- I was fiddling around with a printing driver when it happened. I was installing the driver manually through Windows Vista, and the driver was located on an official CD from Lexmark.
Symptoms: Only a handful of programs startup with Windows. The rest is visible as processes (in task manager) but not in the tray, nor can I start or run them.
There is a cross over my network connection, indicating no network connection, but I can surf the internet from Opera (I can't start Firefox or Internet Explorer).
If I start Explorer or tries to look at the device manager, it freezes.
What I've done so far: As I couldn't run any programs in Windows, I had to boot in Safety Mode and run the designated programs from there. I ran TFC, ERUNT and MalwareBytes. This had the effect that after reboot and login in NORMAL MODE, I was left with a black screen. Task Manager shows only 6 or 7 processes running.
I then rebooted into SAFETY MODE and proceeded with the rest of the tests, which I have posted below.
NOTE: When running Gmer.exe, most of the options were grayed out, including the 'show all'. I don't know if that was the result of me running it in Safety Mode or what ever. Just thought I would point it out.
Currently I only have access via SAFETY MODE.
OTL.txt
OTL logfile created on: 1/21/2010 4:38:16 PM - Run 1 OTL by OldTimer - Version 3.1.25.3 Folder = C:\Users\Kasper\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free 8.00 Gb Paging File | 7.00 Gb Available in Paging File | 89.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119.75 Gb Total Space | 69.77 Gb Free Space | 58.26% Space Free | Partition Type: NTFS Drive D: | 487.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 298.09 Gb Total Space | 234.91 Gb Free Space | 78.80% Space Free | Partition Type: NTFS Drive F: | 465.76 Gb Total Space | 69.46 Gb Free Space | 14.91% Space Free | Partition Type: NTFS Drive G: | 7.52 Gb Total Space | 4.93 Gb Free Space | 65.59% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KASPER-PC Current User Name: Kasper Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/01/21 15:37:03 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Users\Kasper\Desktop\OTL.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/01/21 15:37:03 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Users\Kasper\Desktop\OTL.exe MOD - [2009/04/11 07:28:18 | 00,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2009/11/25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2009/11/25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV:[b]64bit:[/b] - [2009/11/25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV:[b]64bit:[/b] - [2009/11/25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV:[b]64bit:[/b] - [2009/10/28 20:21:28 | 00,660,256 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV:[b]64bit:[/b] - [2009/09/25 02:26:26 | 01,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:[b]64bit:[/b] - [2009/06/04 22:03:49 | 01,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:[b]64bit:[/b] - [2009/04/11 08:11:27 | 00,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService) SRV:[b]64bit:[/b] - [2009/04/11 08:11:14 | 00,604,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService) SRV:[b]64bit:[/b] - [2009/04/11 08:11:04 | 01,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine) SRV:[b]64bit:[/b] - [2008/05/16 16:39:34 | 01,040,552 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxdrcoms.exe -- (lxdr_device) SRV:[b]64bit:[/b] - [2008/05/16 16:39:27 | 00,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdrserv.exe -- (lxdrCATSCustConnectService) SRV:[b]64bit:[/b] - [2008/01/21 03:50:23 | 00,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2008/01/21 03:47:07 | 00,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fxssvc.exe -- (Fax) SRV:[b]64bit:[/b] - [2008/01/21 03:46:39 | 00,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/07/15 08:50:03 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate) SRV - [2009/06/04 22:03:42 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/03/30 05:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/05/16 16:39:15 | 00,594,600 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWow64\lxdrcoms.exe -- (lxdr_device) SRV - [2006/11/02 14:34:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2006/11/02 07:35:15 | 00,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2006/11/02 07:35:15 | 00,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.dk/ig" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: [email protected]:1.6.17 FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8 FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:3.0.0.65223 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7 FF - prefs.js..extensions.enabledItems: [email protected]:1.5.0 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.7 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2 FF - prefs.js..extensions.enabledItems: [email protected]:1.9.6 FF - prefs.js..extensions.enabledItems: {39952c40-5197-11da-8cd6-0800200c9a66}:0.5.2 FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.0rc2 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2009/11/04 10:00:22 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/06 20:41:46 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/18 16:39:57 | 00,000,000 | ---D | M] [2009/08/06 21:04:00 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Extensions [2009/05/01 22:46:05 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Extensions\[email protected] [2010/01/21 14:44:12 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions [2009/08/24 08:20:16 | 00,000,000 | ---D | M] (Screengrab) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2009/10/22 09:22:21 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2010/01/18 10:28:01 | 00,000,000 | ---D | M] (Weave Sync) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef} [2009/11/22 17:22:03 | 00,000,000 | ---D | M] (Linkification) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2009/11/22 17:22:03 | 00,000,000 | ---D | M] (Tab Control) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{39952c40-5197-11da-8cd6-0800200c9a66} [2009/12/07 07:33:34 | 00,000,000 | ---D | M] (FireFTP) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2009/10/16 14:37:26 | 00,000,000 | ---D | M] (Web Developer) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2010/01/07 22:21:06 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/01/13 17:09:13 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009/11/19 18:13:28 | 00,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2009/08/06 22:07:30 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\[email protected] [2010/01/20 13:48:04 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\[email protected] [2010/01/21 14:16:16 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\[email protected] [2010/01/21 14:16:16 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\[email protected]\chrome [2010/01/21 14:16:15 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\[email protected]\defaults [2010/01/21 14:44:12 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2008/04/29 17:54:30 | 00,110,592 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npfronter_oes2.dll O1 HOSTS File: ([2009/04/06 16:48:54 | 00,000,789 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O4:[b]64bit:[/b] - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 4900 Series\ezprint.exe (Lexmark International Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [lxdrmon.exe] C:\Program Files (x86)\Lexmark 4900 Series\lxdrmon.exe () O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files (x86)\Ask & Record Toolbar\FLVSrvc.exe (Applian Technologies, Inc.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [LELA] C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe File not found O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Evernote] C:\Program Files (x86)\Evernote\Evernote3.5\Evernote.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - HKCU..\Run: [Google Update] C:\Users\Kasper\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [POEngine5] File not found O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Kasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O8:[b]64bit:[/b] - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:[b]64bit:[/b] - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:[b]64bit:[/b] - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O8:[b]64bit:[/b] - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:[b]64bit:[/b] - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15:[b]64bit:[/b] - ..Trusted Domains: danid.dk ([]http in Trusted sites) O15:[b]64bit:[/b] - ..Trusted Domains: danid.dk ([]https in Trusted sites) O15 - HKLM\..Trusted Domains: danid.dk ([]http in Trusted sites) O15 - HKLM\..Trusted Domains: danid.dk ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: danid.dk ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: danid.dk ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites) O15 - HKCU\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control) O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.162.153.164 194.239.134.83 O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/09/10 10:57:07 | 00,000,252 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{9c787204-ca0a-11de-a354-0000e8164786}\Shell - "" = AutoRun O33 - MountPoints2\{9c787204-ca0a-11de-a354-0000e8164786}\Shell\AutoRun\command - "" = K:\MI.exe -- File not found O33 - MountPoints2\{aa455136-2242-11de-b356-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{aa455136-2242-11de-b356-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2008/09/10 11:24:11 | 00,299,688 | R--- | M] ( ) O33 - MountPoints2\{bc32e8ed-c3bf-11de-8357-002215ed7c66}\Shell\AutoRun\command - "" = K:\MI.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found [b]64bit:[/b] O35 - comfile [open] -- "%1" %* File not found [b]64bit:[/b] O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs:[b]64bit:[/b] Ias - C:\Windows\SysNative\ias [2008/01/21 04:05:52 | 00,000,000 | ---D | M] NetSvcs:[b]64bit:[/b] Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation) NetSvcs:[b]64bit:[/b] Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation) NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/21 04:07:48 | 00,000,000 | ---D | M] NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation) OTL cannot create restorepoints on Vista OSs! [color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color] [2010/01/21 15:46:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2010/01/21 15:37:03 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Users\Kasper\Desktop\OTL.exe [2010/01/21 15:36:00 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Kasper\Desktop\erunt_setup.exe [2010/01/21 15:35:53 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Kasper\Desktop\TFC.exe [2010/01/21 14:02:04 | 00,000,000 | ---D | C] -- C:\ProgramData\Lexmark 4900 Series [2010/01/21 13:57:09 | 00,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrpmui.dll [2010/01/21 13:57:09 | 00,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrinpa.dll [2010/01/21 13:57:09 | 00,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdriesc.dll [2010/01/21 13:57:09 | 00,126,976 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysWow64\lxdrlnks.dll [2010/01/21 13:57:08 | 01,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrserv.dll [2010/01/21 13:57:08 | 00,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrusb1.dll [2010/01/21 13:57:08 | 00,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrlmpm.dll [2010/01/21 13:57:07 | 00,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrcomc.dll [2010/01/21 13:57:07 | 00,679,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrhbn3.dll [2010/01/21 13:57:07 | 00,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrcoms.exe [2010/01/21 13:57:07 | 00,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrcomm.dll [2010/01/21 13:57:07 | 00,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrcfg.exe [2010/01/21 13:57:07 | 00,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrih.exe [2010/01/21 13:56:57 | 00,680,960 | ---- | C] ( ) -- C:\Windows\SysNative\LXDRhcp.dll [2010/01/21 13:56:56 | 00,896,000 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrlmpm.dll [2010/01/21 13:56:54 | 01,291,264 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrcomc.dll [2010/01/21 13:56:53 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 4900 Series [2010/01/21 13:47:43 | 00,077,906 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\lxdrcfg.dll [2010/01/21 13:46:47 | 00,000,000 | R--D | C] -- C:\Users\Kasper\Documents\Scanned Documents [2010/01/21 13:46:46 | 00,000,000 | ---D | C] -- C:\Users\Kasper\Documents\Fax [2010/01/20 15:44:10 | 00,000,000 | ---D | C] -- C:\ProgramData\Lx_cats [2010/01/20 15:36:48 | 00,065,536 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\lxdrcfg.dll [2010/01/20 15:35:54 | 01,660,928 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrserv.dll [2010/01/20 15:35:54 | 00,982,016 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrpmui.dll [2010/01/20 15:35:53 | 01,337,344 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrusb1.dll [2010/01/20 15:35:53 | 01,090,560 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrhbn3.dll [2010/01/20 15:35:53 | 00,581,632 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrcomm.dll [2010/01/20 15:35:53 | 00,548,864 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrinpa.dll [2010/01/20 15:35:53 | 00,513,024 | ---- | C] ( ) -- C:\Windows\SysNative\lxdriesc.dll [2010/01/20 15:34:23 | 00,065,536 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\lxdrcfg64.dll [2010/01/20 15:34:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Ezprint [2010/01/20 15:34:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark Toolbar [2010/01/20 15:34:03 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark Printable Web [2010/01/20 15:32:57 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark 4900 Series [2010/01/19 11:59:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TI Education [2010/01/19 11:57:42 | 00,000,000 | ---D | C] -- C:\Users\Kasper\Desktop\TiInteractive [2010/01/17 14:28:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Hobbyist Software [2010/01/17 13:28:52 | 27,386,256 | ---- | C] ( ) -- C:\Users\Kasper\Desktop\AdbeRdr930_en_US.exe [2010/01/16 13:57:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Fronter AS [2010/01/13 18:04:37 | 00,069,632 | ---- | C] ( ) -- C:\nporbit.dll [2010/01/13 18:03:31 | 00,000,000 | ---D | C] -- C:\Downloads [2010/01/13 18:01:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Orbitdownloader [2010/01/13 18:01:36 | 00,000,000 | ---D | C] -- C:\Users\Kasper\AppData\Roaming\Orbit [2010/01/13 17:43:03 | 00,000,000 | ---D | C] -- C:\Users\Kasper\AppData\Roaming\FlashGet [2010/01/13 17:43:03 | 00,000,000 | ---D | C] -- C:\Users\Kasper\AppData\Roaming\BITS [2010/01/13 17:42:59 | 00,000,000 | ---D | C] -- C:\Users\Kasper\AppData\Roaming\FlashGetBHO [2010/01/13 17:42:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FlashGet Network [color=#E56717]========== Files - Modified Within 14 Days ==========[/color] [2010/01/21 16:38:31 | 03,932,160 | -HS- | M] () -- C:\Users\Kasper\NTUSER.DAT [2010/01/21 16:36:56 | 01,459,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/01/21 16:36:56 | 00,652,310 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat [2010/01/21 16:36:56 | 00,594,698 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/01/21 16:36:56 | 00,125,186 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat [2010/01/21 16:36:56 | 00,100,766 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/01/21 16:09:53 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/01/21 16:06:42 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/01/21 16:06:09 | 00,524,288 | -HS- | M] () -- C:\Users\Kasper\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms [2010/01/21 16:06:09 | 00,065,536 | -HS- | M] () -- C:\Users\Kasper\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf [2010/01/21 16:06:07 | 00,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CB9FA888-C130-4BBD-AD9F-CF123505E53D}.job [2010/01/21 16:04:56 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/01/21 16:04:47 | 00,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/01/21 16:04:46 | 00,034,990 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010/01/21 16:04:46 | 00,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/01/21 16:04:45 | 00,034,990 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010/01/21 15:46:45 | 00,000,943 | ---- | M] () -- C:\Users\Kasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010/01/21 15:46:43 | 00,000,744 | ---- | M] () -- C:\Users\Kasper\Desktop\ERUNT.lnk [2010/01/21 15:37:03 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Users\Kasper\Desktop\OTL.exe [2010/01/21 15:36:56 | 00,284,915 | ---- | M] () -- C:\Users\Kasper\Desktop\gmer.zip [2010/01/21 15:36:01 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Kasper\Desktop\erunt_setup.exe [2010/01/21 15:35:53 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Kasper\Desktop\TFC.exe [2010/01/21 15:30:28 | 00,460,388 | ---- | M] () -- C:\Users\Kasper\Desktop\kasper-sorensen-mat-25.jpg [2010/01/21 15:10:00 | 00,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2356987698-3661441655-3655627599-1000UA.job [2010/01/21 15:00:00 | 00,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/01/21 14:50:19 | 00,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010/01/21 14:09:07 | 00,102,288 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf [2010/01/20 23:10:00 | 00,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2356987698-3661441655-3655627599-1000Core.job [2010/01/20 17:40:49 | 00,116,224 | ---- | M] () -- C:\Users\Kasper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/20 13:20:30 | 00,056,352 | ---- | M] () -- C:\Users\Kasper\AppData\Local\GDIPFONTCACHEV1.DAT [2010/01/20 12:53:36 | 02,862,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/01/19 11:59:50 | 00,002,071 | ---- | M] () -- C:\Users\Kasper\Desktop\TI InterActive!.lnk [2010/01/19 11:55:56 | 45,747,123 | ---- | M] () -- C:\Users\Kasper\Desktop\TI-interactive Vista.zip [2010/01/17 13:29:18 | 27,386,256 | ---- | M] ( ) -- C:\Users\Kasper\Desktop\AdbeRdr930_en_US.exe [2010/01/15 21:38:05 | 00,000,000 | ---- | M] () -- C:\Users\Kasper\temp.dat [2010/01/13 17:51:52 | 00,000,305 | ---- | M] () -- C:\Windows\SysWow64\secushr.dat [2010/01/13 17:45:09 | 00,002,360 | ---- | M] () -- C:\Windows\Opera.INI [2010/01/13 17:43:07 | 00,000,025 | ---- | M] () -- C:\Windows\libem.INI [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/01/21 15:46:45 | 00,000,943 | ---- | C] () -- C:\Users\Kasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010/01/21 15:46:43 | 00,000,744 | ---- | C] () -- C:\Users\Kasper\Desktop\ERUNT.lnk [2010/01/21 15:39:32 | 00,293,376 | ---- | C] () -- C:\Users\Kasper\Desktop\gmer.exe [2010/01/21 15:36:55 | 00,284,915 | ---- | C] () -- C:\Users\Kasper\Desktop\gmer.zip [2010/01/21 15:30:28 | 00,460,388 | ---- | C] () -- C:\Users\Kasper\Desktop\kasper-sorensen-mat-25.jpg [2010/01/21 14:50:19 | 00,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/01/21 14:02:04 | 00,000,370 | ---- | C] () -- C:\ProgramData\lxdrDiagnostics.log [2010/01/21 13:57:32 | 00,000,044 | ---- | C] () -- C:\Windows\SysNative\lxdrrwrd.ini [2010/01/21 13:57:09 | 00,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDRinst.dll [2010/01/21 13:57:09 | 00,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdrcomx.dll [2010/01/21 13:57:07 | 00,002,043 | ---- | C] () -- C:\Windows\SysWow64\lxdr.loc [2010/01/21 13:56:57 | 00,594,432 | ---- | C] () -- C:\Windows\SysNative\LXDRinst.dll [2010/01/20 16:38:09 | 00,102,288 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf [2010/01/20 16:36:25 | 00,002,043 | ---- | C] () -- C:\Windows\SysNative\lxdr.loc [2010/01/20 16:36:24 | 00,061,218 | ---- | C] () -- C:\Windows\SysNative\lxdrprpr.chm [2010/01/20 16:18:14 | 00,001,045 | ---- | C] () -- C:\ProgramData\lxdr.log [2010/01/20 15:36:49 | 00,617,984 | ---- | C] () -- C:\Windows\SysNative\lxdrcoin.dll [2010/01/20 15:35:52 | 00,300,032 | ---- | C] () -- C:\Windows\SysNative\lxdrgrd.dll [2010/01/20 15:35:51 | 00,109,056 | ---- | C] () -- C:\Windows\SysNative\lxdrvs.dll [2010/01/20 15:34:23 | 01,416,192 | ---- | C] () -- C:\Windows\SysNative\lxdrdrs64.dll [2010/01/20 15:34:23 | 01,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdrdrs.dll [2010/01/20 15:34:23 | 00,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdrcaps.dll [2010/01/20 15:34:23 | 00,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdrcnv4.dll [2010/01/20 15:34:23 | 00,054,784 | ---- | C] () -- C:\Windows\SysNative\lxdrcnv464.dll [2010/01/20 15:34:23 | 00,025,600 | ---- | C] () -- C:\Windows\SysNative\lxdrcaps64.dll [2010/01/20 15:34:21 | 00,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log [2010/01/20 15:27:46 | 00,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt [2010/01/19 11:59:50 | 00,002,071 | ---- | C] () -- C:\Users\Kasper\Desktop\TI InterActive!.lnk [2010/01/19 11:52:23 | 45,747,123 | ---- | C] () -- C:\Users\Kasper\Desktop\TI-interactive Vista.zip [2010/01/13 17:51:52 | 00,000,305 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat [2010/01/13 17:45:09 | 00,002,360 | ---- | C] () -- C:\Windows\Opera.INI [2010/01/13 17:43:07 | 00,000,025 | ---- | C] () -- C:\Windows\libem.INI [2009/12/18 16:46:16 | 00,001,101 | ---- | C] () -- C:\ProgramData\afl.log [2009/12/07 16:35:29 | 00,432,466 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistMSI3DC5.txt [2009/12/07 16:35:29 | 00,011,714 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistUI3DC5.txt [2009/12/03 14:59:33 | 00,415,708 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistMSI3BD0.txt [2009/12/03 14:59:33 | 00,018,218 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistUI3BD0.txt [2009/12/03 13:41:07 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/12/03 13:40:09 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/11/05 11:16:14 | 00,034,990 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/11/04 19:33:54 | 00,034,990 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/09/13 20:24:00 | 00,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini [2009/08/13 19:59:29 | 00,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2009/08/13 19:59:29 | 00,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2009/07/29 15:05:47 | 00,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2009/06/09 01:47:51 | 00,000,680 | ---- | C] () -- C:\Users\Kasper\AppData\Local\d3d9caps.dat [2009/06/07 21:17:53 | 00,014,102 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistUI3B93.txt [2009/06/06 15:16:42 | 00,412,822 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistMSI5900.txt [2009/06/06 15:16:42 | 00,011,470 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistUI5900.txt [2009/06/04 22:26:57 | 00,415,726 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistMSI0606.txt [2009/06/04 22:26:56 | 00,011,386 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistUI0606.txt [2009/06/04 20:38:17 | 00,418,676 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistMSI32DA.txt [2009/06/04 20:38:16 | 00,018,774 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistUI32DA.txt [2009/04/05 22:25:12 | 00,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009/04/05 22:25:11 | 00,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009/04/05 22:25:11 | 00,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009/04/05 22:25:10 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2009/04/05 22:25:10 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2009/04/05 22:25:09 | 00,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009/04/05 21:08:58 | 00,116,224 | ---- | C] () -- C:\Users\Kasper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/04/05 18:03:35 | 00,028,551 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009/04/05 17:49:46 | 00,000,732 | ---- | C] () -- C:\Users\Kasper\AppData\Local\d3d9caps64.dat [2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008/02/11 09:39:26 | 00,253,952 | ---- | C] () -- C:\Windows\SysWow64\OnlineScannerDLLA.dll [2008/02/11 09:39:18 | 00,237,568 | ---- | C] () -- C:\Windows\SysWow64\OnlineScannerDLLW.dll [2008/02/08 13:53:46 | 00,110,592 | ---- | C] () -- C:\Windows\SysWow64\OnlineScannerLang.dll [2008/01/21 03:49:10 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007/12/28 08:22:02 | 00,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2007/07/27 14:49:02 | 00,225,355 | ---- | C] () -- C:\Windows\SysWow64\lnod32apiW.dll [2007/07/27 14:49:02 | 00,196,683 | ---- | C] () -- C:\Windows\SysWow64\lnod32apiA.dll [2005/12/05 19:25:22 | 00,139,264 | ---- | C] () -- C:\Windows\SysWow64\lnod32umc.dll [2005/12/05 12:37:10 | 00,106,496 | ---- | C] () -- C:\Windows\SysWow64\lnod32upd.dll [2005/07/09 09:37:44 | 00,005,632 | ---- | C] () -- C:\Windows\SysWow64\dfsc.dll [2000/10/30 10:04:00 | 00,000,209 | ---- | C] () -- C:\Windows\Ic32.ini [color=#E56717]========== LOP Check ==========[/color] [2009/04/23 22:18:04 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\AMPSoft [2009/06/14 14:40:39 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Aptana [2009/05/11 00:36:47 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Audacity [2010/01/13 17:43:29 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\BITS [2009/04/08 03:05:45 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1 [2009/04/10 10:27:48 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\com.snippely.6E4C758165F11BBEC90F106AA88CF53EB51547B1.1 [2009/12/23 15:27:24 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Cryptomathic [2009/12/04 00:44:06 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Cycling '74 [2009/04/05 23:43:16 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\DAEMON Tools [2009/09/14 21:07:27 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\DAEMON Tools Lite [2009/04/05 23:43:16 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\DAEMON Tools Pro [2009/04/05 22:08:04 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1 [2009/04/06 18:26:57 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\FireShot [2010/01/13 17:43:03 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\FlashGet [2010/01/13 17:43:00 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\FlashGetBHO [2009/04/05 22:40:18 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Foxit [2009/07/10 20:15:21 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\GetRightToGo [2009/06/13 17:09:16 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\GHISLER [2009/10/15 15:46:20 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\GrabIt [2009/08/24 22:01:44 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\HDRsoft [2009/07/08 20:04:53 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\ImgBurn [2009/05/06 21:07:49 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mp3tag [2009/09/03 21:01:42 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Nokia [2009/06/14 14:43:15 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Notepad++ [2009/04/07 20:26:45 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\OpenOffice.org [2009/04/05 23:59:45 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Opera [2010/01/20 14:33:59 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Orbit [2009/06/04 20:18:25 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\OxelonMC [2009/09/03 20:57:25 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\PC Suite [2009/04/28 18:10:18 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Publish Providers [2009/06/27 01:31:18 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\RawTherapee [2009/05/01 22:46:04 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Songbird2 [2009/06/10 02:27:02 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Sony [2009/12/08 01:03:40 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Sony Creative Software [2009/04/06 14:40:04 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\SystemRequirementsLab [2009/04/05 22:03:19 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1 [2009/12/03 22:43:30 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2010/01/21 15:27:52 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\uTorrent [2010/01/21 16:06:42 | 00,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/01/21 16:06:07 | 00,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CB9FA888-C130-4BBD-AD9F-CF123505E53D}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008/01/21 03:45:58 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008/01/21 03:45:58 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008/01/21 03:45:58 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009/04/11 08:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys [color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color] [2006/11/02 12:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll [color=#A23BEC]< MD5 for: IASTORV.SYS >[/color] [2008/01/21 03:46:07 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008/01/21 03:50:06 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009/04/11 08:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008/01/21 03:47:35 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll [color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color] [2008/01/21 03:46:02 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2008/01/21 03:49:34 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008/01/21 03:48:56 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009/04/11 08:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 64 bytes -> C:\Users\Kasper\Desktop\aw-tutorial.mp4:TOC.WMV @Alternate Data Stream - 24 bytes -> C:\Windows:6D16765549E8AE1E @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report >
EXTRAS.txt
OTL Extras logfile created on: 1/21/2010 4:38:16 PM - Run 1 OTL by OldTimer - Version 3.1.25.3 Folder = C:\Users\Kasper\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free 8.00 Gb Paging File | 7.00 Gb Available in Paging File | 89.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119.75 Gb Total Space | 69.77 Gb Free Space | 58.26% Space Free | Partition Type: NTFS Drive D: | 487.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 298.09 Gb Total Space | 234.91 Gb Free Space | 78.80% Space Free | Partition Type: NTFS Drive F: | 465.76 Gb Total Space | 69.46 Gb Free Space | 14.91% Space Free | Partition Type: NTFS Drive G: | 7.52 Gb Total Space | 4.93 Gb Free Space | 65.59% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KASPER-PC Current User Name: Kasper Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data] "VistaSp2" = D1 DF 3A CB 24 74 CA 01 [binary data] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08799CDB-CF48-490C-BFB2-73E83C92282B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0B02296E-DC91-44CE-B4EE-17EC2E7F604C}" = lport=3390 | protocol=6 | dir=in | app=system | "{111D2EAE-EBCE-42DC-B63A-149F027CBDE6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{359FAEA9-021D-41D6-B232-740E6F107E31}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{41736B84-4462-4D6C-B49B-C7FCD71743EB}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | "{457736F7-9F08-4438-96EC-AD59F133E20D}" = rport=137 | protocol=17 | dir=out | app=system | "{473C31D3-9B55-45DD-A3EB-88877EB4DAD5}" = lport=10243 | protocol=6 | dir=in | app=system | "{48BA7790-50C1-43DD-8F68-3895A13DD4B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{493ECB99-ADDB-433F-B4CF-129D57033E74}" = rport=10243 | protocol=6 | dir=out | app=system | "{56EF0291-4624-41BC-A5C9-65D2BD10EB5C}" = lport=138 | protocol=17 | dir=in | app=system | "{59B84E97-46B2-4D46-8A44-FA4B46C7904B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{65BFE3FB-FDE4-4F49-8C33-7455746D6E7A}" = rport=445 | protocol=6 | dir=out | app=system | "{67D2C285-CA49-450A-AAA1-4848A810D01E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{6E249286-5033-40A5-AF5B-BCE394259DE6}" = lport=445 | protocol=6 | dir=in | app=system | "{723A68FD-5243-490F-9E67-2157DF79C5B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{7F1A850D-D1CA-452D-B6D1-03121871B998}" = lport=137 | protocol=17 | dir=in | app=system | "{7F6EFCAC-7ABF-4D1A-B951-3E0BCACAD1A3}" = lport=10244 | protocol=6 | dir=in | app=system | "{8419B4B6-53B6-46F5-B71D-A0952A5D5D74}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{88A6128B-07E6-48B4-93B5-05C12B0D1B64}" = lport=8081 | protocol=6 | dir=in | name=apache | "{8DC001B2-C691-4B45-873A-637C5137AF25}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8FAF4469-0E43-4462-835D-36F1DF4E3426}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{90581F06-2BF6-4131-B138-010EE00D55DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{94968861-D158-41D4-9B5E-C60D8823BD5F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{9BCA0919-3642-410E-B7F5-ED957EADA4C0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9E20993E-090E-425D-B274-4DFECB900640}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A288789E-869A-413A-9A1C-696C8245D517}" = rport=138 | protocol=17 | dir=out | app=system | "{A318B251-6B0A-4460-9296-EC2615CF32D8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A4B16E3F-CC04-400A-86A4-B659A386C7E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A7F795F4-3C23-4E02-872B-47DB7E858F8E}" = lport=139 | protocol=6 | dir=in | app=system | "{A91EB829-33B2-483A-ACE2-FA8069773D13}" = lport=2869 | protocol=6 | dir=in | app=system | "{AC500797-C2E5-422B-ACAB-E35315D519B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B1A87A1D-375E-4502-8CA9-87F49AAEDEFE}" = rport=10244 | protocol=6 | dir=out | app=system | "{B6728B0F-CAD7-417E-9DB2-5ABA0480862D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{BC07D3A6-E06E-430F-AE0B-26DE8D8FB892}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{BD627FA4-8BEF-4A59-A98E-71680FB3AD87}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C06C4160-DAE2-45FA-B719-4478A59C2047}" = rport=139 | protocol=6 | dir=out | app=system | "{C943F84F-AAAE-47E9-87CB-3B966FE189CA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{CFF28C63-3E37-403E-ACF3-7830C13682A3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{EEBCC30E-6B16-49A0-A2A7-D785ADA7DA12}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F35C1DE6-63DE-4B5F-8B62-EFA0CE30F066}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00C339BD-EC05-4F10-ACF4-6FBE6603D46B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{04FFA875-AAD3-4887-8D6A-8E72C48435C8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{0F09299F-8D60-4BD6-A00C-79D2A10F2D37}" = protocol=1 | dir=in | [email protected],-28543 | "{1D4149D5-66D6-498B-94DD-452950D65B6A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{20F8B8FC-0391-4B50-AA4A-552EA405CA9B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{21EFFD0F-BB86-423D-BD82-F8E6E98CE548}" = protocol=1 | dir=out | [email protected],-28544 | "{22E48A55-0D03-4115-9DB8-A2D37571AE73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{23C06D95-6C10-4D18-A658-A94DC1CD7CB1}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{2605112B-06D9-485F-8A27-698937CA2396}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | "{2856EB79-441E-46D9-AAAC-823C85C8C78E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{39F4A917-7556-480F-95BF-000D9B3D13B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4399C02C-6CB9-4EB0-9E89-DFCA78A5E7FE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{45088889-3EA2-467F-B1C6-55E8C7505EEE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{584422B9-5BE4-44BF-B561-CDA2D85F833D}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | "{5A2830C8-D188-426C-ACA3-FC8A2251AC20}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdrpswx.exe | "{5DFF3DD2-DE75-46A0-8004-FC30B20AACEF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{66B076B6-BC01-49D8-BC68-58160D3D894C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{68741E4C-C2EB-4EC6-9DBB-B7BA1F539666}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6995692E-2D97-4B39-B77E-D0CE154CF281}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdrpswx.exe | "{906F74F7-4FE2-43C4-B1F0-BD2364DEDF87}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9279EC1F-0EA7-4B82-9C1F-4FEAABB9BD20}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{963FC46E-10BA-4413-B193-C2BFE654D712}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9D4DCEB2-C2E3-4D68-BD23-378005B798FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A12343E8-84E1-4C86-A9CC-E704F2A4DE6E}" = protocol=17 | dir=in | app=c:\windows\system32\lxdrcoms.exe | "{A80D093C-2E33-46CB-AC58-C06E663A0D9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B08B58EF-47E5-41A2-A2A7-7114409214ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B263EF11-68AF-4133-A165-394421DF0C23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B2CC66A5-9CE1-4BFA-BBA7-2C6327A39A70}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B677A08C-952F-47B9-A1F9-A94D9664AACA}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{B711B1A1-822A-4131-9131-AE6460B8A883}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | "{BA1AB993-3D41-49B9-8196-AD5EC60EE04C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{BED019A6-C133-4C7E-B786-B4F7580FF52A}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | "{D195588E-F552-4AE7-A187-A95E87E7AF5F}" = protocol=58 | dir=in | [email protected],-28545 | "{D1D64309-2704-4285-A9B6-06C9BDEE1170}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdrcoms.exe | "{DA26C093-BD58-4128-A03D-BAC2D1CB879B}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdrcoms.exe | "{DC5087F4-29CB-4F1E-800D-D268549E8801}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DC80D081-0E2E-43B6-9451-84463A179E47}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E298160F-D0DC-40AE-AD7C-C505B1DD3848}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | "{E4168052-C572-475C-B8F0-40BB58E80ADC}" = protocol=6 | dir=out | app=system | "{E4A46FC0-74A8-4083-838E-6D4E30DAA8CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E52ACA98-FACA-4A74-9321-7A88447C10B3}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{EAC50F99-2885-43C3-834D-92E236EE381E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F705FC83-152C-43CB-B2E4-14242A70F4F9}" = protocol=6 | dir=in | app=c:\windows\system32\lxdrcoms.exe | "{F823CDEE-EF45-42C8-9959-8EC67A0EC04C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{F8535E8B-6DC3-4081-B72A-9B80597F3757}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FA29DC4B-C6E6-4454-87B8-DDE182DA8C05}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | "{FB73D63D-58BC-4B3A-AB9B-B7930541CC8C}" = protocol=58 | dir=out | [email protected],-28546 | "TCP Query User{04A9643E-8BFB-4FDF-9BA0-23ACFBAD2B55}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "TCP Query User{29EBF25B-A358-409F-89B4-D35EC14B3F56}E:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=e:\xampp\apache\bin\apache.exe | "TCP Query User{38E83A72-037A-447D-95D3-263D37B61321}E:\production\websites\wos\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=e:\production\websites\wos\mysql\bin\mysqld-nt.exe | "TCP Query User{43E03727-77BF-4196-8488-5D8A01AD8C3F}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | "TCP Query User{4DCEC423-EC9C-4463-BE7A-F33034CB5190}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{54CD1A6E-8D00-4115-B5E5-D78CF4E9C410}E:\production\websites\resources\local software\wos\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=e:\production\websites\resources\local software\wos\apache2\bin\httpd.exe | "TCP Query User{59F632F4-CDD4-48D7-B93C-13FB5EE298DA}E:\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=e:\xampplite\apache\bin\httpd.exe | "TCP Query User{6956B191-5B33-4862-A89B-035F43604E21}E:\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\xampplite\mysql\bin\mysqld.exe | "TCP Query User{7179007A-3D27-4957-820B-FF776A237761}C:\program files (x86)\pokeroffice5\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pokeroffice5\bin\javaw.exe | "TCP Query User{71914AF9-2C4C-4B11-AEC8-68AFC0BCFDD3}G:\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=g:\xampplite\mysql\bin\mysqld.exe | "TCP Query User{76E4BA04-0B9F-4407-8EBF-BCBB6F64AEAF}G:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=g:\xampp\apache\bin\apache.exe | "TCP Query User{871D9F88-69FB-4133-A751-FEA85D149E3C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{898B48B7-4235-4E8A-9DED-77162ADCE3FD}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe | "TCP Query User{96C2F499-B56D-4F3B-A443-4E196A451AF2}E:\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=e:\xampplite\apache\bin\httpd.exe | "TCP Query User{9CC3B15F-66C4-4CF7-8143-8097172E8C66}G:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=g:\xampp\mysql\bin\mysqld.exe | "TCP Query User{9D641DBD-5629-42C2-A492-D243E6C79EAB}C:\program files (x86)\aptana studio 1.2\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aptana studio 1.2\jre\bin\javaw.exe | "TCP Query User{A4CA78BA-C1B7-45A6-BC4E-A25327101400}E:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\xampp\mysql\bin\mysqld.exe | "TCP Query User{ACB2BCFB-6692-4EC4-84FA-6607CF571082}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "TCP Query User{AD6E1349-5752-4E4A-A12F-F717B58C59FC}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | "TCP Query User{B672D476-FE55-466D-9811-8FEF26720D53}C:\program files (x86)\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files (x86)\safari\safari.exe | "TCP Query User{BD1C79CD-A4A2-4383-B8C5-9B64B4E11902}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "TCP Query User{C6CB4671-4976-4072-9505-9B8DE6BADF4D}E:\production\websites\resources\local software\wos\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=e:\production\websites\resources\local software\wos\mysql\bin\mysqld-nt.exe | "TCP Query User{D7239D15-0B13-47B0-958F-A34D573AFD28}G:\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=g:\xampplite\apache\bin\httpd.exe | "TCP Query User{D7270B04-6FBC-421E-83E2-7D87B7F5CEF7}E:\production\websites\wos\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=e:\production\websites\wos\apache2\bin\httpd.exe | "TCP Query User{E1CA9881-9489-4228-BF9B-DB51031340C1}C:\program files (x86)\smartcam\smartcam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smartcam\smartcam.exe | "TCP Query User{E63392F3-5BE3-40CB-91EA-BAC6440166E0}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{EA2A30B9-287B-4FBE-95B5-41EDEC07B7EA}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | "TCP Query User{EDB80D3A-9076-4992-A4D4-416E4ACD2EFB}E:\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\xampplite\mysql\bin\mysqld.exe | "UDP Query User{009D3239-F0AC-4545-BEEB-FCC6DE1AED44}C:\program files (x86)\smartcam\smartcam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smartcam\smartcam.exe | "UDP Query User{011B0BD2-9104-41BD-ADFC-55156F98F237}E:\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=e:\xampplite\apache\bin\httpd.exe | "UDP Query User{01EEDA18-E518-46A1-A32F-C830F5704FED}E:\production\websites\resources\local software\wos\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=e:\production\websites\resources\local software\wos\mysql\bin\mysqld-nt.exe | "UDP Query User{1DB1FAC1-3666-40CC-958F-70C3334B9CCC}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe | "UDP Query User{2B714DD2-FA37-4F85-AA62-217092B9B91C}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "UDP Query User{2D29AB27-B5DC-4D1B-8CFB-513FAB5BC99A}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "UDP Query User{3715298D-3A3F-42D3-A4C4-AC89B11A3969}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{37E9EF72-3AC8-44F3-93FE-C5351113B246}G:\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=g:\xampplite\mysql\bin\mysqld.exe | "UDP Query User{3EAB1757-80C5-4A0B-ABEE-3C3C244E0F67}C:\program files (x86)\aptana studio 1.2\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aptana studio 1.2\jre\bin\javaw.exe | "UDP Query User{4A320479-0181-4287-B31D-FB66C9D5FC76}G:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=g:\xampp\mysql\bin\mysqld.exe | "UDP Query User{62DA1376-3237-4740-8B1D-0936101FC1C2}E:\production\websites\resources\local software\wos\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=e:\production\websites\resources\local software\wos\apache2\bin\httpd.exe | "UDP Query User{67DE43C0-52E7-4D12-B03D-C27995A09031}C:\program files (x86)\pokeroffice5\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pokeroffice5\bin\javaw.exe | "UDP Query User{69D227EB-729C-444F-8642-5CD4EDDED2CC}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | "UDP Query User{7B18DEBA-E3A7-4A16-9AD7-44AD953E7C53}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "UDP Query User{7C73BDBF-9CBE-4A3A-AC46-375B58B4D494}E:\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=e:\xampplite\apache\bin\httpd.exe | "UDP Query User{80DA8BBD-0C0F-41EB-9047-4ACEB2CA1855}E:\production\websites\wos\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=e:\production\websites\wos\apache2\bin\httpd.exe | "UDP Query User{87955E74-5574-4914-9B07-9C9461457268}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{AD727ED4-3585-4A93-9540-45F198A5F104}G:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=g:\xampp\apache\bin\apache.exe | "UDP Query User{AFBDEAA1-8386-4970-A5D0-25B9DFFF345F}G:\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=g:\xampplite\apache\bin\httpd.exe | "UDP Query User{AFF67C51-B5CC-40D2-90ED-E188BBB68216}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | "UDP Query User{B3CCE230-5DA1-4C32-A7C7-EC244B5D2C2D}E:\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\xampplite\mysql\bin\mysqld.exe | "UDP Query User{BFFAA78A-8812-4BAC-9376-BA0C7DCEAA3E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{C9CDD1A3-B6D4-4FE1-A9C6-3DEB24BBC922}E:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=e:\xampp\apache\bin\apache.exe | "UDP Query User{CAA6B652-3B5B-46C8-9BE9-1A70E76EB951}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | "UDP Query User{D07F9EA1-C50C-4B3B-AE9F-F1625D70C9C5}E:\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\xampplite\mysql\bin\mysqld.exe | "UDP Query User{D335671E-1494-40A5-811C-3EDCF0CDCEDF}E:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\xampp\mysql\bin\mysqld.exe | "UDP Query User{EB56EB39-BE68-453B-9ED1-0044EE145B52}E:\production\websites\wos\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=e:\production\websites\wos\mysql\bin\mysqld-nt.exe | "UDP Query User{EF4BF41F-19FC-41BF-8D39-45AE8BC1C20F}C:\program files (x86)\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files (x86)\safari\safari.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64 "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64 "{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64 "{7523EFAC-5445-4E89-BD90-84E0D0110690}" = Adobe Photoshop Lightroom 2.6 64-bit "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64 "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4 "{8BADD53C-3A6D-4D22-B8C5-56ACD699C17D}" = Digital Signatur "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4 "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64 "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4 "{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64 "{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit) "{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "CS464_is1" = Tone Mapping Plug-In 1.2 "CutePDF Writer Installation" = CutePDF Writer 2.8 "LameACM" = Lame ACM MP3 Codec "Lexmark 4900 Series" = Lexmark 4900 Series "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Drivers" = NVIDIA Drivers "PhotomatixPro3x64_is1" = Photomatix Pro version 3.2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{51E43DA1-CAEA-4264-9BB8-3F47ED57E2A4}" = TI InterActive!(TM) "{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0 "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{755C5628-7C85-C99A-4035-1B89D6D43BD8}" = TweetDeck "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{8BADD53C-3A6D-4D22-B8C5-56ACD699C17D}" = Digital Signatur "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B5D38531-2B11-45AA-8D35-8E30338B4DC8}" = Fronter OES2 Firefox "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears "{C084BC61-E537-11DE-8616-005056806466}" = Google Earth "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari "{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1 "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4F9F327-2274-B414-B3CA-A2A1084E2E24}" = iTunes Export "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "Ask & Record Toolbar4.00 Public Beta 1" = Ask & Record Toolbar 4.00 Public Beta 1 "Ask Toolbar_is1" = Ask Toolbar "Audacity_is1" = Audacity 1.2.6 "avast!" = avast! Antivirus "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DebugMode FrameServer" = DebugMode FrameServer "Digital Editions" = Adobe Digital Editions "Digital Signatur" = Digital Signatur "DVD Flick_is1" = DVD Flick 1.3.0.7 "ERUNT_is1" = ERUNT 1.1j "Foxit Reader" = Foxit Reader "GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997) "ImgBurn" = ImgBurn "IrfanView" = IrfanView (remove only) "iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1" = iTunes Export "KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Standard) "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "LastFM_is1" = Last.fm 1.5.4.24567 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7) "Mp3tag" = Mp3tag v2.45a "Orbit_is1" = Orbit Downloader "PokerStars" = PokerStars "SpywareBlaster_is1" = SpywareBlaster 4.2 "SystemRequirementsLab" = System Requirements Lab "TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck "uTorrent" = µTorrent "VLC Connection Utility_is1" = VLC Connection Utility 2.11 "VLC media player" = VLC media player 1.0.0 "WinRAR archiver" = WinRAR archiver "Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter "Xvid_is1" = Xvid 1.2.1 final uninstall [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "PokerOffice5" = PokerOffice 5 (remove only) [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Antivirus Events ] Error - 11/13/2009 7:54:31 AM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Kasper\AppData\Local\FLVService\MILF Wendy Taylor´s Hot Porn Debut - spankwire.com(10).bin failed, 00000005. Error - 11/13/2009 6:16:10 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Kasper\AppData\Roaming\Skype\kasper.bs\main.db failed, 00000005. Error - 11/18/2009 8:07:59 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Kasper\AppData\Roaming\Skype\kasper.bs\main.db failed, 00000005. Error - 11/21/2009 9:20:00 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Windows\System32\conime.exe failed, 00000005. Error - 11/21/2009 9:20:12 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Kasper\AppData\Roaming\Skype\kasper.bs\main.db failed, 00000005. Error - 11/22/2009 5:47:07 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Kasper\AppData\Roaming\Skype\kasper.bs\etilqs_wTKUPGlfN6atZBMBuy11 failed, 00000005. Error - 11/28/2009 9:20:00 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Windows\System32\conime.exe failed, 00000005. Error - 12/7/2009 9:52:00 AM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Kasper\AppData\Roaming\Skype\kasper.bs\main.db failed, 00000005. Error - 12/11/2009 9:20:00 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Windows\System32\conime.exe failed, 00000005. Error - 1/21/2010 9:12:33 AM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Kasper\AppData\Roaming\Skype\kasper.bs\main.db failed, 00000005. [ Application Events ] Error - 1/20/2010 7:54:57 AM | Computer Name = Kasper-PC | Source = WinMgmt | ID = 10 Description = Error - 1/21/2010 3:36:47 AM | Computer Name = Kasper-PC | Source = WinMgmt | ID = 10 Description = Error - 1/21/2010 9:43:06 AM | Computer Name = Kasper-PC | Source = WinMgmt | ID = 10 Description = Error - 1/21/2010 9:43:48 AM | Computer Name = Kasper-PC | Source = Application Error | ID = 1000 Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e02a1e, faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e041cf, exception code 0xc0000005, fault offset 0x000000000002ce25, process id 0x768, application start time 0x01ca9a9ef301e45b. Error - 1/21/2010 10:44:05 AM | Computer Name = Kasper-PC | Source = EventSystem | ID = 4609 Description = Error - 1/21/2010 10:44:45 AM | Computer Name = Kasper-PC | Source = WinMgmt | ID = 10 Description = Error - 1/21/2010 10:52:59 AM | Computer Name = Kasper-PC | Source = EventSystem | ID = 4609 Description = Error - 1/21/2010 10:53:41 AM | Computer Name = Kasper-PC | Source = WinMgmt | ID = 10 Description = Error - 1/21/2010 11:10:25 AM | Computer Name = Kasper-PC | Source = EventSystem | ID = 4609 Description = Error - 1/21/2010 11:11:06 AM | Computer Name = Kasper-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 9/9/2009 7:48:28 AM | Computer Name = Kasper-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort4. Error - 9/9/2009 7:48:28 AM | Computer Name = Kasper-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort4. Error - 9/9/2009 7:50:23 AM | Computer Name = Kasper-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort4. Error - 9/9/2009 7:50:23 AM | Computer Name = Kasper-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort4. Error - 9/9/2009 9:10:09 AM | Computer Name = Kasper-PC | Source = Application Popup | ID = 1060 Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 9/9/2009 9:10:09 AM | Computer Name = Kasper-PC | Source = Application Popup | ID = 1060 Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 9/9/2009 9:11:21 AM | Computer Name = Kasper-PC | Source = Ntfs | ID = 262281 Description = The default transaction resource manager on volume F: encountered a non-retryable error and could not start. The data contains the error code. Error - 9/9/2009 9:11:27 AM | Computer Name = Kasper-PC | Source = HTTP | ID = 15016 Description = Error - 9/9/2009 9:11:33 AM | Computer Name = Kasper-PC | Source = Print | ID = 19 Description = The print spooler failed to share printer WebEx Document Loader with shared resource name WebEx Document Loader. Error 2114. The printer cannot be used by others on the network. Error - 9/9/2009 9:11:54 AM | Computer Name = Kasper-PC | Source = Service Control Manager | ID = 7026 Description = < End of report >
ARK.txt
GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-21 16:34:23 Windows 6.0.6002 Service Pack 2 Running: gmer.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x57 0xE4 0xC3 0x7C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x67 0x78 0x93 0xE4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x74 0x62 0xC1 0x7E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7B 0x79 0xAA 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6B 0x3F 0x27 0xAD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x73 0x50 0xD8 0x35 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x57 0xE4 0xC3 0x7C ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x67 0x78 0x93 0xE4 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x74 0x62 0xC1 0x7E ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7B 0x79 0xAA 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6B 0x3F 0x27 0xAD ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x73 0x50 0xD8 0x35 ... ---- EOF - GMER 1.0.15 ----
MBAM LOG.txt
Malwarebytes' Anti-Malware 1.44 Database version: 3510 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18865 1/21/2010 3:58:00 PM mbam-log-2010-01-21 (15-58-00).txt Scan type: Quick Scan Objects scanned: 89298 Time elapsed: 2 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Thanks in advance
Edited by kasperbs, 21 January 2010 - 10:08 AM.