[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\“Local Page” -> C:\Windows\SysWOW64\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\“Start Page” -> http://www.foozir.com/ ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\“Start Page Redirect Cache” -> http://dk.msn.com/?ocid=iehp ->
HKEY_CURRENT_USER\: Main\\“Start Page Redirect Cache AcceptLangs” -> da ->
HKEY_CURRENT_USER\: Main\\“Start Page Redirect Cache_TIMESTAMP” -> 85 F3 C2 BA A2 47 CB 01 [binary data] ->
HKEY_CURRENT_USER\: “ProxyEnable” -> 0 ->
HKEY_CURRENT_USER\: “ProxyServer” -> http=127.0.0.1:6092 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
< FireFox Extensions [User Folders] > ->
  -> C:\Users\Win7\AppData\Roaming\mozilla\Extensions -> [2009-12-14 18:46:17 | 000,000,000 |—-D | M]
  -> C:\Users\Win7\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org -> [2009-12-14 18:46:17 | 000,000,000 |—-D | M]
< HOSTS File > ([2009-02-24 05:35:22 | 000,000,824 |——| M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
Reset Hosts
< 64bit-BHO’s [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} [HKLM] -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [Windows Live Family Safety Browser Helper Class] -> [2009-08-05 23:24:16 | 000,132,448 |——| M] (Microsoft Corporation)
< BHO’s [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [Search Helper] -> [2009-01-14 17:49:24 | 000,092,504 |——| M] (Microsoft Corp.)
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009-02-06 18:17:46 | 001,068,904 |——| M] (Microsoft Corporation)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
“{32099AAC-C132-4136-9E9A-4E364A424E17}” [HKLM] -> C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [DAEMON Tools Toolbar] -> [2010-03-25 11:28:02 | 001,548,096 |——| M] ()
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
“{21FA44EF-376D-4D53-9B0F-8A89D3229068}” [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows; Live Toolbar] -> [2009-02-06 18:17:46 | 001,068,904 |——| M] (Microsoft Corporation)
“{32099AAC-C132-4136-9E9A-4E364A424E17}” [HKLM] -> C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [DAEMON Tools Toolbar] -> [2010-03-25 11:27:54 | 000,968,000 |——| M] ()
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\”{21FA44EF-376D-4D53-9B0F-8A89D3229068}” [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows; Live Toolbar] -> [2009-02-06 18:17:46 | 001,068,904 |——| M] (Microsoft Corporation)
64bit-WebBrowser\\”{32099AAC-C132-4136-9E9A-4E364A424E17}” [HKLM] -> C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [DAEMON Tools Toolbar] -> [2010-03-25 11:28:02 | 001,548,096 |——| M] ()
WebBrowser\\”{32099AAC-C132-4136-9E9A-4E364A424E17}” [HKLM] -> C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [DAEMON Tools Toolbar] -> [2010-03-25 11:27:54 | 000,968,000 |——| M] ()
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
“Malwarebytes Anti-Malware (reboot)” -> D:\programmer\Malwarebytes’ Anti-Malware\mbam.exe [“D:\programmer\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript] -> [2010-04-29 15:39:32 | 001,090,952 |——| M] (Malwarebytes Corporation)
“ncrowexmas.exe” -> C:\Users\Win7\AppData\Local\Temp\ncrowexmas.exe [“C:\Users\Win7\AppData\Local\Temp\ncrowexmas.exe”] -> [2010-09-03 09:41:22 | 000,042,496 |——| M] ()
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
“DAEMON Tools Lite” -> C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [“C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe” -autorun] -> [2010-04-01 11:16:20 | 000,357,696 |——| M] (DT Soft Ltd)
“msnmsgr” -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [“C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background] -> [2009-07-26 16:44:34 | 003,883,856 |——| M] (Microsoft Corporation)
“Sidebar” -> C:\Program Files (x86)\Windows Sidebar\sidebar.exe [C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun] -> [2009-04-22 07:19:30 | 001,174,016 |——| M] (Microsoft Corporation)
“Steam” -> d:\programmer\steam\installeret steam\steam.exe [“d:\programmer\steam\installeret steam\steam.exe” -silent] -> [2010-08-24 11:42:05 | 001,242,448 |——| M] (Valve Corporation)
“VOIPlay” -> D:\programmer\VOIPlay\voiplay.exe [“D:\programmer\VOIPlay\voiplay.exe”] -> [2010-07-01 11:59:48 | 001,297,768 |——| M] (E-Sport Network AB & VOIPlay AB)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\“NoActiveDesktop” ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\“ConsentPromptBehaviorAdmin” ->  [0] -> File not found
\\“ConsentPromptBehaviorUser” ->  [3] -> File not found
\\“EnableLUA” ->  [0] -> File not found
\\“PromptOnSecureDesktop” ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Free YouTube to Mp3 Converter -> C:\Users\Win7\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm [C:\Users\Win7\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm] -> [2010-08-27 12:49:54 | 000,000,269 |——| M] ()
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Free YouTube to Mp3 Converter -> C:\Users\Win7\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm [C:\Users\Win7\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm] -> [2010-08-27 12:49:54 | 000,000,269 |——| M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009-07-26 20:17:14 | 000,186,192 |——| M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog; This in Windows Live Writer] -> [2009-07-26 20:17:14 | 000,186,192 |——| M] (Microsoft Corporation)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime;=%s ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
“” -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
“” -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] ->
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab [Minesweeper Flags Class] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 212.10.10.4 212.10.10.5 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6116C6BE-6E71-4BCE-9590-FDBA1AA49E5D}\\DhcpNameServer -> 212.10.10.4 212.10.10.5   (Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller) ->
{6116C6BE-6E71-4BCE-9590-FDBA1AA49E5D}\\NameServer -> 208.67.222.222,208.67.220.220   (Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller) ->
{E8E42C1E-6CBF-431A-8FC8-2B0B7609BE54}\\DhcpNameServer -> 212.10.10.4 212.10.10.5   (Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller) ->
{E8E42C1E-6CBF-431A-8FC8-2B0B7609BE54}\\NameServer -> 208.67.222.222,208.67.220.220   (Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller) ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009-04-22 07:38:05 | 002,858,496 |——| M] (Microsoft Corporation)
*MultiFile Done* -> ->
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009-04-22 07:38:40 | 000,082,432 |——| M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009-04-22 07:19:02 | 002,607,616 |——| M] (Microsoft Corporation)
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
SystemPropertiesPerformance.exe -> C:\Windows\SysWow64\SystemPropertiesPerformance.exe -> [2009-04-22 07:19:35 | 000,081,920 |——| M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> ->
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{07F1F3F4-3AA5-4178-9060-691F9835E8F3} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
{0FBF53B9-6704-427A-A528-FCA83E4C26C5} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system |
{144BF520-4234-4024-B30F-A84BC214C3F0} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system |
{2269DBFA-E7FF-466D-ACCC-A0A2857BF89C} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system |
{250A6D81-F6A7-4022-86A1-CCFFAD6C5289} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32785 | app=%systemroot%\system32\svchost.exe | svc=fdphost |
{281513EC-3057-4E65-9686-3DF600EEE274} -> rport=1900 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32757 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
{3B90F71E-B364-4FE6-BA21-282C9F5304F5} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32801 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{41A0B09D-6A06-45FA-874A-8F6B488AE2BD} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system |
{481A15B1-289C-4533-B92D-36C4F8129AC4} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system |
{49B4D1A2-528A-4568-8259-CC634C1FF2EE} -> lport=3724 | profile=public | protocol=6 | dir=in | action=allow | name=blizzard downloader: 3724 |
{4BA841B6-D923-4346-B1C7-A4356E63615C} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{4C3260B7-EDBE-46E3-A6E1-B74E6F91A735} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{5329FBF8-243D-46D6-B54B-9C035C6E4F81} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
{55F00F17-E9F8-42E2-A7B8-451838C0D845} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32811 | app=%systemroot%\system32\svchost.exe | svc=fdrespub |
{70DAB277-C529-4929-B846-4CC5A7CEDF49} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{7F9E2C17-E6BB-43A2-A605-23909256E580} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system |
{8091B39B-4445-49AC-95C0-9DAEF3422792} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system |
{8531D890-044B-4B5D-8E0A-A7F1FBF371D0} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32809 | app=%systemroot%\system32\svchost.exe | svc=fdrespub |
{895A288C-15E1-4859-B677-0324EC6800BF} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{905DA622-FD12-4195-9FCE-B7539EFA872D} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{9D23F28B-5E44-42E6-8DEA-6A3D1F7E88C0} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler |
{A1E48C78-5884-43FE-ABEA-6BC4FD7CD5A7} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system |
{B4D41B9C-4618-47F7-8B77-4D327148A476} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss |
{B5FBD686-2BA7-46F4-8E5E-3343E9ED3EDC} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32805 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{BE2C84EB-E4EE-47F8-84FA-3B4FD263B6A2} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32753 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
{C619B3A8-1C91-4EF0-993D-537D673984D5} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{CB20C0E6-3070-4E73-BF56-6C55C6F70372} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system |
{DE477932-A3E6-474A-8784-00D732B09ECF} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system |
{E08EDE3A-55E8-46FE-B3B1-FB42A5993B30} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{E0EE9BD9-A452-4081-8BF0-36F6B06FBA45} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{E33ABF5D-C576-4BEA-A504-4CF5BD5AD4FE} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{FA19C4A8-5B05-442A-9D37-5D706533FE02} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system |
{FA45216D-E6DD-4BA0-8855-609295BF004D} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{FAB8BEEA-AD9D-44B5-85E2-50115C3387AB} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32789 | app=%systemroot%\system32\svchost.exe | svc=fdphost |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{025C895B-22E2-4681-92E8-A19E36DC7280} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe |
{032AE274-8F20-499C-9552-C116778366E8} -> profile=public | protocol=17 | dir=in | action=allow | name=veoh web player | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
{060B7131-F89A-47DC-91D0-91B9D9835F91} -> profile=public | protocol=6 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe |
{069091F5-27E8-4C5F-8DAE-EFFDC66FACFF} -> profile=public | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
{0773A83C-FBFB-40B6-B5FA-12D8D9493010} -> profile=public | protocol=17 | dir=in | action=allow | name=call of duty(r) 4 - modern warfare(tm)  | app=d:\programmer\cod4\iw3mp.exe |
{0B7C441C-EDEB-4691-8321-FA955CE958C4} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system |
{10F60C9E-2A44-44DF-955B-4FFE72BBF046} -> profile=public | protocol=6 | dir=in | action=allow | name=blizzard launcher | app=d:\programmer\starcraft ii\starcraft ii.exe |
{1365F7DC-145F-45A7-B2A6-0A14B5EF48DB} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{14AD1B51-E094-49BF-A46D-B8B778E8A6FF} -> profile=public | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=d:\world of warcraft\backgrounddownloader.exe |
{1F3AD9C6-B137-4272-B9AD-DF782D578966} -> profile=public | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
{2C8B5BA4-DC01-44DF-A305-134CF23C16E5} -> profile=public | protocol=6 | dir=in | action=allow | name=veoh web player | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
{31BDE812-3D28-441C-93E2-9D84C449FE2C} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{3F6BC579-48DC-47CC-932D-7E7551ABFBAC} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe |
{4133F955-9AB5-4D12-B4ED-79907E36F238} -> profile=public | protocol=17 | dir=in | action=allow | name=counter-strike | app=d:\programmer\steam\installeret steam\steamapps\frandsen\counter-strike\hl.exe |
{44800CAE-8573-4E3C-B604-6A30DFC1148E} -> profile=public | protocol=17 | dir=in | action=allow | name=steam | app=d:\programmer\steam\installeret steam\steam.exe |
{4C402903-4B83-409F-AF33-C94F56A3F60B} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe |
{4DDC83ED-9498-44CB-B971-4EB6B9803397} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 |
{4E53D5DC-52CD-4E16-9685-BA74EA5DED12} -> profile=public | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
{4FD9D32F-5405-42A9-8354-E2E988287A02} -> profile=public | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
{501FBEAA-08F0-473F-AC67-19BF72D1BBCF} -> profile=public | protocol=17 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe |
{50F8658B-1444-441C-A460-CE8FAD060779} -> profile=public | protocol=6 | dir=in | action=allow | name=starcraft ii | app=d:\programmer\starcraft ii\versions\base15405\sc2.exe |
{51AC9060-1741-4895-A8E9-606BD55A08B4} -> profile=public | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
{573C7E85-12B3-44E7-B904-9040FD88CDEE} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
{5B9D8191-8B02-476D-BC8F-3F02A042346F} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe |
{649F1063-CE73-4419-90B3-DC46EB4ADDD3} -> profile=public | protocol=6 | dir=in | action=allow | name=limewire | app=d:\programmer\limewire\limewire.exe |
{6C52149F-3C46-4507-A526-112F2F326CE5} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 |
{6C8B6386-9F69-45DC-A4EE-4B4103301702} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe |
{6E713B68-C495-4C2B-A0FA-87CB8080C276} -> profile=public | protocol=17 | dir=in | action=allow | name=starcraft ii | app=d:\programmer\starcraft ii\versions\base15405\sc2.exe |
{70AA7D63-8526-4009-93C9-9820B1BD13F2} -> profile=public | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
{84E331B6-BED4-4780-AFA4-68023EF9F102} -> profile=public | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
{8568151C-408B-4070-AA63-5E45DA2C1DE4} -> profile=public | protocol=6 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe |
{8BB2EA42-DEF7-4152-A862-90DE7213AA8B} -> profile=public | protocol=6 | dir=in | action=allow | name=call of duty(r) 4 - modern warfare(tm)  | app=d:\programmer\cod4\iw3mp.exe |
{8ED5D49E-E91A-44E0-8083-6D0A3FBCF0D4} -> profile=public | protocol=6 | dir=in | action=allow | name=counter-strike | app=d:\programmer\steam\installeret steam\steamapps\frandsen\counter-strike\hl.exe |
{9147C1A0-78D7-4894-9A77-433443B7BE2D} -> profile=public | protocol=6 | dir=in | action=allow | name=steam | app=d:\programmer\steam\steam installeret\steam.exe |
{91DE0C0F-913D-4911-919D-C866F7188FB8} -> profile=public | protocol=17 | dir=in | action=allow | name=blizzard launcher | app=d:\programmer\starcraft ii\starcraft ii.exe |
{969935B8-FD46-49F0-9AE7-2B573837D2CB} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{99219C86-D9FE-49DE-A6DC-856BC092DBC7} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost |
{9948D6B0-B813-4452-9517-31608948482B} -> profile=public | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=d:\world of warcraft\backgrounddownloader.exe |
{9CE53F93-1EDC-441D-AFB2-468FB8DECAF7} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{B589335F-53A1-45AE-8860-FF27131E8F3E} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe |
{B7884851-9C9C-4319-84C2-BACE7FC94A9D} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 |
{B7EAEF87-C557-4651-93D1-38FC2CCC2425} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe |
{B879DA2E-F103-40A0-B3E5-28261A5C3A4A} -> profile=public | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
{C2C98D2C-5E4A-43C6-AA1E-3FEEF1627155} -> profile=public | protocol=6 | dir=in | action=allow | name=steam | app=d:\programmer\steam\installeret steam\steam.exe |
{C46A7A8C-4A80-4540-9097-AAF25984A79A} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe |
{C69CD747-4382-424C-BE8D-682255533CC5} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 |
{CC6D24DA-CD2C-4104-B9DD-F5A53A32E74D} -> profile=public | protocol=17 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe |
{CE4BE10A-0868-4C36-A95C-30F4D6C6697F} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
{D07A585B-5AC0-4467-86F7-1E354EE47FBC} -> profile=public | protocol=17 | dir=in | action=allow | name=limewire | app=d:\programmer\limewire\limewire.exe |
{D60C01FA-81C1-4E0F-9A1F-75E64C0F4DC1} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe |
{D7740918-FD5B-4623-9EDE-86BD997451BF} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe |
{EE3F3AC6-2F9C-4CC7-9D5E-E8DE9371D895} -> profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-32821 | app=%systemroot%\system32\svchost.exe | svc=upnphost |
{FDA79902-9C75-4560-A182-9A499C951AEE} -> profile=public | protocol=17 | dir=in | action=allow | name=steam | app=d:\programmer\steam\steam installeret\steam.exe |
TCP Query User{479FEA23-3CE9-43BB-81D5-A561FDB1CAA1}D:\world of warcraft\launcher.exe -> profile=public | protocol=6 | dir=in | action=allow | name=blizzard launcher | app=d:\world of warcraft\launcher.exe |
TCP Query User{4EFAE86F-B4E5-4D79-B0ED-578BFE272C54}D:\programmer\mirc\mirc.exe -> profile=public | protocol=6 | dir=in | action=allow | name=mirc | app=d:\programmer\mirc\mirc.exe |
TCP Query User{504AA13F-12A8-4A15-B8C5-D2DFC1ECB2BE}D:\spil\tmnationsforever\tmforever.exe -> profile=public | protocol=6 | dir=in | action=allow | name=tmforever.exe | app=d:\spil\tmnationsforever\tmforever.exe |
TCP Query User{559AB863-7A96-4523-9BDF-31F2315B6B2E}C:\program files (x86)\garena\garena.exe -> profile=public | protocol=6 | dir=in | action=allow | name=garena | app=c:\program files (x86)\garena\garena.exe |
TCP Query User{65D1C30A-6D01-490B-909E-3EB8E79B7B2D}C:\program files (x86)\steam\steamapps\zakaryn\counter-strike source\hl2.exe -> profile=public | protocol=6 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\zakaryn\counter-strike source\hl2.exe |
TCP Query User{73EDC235-807F-4AF4-BD51-0F71DDE53868}D:\fogdownloader-rom_2_1_0_1871.exe -> profile=public | protocol=6 | dir=in | action=allow | name=fogdownloader-rom_2_1_0_1871 | app=d:\fogdownloader-rom_2_1_0_1871.exe |
TCP Query User{7E9731AF-C2D4-479C-8B73-B8D6995E4918}D:\programmer\xfire\xfire.exe -> profile=public | protocol=6 | dir=in | action=allow | name=xfire | app=d:\programmer\xfire\xfire.exe |
TCP Query User{86CC2BA8-91C4-4D75-A702-803AEDF68A5F}D:\spil\tmnationsforever\tmforever.exe -> profile=private | protocol=6 | dir=in | action=allow | name=tmforever | app=d:\spil\tmnationsforever\tmforever.exe |
TCP Query User{8FA37970-E366-485D-85C2-AD2D752E3820}D:\programmer\steam\steam installeret\steamapps\frandsen\counter-strike\hl.exe -> profile=public | protocol=6 | dir=in | action=allow | name=half-life launcher | app=d:\programmer\steam\steam installeret\steamapps\frandsen\counter-strike\hl.exe |
TCP Query User{AEE5ABCE-6320-4E6D-BCB3-B3C0ED95B981}C:\program files (x86)\hlsw\hlsw.exe -> profile=public | protocol=6 | dir=in | action=allow | name=hlsw application | app=c:\program files (x86)\hlsw\hlsw.exe |
TCP Query User{B0228654-621B-4361-A4FB-00334E5949D3}D:\warcraft iii\war3.exe -> profile=public | protocol=6 | dir=in | action=allow | name=warcraft iii | app=d:\warcraft iii\war3.exe |
TCP Query User{C6195901-B028-4C1D-81EA-839362A0C67C}D:\programmer\warcraft iii\war3.exe -> profile=public | protocol=6 | dir=in | action=allow | name=warcraft iii | app=d:\programmer\warcraft iii\war3.exe |
TCP Query User{CAD67D63-C135-4BAA-BECF-F6D2BA1D6112}C:\program files (x86)\mohaa.exe -> profile=public | protocol=6 | dir=in | action=allow | name=medal of honor allied assault(tm) | app=c:\program files (x86)\mohaa.exe |
TCP Query User{F5384EC5-19A1-4CBA-AFD2-1E7E3FA345AE}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=6 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
TCP Query User{FBB6D99F-C9ED-4893-8E42-D7CF0515B06E}D:\programmer\mohaa\mohaa.exe -> profile=public | protocol=6 | dir=in | action=allow | name=medal of honor allied assault(tm) | app=d:\programmer\mohaa\mohaa.exe |
UDP Query User{302DCB02-2085-4642-BA8C-434CDB9FC63C}D:\world of warcraft\launcher.exe -> profile=public | protocol=17 | dir=in | action=allow | name=blizzard launcher | app=d:\world of warcraft\launcher.exe |
UDP Query User{33B23444-5211-425F-A1A8-2A10E0E7EB34}C:\program files (x86)\mohaa.exe -> profile=public | protocol=17 | dir=in | action=allow | name=medal of honor allied assault(tm) | app=c:\program files (x86)\mohaa.exe |
UDP Query User{3AD38704-F202-42B2-BEBD-38E4D2C37D8E}D:\fogdownloader-rom_2_1_0_1871.exe -> profile=public | protocol=17 | dir=in | action=allow | name=fogdownloader-rom_2_1_0_1871 | app=d:\fogdownloader-rom_2_1_0_1871.exe |
UDP Query User{44D5F750-3DD2-41AA-AFA3-653657533398}C:\program files (x86)\internet explorer\iexplore.exe -> profile=public | protocol=17 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
UDP Query User{45E5E3C9-3041-4752-B3E6-857FB78404D8}D:\spil\tmnationsforever\tmforever.exe -> profile=public | protocol=17 | dir=in | action=allow | name=tmforever.exe | app=d:\spil\tmnationsforever\tmforever.exe |
UDP Query User{5E996A39-BDFC-4E21-9EF9-579F814CCC17}C:\program files (x86)\steam\steamapps\zakaryn\counter-strike source\hl2.exe -> profile=public | protocol=17 | dir=in | action=allow | name=hl2 | app=c:\program files (x86)\steam\steamapps\zakaryn\counter-strike source\hl2.exe |
UDP Query User{64D8E74E-2CE1-4FA1-94B3-C6BEEF3D1195}D:\programmer\warcraft iii\war3.exe -> profile=public | protocol=17 | dir=in | action=allow | name=warcraft iii | app=d:\programmer\warcraft iii\war3.exe |
UDP Query User{736DD725-88FF-4A78-8C23-72397AAF0904}D:\programmer\xfire\xfire.exe -> profile=public | protocol=17 | dir=in | action=allow | name=xfire | app=d:\programmer\xfire\xfire.exe |
UDP Query User{7652537D-B6A2-4DA2-B03E-387C9A786F35}D:\programmer\mohaa\mohaa.exe -> profile=public | protocol=17 | dir=in | action=allow | name=medal of honor allied assault(tm) | app=d:\programmer\mohaa\mohaa.exe |
UDP Query User{846590F7-93D1-428C-B6F2-E2C520F4EC1F}D:\programmer\steam\steam installeret\steamapps\frandsen\counter-strike\hl.exe -> profile=public | protocol=17 | dir=in | action=allow | name=half-life launcher | app=d:\programmer\steam\steam installeret\steamapps\frandsen\counter-strike\hl.exe |
UDP Query User{BECBF5F5-131D-4A2A-BD31-A0A57A177785}D:\warcraft iii\war3.exe -> profile=public | protocol=17 | dir=in | action=allow | name=warcraft iii | app=d:\warcraft iii\war3.exe |
UDP Query User{DE7C11B0-1D17-4BF7-81BF-503321284C4F}D:\spil\tmnationsforever\tmforever.exe -> profile=private | protocol=17 | dir=in | action=allow | name=tmforever | app=d:\spil\tmnationsforever\tmforever.exe |
UDP Query User{F1F82C3E-7F53-45BB-9B81-B6F86CAA28FC}C:\program files (x86)\hlsw\hlsw.exe -> profile=public | protocol=17 | dir=in | action=allow | name=hlsw application | app=c:\program files (x86)\hlsw\hlsw.exe |
UDP Query User{F4245306-E265-4033-8A15-97F9E2B8B087}C:\program files (x86)\garena\garena.exe -> profile=public | protocol=17 | dir=in | action=allow | name=garena | app=c:\program files (x86)\garena\garena.exe |
UDP Query User{FCF3BE40-481E-46CD-B3C5-0593A58C2326}D:\programmer\mirc\mirc.exe -> profile=public | protocol=17 | dir=in | action=allow | name=mirc | app=d:\programmer\mirc\mirc.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
“AutoRun” -> 1 ->
“DisplayName” -> CD-ROM Driver ->
“ImagePath” -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009-05-01 03:36:06 | 000,147,456 |——| M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
64bit-comfile [open] -> “%1” %* -> File not found
64bit-exefile [open] -> “%1” %* -> File not found
comfile [open] -> “%1” %* ->
exefile [open] -> “%1” %* ->
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> “%1” %* ->
.exe [@ = exefile] -> “%1” %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> “%1” %* ->
.exe [@ = exefile] -> “%1” %* ->

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\Win7\Desktop\OTS.exe -> [2010-09-04 10:16:28 | 000,641,024 |——| C] (OldTimer Tools)
32788R22FWJFW -> C:\32788R22FWJFW -> [2010-09-04 09:52:36 | 000,000,000 | R—D | C]
pss -> C:\Windows\pss -> [2010-09-03 13:23:27 | 000,000,000 |—-D | C]
fixshell.exe -> C:\Users\Win7\Desktop\fixshell.exe -> [2010-09-03 11:24:20 | 000,049,504 |——| C] (Prevx)
mlxjhwkcm -> C:\Users\Win7\AppData\Local\mlxjhwkcm -> [2010-09-03 09:42:27 | 000,000,000 |—-D | C]
.COMMgr -> C:\Users\Win7\.COMMgr -> [2010-09-03 09:41:59 | 000,000,000 | -HSD | C]
Windows Server -> C:\Users\Win7\AppData\Local\Windows Server -> [2010-09-03 09:41:28 | 000,000,000 |—-D | C]
0A5A26F3EC641E14C5410D5BC10C1F21 -> C:\Users\Win7\AppData\Roaming\0A5A26F3EC641E14C5410D5BC10C1F21 -> [2010-09-03 09:41:23 | 000,000,000 |—-D | C]
DVDVideoSoftIEHelpers -> C:\Users\Win7\AppData\Roaming\DVDVideoSoftIEHelpers -> [2010-08-27 12:49:54 | 000,000,000 |—-D | C]
DVDVideoSoft -> C:\Users\Win7\Documents\DVDVideoSoft -> [2010-08-27 12:49:49 | 000,000,000 |—-D | C]
DVDVideoSoft -> C:\Program Files (x86)\DVDVideoSoft -> [2010-08-27 12:49:47 | 000,000,000 |—-D | C]
DVDVideoSoft -> C:\Program Files (x86)\Common Files\DVDVideoSoft -> [2010-08-27 12:49:43 | 000,000,000 |—-D | C]
VOIPlay -> C:\Users\Win7\AppData\Roaming\VOIPlay -> [2010-08-12 20:48:43 | 000,000,000 |—-D | C]
VOIPlay -> C:\ProgramData\VOIPlay -> [2010-08-12 20:48:43 | 000,000,000 |—-D | C]
War3Unin.exe -> C:\Windows\War3Unin.exe -> [2010-08-12 14:59:54 | 000,139,264 |——| C] (Blizzard Entertainment)
DAEMON Tools Lite -> C:\Program Files (x86)\DAEMON Tools Lite -> [2010-08-12 14:54:25 | 000,000,000 |—-D | C]
DAEMON Tools Toolbar -> C:\Program Files (x86)\DAEMON Tools Toolbar -> [2010-08-12 14:49:26 | 000,000,000 |—-D | C]
DAEMON Tools Lite -> C:\ProgramData\DAEMON Tools Lite -> [2010-08-12 14:48:49 | 000,000,000 |—-D | C]
DAEMON Tools Lite -> C:\Users\Win7\AppData\Roaming\DAEMON Tools Lite -> [2010-08-12 14:43:41 | 000,000,000 |—-D | C]
DAEMON Tools Net -> C:\ProgramData\DAEMON Tools Net -> [2010-08-12 14:39:08 | 000,000,000 |—-D | C]
DAEMON Tools Net -> C:\Users\Win7\AppData\Roaming\DAEMON Tools Net -> [2010-08-12 14:39:03 | 000,000,000 |—-D | C]
Warcraft III and The Frozen Throne -> C:\Users\Win7\Desktop\Warcraft III and The Frozen Throne -> [2010-08-12 14:36:30 | 000,000,000 |—-D | C]
BUG NADE -> C:\Users\Win7\Desktop\BUG NADE -> [2010-08-11 00:14:04 | 000,000,000 |—-D | C]
speed -> C:\Users\Win7\Desktop\speed -> [2010-08-07 20:41:25 | 000,000,000 |—-D | C]

[Files/Folders - Modified Within 30 Days]
NTUSER.DAT -> C:\Users\Win7\NTUSER.DAT -> [2010-09-04 10:18:05 | 002,359,296 | -HS- | M] ()
OTS.exe -> C:\Users\Win7\Desktop\OTS.exe -> [2010-09-04 10:16:30 | 000,641,024 |——| M] (OldTimer Tools)
ComboFix.exe -> C:\Users\Win7\Desktop\ComboFix.exe -> [2010-09-04 09:50:20 | 003,835,232 |——| M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010-09-04 09:48:56 | 000,000,006 | -H—| M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2010-09-04 09:48:55 | 000,067,584 |—S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010-09-04 09:48:50 | 529,883,135 | -HS- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010-09-03 18:53:52 | 000,009,584 | -H—| M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010-09-03 18:53:52 | 000,009,584 | -H—| M] ()
dds.scr -> C:\Users\Win7\Desktop\dds.scr -> [2010-09-03 17:47:38 | 000,525,824 |——| M] ()
rkill.exe -> C:\Users\Win7\Desktop\rkill.exe -> [2010-09-03 15:28:53 | 000,363,520 |——| M] ()
rkill.scr -> C:\Users\Win7\Desktop\rkill.scr -> [2010-09-03 15:26:39 | 000,363,520 |——| M] ()
Malwarebytes’ Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes’ Anti-Malware.lnk -> [2010-09-03 11:57:05 | 000,000,694 |——| M] ()
fixshell.exe -> C:\Users\Win7\Desktop\fixshell.exe -> [2010-09-03 11:14:36 | 000,049,504 |——| M] (Prevx)
IconCache.db -> C:\Users\Win7\AppData\Local\IconCache.db -> [2010-09-03 10:16:30 | 009,222,584 | -H—| M] ()
Default.rdp -> C:\Users\Win7\Documents\Default.rdp -> [2010-09-01 10:09:35 | 000,002,014 | -H—| M] ()
Universal Anticheat 2.lnk -> C:\Users\Public\Desktop\Universal Anticheat 2.lnk -> [2010-08-31 23:58:49 | 000,000,698 |——| M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2010-08-27 21:08:22 | 001,239,876 |——| M] ()
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2010-08-27 21:08:22 | 000,606,992 |——| M] ()
perfh006.dat -> C:\Windows\SysNative\perfh006.dat -> [2010-08-27 21:08:22 | 000,460,912 |——| M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2010-08-27 21:08:22 | 000,103,370 |——| M] ()
perfc006.dat -> C:\Windows\SysNative\perfc006.dat -> [2010-08-27 21:08:22 | 000,076,482 |——| M] ()
DVDVideoSoft Free Studio.lnk -> C:\Users\Win7\Desktop\DVDVideoSoft Free Studio.lnk -> [2010-08-27 12:49:52 | 000,001,243 |——| M] ()
vaext -> C:\Users\Win7\vaext -> [2010-08-18 00:15:28 | 000,000,016 | -H—| M] ()
.vsysd -> C:\Users\Win7\.vsysd -> [2010-08-18 00:15:28 | 000,000,016 | -H—| M] ()
VOIPlay.lnk -> C:\Users\Public\Desktop\VOIPlay.lnk -> [2010-08-12 20:48:44 | 000,000,742 |——| M] ()
War3Unin.dat -> C:\Windows\War3Unin.dat -> [2010-08-12 15:03:39 | 000,060,841 |——| M] ()
Frozen Throne.lnk -> C:\Users\Win7\Desktop\Frozen Throne.lnk -> [2010-08-12 15:02:59 | 000,000,827 |——| M] ()
War3Unin.pif -> C:\Windows\War3Unin.pif -> [2010-08-12 15:02:33 | 000,002,829 |——| M] ()
War3Unin.exe -> C:\Windows\War3Unin.exe -> [2010-08-12 15:02:32 | 000,139,264 |——| M] (Blizzard Entertainment)
Warcraft III.lnk -> C:\Users\Win7\Desktop\Warcraft III.lnk -> [2010-08-12 14:59:58 | 000,000,822 |——| M] ()
sptd.sys -> C:\Windows\SysNative\drivers\sptd.sys -> [2010-08-12 14:54:44 | 000,834,544 |——| M] ()
DAEMON Tools Lite.lnk -> C:\Users\Public\Desktop\DAEMON Tools Lite.lnk -> [2010-08-12 14:54:44 | 000,001,954 |——| M] ()
Steam.lnk -> C:\Users\Public\Desktop\Steam.lnk -> [2010-08-12 14:34:27 | 000,000,854 |——| M] ()
http://www.AllSubs.org_2012-da-2009-maxspeed-www-torentz-3-xforum-ro_94758.zip -> C:\Users\Win7\Desktop\www.AllSubs.org_2012-da-2009-maxspeed-www-torentz-3-xforum-ro_94758.zip -> [2010-08-11 19:47:43 | 000,039,392 |——| M] ()
274404.zip -> C:\Users\Win7\Desktop\274404.zip -> [2010-08-11 19:43:02 | 000,025,385 |——| M] ()
278288.zip -> C:\Users\Win7\Desktop\278288.zip -> [2010-08-11 19:41:10 | 000,038,109 |——| M] ()
280983.rar -> C:\Users\Win7\Desktop\280983.rar -> [2010-08-11 17:55:26 | 000,039,213 |——| M] ()
BUG NADE by linden 8min in the demo.rar -> C:\Users\Win7\Desktop\BUG NADE by linden 8min in the demo.rar -> [2010-08-11 00:14:28 | 003,815,838 |——| M] ()
speed.rar -> C:\Users\Win7\Desktop\speed.rar -> [2010-08-07 20:43:04 | 005,069,367 |——| M] ()

[Files - No Company Name]
ComboFix.exe -> C:\Users\Win7\Desktop\ComboFix.exe -> [2010-09-04 09:50:16 | 003,835,232 |——| C] ()
dds.scr -> C:\Users\Win7\Desktop\dds.scr -> [2010-09-03 17:47:36 | 000,525,824 |——| C] ()
rkill.exe -> C:\Users\Win7\Desktop\rkill.exe -> [2010-09-03 15:28:51 | 000,363,520 |——| C] ()
rkill.scr -> C:\Users\Win7\Desktop\rkill.scr -> [2010-09-03 15:26:38 | 000,363,520 |——| C] ()
OpenOffice.org 3.1.lnk -> C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk -> [2010-09-03 13:28:29 | 000,001,239 |——| C] ()
DVDVideoSoft Free Studio.lnk -> C:\Users\Win7\Desktop\DVDVideoSoft Free Studio.lnk -> [2010-08-27 12:49:49 | 000,001,243 |——| C] ()
vaext -> C:\Users\Win7\vaext -> [2010-08-18 00:15:28 | 000,000,016 | -H—| C] ()
.vsysd -> C:\Users\Win7\.vsysd -> [2010-08-18 00:15:28 | 000,000,016 | -H—| C] ()
VOIPlay.lnk -> C:\Users\Public\Desktop\VOIPlay.lnk -> [2010-08-12 20:48:44 | 000,000,742 |——| C] ()
Frozen Throne.lnk -> C:\Users\Win7\Desktop\Frozen Throne.lnk -> [2010-08-12 15:02:59 | 000,000,827 |——| C] ()
Warcraft III.lnk -> C:\Users\Win7\Desktop\Warcraft III.lnk -> [2010-08-12 14:59:58 | 000,000,822 |——| C] ()
War3Unin.dat -> C:\Windows\War3Unin.dat -> [2010-08-12 14:59:55 | 000,060,841 |——| C] ()
War3Unin.pif -> C:\Windows\War3Unin.pif -> [2010-08-12 14:59:54 | 000,002,829 |——| C] ()
DAEMON Tools Lite.lnk -> C:\Users\Public\Desktop\DAEMON Tools Lite.lnk -> [2010-08-12 14:54:44 | 000,001,954 |——| C] ()
sptd.sys -> C:\Windows\SysNative\drivers\sptd.sys -> [2010-08-12 14:43:57 | 000,834,544 |——| C] ()
ny.srt -> C:\Users\Win7\Desktop\ny.srt -> [2010-08-11 19:47:54 | 000,097,362 |——| C] ()
http://www.AllSubs.org_2012-da-2009-maxspeed-www-torentz-3-xforum-ro_94758.zip -> C:\Users\Win7\Desktop\www.AllSubs.org_2012-da-2009-maxspeed-www-torentz-3-xforum-ro_94758.zip -> [2010-08-11 19:47:43 | 000,039,392 |——| C] ()
2012.Doomsday.DVDRip.XviD-DEViSE (editeret).srt -> C:\Users\Win7\Desktop\2012.Doomsday.DVDRip.XviD-DEViSE (editeret).srt -> [2010-08-11 19:43:07 | 000,066,916 |——| C] ()
274404.zip -> C:\Users\Win7\Desktop\274404.zip -> [2010-08-11 19:43:02 | 000,025,385 |——| C] ()
2012.srt -> C:\Users\Win7\Desktop\2012.srt -> [2010-08-11 19:41:17 | 000,098,147 |——| C] ()
278288.zip -> C:\Users\Win7\Desktop\278288.zip -> [2010-08-11 19:41:09 | 000,038,109 |——| C] ()
2012 R5 LINE XviD-MDMA CD2.srt -> C:\Users\Win7\Desktop\2012 R5 LINE XviD-MDMA CD2.srt -> [2010-08-11 17:56:21 | 000,050,675 |——| C] ()
2012 R5 LINE XviD-MDMA CD1.srt -> C:\Users\Win7\Desktop\2012 R5 LINE XviD-MDMA CD1.srt -> [2010-08-11 17:56:21 | 000,047,113 |——| C] ()
280983.rar -> C:\Users\Win7\Desktop\280983.rar -> [2010-08-11 17:55:26 | 000,039,213 |——| C] ()
BUG NADE by linden 8min in the demo.rar -> C:\Users\Win7\Desktop\BUG NADE by linden 8min in the demo.rar -> [2010-08-11 00:14:27 | 003,815,838 |——| C] ()
speed.rar -> C:\Users\Win7\Desktop\speed.rar -> [2010-08-07 20:43:03 | 005,069,367 |——| C] ()
xfcodec.dll -> C:\Windows\SysWow64\xfcodec.dll -> [2010-07-09 21:04:40 | 000,041,872 |——| C] ()
psconv.ini -> C:\Windows\SysWow64\psconv.ini -> [2010-06-20 12:49:00 | 000,000,164 |——| C] ()
game.ini -> C:\Windows\game.ini -> [2010-01-27 15:34:44 | 000,000,284 |——| C] ()
IconCache.db -> C:\Users\Win7\AppData\Local\IconCache.db -> [2010-01-12 17:20:37 | 009,222,584 | -H—| C] ()
unrar.dll -> C:\Windows\SysWow64\unrar.dll -> [2009-12-28 12:33:41 | 000,178,176 |——| C] ()
FCIC.INI -> C:\Windows\FCIC.INI -> [2009-12-01 17:53:12 | 000,002,528 |——| C] ()
nvUnsupRes.dat -> C:\ProgramData\nvUnsupRes.dat -> [2009-11-24 20:33:52 | 000,000,075 |——| C] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Win7\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009-06-30 23:20:31 | 000,061,736 |——| C] ()
nvimage.dll -> C:\Windows\SysWow64\nvimage.dll -> [2009-06-10 06:31:04 | 000,089,088 |——| C] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2009-04-22 11:45:18 | 000,037,665 |——| C] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2009-04-22 11:45:18 | 000,029,779 |——| C] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2009-04-22 11:45:18 | 000,026,489 |——| C] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2009-04-22 11:45:18 | 000,026,040 |——| C] ()
desktop.ini -> C:\Program Files\desktop.ini -> [2009-04-22 11:08:55 | 000,000,174 | -HS- | C] ()
desktop.ini -> C:\Program Files (x86)\desktop.ini -> [2009-04-22 11:08:55 | 000,000,174 | -HS- | C] ()
BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009-04-22 05:40:32 | 000,064,000 |——| C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009-04-22 03:04:20 | 000,364,544 |——| C] ()
physxcudart_20.dll -> C:\Windows\SysWow64\physxcudart_20.dll -> [2008-10-07 09:13:30 | 000,197,912 |——| C] ()
AgCPanelTraditionalChinese.dll -> C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll -> [2008-10-07 09:13:22 | 000,058,648 |——| C] ()
AgCPanelSwedish.dll -> C:\Windows\SysWow64\AgCPanelSwedish.dll -> [2008-10-07 09:13:20 | 000,058,648 |——| C] ()
AgCPanelSpanish.dll -> C:\Windows\SysWow64\AgCPanelSpanish.dll -> [2008-10-07 09:13:20 | 000,058,648 |——| C] ()
AgCPanelSimplifiedChinese.dll -> C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll -> [2008-10-07 09:13:20 | 000,058,648 |——| C] ()
AgCPanelPortugese.dll -> C:\Windows\SysWow64\AgCPanelPortugese.dll -> [2008-10-07 09:13:20 | 000,058,648 |——| C] ()
AgCPanelKorean.dll -> C:\Windows\SysWow64\AgCPanelKorean.dll -> [2008-10-07 09:13:20 | 000,058,648 |——| C] ()
AgCPanelJapanese.dll -> C:\Windows\SysWow64\AgCPanelJapanese.dll -> [2008-10-07 09:13:20 | 000,058,648 |——| C] ()
AgCPanelGerman.dll -> C:\Windows\SysWow64\AgCPanelGerman.dll -> [2008-10-07 09:13:20 | 000,058,648 |——| C] ()
AgCPanelFrench.dll -> C:\Windows\SysWow64\AgCPanelFrench.dll -> [2008-10-07 09:13:20 | 000,058,648 |——| C] ()
< End of report >

det var en ordentlig omgang…

Jep, så tænk på ham der skal tjekke den    

Narh seriøst, kender du de Zip og Rar filer/mapper der ligger på skrivebordet ?

Hent Oldtimers OTMoveIt herfra:
http://oldtimer.geekstogo.com/OTM.exe
Kør programmet, og kopier nedestående med fed skrift ind i det venstre felt:

:processes
explorer.exe
:Files
C:\Users\Win7\AppData\Local\mlxjhwkcm
C:\Users\Win7\AppData\Local\Windows Server
C:\Users\Win7\Desktop\ComboFix.exe
C:\Users\Win7\vaext
C:\Users\Win7\.vsysd
:Commands
[emptytemp]
[start explorer]
[Reboot]

Klik på MoveIt, og følg instruksionerne. Du vil muligvis blive bedt om at genstarte computeren, hvilket du skal acceptere. Når OTMoveIt er færdig vil der i højre side kunne findes noget tekst.

Kopier indholdet af denne tekst herind i tråden til gennemsyn, og lad os høre hvordan tingene kører nu ?

Logfilen kan også findes i den nyeste undermappe til %systemdrive%\_OTMoveIt\MovedFiles\

Tænker på ham der skal tjekke den - og er super glad for at vedkommende vil - tak indtil nu!

sortskærm er stadig tilfældet.

zip og rar.filerne kender jeg til. (skal jeg slette dem?)

Her er log:

All processes killed
Error: Unable to interpret <C:\Users\Win7\AppData\Local\mlxjhwkcm> in the current context!
Error: Unable to interpret <C:\Users\Win7\AppData\Local\Windows Server> in the current context!
Error: Unable to interpret <C:\Users\Win7\Desktop\ComboFix.exe> in the current context!
Error: Unable to interpret <C:\Users\Win7\vaext > in the current context!
Error: Unable to interpret <C:\Users\Win7\.vsysd > in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Win7
->Temp folder emptied: 999789706 bytes
->Temporary Internet Files folder emptied: 1264324274 bytes
->Java cache emptied: 39329587 bytes
->Flash cache emptied: 75772 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20906079 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84793 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.217,00 mb


OTM by OldTimer - Version 3.1.15.0 log created on 09052010_094806
C:\Users\Win7\AppData\Local\mlxjhwkcm folder moved successfully.

OTM by OldTimer - Version 3.1.15.0 log created on 09052010_094806

Ja, slet de filer/mapper, du kan evt lade dem ligge i papirkurven et par dage - for en sikkerheds skyld.

og nu står jeg med sortskærm når skrivebordet skal til at dukke op.

Nu kender jeg ikke win7, men kommer du ikke ind i Windows ?

De er slettet nu.

Når jeg starter pc’en op, ser jeg alt det normale “bios reklame”, “hardware info” ,“Windows starting” , men så når “windows starting” forsvinder, og her skulle skrivebordet jo så dukke op, så kommer der bare sortskærm med musen i midten. Jeg kan ikke højre klikke eller noget. Kun via joblisten kan jeg bruge computeren som jeg gør nu.

Prøv lige og kør OTS igen.

Der vil nu åbne en tekst fil, gem den som OTS.txt et sted hvor du kan finde den igen
Den fil skal du lægge herind som en vedhæftet fil, det gør du sådan >

Gå ind i din tråd, klik på ”Skriv Svar” > Klik på ”Vedhæft filer til dette indlæg” > Gennemse > Find filen og klik på den for at vedhæfte > klik ”Send indlæg”. 

Jeg kender ikke Win7 men prøv om du kan dette.

Har du prøvet om du kan systemgendanne tilbage hvor det virkede.

Genstart din PC, når du ser computerens hardware blive opført så tryk på “F8” – tasten gentagne gange, indtil du kan vælge flere startindstillinger. Hvis du trykker F8 for tidligt så genstart og prøv igen.

Vælg så  > “Fejlsikret tilstand med command prompt.”
Skriv dette ved prompt:

C:\Windows\System32\rstrui.exe

Vælg en dato hvor du ved den virkede.

Kunne du det??

Her er den vedhæftet - jeg prøver lige det med at “skrue tiden tilbage”.

Jeg kunne godt komme ind i systemgendannelsesindstillingen, Men, jeg kunne ikke vælge nogle steder “tilbage i tid”, der var et forslag om at gendanne til klokken 10.30 i morges.. hmm. Jeg kan ikke vælge en anden dato - jeg kan ikke se hvor jeg skal vælge anden dato.. og jeg kiggede grundigt..

Der var nu ikke noget i den logfil der var alarmerende.

Åbn OTS, kopier teksten med fed skrift ind under Pasta Fix Here klik på Run Fix

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: “ProxyServer” -> http=127.0.0.1:6092
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NY -> “ncrowexmas.exe” -> C:\Users\Win7\AppData\Local\Temp\ncrowexmas.exe [“C:\Users\Win7\AppData\Local\Temp\ncrowexmas.exe”]
[Files/Folders - Created Within 30 Days]
NY ->  32788R22FWJFW -> C:\32788R22FWJFW
NY ->  .COMMgr -> C:\Users\Win7\.COMMgr
NY ->  Windows Server -> C:\Users\Win7\AppData\Local\Windows Server
NY ->  0A5A26F3EC641E14C5410D5BC10C1F21 -> C:\Users\Win7\AppData\Roaming\0A5A26F3EC641E14C5410D5BC10C1F21
[Files/Folders - Modified Within 30 Days]
NY ->  ComboFix.exe -> C:\Users\Win7\Desktop\ComboFix.exe
[Empty Temp Folders]
[Start Explorer]
[Reboot]

Der vil åbne en logfil efter genstart, kopier den tekst herind.

Hvis du har en installations dvd så læg den i drevet, ellers prøv uden om du kan køre en sfc /scannow

Prøv om du kan åbne en ”command prompt” skriv sfc /scannow tast Enter.
Husk mellemrum efter sfc.

Det vil kontroller dine systemfiler

Kunne du det ?

Har du installations eller recovery dvd´r ??

PS: Prøv også at starte op i “Fejlsikret tilstand”, er der en mulighed for at vælge noget i retning af “Sidste opstart som virkede”, så prøv det.

Ellers må du prøve at starte op på din dvd og køre en “Repair”.

All Processes Killed
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\“ProxyServer” not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\“ncrowexmas.exe” not found.
File C:\Users\Win7\AppData\Local\Temp\ncrowexmas.exe not found.
[Files/Folders - Created Within 30 Days]
C:\32788R22FWJFW\N_ folder moved successfully.
C:\32788R22FWJFW\License folder moved successfully.
C:\32788R22FWJFW\EN-US folder moved successfully.
C:\32788R22FWJFW folder moved successfully.
C:\Users\Win7\.COMMgr folder moved successfully.
C:\Users\Win7\AppData\Local\Windows Server folder moved successfully.
C:\Users\Win7\AppData\Roaming\0A5A26F3EC641E14C5410D5BC10C1F21 folder moved successfully.
[Files/Folders - Modified Within 30 Days]
C:\Users\Win7\Desktop\ComboFix.exe moved successfully.
[Empty Temp Folders]


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Win7
->Temp folder emptied: 13006 bytes
->Temporary Internet Files folder emptied: 26041819 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1903762 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 27,00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.36.0 fix logfile created on 09072010_100328

Files\Folders moved on Reboot…
C:\Users\Win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FXIZ5Z5T\P15[2].htm moved successfully.

Registry entries deleted on Reboot…

Jeg har desværre ingen recovery/windows cd, jeg har win7 utimate, prøveversion..

jeg har win7 utimate, prøveversion..

Vil det sige, at du har download den fra nettet, hvis ja så må du købe dig en ny ”Windows” styresystem.
Den prøveversion kører vel ikke evig.

Kunne du køre den ”sfc /scannow og hjalp det.
Ellers må du ud og købe ny ”Windows”.