I have a problem. My svchost.exe shows an error like "memory not written". Thus computer need restarting every time it shows it.
I tried my best to solve this but i was unable to do it.
I've done a full scan of my computer with Malwarebytes' Anti-Malware and AVG Free in Safe Mode and removed some trojans but that didn't help. I have cleared my temporary files.
These are all the errors that have occurred from the time i started receiving the svchost.exe error that usually pops up 5-20 mins from system startup.
Application error:
"Faulting application svchost.exe, version 5.1.2600.2180, faulting module AcGenral.dll, version 5.1.2600.2993, fault address 0x000116e2."
WinMgmt error:
"WinMgmt could not open the repository file. This could be due to insufficient security access to the "<%SystemRoot%>\System32\WBEM\Repository", insufficient disk space or insufficient memory."(I have at least 4GB of free space in each HD)
ntfs error:
"The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:."(i did with Run the chkdsk but it exits before finishing...)
DCOM error:
"DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}"
sr error:
"The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume."
sfssync02 error:
"The description for Event ID ( 12 ) in Source ( sfsync02 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: ."
Another piece of information is that when this began i believe i saw an AVG infection warning in a file name "x.exe" in Windows folder - it was a trojan but i don't remember the name.
Thank you,
Pasty.
EDIT: Another interesting thing that i failed to notice for some reason - right after i log on my computer it gives a message "To help protect your computer, Windows has closed this program.
Name: Windows Explorer
Publisher: Microsoft Corporation"
But explorer.exe is still running.
EDIT2: Malwarebytes keep showing 2 infected registry keys and 1 infected file in WINDOWS/System32 folder. They are supposed to be deleted on reboot but they are still there after several attempts.
And instead of waiting for you to ask(since from the cleaning guide i guess you will ask) i did a RootRepeal and OTL scan so...
OTL.txt:
OTL logfile created on: 2009.10.17. 22:53:58 - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\X\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000426 | Country: Latvia | Language: LVI | Date Format: yyyy.MM.dd.
2,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,59% Memory free
3,85 Gb Paging File | 3,67 Gb Available in Paging File | 95,36% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 5,30 Gb Free Space | 10,86% Space Free | Partition Type: NTFS
Drive D: | 257,93 Gb Total Space | 7,64 Gb Free Space | 2,96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: 0AAC018C624448F
Current User Name: X
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009.10.17 22:52:56 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\X\Desktop\OTL.exe
PRC - [2009.08.24 23:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2006.10.15 18:38:20 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
========== Win32 Services (SafeList) ==========
SRV - [2009.10.17 20:06:02 | 06,600,704 | ---- | M] () -- C:\WINDOWS\system\VMwareService.exe -- (VMwareService [Auto | Stopped])
SRV - [2009.10.15 16:21:48 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2009.09.18 14:03:34 | 00,189,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Auto | Stopped])
SRV - [2009.08.16 09:37:45 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Stopped])
SRV - [2009.08.13 21:22:19 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Stopped])
SRV - [2009.08.03 15:45:30 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Stopped])
SRV - [2009.07.25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2009.06.14 15:29:49 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2009.01.15 08:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2008.09.10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008.09.10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2008.08.29 22:00:00 | 00,065,536 | ---- | M] (CodeGear) -- D:\Program Files\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe -- (BlackfishSQL [Auto | Stopped])
SRV - [2008.08.29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2008.04.17 19:13:44 | 05,750,784 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- (wampmysqld [On_Demand | Stopped])
SRV - [2008.01.18 01:37:26 | 00,024,635 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -- (wampapache [On_Demand | Stopped])
SRV - [2006.11.15 16:57:58 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Stopped])
SRV - [2006.10.18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006.06.05 13:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2005.09.23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005.09.23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005.09.21 14:13:44 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe -- (mi-raysat_3dsmax8 [Auto | Stopped])
SRV - [2005.08.03 00:18:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2005.04.04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004.08.04 01:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2003.07.28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.draugiem.lv/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.lv/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.17
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090813W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.1
FF - prefs.js..extensions.enabledItems: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82}:1.06
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..network.proxy.backup.ftp: "200.168.132.216"
FF - prefs.js..network.proxy.backup.ftp_port: 6588
FF - prefs.js..network.proxy.backup.gopher: "200.168.132.216"
FF - prefs.js..network.proxy.backup.gopher_port: 6588
FF - prefs.js..network.proxy.backup.socks: "200.168.132.216"
FF - prefs.js..network.proxy.backup.socks_port: 6588
FF - prefs.js..network.proxy.backup.ssl: "200.168.132.216"
FF - prefs.js..network.proxy.backup.ssl_port: 6588
FF - prefs.js..network.proxy.ftp: "89.250.7.160:3128"
FF - prefs.js..network.proxy.gopher: "89.250.7.160:3128"
FF - prefs.js..network.proxy.http: "89.250.7.160:3128"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "89.250.7.160:3128"
FF - prefs.js..network.proxy.ssl: "89.250.7.160:3128"
FF - prefs.js..network.proxy.type: 1
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009.06.26 10:50:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.01.12 22:30:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.09.27 00:02:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.09.27 00:02:52 | 00,000,000 | ---D | M]
[2009.03.12 21:23:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\mozilla\Extensions
[2009.03.12 21:23:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.10.16 23:54:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\mozilla\Firefox\Profiles\g7fuavwx.default\extensions
[2009.09.11 13:48:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\mozilla\Firefox\Profiles\g7fuavwx.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2009.10.09 07:32:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\mozilla\Firefox\Profiles\g7fuavwx.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2008.07.27 05:04:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\mozilla\Firefox\Profiles\g7fuavwx.default\extensions\{2BBFBA75-28BC-41fb-AD3D-885B90892C00}
[2009.08.29 17:19:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\mozilla\Firefox\Profiles\g7fuavwx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.09.27 00:20:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\mozilla\Firefox\Profiles\g7fuavwx.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2008.11.15 12:36:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\mozilla\Firefox\Profiles\g7fuavwx.default\extensions\[email protected]
[2009.06.18 13:28:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\mozilla\Firefox\Profiles\g7fuavwx.default\extensions\[email protected]
[2009.09.11 13:48:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\mozilla\Firefox\Profiles\g7fuavwx.default\extensions\[email protected]
[2009.09.11 13:48:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\mozilla\Firefox\Profiles\g7fuavwx.default\extensions\[email protected]
[2009.10.16 23:54:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007.11.22 17:09:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.09.27 00:02:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008.11.22 15:33:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2008.03.12 15:38:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008.07.12 10:28:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009.01.12 22:30:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.04.07 22:05:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.09.26 23:50:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.08.24 23:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009.08.24 23:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009.07.25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009.08.24 23:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008.10.14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008.06.21 11:27:26 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008.09.18 18:16:59 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008.06.21 11:27:32 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008.06.21 11:27:25 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009.02.02 18:15:00 | 03,771,296 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2009.08.24 21:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009.08.24 21:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009.08.24 21:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009.08.24 21:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009.08.24 21:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009.08.24 21:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009.08.24 21:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (1218 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (Tildes Birojs) - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2005\IEjosla.dll (SIA Tilde)
O2 - BHO: (Skype add-on (mastermind)) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - D:\AGTH\ATLIECP.DLL (FUJITSU LIMITED)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: () - {DC409FDE-2C56-409B-83F7-8081A0DA73A5} - C:\WINDOWS\System32\xdtfvzr.dll ()
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Tildes Birojs) - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2005\IEjosla.dll (SIA Tilde)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - D:\AGTH\ATLIECP.DLL (FUJITSU LIMITED)
O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Java™ ME platform SDK 3.0, EA] C:\Java_ME_platform_SDK_3.0_EA\bin\device-manager.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mdiction] C:\Program Files\Tildes Birojs 2005\MDICTION.EXE (Sabiedr?ba Tilde)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Pianists] C:\Program Files\Tildes Birojs 2005\Pianists.exe (SIA Tilde)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMax] C:\Program Files\Analog Devices\SoundMAX\smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [w3dr.exe] D:\Program Files\Warcraft III\w3dr.exe (VT Software)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\X\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Translate with ATLAS - D:\AGTH\Atlscript.html ()
O8 - Extra context menu item: &Translate with Tilde Computer Dictionary - C:\Program Files\Tildes Birojs 2005\TDVLauncher.DLL ()
O8 - Extra context menu item: &Tulkot ar Tildes Datorvārdnīcu - C:\Program Files\Tildes Birojs 2005\TDVLauncher.DLL ()
O8 - Extra context menu item: ATLAS Translation &Editor - D:\AGTH\AtlscriptEdit.html ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - D:\AGTH\Atlscript.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.232.169.11 195.122.12.241
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.06.19 15:21:46 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.08.13 21:08:25 | 00,000,000 | ---D | M] - D:\AutoCad2008 -- [ NTFS ]
O33 - MountPoints2\{573c5c78-56b6-11dc-b151-001a92dafa13}\Shell\AutoRun\command - "" = H:\
O33 - MountPoints2\{573c5c78-56b6-11dc-b151-001a92dafa13}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{58f5dfe1-1e8f-11dc-87d8-001a92dafa13}\Shell\AutoRun\command - "" = MSMSGS.EXE
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2009.10.17 19:19:27 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009.10.15 16:22:06 | 00,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
[2009.10.17 22:52:55 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\X\Desktop\OTL.exe
[2009.10.17 22:41:08 | 00,000,000 | ---D | C] -- C:\Avenger
[2009.10.17 20:00:31 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009.10.17 19:18:59 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\X\Desktop\erunt_setup.exe
[2009.10.17 19:10:02 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\X\Desktop\TFC.exe
[2009.10.17 19:05:59 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\X\Desktop\SysRestorePoint.exe
[2009.10.15 19:17:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\X\Desktop\trans
[2009.10.15 07:39:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\X\Desktop\2iso
[2009.10.09 00:08:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\X\Desktop\map
========== Files - Modified Within 14 Days ==========
[2009.10.17 22:52:56 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\X\Desktop\OTL.exe
[2009.10.17 22:46:03 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\gyzdrs.sys
[2009.10.17 22:41:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.10.17 22:35:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.10.17 22:31:37 | 00,197,396 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009.10.17 22:25:40 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.10.17 21:04:40 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.10.17 21:02:43 | 00,000,528 | ---- | M] () -- C:\WINDOWS\Fantastic Flame Screensaver.ini
[2009.10.17 20:06:02 | 06,600,704 | ---- | M] () -- C:\WINDOWS\System\VMwareService.exe
[2009.10.17 19:45:50 | 00,000,000 | RHS- | M] () -- C:\Documents and Settings\All Users\Documents\khv
[2009.10.17 19:19:50 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\X\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009.10.17 19:19:29 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\X\Desktop\ERUNT.lnk
[2009.10.17 19:19:03 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\X\Desktop\erunt_setup.exe
[2009.10.17 19:10:03 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\X\Desktop\TFC.exe
[2009.10.17 19:05:59 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\X\Desktop\SysRestorePoint.exe
[2009.10.17 16:18:49 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\52.scr
[2009.10.17 16:18:39 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\81.scr
[2009.10.17 15:41:35 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009.10.17 12:31:34 | 00,475,820 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.10.17 12:31:34 | 00,404,830 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.10.17 12:31:34 | 00,063,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.10.17 11:42:17 | 42,993,323 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009.10.16 22:26:08 | 00,002,055 | ---- | M] () -- C:\Documents and Settings\X\Desktop\iTunes.lnk
[2009.10.16 13:04:47 | 00,033,037 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009.10.16 07:47:30 | 03,083,412 | ---- | M] () -- C:\Documents and Settings\X\Desktop\dj raaban - drop the base344_Result.mp3
[2009.10.16 01:03:13 | 03,174,000 | -H-- | M] () -- C:\Documents and Settings\X\Local Settings\Application Data\IconCache.db
[2009.10.16 00:54:32 | 03,082,897 | ---- | M] () -- C:\Documents and Settings\X\Desktop\dj raaban - drop the base344.mp3
[2009.10.15 22:27:03 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\X\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.15 19:41:35 | 00,531,552 | ---- | M] () -- C:\Documents and Settings\X\Desktop\wp1m.jpg
[2009.10.15 19:39:46 | 00,381,342 | ---- | M] () -- C:\Documents and Settings\X\Desktop\wp5l.jpg
[2009.10.15 07:47:52 | 00,000,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sniper Elite.lnk
[2009.10.12 00:38:00 | 09,893,888 | ---- | M] () -- C:\Documents and Settings\X\Desktop\Gotta Move It (2)_Result.mp3
[2009.10.12 00:37:03 | 19,783,808 | ---- | M] () -- C:\Documents and Settings\X\Desktop\Gotta Move It (2).mp3
[2009.10.09 00:08:06 | 00,236,956 | ---- | M] () -- C:\Documents and Settings\X\Desktop\chmppro.zip
[2009.10.04 23:23:29 | 16,419,133 | ---- | M] () -- C:\Documents and Settings\X\Desktop\28.mp3
========== Files - No Company Name ==========
[2009.10.17 22:46:03 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\gyzdrs.sys
[2009.10.17 20:06:04 | 06,600,704 | ---- | C] () -- C:\WINDOWS\System\VMwareService.exe
[2009.10.17 19:45:50 | 00,000,000 | RHS- | C] () -- C:\Documents and Settings\All Users\Documents\khv
[2009.10.17 19:45:46 | 00,735,498 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\fueynl.exe
[2009.10.17 19:19:50 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\X\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009.10.17 19:19:29 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\X\Desktop\ERUNT.lnk
[2009.10.17 16:22:28 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.10.17 16:18:40 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\52.scr
[2009.10.17 16:18:34 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\81.scr
[2009.10.16 07:47:20 | 03,083,412 | ---- | C] () -- C:\Documents and Settings\X\Desktop\dj raaban - drop the base344_Result.mp3
[2009.10.16 00:51:59 | 03,082,897 | ---- | C] () -- C:\Documents and Settings\X\Desktop\dj raaban - drop the base344.mp3
[2009.10.15 19:41:26 | 00,531,552 | ---- | C] () -- C:\Documents and Settings\X\Desktop\wp1m.jpg
[2009.10.15 19:39:39 | 00,381,342 | ---- | C] () -- C:\Documents and Settings\X\Desktop\wp5l.jpg
[2009.10.15 07:47:52 | 00,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sniper Elite.lnk
[2009.10.12 00:37:34 | 09,893,888 | ---- | C] () -- C:\Documents and Settings\X\Desktop\Gotta Move It (2)_Result.mp3
[2009.10.12 00:35:26 | 19,783,808 | ---- | C] () -- C:\Documents and Settings\X\Desktop\Gotta Move It (2).mp3
[2009.10.09 00:08:06 | 00,236,956 | ---- | C] () -- C:\Documents and Settings\X\Desktop\chmppro.zip
[2009.10.04 23:20:09 | 16,419,133 | ---- | C] () -- C:\Documents and Settings\X\Desktop\28.mp3
[2009.10.03 01:48:48 | 00,000,528 | ---- | C] () -- C:\WINDOWS\Fantastic Flame Screensaver.ini
[2009.08.03 15:46:15 | 00,139,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.05.03 13:40:04 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009.03.30 23:20:48 | 00,003,120 | ---- | C] () -- C:\WINDOWS\System32\43f1c37a-c8ee-40c4-ae97-245883ef2153.dll
[2009.03.15 21:09:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009.03.07 22:26:15 | 00,005,430 | ---- | C] () -- C:\Documents and Settings\X\Local Settings\Application Data\DC409FDE-2C56-409B-83F7-8081A0DA73A5.txt
[2008.12.11 17:16:05 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008.11.10 01:07:34 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008.11.10 01:07:34 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008.10.07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.09.16 22:13:20 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.09.16 22:13:20 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008.09.16 22:13:19 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.09.16 22:13:19 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.09.16 22:13:18 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.09.16 22:13:18 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.09.16 22:13:18 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.09.16 21:45:36 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2008.09.16 21:45:36 | 00,007,196 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AAC.ini
[2008.09.16 21:45:36 | 00,006,490 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PSP.ini
[2008.09.16 21:45:36 | 00,005,028 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP2_AAC.ini
[2008.09.16 21:45:36 | 00,004,296 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Zune.ini
[2008.09.16 21:45:36 | 00,003,045 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPod.ini
[2008.09.16 21:45:36 | 00,002,956 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PMP.ini
[2008.09.16 21:45:36 | 00,002,910 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AMR.ini
[2008.09.16 21:45:36 | 00,002,516 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PPC.ini
[2008.09.16 21:45:36 | 00,002,175 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPhone.ini
[2008.09.16 21:45:36 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QVGA_AAC.ini
[2008.09.16 21:45:36 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QCIF_AAC.ini
[2008.09.16 21:45:36 | 00,001,878 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Xbox.ini
[2008.09.16 21:45:36 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AMR.ini
[2008.09.16 21:45:36 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AAC.ini
[2008.09.16 21:45:36 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AMR.ini
[2008.09.16 21:45:36 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AAC.ini
[2008.09.16 21:45:36 | 00,001,739 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_AppleTV.ini
[2008.09.16 21:45:36 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\INI_Add_mfra.ini
[2008.09.16 19:56:06 | 00,128,410 | ---- | C] () -- C:\Documents and Settings\X\Application Data\NMM-MetaData.db
[2008.09.14 16:25:47 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008.08.09 13:06:36 | 00,000,271 | ---- | C] () -- C:\WINDOWS\System32\sys409c1.ini
[2008.08.02 23:31:52 | 04,762,112 | ---- | C] () -- C:\WINDOWS\System32\NCMedia.dll
[2008.08.02 23:31:52 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008.06.29 23:24:54 | 03,174,000 | -H-- | C] () -- C:\Documents and Settings\X\Local Settings\Application Data\IconCache.db
[2008.06.04 09:50:36 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2008.05.27 22:06:10 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2008.01.08 16:48:48 | 00,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007.12.21 13:51:41 | 00,000,999 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007.12.21 08:57:54 | 00,000,052 | ---- | C] () -- C:\WINDOWS\MovieEdit.INI
[2007.12.20 05:58:06 | 00,000,080 | RHS- | C] () -- C:\WINDOWS\System32\30B7D1DAC0.dll
[2007.12.20 05:57:59 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\radtools.dll
[2007.12.18 05:41:21 | 00,000,024 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll
[2007.12.18 05:39:31 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.11.20 19:50:09 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007.11.20 19:50:09 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007.11.20 19:50:09 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007.11.20 19:48:28 | 00,000,498 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007.11.15 08:30:37 | 00,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007.10.22 09:02:45 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007.09.30 18:50:36 | 00,002,985 | ---- | C] () -- C:\WINDOWS\my.ini.old
[2007.09.30 18:44:30 | 00,002,985 | ---- | C] () -- C:\WINDOWS\my.ini
[2007.09.20 20:31:49 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2007.08.11 07:25:32 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007.07.19 12:46:12 | 00,000,203 | ---- | C] () -- C:\WINDOWS\GSdx9.INI
[2007.06.21 12:24:23 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.06.20 23:56:00 | 00,000,121 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007.06.19 20:51:57 | 00,000,210 | ---- | C] () -- C:\WINDOWS\GSdx9 sse2.INI
[2007.06.19 20:05:09 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\X\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.19 18:02:50 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007.06.19 17:57:10 | 00,000,127 | ---- | C] () -- C:\WINDOWS\flag.ini
[2007.06.19 15:44:59 | 00,128,976 | ---- | C] () -- C:\Documents and Settings\X\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007.06.19 15:44:26 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007.06.19 15:44:24 | 00,016,561 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007.06.19 15:44:06 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007.06.19 15:25:17 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\X\Application Data\desktop.ini
[2007.06.19 11:21:10 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.06.19 11:18:31 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\BCGPOleAcc.dll
[2007.06.19 11:15:30 | 00,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007.06.19 11:09:08 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007.03.22 05:50:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.03.22 05:50:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.03.22 05:50:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.03.22 05:50:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.03.22 05:50:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.03.18 16:16:04 | 02,041,363 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2005.12.07 12:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005.08.03 00:24:01 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005.02.05 23:46:00 | 00,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2004.05.05 17:05:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\KbdLvTP.dll
[2004.05.05 17:05:40 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\KbdLvTU.dll
[2004.05.05 17:05:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\KbdLvAP.dll
[2004.05.05 17:04:34 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\KbdLvAU.dll
[2003.01.07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.08.09 17:00:00 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\WSIHK32.DLL
[2002.08.09 17:00:00 | 00,131,584 | ---- | C] () -- C:\WINDOWS\System32\WSIWIN32.DLL
[2001.08.23 15:00:00 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\xdtfvzr.dll
[2001.08.23 15:00:00 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\acptlfz.dll
[2001.08.23 15:00:00 | 00,000,624 | ---- | C] () -- C:\WINDOWS\win.ini
[2001.08.23 15:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
========== LOP Check ==========
[2009.09.17 20:48:18 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009.04.05 14:40:48 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0C3BE91F-5194-44C0-80FF-246E0251D2BD}
[2009.04.05 14:42:53 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2A1601C1-08A4-41E8-A2AA-44C40EDBAA2D}
[2008.09.18 18:17:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009.04.05 14:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{65B1AA84-C1DF-4A2E-A28C-E242BD7DE4B3}
[2009.06.14 15:53:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM
[2009.08.13 21:20:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009.04.05 14:31:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CodeGear
[2007.06.19 11:17:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008.09.16 19:41:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009.09.17 20:48:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor
[2009.04.08 14:21:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Embarcadero
[2009.03.30 19:45:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008.08.09 17:32:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCreator
[2008.07.16 00:05:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JH Software
[2009.08.16 14:15:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paradox Interactive
[2008.09.16 19:41:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009.04.25 09:27:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008.03.16 08:23:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009.08.08 17:19:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XBlades
[2009.10.01 00:08:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data
[2007.11.03 10:35:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Aegisub
[2007.06.28 14:05:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Ahead
[2008.01.08 16:50:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\ArcSoft
[2009.09.19 21:18:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Autodesk
[2008.01.08 16:50:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Canon
[2009.04.05 14:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\CodeGear
[2009.03.31 20:10:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\CyberLink
[2007.12.30 11:43:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\DAEMON Tools
[2008.09.16 20:26:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Datalayer
[2007.06.20 23:58:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Disney Interactive Studios
[2008.08.30 20:05:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\DNA
[2009.10.01 00:08:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\dvdcss
[2008.11.22 00:16:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\FairStars Audio Converter
[2009.01.28 19:39:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\FairStars Recorder
[2008.07.23 14:31:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\FreeStone Group
[2007.07.09 17:50:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Fujitsu
[2008.08.02 22:53:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\GrabPro
[2007.11.07 04:55:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\gtk-2.0
[2008.10.26 19:15:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\HTML Executable
[2008.08.09 17:32:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\JCreator
[2009.04.02 14:42:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\juoqblwo
[2008.01.14 17:27:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\LimeWire
[2007.12.12 05:20:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Lost Marble
[2008.06.30 22:06:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\MegauploadToolbar
[2009.02.27 18:48:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\mIRC
[2009.06.08 11:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Nitroplus
[2009.02.16 08:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Nokia
[2008.11.02 03:04:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Nokia Multimedia Player
[2007.06.19 18:24:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Opera
[2009.10.15 16:30:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Orbit
[2008.09.16 19:41:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\PC Suite
[2007.07.26 21:52:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Petroglyph
[2008.06.30 12:38:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\SecondLife
[2007.11.19 13:22:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Sierra Entertainment
[2007.06.26 22:53:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\SmartFTP
[2009.04.03 13:20:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Technology Lighthouse
[2008.03.16 08:23:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Ubisoft
[2009.03.21 15:53:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\uTorrent
[2007.07.25 11:02:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\We Open Eyes
[2007.07.05 00:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\X\Application Data\Xfire
[2001.08.23 15:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009.10.17 22:35:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 00,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< %systemroot%\system32\eventlog.dll >
[2004.08.04 01:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
< %systemroot%\system32\scecli.dll >
[2004.08.04 01:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
========== Alternate Data Streams ==========
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54D4173A
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0766416E
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88050731
< End of report >
Extras:
OTL Extras logfile created on: 2009.10.17. 22:53:58 - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\X\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000426 | Country: Latvia | Language: LVI | Date Format: yyyy.MM.dd.
2,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,59% Memory free
3,85 Gb Paging File | 3,67 Gb Available in Paging File | 95,36% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 5,30 Gb Free Space | 10,86% Space Free | Partition Type: NTFS
Drive D: | 257,93 Gb Total Space | 7,64 Gb Free Space | 2,96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: 0AAC018C624448F
Current User Name: X
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_gui] -- "D:\Git\Git\bin\wish.exe" "D:\Git\Git\bin\git-gui" "--working-dir" "%1" (ActiveState Corporation)
Directory [git_shell] -- "C:\WINDOWS\system32\cmd.exe" /c "pushd "%1" && "D:\Git\Git\bin\sh.exe" --login -i" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Stuff] -- C:\WINDOWS\AppPatch\AppLoc.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6117:TCP" = 6117:TCP:*:Enabled:@xpsp2res.dll,-22009
"80:TCP" = 80:TCP:*:Enabled:@xpsp2res.dll,-22009
"9955:TCP" = 9955:TCP:*:Enabled:@xpsp2res.dll,-22009
"45378:TCP" = 45378:TCP:*:Enabled:@xpsp2res.dll,-22009
"13633:TCP" = 13633:TCP:*:Enabled:@xpsp2res.dll,-22009
"61767:TCP" = 61767:TCP:*:Enabled:@xpsp2res.dll,-22009
"29409:TCP" = 29409:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"13564:TCP" = 13564:TCP:*:Enabled:BitComet 13564 TCP
"13564:UDP" = 13564:UDP:*:Enabled:BitComet 13564 UDP
"7803:TCP" = 7803:TCP:*:Enabled:BitComet 7803 TCP
"7803:UDP" = 7803:UDP:*:Enabled:BitComet 7803 UDP
"6117:TCP" = 6117:TCP:*:Enabled:@xpsp2res.dll,-22009
"80:TCP" = 80:TCP:*:Enabled:@xpsp2res.dll,-22009
"9955:TCP" = 9955:TCP:*:Enabled:@xpsp2res.dll,-22009
"45378:TCP" = 45378:TCP:*:Enabled:@xpsp2res.dll,-22009
"13633:TCP" = 13633:TCP:*:Enabled:@xpsp2res.dll,-22009
"61767:TCP" = 61767:TCP:*:Enabled:@xpsp2res.dll,-22009
"29409:TCP" = 29409:TCP:*:Enabled:@xpsp2res.dll,-22009
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"2094:UDP" = 2094:UDP:*:Enabled:Windows Media Format SDK (winamp.exe)
"2095:UDP" = 2095:UDP:*:Enabled:Windows Media Format SDK (winamp.exe)
"2096:UDP" = 2096:UDP:*:Enabled:Windows Media Format SDK (winamp.exe)
"6114:UDP" = 6114:UDP:*:Enabled:GhostOne
"6114:TCP" = 6114:TCP:*:Enabled:GhostOne
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1658:TCP" = 1658:TCP:*:Enabled:fqkkadgu
"16064:TCP" = 16064:TCP:*:Enabled:BitComet 16064 TCP
"16064:UDP" = 16064:UDP:*:Enabled:BitComet 16064 UDP
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Tildes Birojs 2005\TLWS.exe" = C:\Program Files\Tildes Birojs 2005\TLWS.exe:*:Enabled:Tilde Search Manager -- ()
"C:\Program Files\Tildes Birojs 2005\TildesBirojsAutoUpdate.exe" = C:\Program Files\Tildes Birojs 2005\TildesBirojsAutoUpdate.exe:*:Enabled:Tilde Birojs Auto Updater -- (TODO: <Company name>)
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5 -- (SmartSoft Ltd.)
"D:\Program Files\BitComet\BitComet.exe" = D:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"D:\Program Files\Warcraft III\w3l.exe" = D:\Program Files\Warcraft III\w3l.exe:*:Enabled:w3l.exe -- ()
"D:\Program Files\Warcraft III\war3.exe" = D:\Program Files\Warcraft III\war3.exe:*:Enabled:war3.exe -- (Blizzard Entertainment)
"D:\Program Files\Warcraft III\Warcraft III.exe" = D:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Opera\Opera.exe" = C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"D:\Program Files\KONAMI\Yu-Gi-Oh! Power of Chaos JOEY THE PASSION\joey_pc.exe" = D:\Program Files\KONAMI\Yu-Gi-Oh! Power of Chaos JOEY THE PASSION\joey_pc.exe:*:Enabled:joey_pc -- ()
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\mIRC\mirc.exe" = C:\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Microsoft Games\Age of Empires\Empires.exe" = C:\Program Files\Microsoft Games\Age of Empires\Empires.exe:*:Enabled:Age of Empires -- (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\battlefrontII.exe" = C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\battlefrontII.exe:*:Enabled:battlefrontII -- ()
"C:\Program Files\Sierra\Empire Earth.exe" = C:\Program Files\Sierra\Empire Earth.exe:*:Enabled:Empire Earth -- ()
"D:\starship troopers\pspe\Hinokakera\netvs.exe" = D:\starship troopers\pspe\Hinokakera\netvs.exe:*:Enabled:netvs -- ()
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Autodesk\3dsMax8\3dsmax.exe" = C:\Program Files\Autodesk\3dsMax8\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8 -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\backburner\monitor.exe" = C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\backburner\manager.exe" = C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\backburner\server.exe" = C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\English\setup.exe" = C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\English\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup -- (Kaspersky Lab)
"C:\Python25\pythonw.exe" = C:\Python25\pythonw.exe:*:Enabled:pythonw -- ()
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Free SMTP Server\localsrv.exe" = C:\Program Files\Free SMTP Server\localsrv.exe:*:Enabled:localsrv -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\starship troopers\pspe\Hinokakera\hinokakera.exe" = D:\starship troopers\pspe\Hinokakera\hinokakera.exe:*:Enabled:hinokakera -- ()
"C:\Program Files\Java\jdk1.6.0\bin\javaw.exe" = C:\Program Files\Java\jdk1.6.0\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jdk1.6.0\jre\bin\java.exe" = C:\Program Files\Java\jdk1.6.0\jre\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Java_ME_platform_SDK_3.0_EA\runtimes\cldc-hi\bin\runMidlet.exe" = C:\Java_ME_platform_SDK_3.0_EA\runtimes\cldc-hi\bin\runMidlet.exe:*:Enabled:runMidlet -- ( Sun Microsystems, Inc.)
"C:\Program Files\Java\jdk1.6.0\bin\java.exe" = C:\Program Files\Java\jdk1.6.0\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe" = D:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:*:Enabled:SWRepublicCommando -- ()
"C:\Documents and Settings\X\Desktop\eclipse\eclipse.exe" = C:\Documents and Settings\X\Desktop\eclipse\eclipse.exe:*:Enabled:eclipse -- ()
"D:\Program Files\Adobe\Adobe Flash CS3\Flash.exe" = D:\Program Files\Adobe\Adobe Flash CS3\Flash.exe:*:Enabled:Adobe Flash CS3 -- (Adobe Systems Incorporated.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Documents and Settings\X\Desktop\GHostOne\GHostOne.exe" = C:\Documents and Settings\X\Desktop\GHostOne\GHostOne.exe:*:Enabled:GHost One - advanced hosting bot -- File not found
"C:\Documents and Settings\X\Desktop\Ghost11\GHostOne.exe" = C:\Documents and Settings\X\Desktop\Ghost11\GHostOne.exe:*:Enabled:Ghost One - frontend for ghost++ -- File not found
"D:\Program Files\Warcraft III\Ghost11\GHostOne.exe" = D:\Program Files\Warcraft III\Ghost11\GHostOne.exe:*:Enabled:Ghost One - frontend for ghost++ -- (psionic one)
"C:\Documents and Settings\X\Desktop\Warden\BNLS.exe" = C:\Documents and Settings\X\Desktop\Warden\BNLS.exe:*:Enabled:BNLS -- (.)
"D:\Program Files\Warcraft III\GHostOne\WardenBNLS\BNLS.exe" = D:\Program Files\Warcraft III\GHostOne\WardenBNLS\BNLS.exe:*:Enabled:BNLS -- (.)
"D:\Program Files\Warcraft III\GHostOne\GHostOne.exe" = D:\Program Files\Warcraft III\GHostOne\GHostOne.exe:*:Enabled:GHost One - advanced hosting bot -- (psionic.one)
"D:\Program Files\Paradox Interactive\East India Company\eastindia.exe" = D:\Program Files\Paradox Interactive\East India Company\eastindia.exe:*:Enabled:East India Company Application -- File not found
"D:\Program Files\Warcraft III\GHostOne\ghost.exe" = D:\Program Files\Warcraft III\GHostOne\ghost.exe:*:Enabled:ghost -- ()
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\system\VMwareService.exe" = C:\WINDOWS\system\VMwareService.exe:*:Enabled:Microsoft Enabled -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0CEC06EF-5052-4CE8-8256-74AE363A4238}" = Adobe Creative Suite 3 Master Collection
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}" = Adobe Setup
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Giga Ethernet Utility
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{24d753ca-6ae9-4e30-8f5f-efc93e08bf3d}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic ™
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160000}" = Java™ SE Development Kit 6
"{336DD6B4-B100-4048-B2B7-FBA7059FD959}" = Yu-Gi-Oh! Power of Chaos JOEY THE PASSION
"{3571656A-575D-4CED-809D-5547587121FF}" = Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36E408F0-DF8A-4F9B-BF26-AED92C789F5D}" = Tildes Birojs 2005
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{39619863-8A11-4B60-A166-E6747C986EBE}" = Opera 9.21
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{433C2951-F34C-460A-A6DA-C0ACA0A90B97}" = ATLAS Translation Double Pack V13.0
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{485C9280-B899-4D46-86F3-B3E459636EE5}" = Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C64E81-FC93-4cb9-9EBF-953662950D3B}_is1" = Delete Virtual-Mate Launcher
"{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{62616A4E-82E4-424A-A201-3D29ABB6B7FD}" = Toon Boom Studio 4.0
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{641CDF66-EFEB-4B29-8DF6-40960C4BC9FA}" = Boost Libraries for C++Builder 2009
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{72263053-50D1-4598-9502-51ED64E54C51}" = Borland Delphi 7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{76A17C28-A6F7-4670-A09E-14CDAA66D964}" = ASUS nVidia Driver
"{76F0FEBD-6C17-4D57-3F57-9150FEA936D0}" = Ultimate ZIP Cracker Trial version
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0426-0000-0000000FF1CE}" = Sader神as pakotne sist輓ai Microsoft Office 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FE8C5D-A471-4E0A-B3B1-894819ECDEF9}" = ASUS Utilities
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B58B18-5D04-4006-9713-B6945880746E}" = CodeGear RAD Studio 2009
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A979B2D8-E3EE-4523-A26C-4AF0A6809280}" = Sniper Elite
"{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{b4092c6d-e886-4cb2-ba68-fe5a88d31de6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client
"{C45EB9E5-7165-4FB0-8C31-77FC4743362F}" = Manual CanoScan LiDE 25
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D4A8FCAB-9D30-4509-A3F1-D0B7E1BE9F00}" = Devil May Cry 3 Special Edition
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D642ACC5-F7E9-48F3-A7EE-B49C5447A10E}" = Samsung PC Studio 3
"{DBB313D6-4B13-4961-BD5F-673CDA1793CC}" = Autodesk 3ds Max 8
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{ECB4D56B-E365-4922-AC0F-70CF770443A3}" = EAWMapEditor
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F9270D69-C715-4E1E-BFDD-03060438D181}" = Miracle C
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD59BB38-9826-4EC0-B09E-A53FFFDC7523}" = CodeGear Delphi and C++Builder 2009 Database Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"01-mp3search" = 01-mp3search 4.0
"1st Photo Studio Standard" = 1st Photo Studio Standard
"274c5407c4fa26908310cb5c1c5500001954585185" = NetBeans IDE 5.5
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_5ac697db6c6103f6f8b5198d25f73f7" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"AFE37E47-37E7-435a-A665-729806B98AEF_is1" = PTFB Pro 3.6.0.1
"Age of Empires" = Microsoft Age of Empires
"All To MP3 Converter_is1" = All To MP3 Converter 2.15
"AllToAVI" = AllToAVI v4 r5394
"Anime Studio Pro_is1" = Anime Studio Pro 5.5
"Apex Video Converter Super_is1" = Apex Video Converter Super 6.59
"ASIO4ALL" = ASIO4ALL
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"autohotkey" = AutoHotkey 1.0.48.00
"AVG8Uninstall" = AVG Free 8.5
"BFD" = BFD
"BitComet" = BitComet 0.70
"Boost Libraries for C++Builder 2009" = Boost Libraries for C++Builder 2009
"CDisplay_is1" = CDisplay 1.8
"Cheat Engine 5.4_is1" = Cheat Engine 5.4
"CodeGear Delphi and C++Builder 2009 Database Pack" = CodeGear Delphi and C++Builder 2009 Database Pack
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CRUCIS FATAL FAKE" = CRUCIS FATAL FAKE
"DC++" = DC++ 0.699
"DjVuLibre+DjView" = DjVuLibre+DjView
"DVD Audio Extractor_is1" = DVD Audio Extractor 4.5.5
"Easy CD-DA Extractor 12" = Easy CD-DA Extractor 12
"Electronic Piano 2.5_is1" = Electronic Piano 2.5
"ERUNT_is1" = ERUNT 1.1j
"Eurobattle.net Installer1.22" = Eurobattle.net Installer
"Eurobattle.net2.0" = Eurobattle.net
"FairStars Audio Converter_is1" = FairStars Audio Converter 1.76
"FairStars Recorder_is1" = FairStars Recorder 3.22
"Fantastic Flame Screensaver" = Fantastic Flame Screensaver
"Fate-stay night English" = Fate/stay night English v3.1
"FL Studio 7" = FL Studio 7
"FL Studio_is1" = FL Studio v7.0
"FREE Hi-Q Recorder_is1" = FREE Hi-Q Recorder 1.92
"Free Japanese Anime Screensaver_is1" = Free Japanese Anime Screensaver
"FreePascal_is1" = Free Pascal 2.2.0
"Freez FLV to MP3 Converter V1.2_is1" = Freez FLV to MP3 Converter
"Git_is1" = Git 1.5.6.1-preview20080701
"HijackThis" = HijackThis 2.0.2
"Homeworld2" = Homeworld2
"HTMLExecutableIERuntimeSetup44" = HTML Executable IERuntime
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IL Download Manager" = IL Download Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"IrfanView" = IrfanView (remove only)
"jEdit_is1" = jEdit 4.3pre15
"JISHOP_is1" = JISHOP 3.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mazzika_is1" = Mazzika 1.6
"MegauploadToolbar" = Megaupload Toolbar
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"mIRC" = mIRC
"MKVtoolnix" = MKVtoolnix 2.1.0
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MP3 WAV Converter 3.30" = MP3 WAV Converter 3.30
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"nbi-javame-toolkit-3.0.0.0.0" = Java™ Platform, Micro Edition Software Development Kit 3.0, EA
"Nero7Lite_is1" = Nero 7 Lite v7.5.9.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nomad Factory EQP-4 v1.1" = Nomad Factory EQP-4 v1.1
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"PC Wizard 2008_is1" = PC Wizard 2008.1.85.2
"Pcsx2_is1" = Pcsx2 0.9.4 Watermoose
"Power Japanese" = Power Japanese
"PowerISO" = PowerISO
"Rave Reports 7.6.0 BE_is1" = Rave Reports 7.6.0 BE
"ReadWrite Kanji_is1" = ReadWrite Kanji Version 1.5
"RealPlayer 6.0" = RealPlayer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"seatools enterprise" = SeaTools Enterprise
"SwitchOff" = Switch Off
"Video Card Stability Test" = Video Card Stability Test
"VLC media player" = VLC media player 1.0.1
"Wakan" = Wakan 1.67
"WampServer 2_is1" = WampServer 2.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"CodeGear RAD Studio 2009" = CodeGear RAD Studio 2009
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2009.10.17. 12:17:36 | Computer Name = 0AAC018C624448F | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.
Error - 2009.10.17. 12:31:18 | Computer Name = 0AAC018C624448F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module AcGenral.dll, version 5.1.2600.2993, fault address 0x000116e2.
Error - 2009.10.17. 12:58:58 | Computer Name = 0AAC018C624448F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module AcGenral.dll, version 5.1.2600.2993, fault address 0x000116e2.
Error - 2009.10.17. 13:00:34 | Computer Name = 0AAC018C624448F | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.
Error - 2009.10.17. 15:02:00 | Computer Name = 0AAC018C624448F | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.
Error - 2009.10.17. 15:02:04 | Computer Name = 0AAC018C624448F | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.
Error - 2009.10.17. 15:13:49 | Computer Name = 0AAC018C624448F | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.
Error - 2009.10.17. 15:13:49 | Computer Name = 0AAC018C624448F | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.
Error - 2009.10.17. 15:36:33 | Computer Name = 0AAC018C624448F | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.
Error - 2009.10.17. 15:41:22 | Computer Name = 0AAC018C624448F | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.
[ System Events ]
Error - 2009.10.17. 13:00:40 | Computer Name = 0AAC018C624448F | Source = sfsync02 | ID = 262156
Description =
Error - 2009.10.17. 13:00:57 | Computer Name = 0AAC018C624448F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2009.10.17. 13:01:33 | Computer Name = 0AAC018C624448F | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.
Error - 2009.10.17. 14:06:25 | Computer Name = 0AAC018C624448F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2009.10.17. 15:36:39 | Computer Name = 0AAC018C624448F | Source = sfsync02 | ID = 262156
Description =
Error - 2009.10.17. 15:36:59 | Computer Name = 0AAC018C624448F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2009.10.17. 15:40:23 | Computer Name = 0AAC018C624448F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2009.10.17. 15:41:28 | Computer Name = 0AAC018C624448F | Source = sfsync02 | ID = 262156
Description =
Error - 2009.10.17. 15:41:28 | Computer Name = 0AAC018C624448F | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
Error - 2009.10.17. 15:41:46 | Computer Name = 0AAC018C624448F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
< End of report >
RootRepeal:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/17 22:57
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xB9F4F000 Size: 753664 File Visible: No Signed: -
Status: -
Name: PCI_PNP7536
Image Path: \Driver\PCI_PNP7536
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: pmic.sys
Image Path: pmic.sys
Address: 0xF75F7000 Size: 61440 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB976A000 Size: 49152 File Visible: No Signed: -
Status: -
Name: spob.sys
Image Path: spob.sys
Address: 0xF7438000 Size: 1040384 File Visible: No Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "spob.sys" at address 0xf74390e0
#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spob.sys" at address 0xf7456ca2
#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spob.sys" at address 0xf7457030
#: 119 Function Name: NtOpenKey
Status: Hooked by "spob.sys" at address 0xf74390c0
#: 160 Function Name: NtQueryKey
Status: Hooked by "spob.sys" at address 0xf7457108
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spob.sys" at address 0xf7456f88
#: 247 Function Name: NtSetValueKey
Status: Hooked by "spob.sys" at address 0xf745719a
Hidden Services
-------------------
Service Name: MBAMSwissArmy
Image Path: C:\WINDOWS\system32\drivers\mbamswissarmy.sys
==EOF==
Edited by Pasty, 17 October 2009 - 02:03 PM.
Sign In
Create Account
