MANAGE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36e cf137\SMTPSE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c467509 26a4a\APPCON~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c467509 26a4a\APPSET~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c467509 26a4a\CREATE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c467509 26a4a\DEBUGA~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c467509 26a4a\DEFINE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c467509 26a4a\EDITAP~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c467509 26a4a\MANAGE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c467509 26a4a\SMTPSE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d 6b09\CREATE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d 6b09\DEFINE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d 6b09\MANAGE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833f affc\CREATE~1.ASP
Status: Locked to the Windows API!

Muffin723 · 01-Nov-2009, 04:23 PM #9

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833f affc\DEFINE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833f affc\MANAGE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef 77aa\CREATE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef 77aa\DEFINE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef 77aa\MANAGE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda 3ee0ba\CREATE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda 3ee0ba\MANAGE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3 e125ad\CREATE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3 e125ad\MANAGE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da 90ed5b\CREATE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da 90ed5b\MANAGE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f4 36666e\CREATE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f4 36666e\MANAGE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498 755\CREATE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498 755\MANAGE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebc c48\CREATE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebc c48\MANAGE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b9 3f6\CREATE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b9 3f6\MANAGE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410 d09\CREATE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410 d09\MANAGE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d728 1910\CHOOSE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d728 1910\MANAGE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d728 1910\MANAGE~2.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca 5e03\CHOOSE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca 5e03\MANAGE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca 5e03\MANAGE~2.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a 25b1\CHOOSE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a 25b1\MANAGE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a 25b1\MANAGE~2.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394 f0bd\CREATE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394 f0bd\DEFINE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394 f0bd\MANAGE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\ WEBADM~2.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\ WEBADM~3.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\ WEBADM~4.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\ WEBB00~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f 9ec4\CHOOSE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f 9ec4\MANAGE~1.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f 9ec4\MANAGE~2.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.18111_none_75c874a9a137a5f0 \MANAGE~2.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.22230_none_9a1350e27965 368d\MANAGE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3 fd\INSTAL~1.SQL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3 fd\UNINST~1.SQL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.16720_none_c39efe8a3f92 7437\SETUPA~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.20883_none_acd7152e5934 b92a\SETUPA~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.18111_none_c379e3403fe4 80d8\SETUPA~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.22230_none_acae53dc5989 f9eb\SETUPA~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.16720_none_b103fb905f6d b0d9\MANAGE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.20883_none_9a3c1234790f f5cc\MANAGE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.18111_none_b0dee0465fbf bd7a\MANAGE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e 054b\WEB_MI~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd0 4a3e\WEB_MI~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d610680 11ec\WEB_MI~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd2025 8aff\WEB_MI~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad36 4e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRole s.config
Status: Locked to the Windows API!
Path: c:\windows\winsxs\x86_wpdmtphw.inf.resources_31bf3856ad364e35_6.0.6002.1811 2_en-us_5ed6ffaad96bffc9\wpdmtphw.inf_loc
Status: Allocation size mismatch (API: 4096, Raw: 344)
Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d 10\INSTAL~1.SQL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d 10\UNINST~1.SQL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_2c88b9b71ca4 4e71\WEB_ME~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_15c0d05b3646 9364\WEB_ME~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_2c639e6d1cf6 5b12\WEB_ME~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_15980f09369b d425\WEB_ME~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.22230_none_5efce545badd1f03 \MANAGE~2.ASP
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b551978 83e6\MANAGE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b551978 83e6\MANAGE~2.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.20883_none_710bb1f9331a c8d9\MANAGE~1.RES
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_neProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\audiodg.exe
PID: 1284 Status: Locked to the Windows API!
Stealth Objects
-------------------
Object: Hidden Module [Name: msgslang.14.0.8089.0726.dll]
Process: msnmsgr.exe (PID: 3840) Address: 0x6c590000 Size: 315392
Object: Hidden Module [Name: msgsres.dll]
Process: msnmsgr.exe (PID: 3840) Address: 0x689c0000 Size: 11403264
Object: Hidden Module [Name: msgrvsta.thm]
Process: msnmsgr.exe (PID: 3840) Address: 0x6d100000 Size: 20480
Object: Hidden Module [Name: wltcore.dll.mui]
Process: iexplore.exe (PID: 5532) Address: 0x64660000 Size: 278528
Object: Hidden Module [Name: wltcore.market.dll.mui]
Process: iexplore.exe (PID: 5532) Address: 0x657c0000 Size: 8192
Object: Hidden Module [Name: wltcore.dll.mui]
Process: iexplore.exe (PID: 3956) Address: 0x64660000 Size: 278528
Object: Hidden Module [Name: wltcore.market.dll.mui]
Process: iexplore.exe (PID: 3956) Address: 0x657c0000 Size: 8192
Object: Hidden Code [ETHREAD: 0x891e4928]
Process: System Address: 0x89421000 Size: 87
Object: Hidden Code [ETHREAD: 0x893a5928]
Process: System Address: 0x89421000 Size: 87
Object: Hidden Code [ETHREAD: 0x8937e888]
Process: System Address: 0x894a67e0 Size: 87
Object: Hidden Code [ETHREAD: 0x8937c888]
Process: System Address: 0x894a67e0 Size: 87
Object: Hidden Code [ETHREAD: 0x89378948]
Process: System Address: 0x894a87d0 Size: 2097
Object: Hidden Code [ETHREAD: 0x893a4928]
Process: System Address: 0x894a87d0 Size: 2097
Object: Hidden Code [ETHREAD: 0x89392928]
Process: System Address: 0x894a87d0 Size: 2097
Object: Hidden Code [ETHREAD: 0x89307928]
Process: System Address: 0x894a67e0 Size: 87
==EOF==

NeonFx · 01-Nov-2009, 04:34 PM **#10**

One of your external drives is infected so let's start with the following:

STEP 1

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

STEP 2

Run OTS

Under the Paste Fix Here box on the right, paste in the following

Code:

[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {4AFC04A3-B551-4B68-9BEB-8677D90150D9} [HKLM] -> C:\Windows\System32\wincontrol.dll [&Research]
< Run [HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\] > -> HKEY_USERS\S-1-5-21-3317595147-3054500285-3432206008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "systeminit.exe" -> C:\Users\m\AppData\Local\Temp\systeminit.exe [C:\Users\m\AppData\Local\Temp\systeminit.exe]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [HKLM] -> http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab [DLM Control]
[Empty Temp Folders]
[ClearAllRestorePoints]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
This will create a log in C:\_OTS\MovedFiles\<date>_<time>.txt where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste the contents of that file here.

STEP 3

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan. Scan all of your harddrives.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

STEP 4

Run OTS again and click on the Quick Scan button at the top. Copy and Paste the results of this scan in your next reply.

Muffin723 · 02-Nov-2009, 12:59 PM **#11**

the link for step 1 anit working ... i mean that it wont let me open the programme.

NeonFx · 02-Nov-2009, 01:28 PM **#12**

It works fine for me. Have you tried right clicking it and selecting "Run As Administrator?"

Muffin723 · 02-Nov-2009, 01:29 PM **#13**

this is what i got for step 3 :
Malwarebytes' Anti-Malware 1.41
Database version: 3089
Windows 6.0.6002 Service Pack 2
02/11/2009 18:22:39
mbam-log-2009-11-02 (18-22-39).txt
Scan type: Quick Scan
Objects scanned: 100366
Time elapsed: 6 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{4afc04a3-b551-4b68-9beb-8677d90150d9} (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4afc 04a3-b551-4b68-9beb-8677d90150d9} (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{4afc04a3-b551-4b68-9beb-8677d90150d9} (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systeminit. exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Common Files\Uninstal\PAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Users\m\Local Settings\Application Data\Bron.tok-12-2 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\m\Local Settings\Application Data\Bron.tok-12-3 (Worm.Brontok) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Common Files\Uninstal\PAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

NeonFx · 02-Nov-2009, 01:38 PM **#14**

Good. Do you have the results from Step 2? MalwareBytes removed some things that should have been removed in Step 2

Muffin723 · 02-Nov-2009, 01:46 PM **#15**

urm ... i m busy fixing both things ... so its taking me a while ... i m confused because my other post joined to this 1 ... so do i post both things on here? .... and the step 1 programme still doesnt work

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for: