Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Heur.* problems

Started by Steele- , Dec 15 2009 04:12 AM

  • Please log in to reply

#1
Steele-
Posted 15 December 2009 - 04:12 AM

Steele-

    New Member

  • Member
  • Pip
  • 1 posts
Hello G2G experts!

I am having a lot of trouble with Trojan.Heur.* (* = new random letter combination appended every time it's detected).

None of the anti-virus/anti-spyware programs I've tried will remove it (AVG, The Shield Deluxe 2010, StopZilla, MBAM, RUBotted).
Trend Micro Housecall fails to install, just crashes.

I've run through the preliminary stages at http://www.geekstogo...uide-t2852.html

System Restore utility fails to run, it seems to crash in the same way that some services do, and that has only started since the infection.


Symptoms:
Crashes some services as soon as they launch.
Has rendered some executables unable to run (seems to be a problem with all autorun executables - all my game launchers have died)
The Shield will come up with a message that "Trojan.Heur.* has been blocked - accessed by svchost.exe" - all I know it that it creates a truckload of temp dirs/files in c:/Windows/Temp/ - this happens at 1-4 minute intervals.
The virus seems to try to send or recieve messages via internet - RUBotted is full of messages like this: "15/12/2009 11:04:29 Detected DNS query of malicious domain "


I hope one of you can help me.


Operating System:
Windows Vista Business SP2 32-bit



Logs from preliminary stages to follow:


MalwareBytes:
Malwarebytes' Anti-Malware 1.42
Database version: 3363
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

15-12-2009 11:00:21
mbam-log-2009-12-15 (11-00-21).txt

Scan type: Quick Scan
Objects scanned: 93672
Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




I know it says nothing is infected, but I still get messages from The Shield that there's a Trojan.Heur being blocked at regular intervals.



Rootpeal log:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/15 09:32
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x96FEC000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x96FE1000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA8639000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spsk.sys
Image Path: C:\Windows\System32\Drivers\spsk.sys
Address: 0x80690000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1296 Status: Locked to the Windows API!

==EOF==




OTL Logs:
OTL logfile created on: 15-12-2009 09:38:36 - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Steele\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000406 | Country: Denmark | Language: DAN | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 86,35% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 9,80 Gb Free Space | 20,06% Space Free | Partition Type: NTFS
Drive D: | 184,98 Gb Total Space | 80,60 Gb Free Space | 43,58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEELEPC
Current User Name: Steele
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009-12-15 09:34:28 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steele\Downloads\OTL.exe
PRC - [2009-12-12 13:17:18 | 00,165,312 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2009-12-11 15:59:36 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
PRC - [2009-11-03 04:23:08 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-10-29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009-10-27 10:01:40 | 00,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2009-10-11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-09-27 17:47:00 | 00,215,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009-09-24 12:33:28 | 01,595,016 | ---- | M] (PCSecurityShield) -- C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exe
PRC - [2009-09-24 12:33:20 | 01,086,232 | ---- | M] (PCSecurityShield) -- C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\seccenter.exe
PRC - [2009-09-24 12:33:16 | 00,346,168 | ---- | M] (PCSecurityShield) -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exe
PRC - [2009-09-24 12:32:52 | 01,114,536 | ---- | M] (PCSecurityShield) -- C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe
PRC - [2009-04-11 07:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009-04-11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-11-13 21:31:50 | 05,974,528 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2008-11-13 08:48:44 | 00,323,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint II\SetPointII.exe
PRC - [2008-11-06 11:41:14 | 00,358,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2008-11-06 11:33:56 | 00,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
PRC - [2008-11-06 11:33:54 | 00,582,992 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
PRC - [2008-10-31 19:04:40 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008-10-27 11:55:04 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008-10-21 21:14:44 | 04,040,192 | ---- | M] () -- C:\Program Files\ASUS\TurboV\TurboV.exe
PRC - [2008-10-07 22:41:36 | 00,023,552 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2008-10-07 22:37:38 | 01,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2008-08-15 09:23:20 | 00,086,016 | R--- | M] () -- C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
PRC - [2008-07-03 04:27:12 | 06,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008-01-21 03:25:56 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe


========== Modules (SafeList) ==========

MOD - [2009-12-15 09:34:28 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steele\Downloads\OTL.exe
MOD - [2009-12-14 09:20:57 | 00,126,976 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\Active Virus Control\midas32-v2_56\plugin_registry.m32
MOD - [2009-12-14 09:20:56 | 00,266,240 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\Active Virus Control\midas32-v2_56\plugin_nt.m32
MOD - [2009-12-14 09:20:56 | 00,098,304 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\Active Virus Control\midas32-v2_56\plugin_net.m32
MOD - [2009-12-14 09:20:55 | 00,299,008 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\Active Virus Control\midas32-v2_56\plugin_fragments.m32
MOD - [2009-12-14 09:20:55 | 00,172,032 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\Active Virus Control\midas32-v2_56\plugin_extra.m32
MOD - [2009-12-14 09:20:54 | 00,143,360 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\Active Virus Control\midas32-v2_56\plugin_base.m32
MOD - [2009-12-14 09:20:53 | 00,221,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\Active Virus Control\midas32-v2_56\midas32.dll
MOD - [2009-04-11 07:21:38 | 01,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2009-04-11 07:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2006-11-02 13:35:14 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\linkinfo.dll


========== Win32 Services (SafeList) ==========

SRV - [2009-12-14 13:27:55 | 00,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- d:\Games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009-12-11 15:59:36 | 00,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009-12-11 15:59:30 | 00,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009-11-16 12:25:48 | 00,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009-10-31 06:08:13 | 00,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009-10-29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009-10-27 10:01:40 | 00,057,344 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2009-09-27 17:47:00 | 00,215,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009-09-25 02:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-09-24 12:37:26 | 00,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Threat Scanner\scan.dll -- (scan)
SRV - [2009-09-24 12:33:28 | 01,595,016 | ---- | M] (PCSecurityShield) [Auto | Running] -- C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exe -- (VSSERV)
SRV - [2009-09-24 12:33:16 | 00,346,168 | ---- | M] (PCSecurityShield) [Auto | Running] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009-09-13 23:31:30 | 00,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2009-08-21 17:20:38 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-04-10 10:44:07 | 00,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008-11-06 11:33:54 | 00,582,992 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe -- (RUBotted)
SRV - [2008-10-31 19:04:40 | 00,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008-08-15 09:23:20 | 00,086,016 | R--- | M] () [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2008-01-21 03:23:59 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - C:\Program Files\STOPzilla!\Toolbar\SZIESearchHook.dll (iS3 Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.steele.dk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {780044d1-e8c0-488f-8059-4522ddbfc2ea}:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..keyword.URL: "http://www.ask.com/w...13048&l=dis&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}: C:\Program Files\Stopzilla!\Toolbar\Extension [2009-12-13 14:37:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdaphffext\ [2009-12-14 09:13:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-12-14 09:19:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-12-14 09:19:50 | 00,000,000 | ---D | M]

[2009-04-11 07:44:44 | 00,000,000 | ---D | M] -- C:\Users\Steele\AppData\Roaming\Mozilla\Extensions
[2009-12-15 08:34:30 | 00,000,000 | ---D | M] -- C:\Users\Steele\AppData\Roaming\Mozilla\Firefox\Profiles\90xy0t9s.default\extensions
[2009-12-13 10:26:44 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Steele\AppData\Roaming\Mozilla\Firefox\Profiles\90xy0t9s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-06-30 09:48:33 | 00,001,632 | ---- | M] () -- C:\Users\Steele\AppData\Roaming\Mozilla\Firefox\Profiles\90xy0t9s.default\searchplugins\live-search.xml
[2009-12-14 09:05:07 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-09-13 22:10:06 | 00,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll

O1 HOSTS File: (749 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (The Shield Deluxe 2010 Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe (PCSecurityShield)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Steele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1239351499385 (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 22:43:36 | 00,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9e99bebc-25ab-11de-8247-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9e99bebc-25ab-11de-8247-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\Assetup.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\.\Bin\Assetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008-01-21 03:35:08 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009-12-15 09:24:58 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009-12-15 08:25:42 | 00,000,000 | ---D | C] -- C:\Users\Steele\.housecall6.6
[2009-12-14 10:10:15 | 00,000,000 | ---D | C] -- C:\Users\Steele\AppData\Roaming\BitDefender
[2009-12-14 09:16:18 | 00,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2009-12-14 09:13:35 | 00,000,000 | ---D | C] -- C:\Users\Steele\AppData\Roaming\The Shield Deluxe
[2009-12-14 09:13:22 | 00,000,000 | ---D | C] -- C:\ProgramData\The Shield Deluxe
[2009-12-14 09:13:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\The Shield Deluxe
[2009-12-14 09:11:32 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009-12-14 09:11:27 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-12-14 08:56:34 | 00,000,000 | ---D | C] -- C:\Program Files\The Shield Deluxe
[2009-12-14 08:56:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2009-12-13 18:35:29 | 00,206,608 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\TMPassthru.sys
[2009-12-13 18:35:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-12-13 15:03:53 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2009-12-13 15:03:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009-12-13 14:37:27 | 00,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2009-12-13 14:36:58 | 00,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2009-12-13 14:36:57 | 00,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2009-12-13 14:36:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009-12-13 11:40:16 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009-12-12 14:55:14 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009-12-12 14:53:51 | 00,000,000 | ---D | C] -- C:\Users\Steele\AppData\Roaming\uTorrent
[2009-12-11 15:59:36 | 00,604,488 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
[2009-12-11 15:59:33 | 00,029,000 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2009-12-11 15:59:33 | 00,017,224 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2009-12-11 15:59:30 | 00,361,288 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe
[2008-10-07 22:42:42 | 00,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll

========== Files - Modified Within 14 Days ==========

[2009-12-15 09:37:48 | 04,980,736 | -HS- | M] () -- C:\Users\Steele\NTUSER.DAT
[2009-12-15 09:25:23 | 00,747,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009-12-15 09:25:23 | 00,638,346 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009-12-15 09:25:23 | 00,121,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009-12-15 09:25:02 | 00,000,915 | ---- | M] () -- C:\Users\Steele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009-12-15 09:24:58 | 00,000,735 | ---- | M] () -- C:\Users\Steele\Desktop\NTREGOPT.lnk
[2009-12-15 09:24:58 | 00,000,716 | ---- | M] () -- C:\Users\Steele\Desktop\ERUNT.lnk
[2009-12-15 09:22:32 | 00,000,752 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2009-12-15 09:20:58 | 00,034,990 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009-12-15 09:20:57 | 00,034,990 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009-12-15 09:20:40 | 00,002,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009-12-15 09:20:40 | 00,002,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009-12-15 09:20:39 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009-12-15 09:20:28 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009-12-15 09:20:24 | 32,108,62592 | -HS- | M] () -- C:\hiberfil.sys
[2009-12-15 09:19:29 | 00,054,400 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000007-00000000-00000001-00001102-00000005-00311102}.rfx
[2009-12-15 09:19:29 | 00,054,400 | ---- | M] () -- C:\Windows\System32\BMXState-{00000007-00000000-00000001-00001102-00000005-00311102}.rfx
[2009-12-15 09:19:29 | 00,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000007-00000000-00000001-00001102-00000005-00311102}.rfx
[2009-12-15 09:19:25 | 00,065,536 | -HS- | M] () -- C:\Users\Steele\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2009-12-15 09:19:24 | 00,524,288 | -HS- | M] () -- C:\Users\Steele\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2009-12-15 09:01:31 | 02,405,329 | -H-- | M] () -- C:\Users\Steele\AppData\Local\IconCache.db
[2009-12-14 18:00:00 | 00,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2009-12-14 11:15:42 | 00,000,132 | ---- | M] () -- C:\Windows\System32\rezumatenoi.dat
[2009-12-14 09:19:52 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009-12-14 09:17:13 | 00,000,016 | ---- | M] () -- C:\Windows\System32\asdict.dat
[2009-12-14 09:17:13 | 00,000,004 | ---- | M] () -- C:\Windows\System32\aspdict-en.dat
[2009-12-14 09:17:13 | 00,000,000 | ---- | M] () -- C:\pcwords2.dat
[2009-12-14 09:17:13 | 00,000,000 | ---- | M] () -- C:\pcwords.dat
[2009-12-14 09:17:13 | 00,000,000 | ---- | M] () -- C:\pcconf.ini
[2009-12-14 09:17:13 | 00,000,000 | ---- | M] () -- C:\pc_sign.slf
[2009-12-14 09:17:13 | 00,000,000 | ---- | M] () -- C:\Windows\System32\ab_bl.sig
[2009-12-14 09:16:37 | 00,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2009-12-14 09:13:35 | 00,002,107 | ---- | M] () -- C:\Users\Public\Desktop\The Shield Deluxe 2010.lnk
[2009-12-14 08:59:22 | 00,153,932 | ---- | M] () -- C:\BdUninstallTool2009.12.14-08.58.20.reg
[2009-12-13 16:40:04 | 00,894,240 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2009-12-13 16:40:04 | 00,015,140 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2009-12-13 14:37:59 | 00,000,749 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009-12-13 13:42:58 | 00,018,217 | ---- | M] () -- C:\Users\Steele\Desktop\ssimg0113.gif
[2009-12-13 13:40:02 | 00,012,006 | ---- | M] () -- C:\Users\Steele\Desktop\1042424115restrup_logo.gif
[2009-12-13 13:02:18 | 00,001,743 | ---- | M] () -- C:\Users\Steele\Desktop\Invitationer.rtf
[2009-12-12 14:55:17 | 00,000,754 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2009-12-11 15:59:36 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
[2009-12-11 15:59:30 | 00,361,288 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe
[2009-12-11 15:59:29 | 00,001,699 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2009-12-11 15:59:27 | 00,001,627 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk
[2009-12-03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009-12-03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2009-12-15 09:25:02 | 00,000,915 | ---- | C] () -- C:\Users\Steele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009-12-15 09:24:58 | 00,000,735 | ---- | C] () -- C:\Users\Steele\Desktop\NTREGOPT.lnk
[2009-12-15 09:24:58 | 00,000,716 | ---- | C] () -- C:\Users\Steele\Desktop\ERUNT.lnk
[2009-12-15 09:21:04 | 00,000,752 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2009-12-14 11:05:37 | 00,000,132 | ---- | C] () -- C:\Windows\System32\rezumatenoi.dat
[2009-12-14 09:19:52 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009-12-14 09:17:13 | 00,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2009-12-14 09:17:13 | 00,000,004 | ---- | C] () -- C:\Windows\System32\aspdict-en.dat
[2009-12-14 09:17:13 | 00,000,000 | ---- | C] () -- C:\pcwords2.dat
[2009-12-14 09:17:13 | 00,000,000 | ---- | C] () -- C:\pcwords.dat
[2009-12-14 09:17:13 | 00,000,000 | ---- | C] () -- C:\pcconf.ini
[2009-12-14 09:17:13 | 00,000,000 | ---- | C] () -- C:\pc_sign.slf
[2009-12-14 09:17:13 | 00,000,000 | ---- | C] () -- C:\Windows\System32\ab_bl.sig
[2009-12-14 09:16:37 | 00,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2009-12-14 09:13:35 | 00,002,107 | ---- | C] () -- C:\Users\Public\Desktop\The Shield Deluxe 2010.lnk
[2009-12-14 08:58:20 | 00,153,932 | ---- | C] () -- C:\BdUninstallTool2009.12.14-08.58.20.reg
[2009-12-13 15:11:45 | 00,000,444 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2009-12-13 15:10:51 | 00,894,240 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009-12-13 15:10:51 | 00,015,140 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2009-12-13 13:42:58 | 00,018,217 | ---- | C] () -- C:\Users\Steele\Desktop\ssimg0113.gif
[2009-12-13 13:40:01 | 00,012,006 | ---- | C] () -- C:\Users\Steele\Desktop\1042424115restrup_logo.gif
[2009-12-12 14:55:17 | 00,000,754 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2009-12-10 15:00:45 | 00,034,990 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009-12-10 14:57:33 | 00,034,990 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009-11-06 10:58:04 | 00,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009-10-12 07:45:12 | 00,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009-10-12 07:45:12 | 00,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009-09-14 15:44:49 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009-05-01 14:36:00 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009-05-01 08:10:58 | 00,000,273 | ---- | C] () -- C:\Windows\game.ini
[2009-05-01 00:07:28 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009-04-16 14:54:14 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009-04-16 14:39:54 | 00,036,864 | ---- | C] () -- C:\Users\Steele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-04-11 08:04:14 | 00,000,094 | ---- | C] () -- C:\Users\Steele\AppData\Local\fusioncache.dat
[2009-04-10 10:45:05 | 00,144,896 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009-04-10 10:45:05 | 00,071,168 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009-04-10 10:35:38 | 00,000,552 | ---- | C] () -- C:\Users\Steele\AppData\Local\d3d8caps.dat
[2009-04-10 10:22:12 | 00,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2009-04-10 10:22:12 | 00,012,400 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2009-04-10 10:22:09 | 00,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2009-04-10 10:22:09 | 00,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2009-04-10 10:10:13 | 00,034,490 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009-04-10 10:06:38 | 00,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009-04-10 10:06:30 | 00,033,878 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009-04-10 09:57:21 | 00,001,356 | ---- | C] () -- C:\Users\Steele\AppData\Local\d3d9caps.dat
[2009-03-05 05:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009-01-15 13:45:34 | 00,181,248 | ---- | C] () -- C:\Windows\System32\txmlutil.dll
[2008-10-07 23:08:38 | 00,020,936 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2008-10-07 22:41:40 | 00,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2008-10-07 22:41:40 | 00,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2008-10-07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008-10-07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008-09-12 20:22:40 | 00,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2008-08-19 17:39:18 | 00,000,321 | ---- | C] () -- C:\Windows\System32\kill.ini
[2007-12-28 08:22:02 | 00,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007-01-31 14:50:32 | 00,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006-11-02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009-10-25 16:07:13 | 00,000,000 | -HSD | M] -- C:\Users\Steele\AppData\Roaming\.#
[2009-12-14 10:10:15 | 00,000,000 | ---D | M] -- C:\Users\Steele\AppData\Roaming\BitDefender
[2009-05-01 00:10:56 | 00,000,000 | ---D | M] -- C:\Users\Steele\AppData\Roaming\DAEMON Tools Lite
[2009-08-24 16:25:22 | 00,000,000 | ---D | M] -- C:\Users\Steele\AppData\Roaming\GHISLER
[2009-09-18 17:45:05 | 00,000,000 | ---D | M] -- C:\Users\Steele\AppData\Roaming\LucasArts
[2009-10-28 13:39:07 | 00,000,000 | ---D | M] -- C:\Users\Steele\AppData\Roaming\runic games
[2009-12-14 09:13:35 | 00,000,000 | ---D | M] -- C:\Users\Steele\AppData\Roaming\The Shield Deluxe
[2009-06-25 10:06:44 | 00,000,000 | ---D | M] -- C:\Users\Steele\AppData\Roaming\TuneUp Software
[2009-04-11 08:06:05 | 00,000,000 | ---D | M] -- C:\Users\Steele\AppData\Roaming\Turbine
[2009-12-15 08:43:55 | 00,000,000 | ---D | M] -- C:\Users\Steele\AppData\Roaming\uTorrent
[2009-12-14 18:00:00 | 00,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2008-01-21 03:58:23 | 00,003,456 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008-01-21 03:23:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008-01-21 03:23:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008-01-21 03:23:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008-01-21 03:23:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008-01-21 03:23:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006-11-02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-04-11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009-04-11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009-04-11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008-01-21 03:23:26 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-01-21 03:23:26 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 10:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006-11-02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006-11-02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2009-06-25 16:04:32 | 00,001,536 | ---- | M] () Unable to obtain MD5 -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Arrakis Server\lib\eventlog.dll

< MD5 for: IASTOR.SYS >
[2009-04-09 19:56:54 | 00,327,192 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\NLDRV\001\iastor.sys

< MD5 for: IASTORV.SYS >
[2008-01-21 03:23:47 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008-01-21 03:23:47 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008-01-21 03:23:47 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006-11-02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009-04-11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009-04-11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008-01-21 03:24:31 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006-11-02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008-01-21 03:23:45 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008-01-21 03:23:45 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008-01-21 03:23:45 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008-01-21 03:25:18 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009-04-11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009-04-11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:18897B1D
< End of report >


OTL Extras Log:
OTL Extras logfile created on: 15-12-2009 09:38:36 - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Steele\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000406 | Country: Denmark | Language: DAN | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 86,35% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 9,80 Gb Free Space | 20,06% Space Free | Partition Type: NTFS
Drive D: | 184,98 Gb Total Space | 80,60 Gb Free Space | 43,58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEELEPC
Current User Name: Steele
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1689A6A5-3ABF-4626-B213-2A037DF8C6BF}" = rport=139 | protocol=6 | dir=out | app=system |
"{23A59303-D848-4820-9EB2-81EB22231683}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{24A60E37-92CB-460F-A3C9-43EC7CD61135}" = lport=139 | protocol=6 | dir=in | app=system |
"{3EB6EF62-E559-4101-8836-7C30CF78C30D}" = lport=445 | protocol=6 | dir=in | app=system |
"{525F533A-887F-4650-BAD5-BFCC6A0FF2DA}" = rport=137 | protocol=17 | dir=out | app=system |
"{5344D342-74CA-46EE-BDDD-FD8CF95D4366}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8C5B5A06-32D7-49F3-ABBD-C20CE2B97E19}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B85A0165-701F-48BF-B8B9-264C3A5CDFDA}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{BDE8369C-3EF7-4BD2-9412-16BD89379F9B}" = rport=445 | protocol=6 | dir=out | app=system |
"{C5C12CF7-A72E-40CA-BA59-1A64373446BF}" = lport=137 | protocol=17 | dir=in | app=system |
"{CBC1B4F6-4A52-4034-8C1E-6305C52F136C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E8AF2E84-3B35-41E6-9EE6-7C245924A9EF}" = rport=138 | protocol=17 | dir=out | app=system |
"{EFEF7D5E-5CC6-4E95-88E7-161BFF5A536B}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000AA4E9-7691-47B9-AF70-EC88F2B87F7B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\evil genius\evilgeniuslauncher.exe |
"{02F7D8DF-C833-41FE-B96E-6EE153562FD6}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\freedom force\fforce.exe |
"{037904B2-989E-4525-92CE-281639B25FC9}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\prototype\prototypef.exe |
"{05C1F65D-4E1F-499B-B4D7-5F4E3AECEF61}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\bookworm adventures deluxe\bookwormadventures.exe |
"{125AD8A3-A047-4D10-BAF2-7A6B11B4FA32}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{13621ADE-1DE2-48CD-A949-9ED558F5864E}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\overlord ii\config.exe |
"{13EDD2E4-E3B7-46D9-BADC-38C695124494}" = protocol=6 | dir=out | app=%systemroot%\system32\msra.exe |
"{15D192DC-363A-42EA-8CCB-D53A5AFB8F4E}" = protocol=6 | dir=in | app=%systemroot%\system32\msra.exe |
"{18E00F2B-9FF8-40F8-945C-04A7D368C341}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1BAD3191-9394-4168-93E6-E8E68252016F}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\peggle deluxe\peggle.exe |
"{1BE1A47A-FEBF-4F48-8B47-B05B165F8C08}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\peggle nights\pegglenights.exe |
"{1F64EAF5-6DAC-4A3D-9AAF-A13E3A97DEC9}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{25DBBDEC-D101-429E-A4C7-636E51D5B7E4}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2AC4BF0C-3CEA-4A9B-ACAB-B704B5025190}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\evil genius\evilgeniuslauncher.exe |
"{2BFA36E0-C71E-487B-9C05-7CDCE6574018}" = protocol=17 | dir=in | app=d:\games\blood bowl\bb.exe |
"{33333FEA-B2E7-4BF6-A4F0-2C7830DBD692}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{3544D2D8-5D2B-4AD0-86FA-26E9AD57CBE0}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\xcom apocalypse\dosbox.exe |
"{3680DD15-8E81-4E03-9353-210E033F2953}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{3B4E1E2B-1B2E-4E25-9991-4AB28DAE78D7}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{3BA6C752-7166-4DE0-9CB7-DCB34CFC5F7D}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\prototype\prototypef.exe |
"{3D63C615-DFED-470C-8357-0EDB694A4849}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{40660D25-5FF6-4FCA-832E-40F65EF641C4}" = protocol=6 | dir=in | app=d:\games\blood bowl\bb.exe |
"{42BCFCD9-8E0A-4F11-A938-8023996EA740}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{480C3E38-6D1B-400B-A7A3-A6D4305014AE}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\trine demo\trine_launcher.exe |
"{4CBAC7AA-0734-4288-8D52-E4BA0F28F296}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\freedom force vs. the 3rd reich\ffvt3r.exe |
"{4F93D745-A229-4C11-AC04-25F85433C55E}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\puzzle quest galactrix\galactrix.exe |
"{51F76D60-4FB5-411B-BC98-80B353118D45}" = protocol=17 | dir=in | app=d:\games\blood bowl\autorun\exe\autorun.exe |
"{55DC65D7-94A7-4547-B998-F5552C8B811B}" = protocol=1 | dir=in | [email protected],-28543 |
"{565AC3EE-F2BB-4FE3-AF22-68260EE80CB5}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\fallen earth\feupdater.exe |
"{5A4A6239-86E1-4416-8401-1E5E8FED7354}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{5E856F3B-1A89-4AE8-BA09-E30DC8C8973A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5EC7F157-C1F4-4A74-8901-22C9DFB8DC24}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\overlord ii\overlord2.exe |
"{60EB6893-C9EE-492F-89D4-7262B9143A7F}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\freedom force vs. the 3rd reich\ffvt3r.exe |
"{7103A952-BD63-4FB0-9FC4-71A9A5225D4B}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{7249FC23-57CD-4D2E-9A60-65B09B3398E7}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\x-com terror from the deep\runme.exe |
"{727884A4-A275-431E-B227-714D1A111339}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\flock\flock.exe |
"{768FD654-AC03-4C50-9BC1-0C5C5564DDDE}" = protocol=6 | dir=in | app=d:\games\blood bowl\autorun\exe\autorun.exe |
"{7F6B6E8B-DBB9-4242-80DA-15AC6D4F7BFE}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\puzzle quest galactrix\galactrix.exe |
"{81D23A13-DE29-4F1C-AB9A-7E96D101CCB4}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\overlord\overlord.exe |
"{85E47827-3ED9-4E01-970F-930996DA0F0D}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\flock\flock.exe |
"{8819EFD6-56F5-48DE-81C0-D48B8CA45411}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{8D8AF07B-2C46-4D87-981B-F6BF90E1411C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8FAF0047-F68F-4CF3-968C-561AA9D2F4F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{925ABFA9-7A42-4FDD-981D-FB0D230DAF1E}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{9C773E8F-C78C-478C-BDA4-8C1BDC4C41EE}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\x-com terror from the deep\runme.exe |
"{9CEE9ECF-5E07-4BD6-A974-89244000399A}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{AD25DA2C-DE79-4220-9673-B4AB1B869750}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{AFFD8A7B-ECB6-415C-9B52-B72287664A06}" = protocol=1 | dir=out | [email protected],-28544 |
"{B95D97B7-6118-4F8A-BFEA-A57E48102A49}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\overlord ii\overlord2.exe |
"{C446828A-597E-48F5-A99F-A1E581FB4E14}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\xcom apocalypse\dosbox.exe |
"{CBBAE030-12B9-45E3-AD81-034B889198EE}" = protocol=58 | dir=out | [email protected],-28546 |
"{CCE911CC-D3EE-476D-8D32-02AD6311BF09}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\peggle deluxe\peggle.exe |
"{CD8F4C8D-7704-4268-B5C0-D82865A3ADEB}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\freedom force\fforce.exe |
"{D1BFC414-A5C0-4BE0-915C-C66665B63BC8}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\fallen earth\feupdater.exe |
"{D292AEF8-635C-4F13-9ED3-BDCA8DDBAC0A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\bookworm adventures deluxe\bookwormadventures.exe |
"{DCEE9A7F-B1A7-4F09-A833-77D3A4EE28CE}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{DDBE280E-6DA6-45A8-8EBF-90A0105DDBA6}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{DECCEB77-CB85-478C-BEE5-12E66151F748}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\xcom ufo defense\dosbox.exe |
"{E12FC15E-630F-43FF-83F9-5FB2898CE1D7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1808000-4B10-406C-B4D4-EB8E631A256A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{E5CBAFC4-6B33-4074-95DE-1C34D0BAC0B4}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\overlord\overlord.exe |
"{E799132C-7768-4567-8C7B-6A0CBEA881A7}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\peggle nights\pegglenights.exe |
"{E9CFE12F-BEC5-4A19-A7F6-23938091705B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\trine demo\trine_launcher.exe |
"{EC638057-4E7B-49BE-8018-7C7F40BD32BC}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{ECE2A0BB-3616-4E5B-81CC-9EB0DC3E7A2E}" = protocol=58 | dir=in | [email protected],-28545 |
"{F023238E-9240-4039-A60A-D4AB07D718A1}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\overlord ii\config.exe |
"{F4319203-85B2-46E7-8393-0C90FE3A3203}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\xcom ufo defense\dosbox.exe |
"TCP Query User{0CF7E642-A7D2-4D78-8AE0-965B0092B019}D:\games\steam\steamapps\[email protected]\age of chivalry\hl2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\[email protected]\age of chivalry\hl2.exe |
"TCP Query User{3072E978-CC25-4181-84BA-B2B537DBE192}D:\games\lotro\lotroclient.exe" = protocol=6 | dir=in | app=d:\games\lotro\lotroclient.exe |
"TCP Query User{401EE5E6-58BF-4E0C-83AA-116FBAF4B11D}D:\games\blood bowl\bb.exe" = protocol=6 | dir=in | app=d:\games\blood bowl\bb.exe |
"TCP Query User{4F460316-68E6-44FF-AF0B-2F6FDAF4DB16}C:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe |
"TCP Query User{7069C873-DC13-4B5E-AF33-7A9F033CF3E7}D:\games\steam\steamapps\[email protected]\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\[email protected]\counter-strike source\hl2.exe |
"TCP Query User{9835AA39-0838-49DA-9EE3-C164EC8CD6C3}D:\games\steam\steamapps\[email protected]\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\[email protected]\counter-strike source\hl2.exe |
"TCP Query User{D3ABC821-37EE-4DC8-9349-F6E97D07B4D5}D:\games\steam\steamapps\[email protected]\age of chivalry\hl2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\[email protected]\age of chivalry\hl2.exe |
"TCP Query User{F955DF6E-DE78-4C1E-BF45-0DBCFD2ECA94}H:\hdrive[storage]\dump from c\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=h:\hdrive[storage]\dump from c\program files\mirc\mirc.exe |
"UDP Query User{12C74998-398B-4A8B-9445-C9ACEC5917F5}D:\games\steam\steamapps\[email protected]\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\[email protected]\counter-strike source\hl2.exe |
"UDP Query User{21A4545C-19AE-4201-9634-7B84E16D6971}D:\games\blood bowl\bb.exe" = protocol=17 | dir=in | app=d:\games\blood bowl\bb.exe |
"UDP Query User{22ACC37A-95E1-493B-8401-76D2BF7EDF5B}D:\games\steam\steamapps\[email protected]\age of chivalry\hl2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\[email protected]\age of chivalry\hl2.exe |
"UDP Query User{9EBAC7EA-2B1D-411A-BB2C-67C670031EC1}D:\games\lotro\lotroclient.exe" = protocol=17 | dir=in | app=d:\games\lotro\lotroclient.exe |
"UDP Query User{AC5090DA-27D0-4CBD-88C9-B527CC7A9283}D:\games\steam\steamapps\[email protected]\age of chivalry\hl2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\[email protected]\age of chivalry\hl2.exe |
"UDP Query User{C9B42912-8E59-468F-B83E-B9F0FD5C2A2D}H:\hdrive[storage]\dump from c\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=h:\hdrive[storage]\dump from c\program files\mirc\mirc.exe |
"UDP Query User{F7E44304-2382-4282-8914-950299DCEAB2}D:\games\steam\steamapps\[email protected]\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\[email protected]\counter-strike source\hl2.exe |
"UDP Query User{F95FFA02-3FAB-4206-B2B9-E9B274451417}C:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12650598-D7B9-4FB5-91B2-2CAA641AC589}" = Trend Micro RUBotted
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37888B36-58B5-41C6-BE67-B846BB4809FF}" = iS3 STOPzilla Toolbar
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5B156B-9A4B-48FB-AA59-47B221495A7B}" = Logitech GamePanel Software 3.01
"{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}" = Express Gate
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BADC5319-A2A0-4BE1-A7C3-A271AE0E791D}" = The Shield Deluxe 2010
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2782E16-06D5-4C7B-B82A-EC42CF65FA90}" = STOPzilla
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.10
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = The Lord of the Rings Online™: Mines of Moria™ v02.01.03.4020
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AudioCS" = Creative Audio Control Panel
"BFG-Burger Island 2 - The Missing Ingredients" = Burger Island 2: The Missing Ingredients
"BFGC" = Big Fish Games Client
"BloodBowl_is1" = Blood Bowl 1.1.2.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"HaaliMkx" = Haali Media Splitter
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Steam App 10150" = Prototype
"Steam App 1250" = Killing Floor
"Steam App 12500" = Puzzle Quest
"Steam App 12710" = Overlord - Raising [bleep]
"Steam App 12810" = Overlord II
"Steam App 17450" = Dragon Age: Origins
"Steam App 17510" = Age of Chivalry
"Steam App 21640" = FLOCK!
"Steam App 220" = Half-Life 2
"Steam App 23500" = Puzzle Quest: Galactrix
"Steam App 23700" = Puzzle Kingdoms
"Steam App 240" = Counter-Strike: Source
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 3470" = Bookworm Adventures Deluxe
"Steam App 3480" = Peggle Deluxe
"Steam App 3540" = Peggle Nights
"Steam App 3590" = Plants Vs Zombies
"Steam App 3720" = Evil Genius
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 40000" = Fallen Earth
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 7660" = X-COM: Apocalypse
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15-12-2009 03:38:37 | Computer Name = steelepc | Source = Windows Search Service | ID = 3013
Description =

Error - 15-12-2009 03:38:37 | Computer Name = steelepc | Source = Windows Search Service | ID = 3013
Description =

Error - 15-12-2009 03:38:37 | Computer Name = steelepc | Source = Windows Search Service | ID = 3013
Description =

Error - 15-12-2009 03:38:37 | Computer Name = steelepc | Source = Windows Search Service | ID = 3013
Description =

Error - 15-12-2009 03:50:13 | Computer Name = steelepc | Source = WinMgmt | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

Error - 15-12-2009 03:51:37 | Computer Name = steelepc | Source = Application Error | ID = 1000
Description = Faulting application SysRestorePoint.exe, version 1.3.0.0, time stamp
0x485da791, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000111ff, process id 0x1488, application start time
0x01ca7d5b6d66c024.

Error - 15-12-2009 03:57:21 | Computer Name = steelepc | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.42.0.0, time stamp 0x4b18370a,
faulting module kernel32.dll, version 6.0.6002.18005, time stamp 0x49e037dd, exception
code 0xe06d7363, fault offset 0x0003fbae, process id 0x12c4, application start time
0x01ca7d5b8c013924.

Error - 15-12-2009 04:03:38 | Computer Name = steelepc | Source = WinMgmt | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

Error - 15-12-2009 04:21:12 | Computer Name = steelepc | Source = WinMgmt | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

Error - 15-12-2009 04:22:16 | Computer Name = steelepc | Source = Application Error | ID = 1000
Description = Faulting application SysRestorePoint(2).exe, version 1.3.0.0, time
stamp 0x485da791, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x000111ff, process id 0x1254, application
start time 0x01ca7d5fb3f7e29d.

[ System Events ]
Error - 17-09-2009 10:18:05 | Computer Name = steelepc | Source = HTTP | ID = 15016
Description =

Error - 17-09-2009 18:03:22 | Computer Name = steelepc | Source = HTTP | ID = 15016
Description =

Error - 18-09-2009 12:04:04 | Computer Name = steelepc | Source = HTTP | ID = 15016
Description =

Error - 19-09-2009 05:16:12 | Computer Name = steelepc | Source = HTTP | ID = 15016
Description =

Error - 20-09-2009 15:30:23 | Computer Name = steelepc | Source = HTTP | ID = 15016
Description =

Error - 21-09-2009 06:31:26 | Computer Name = steelepc | Source = HTTP | ID = 15016
Description =

Error - 23-09-2009 11:54:19 | Computer Name = steelepc | Source = HTTP | ID = 15016
Description =

Error - 25-09-2009 07:00:19 | Computer Name = steelepc | Source = HTTP | ID = 15016
Description =

Error - 26-09-2009 08:46:11 | Computer Name = steelepc | Source = HTTP | ID = 15016
Description =

Error - 27-09-2009 05:58:11 | Computer Name = steelepc | Source = HTTP | ID = 15016
Description =

[ TuneUp Events ]
Error - 31-10-2009 12:30:13 | Computer Name = steelepc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-10-31 17:30:13', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','256',0)

Error - 31-10-2009 12:30:18 | Computer Name = steelepc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-10-31 17:30:18', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','5144',0)

Error - 12-12-2009 09:56:07 | Computer Name = steelepc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-12 14:56:07', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','5444',0)

Error - 13-12-2009 04:50:17 | Computer Name = steelepc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-13 09:50:17', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','5376',0)

Error - 13-12-2009 04:50:37 | Computer Name = steelepc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-13 09:50:37', '\device\harddiskvolume1\programdata\malwarebytes\malwarebytes'
anti-malware\mbam-setup.exe','5320',0)

Error - 13-12-2009 04:57:17 | Computer Name = steelepc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-13 09:57:17', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','5788',0)

Error - 13-12-2009 07:03:03 | Computer Name = steelepc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-13 12:03:03', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2852',0)

Error - 15-12-2009 03:52:29 | Computer Name = steelepc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-15 08:52:29', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','4804',0)

Error - 15-12-2009 03:57:55 | Computer Name = steelepc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-15 08:57:55', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1904',0)

Error - 15-12-2009 04:04:05 | Computer Name = steelepc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-15 09:04:05', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','6116',0)


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP