Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unknown infection prevents programs from starting in Windows Vista


  • Please log in to reply

#1
kasperbs

kasperbs

    Member

  • Member
  • PipPip
  • 32 posts
I'm fairly sure I have caught something malicious, but don't know what it is. I have no idea where it have come from, suddenly it was just there, no warning signs.
- I was fiddling around with a printing driver when it happened. I was installing the driver manually through Windows Vista, and the driver was located on an official CD from Lexmark.

Symptoms: Only a handful of programs startup with Windows. The rest is visible as processes (in task manager) but not in the tray, nor can I start or run them.

There is a cross over my network connection, indicating no network connection, but I can surf the internet from Opera (I can't start Firefox or Internet Explorer).

If I start Explorer or tries to look at the device manager, it freezes.

What I've done so far: As I couldn't run any programs in Windows, I had to boot in Safety Mode and run the designated programs from there. I ran TFC, ERUNT and MalwareBytes. This had the effect that after reboot and login in NORMAL MODE, I was left with a black screen. Task Manager shows only 6 or 7 processes running.

I then rebooted into SAFETY MODE and proceeded with the rest of the tests, which I have posted below.

NOTE: When running Gmer.exe, most of the options were grayed out, including the 'show all'. I don't know if that was the result of me running it in Safety Mode or what ever. Just thought I would point it out.

Currently I only have access via SAFETY MODE.

OTL.txt
OTL logfile created on: 1/21/2010 4:38:16 PM - Run 1
OTL by OldTimer - Version 3.1.25.3	 Folder = C:\Users\Kasper\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.75 Gb Total Space | 69.77 Gb Free Space | 58.26% Space Free | Partition Type: NTFS
Drive D: | 487.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 298.09 Gb Total Space | 234.91 Gb Free Space | 78.80% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 69.46 Gb Free Space | 14.91% Space Free | Partition Type: NTFS
Drive G: | 7.52 Gb Total Space | 4.93 Gb Free Space | 65.59% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KASPER-PC
Current User Name: Kasper
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/01/21 15:37:03 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Users\Kasper\Desktop\OTL.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/01/21 15:37:03 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Users\Kasper\Desktop\OTL.exe
MOD - [2009/04/11 07:28:18 | 00,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2009/11/25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2009/11/25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV:[b]64bit:[/b] - [2009/11/25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV:[b]64bit:[/b] - [2009/11/25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV:[b]64bit:[/b] - [2009/10/28 20:21:28 | 00,660,256 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:[b]64bit:[/b] - [2009/09/25 02:26:26 | 01,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:[b]64bit:[/b] - [2009/06/04 22:03:49 | 01,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:[b]64bit:[/b] - [2009/04/11 08:11:27 | 00,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:[b]64bit:[/b] - [2009/04/11 08:11:14 | 00,604,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:[b]64bit:[/b] - [2009/04/11 08:11:04 | 01,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:[b]64bit:[/b] - [2008/05/16 16:39:34 | 01,040,552 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxdrcoms.exe -- (lxdr_device)
SRV:[b]64bit:[/b] - [2008/05/16 16:39:27 | 00,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdrserv.exe -- (lxdrCATSCustConnectService)
SRV:[b]64bit:[/b] - [2008/01/21 03:50:23 | 00,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2008/01/21 03:47:07 | 00,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fxssvc.exe -- (Fax)
SRV:[b]64bit:[/b] - [2008/01/21 03:46:39 | 00,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/15 08:50:03 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/06/04 22:03:42 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/30 05:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/05/16 16:39:15 | 00,594,600 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWow64\lxdrcoms.exe -- (lxdr_device)
SRV - [2006/11/02 14:34:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 07:35:15 | 00,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 07:35:15 | 00,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.dk/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.17
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:3.0.0.65223
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.7
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.6
FF - prefs.js..extensions.enabledItems: {39952c40-5197-11da-8cd6-0800200c9a66}:0.5.2
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.0rc2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2009/11/04 10:00:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/06 20:41:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/18 16:39:57 | 00,000,000 | ---D | M]
 
[2009/08/06 21:04:00 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Extensions
[2009/05/01 22:46:05 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/01/21 14:44:12 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions
[2009/08/24 08:20:16 | 00,000,000 | ---D | M] (Screengrab) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/10/22 09:22:21 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/01/18 10:28:01 | 00,000,000 | ---D | M] (Weave Sync) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2009/11/22 17:22:03 | 00,000,000 | ---D | M] (Linkification) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/11/22 17:22:03 | 00,000,000 | ---D | M] (Tab Control) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{39952c40-5197-11da-8cd6-0800200c9a66}
[2009/12/07 07:33:34 | 00,000,000 | ---D | M] (FireFTP) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/10/16 14:37:26 | 00,000,000 | ---D | M] (Web Developer) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/01/07 22:21:06 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/13 17:09:13 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/11/19 18:13:28 | 00,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2009/08/06 22:07:30 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\[email protected]
[2010/01/20 13:48:04 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\[email protected]
[2010/01/21 14:16:16 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\[email protected]
[2010/01/21 14:16:16 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\[email protected]\chrome
[2010/01/21 14:16:15 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\[email protected]\defaults
[2010/01/21 14:44:12 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008/04/29 17:54:30 | 00,110,592 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npfronter_oes2.dll
 
O1 HOSTS File: ([2009/04/06 16:48:54 | 00,000,789 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1	   localhost
O1 - Hosts: ::1			 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4:[b]64bit:[/b] - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 4900 Series\ezprint.exe (Lexmark International Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [lxdrmon.exe] C:\Program Files (x86)\Lexmark 4900 Series\lxdrmon.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files (x86)\Ask & Record Toolbar\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LELA] C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Evernote] C:\Program Files (x86)\Evernote\Evernote3.5\Evernote.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - HKCU..\Run: [Google Update] C:\Users\Kasper\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [POEngine5]  File not found
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Kasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:[b]64bit:[/b] - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:[b]64bit:[/b] - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:[b]64bit:[/b] - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8:[b]64bit:[/b] - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:[b]64bit:[/b] - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:[b]64bit:[/b] - ..Trusted Domains: danid.dk ([]http in Trusted sites)
O15:[b]64bit:[/b] - ..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.162.153.164 194.239.134.83
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/10 10:57:07 | 00,000,252 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{9c787204-ca0a-11de-a354-0000e8164786}\Shell - "" = AutoRun
O33 - MountPoints2\{9c787204-ca0a-11de-a354-0000e8164786}\Shell\AutoRun\command - "" = K:\MI.exe -- File not found
O33 - MountPoints2\{aa455136-2242-11de-b356-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{aa455136-2242-11de-b356-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2008/09/10 11:24:11 | 00,299,688 | R--- | M] ( )
O33 - MountPoints2\{bc32e8ed-c3bf-11de-8357-002215ed7c66}\Shell\AutoRun\command - "" = K:\MI.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
[b]64bit:[/b] O35 - comfile [open] -- "%1" %* File not found
[b]64bit:[/b] O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
NetSvcs:[b]64bit:[/b] Ias - C:\Windows\SysNative\ias [2008/01/21 04:05:52 | 00,000,000 | ---D | M]
NetSvcs:[b]64bit:[/b] Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/21 04:07:48 | 00,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!
 
[color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color]
 
[2010/01/21 15:46:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/01/21 15:37:03 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Users\Kasper\Desktop\OTL.exe
[2010/01/21 15:36:00 | 00,791,393 | ---- | C] (Lars Hederer												) -- C:\Users\Kasper\Desktop\erunt_setup.exe
[2010/01/21 15:35:53 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Kasper\Desktop\TFC.exe
[2010/01/21 14:02:04 | 00,000,000 | ---D | C] -- C:\ProgramData\Lexmark 4900 Series
[2010/01/21 13:57:09 | 00,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrpmui.dll
[2010/01/21 13:57:09 | 00,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrinpa.dll
[2010/01/21 13:57:09 | 00,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdriesc.dll
[2010/01/21 13:57:09 | 00,126,976 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysWow64\lxdrlnks.dll
[2010/01/21 13:57:08 | 01,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrserv.dll
[2010/01/21 13:57:08 | 00,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrusb1.dll
[2010/01/21 13:57:08 | 00,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrlmpm.dll
[2010/01/21 13:57:07 | 00,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrcomc.dll
[2010/01/21 13:57:07 | 00,679,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrhbn3.dll
[2010/01/21 13:57:07 | 00,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrcoms.exe
[2010/01/21 13:57:07 | 00,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrcomm.dll
[2010/01/21 13:57:07 | 00,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrcfg.exe
[2010/01/21 13:57:07 | 00,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrih.exe
[2010/01/21 13:56:57 | 00,680,960 | ---- | C] ( ) -- C:\Windows\SysNative\LXDRhcp.dll
[2010/01/21 13:56:56 | 00,896,000 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrlmpm.dll
[2010/01/21 13:56:54 | 01,291,264 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrcomc.dll
[2010/01/21 13:56:53 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 4900 Series
[2010/01/21 13:47:43 | 00,077,906 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\lxdrcfg.dll
[2010/01/21 13:46:47 | 00,000,000 | R--D | C] -- C:\Users\Kasper\Documents\Scanned Documents
[2010/01/21 13:46:46 | 00,000,000 | ---D | C] -- C:\Users\Kasper\Documents\Fax
[2010/01/20 15:44:10 | 00,000,000 | ---D | C] -- C:\ProgramData\Lx_cats
[2010/01/20 15:36:48 | 00,065,536 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\lxdrcfg.dll
[2010/01/20 15:35:54 | 01,660,928 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrserv.dll
[2010/01/20 15:35:54 | 00,982,016 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrpmui.dll
[2010/01/20 15:35:53 | 01,337,344 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrusb1.dll
[2010/01/20 15:35:53 | 01,090,560 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrhbn3.dll
[2010/01/20 15:35:53 | 00,581,632 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrcomm.dll
[2010/01/20 15:35:53 | 00,548,864 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrinpa.dll
[2010/01/20 15:35:53 | 00,513,024 | ---- | C] ( ) -- C:\Windows\SysNative\lxdriesc.dll
[2010/01/20 15:34:23 | 00,065,536 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\lxdrcfg64.dll
[2010/01/20 15:34:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Ezprint
[2010/01/20 15:34:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark Toolbar
[2010/01/20 15:34:03 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark Printable Web
[2010/01/20 15:32:57 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark 4900 Series
[2010/01/19 11:59:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TI Education
[2010/01/19 11:57:42 | 00,000,000 | ---D | C] -- C:\Users\Kasper\Desktop\TiInteractive
[2010/01/17 14:28:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Hobbyist Software
[2010/01/17 13:28:52 | 27,386,256 | ---- | C] (								   ) -- C:\Users\Kasper\Desktop\AdbeRdr930_en_US.exe
[2010/01/16 13:57:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Fronter AS
[2010/01/13 18:04:37 | 00,069,632 | ---- | C] ( ) -- C:\nporbit.dll
[2010/01/13 18:03:31 | 00,000,000 | ---D | C] -- C:\Downloads
[2010/01/13 18:01:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Orbitdownloader
[2010/01/13 18:01:36 | 00,000,000 | ---D | C] -- C:\Users\Kasper\AppData\Roaming\Orbit
[2010/01/13 17:43:03 | 00,000,000 | ---D | C] -- C:\Users\Kasper\AppData\Roaming\FlashGet
[2010/01/13 17:43:03 | 00,000,000 | ---D | C] -- C:\Users\Kasper\AppData\Roaming\BITS
[2010/01/13 17:42:59 | 00,000,000 | ---D | C] -- C:\Users\Kasper\AppData\Roaming\FlashGetBHO
[2010/01/13 17:42:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FlashGet Network
 
[color=#E56717]========== Files - Modified Within 14 Days ==========[/color]
 
[2010/01/21 16:38:31 | 03,932,160 | -HS- | M] () -- C:\Users\Kasper\NTUSER.DAT
[2010/01/21 16:36:56 | 01,459,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/21 16:36:56 | 00,652,310 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2010/01/21 16:36:56 | 00,594,698 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/21 16:36:56 | 00,125,186 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2010/01/21 16:36:56 | 00,100,766 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/21 16:09:53 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/21 16:06:42 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/21 16:06:09 | 00,524,288 | -HS- | M] () -- C:\Users\Kasper\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/21 16:06:09 | 00,065,536 | -HS- | M] () -- C:\Users\Kasper\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2010/01/21 16:06:07 | 00,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CB9FA888-C130-4BBD-AD9F-CF123505E53D}.job
[2010/01/21 16:04:56 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/21 16:04:47 | 00,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/21 16:04:46 | 00,034,990 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/01/21 16:04:46 | 00,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/21 16:04:45 | 00,034,990 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/01/21 15:46:45 | 00,000,943 | ---- | M] () -- C:\Users\Kasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/21 15:46:43 | 00,000,744 | ---- | M] () -- C:\Users\Kasper\Desktop\ERUNT.lnk
[2010/01/21 15:37:03 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Users\Kasper\Desktop\OTL.exe
[2010/01/21 15:36:56 | 00,284,915 | ---- | M] () -- C:\Users\Kasper\Desktop\gmer.zip
[2010/01/21 15:36:01 | 00,791,393 | ---- | M] (Lars Hederer												) -- C:\Users\Kasper\Desktop\erunt_setup.exe
[2010/01/21 15:35:53 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Kasper\Desktop\TFC.exe
[2010/01/21 15:30:28 | 00,460,388 | ---- | M] () -- C:\Users\Kasper\Desktop\kasper-sorensen-mat-25.jpg
[2010/01/21 15:10:00 | 00,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2356987698-3661441655-3655627599-1000UA.job
[2010/01/21 15:00:00 | 00,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/21 14:50:19 | 00,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/01/21 14:09:07 | 00,102,288 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/01/20 23:10:00 | 00,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2356987698-3661441655-3655627599-1000Core.job
[2010/01/20 17:40:49 | 00,116,224 | ---- | M] () -- C:\Users\Kasper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/20 13:20:30 | 00,056,352 | ---- | M] () -- C:\Users\Kasper\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/20 12:53:36 | 02,862,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/01/19 11:59:50 | 00,002,071 | ---- | M] () -- C:\Users\Kasper\Desktop\TI InterActive!.lnk
[2010/01/19 11:55:56 | 45,747,123 | ---- | M] () -- C:\Users\Kasper\Desktop\TI-interactive Vista.zip
[2010/01/17 13:29:18 | 27,386,256 | ---- | M] (								   ) -- C:\Users\Kasper\Desktop\AdbeRdr930_en_US.exe
[2010/01/15 21:38:05 | 00,000,000 | ---- | M] () -- C:\Users\Kasper\temp.dat
[2010/01/13 17:51:52 | 00,000,305 | ---- | M] () -- C:\Windows\SysWow64\secushr.dat
[2010/01/13 17:45:09 | 00,002,360 | ---- | M] () -- C:\Windows\Opera.INI
[2010/01/13 17:43:07 | 00,000,025 | ---- | M] () -- C:\Windows\libem.INI
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/01/21 15:46:45 | 00,000,943 | ---- | C] () -- C:\Users\Kasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/21 15:46:43 | 00,000,744 | ---- | C] () -- C:\Users\Kasper\Desktop\ERUNT.lnk
[2010/01/21 15:39:32 | 00,293,376 | ---- | C] () -- C:\Users\Kasper\Desktop\gmer.exe
[2010/01/21 15:36:55 | 00,284,915 | ---- | C] () -- C:\Users\Kasper\Desktop\gmer.zip
[2010/01/21 15:30:28 | 00,460,388 | ---- | C] () -- C:\Users\Kasper\Desktop\kasper-sorensen-mat-25.jpg
[2010/01/21 14:50:19 | 00,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/21 14:02:04 | 00,000,370 | ---- | C] () -- C:\ProgramData\lxdrDiagnostics.log
[2010/01/21 13:57:32 | 00,000,044 | ---- | C] () -- C:\Windows\SysNative\lxdrrwrd.ini
[2010/01/21 13:57:09 | 00,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDRinst.dll
[2010/01/21 13:57:09 | 00,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdrcomx.dll
[2010/01/21 13:57:07 | 00,002,043 | ---- | C] () -- C:\Windows\SysWow64\lxdr.loc
[2010/01/21 13:56:57 | 00,594,432 | ---- | C] () -- C:\Windows\SysNative\LXDRinst.dll
[2010/01/20 16:38:09 | 00,102,288 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/01/20 16:36:25 | 00,002,043 | ---- | C] () -- C:\Windows\SysNative\lxdr.loc
[2010/01/20 16:36:24 | 00,061,218 | ---- | C] () -- C:\Windows\SysNative\lxdrprpr.chm
[2010/01/20 16:18:14 | 00,001,045 | ---- | C] () -- C:\ProgramData\lxdr.log
[2010/01/20 15:36:49 | 00,617,984 | ---- | C] () -- C:\Windows\SysNative\lxdrcoin.dll
[2010/01/20 15:35:52 | 00,300,032 | ---- | C] () -- C:\Windows\SysNative\lxdrgrd.dll
[2010/01/20 15:35:51 | 00,109,056 | ---- | C] () -- C:\Windows\SysNative\lxdrvs.dll
[2010/01/20 15:34:23 | 01,416,192 | ---- | C] () -- C:\Windows\SysNative\lxdrdrs64.dll
[2010/01/20 15:34:23 | 01,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdrdrs.dll
[2010/01/20 15:34:23 | 00,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdrcaps.dll
[2010/01/20 15:34:23 | 00,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdrcnv4.dll
[2010/01/20 15:34:23 | 00,054,784 | ---- | C] () -- C:\Windows\SysNative\lxdrcnv464.dll
[2010/01/20 15:34:23 | 00,025,600 | ---- | C] () -- C:\Windows\SysNative\lxdrcaps64.dll
[2010/01/20 15:34:21 | 00,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010/01/20 15:27:46 | 00,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/01/19 11:59:50 | 00,002,071 | ---- | C] () -- C:\Users\Kasper\Desktop\TI InterActive!.lnk
[2010/01/19 11:52:23 | 45,747,123 | ---- | C] () -- C:\Users\Kasper\Desktop\TI-interactive Vista.zip
[2010/01/13 17:51:52 | 00,000,305 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2010/01/13 17:45:09 | 00,002,360 | ---- | C] () -- C:\Windows\Opera.INI
[2010/01/13 17:43:07 | 00,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2009/12/18 16:46:16 | 00,001,101 | ---- | C] () -- C:\ProgramData\afl.log
[2009/12/07 16:35:29 | 00,432,466 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistMSI3DC5.txt
[2009/12/07 16:35:29 | 00,011,714 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistUI3DC5.txt
[2009/12/03 14:59:33 | 00,415,708 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistMSI3BD0.txt
[2009/12/03 14:59:33 | 00,018,218 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistUI3BD0.txt
[2009/12/03 13:41:07 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 13:40:09 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/05 11:16:14 | 00,034,990 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/04 19:33:54 | 00,034,990 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/09/13 20:24:00 | 00,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/08/13 19:59:29 | 00,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/08/13 19:59:29 | 00,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/07/29 15:05:47 | 00,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/06/09 01:47:51 | 00,000,680 | ---- | C] () -- C:\Users\Kasper\AppData\Local\d3d9caps.dat
[2009/06/07 21:17:53 | 00,014,102 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistUI3B93.txt
[2009/06/06 15:16:42 | 00,412,822 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistMSI5900.txt
[2009/06/06 15:16:42 | 00,011,470 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistUI5900.txt
[2009/06/04 22:26:57 | 00,415,726 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistMSI0606.txt
[2009/06/04 22:26:56 | 00,011,386 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistUI0606.txt
[2009/06/04 20:38:17 | 00,418,676 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistMSI32DA.txt
[2009/06/04 20:38:16 | 00,018,774 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistUI32DA.txt
[2009/04/05 22:25:12 | 00,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/04/05 22:25:11 | 00,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/04/05 22:25:11 | 00,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/04/05 22:25:10 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/04/05 22:25:10 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/04/05 22:25:09 | 00,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/04/05 21:08:58 | 00,116,224 | ---- | C] () -- C:\Users\Kasper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/05 18:03:35 | 00,028,551 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/04/05 17:49:46 | 00,000,732 | ---- | C] () -- C:\Users\Kasper\AppData\Local\d3d9caps64.dat
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/02/11 09:39:26 | 00,253,952 | ---- | C] () -- C:\Windows\SysWow64\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 00,237,568 | ---- | C] () -- C:\Windows\SysWow64\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 00,110,592 | ---- | C] () -- C:\Windows\SysWow64\OnlineScannerLang.dll
[2008/01/21 03:49:10 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/12/28 08:22:02 | 00,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/07/27 14:49:02 | 00,225,355 | ---- | C] () -- C:\Windows\SysWow64\lnod32apiW.dll
[2007/07/27 14:49:02 | 00,196,683 | ---- | C] () -- C:\Windows\SysWow64\lnod32apiA.dll
[2005/12/05 19:25:22 | 00,139,264 | ---- | C] () -- C:\Windows\SysWow64\lnod32umc.dll
[2005/12/05 12:37:10 | 00,106,496 | ---- | C] () -- C:\Windows\SysWow64\lnod32upd.dll
[2005/07/09 09:37:44 | 00,005,632 | ---- | C] () -- C:\Windows\SysWow64\dfsc.dll
[2000/10/30 10:04:00 | 00,000,209 | ---- | C] () -- C:\Windows\Ic32.ini
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009/04/23 22:18:04 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\AMPSoft
[2009/06/14 14:40:39 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Aptana
[2009/05/11 00:36:47 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Audacity
[2010/01/13 17:43:29 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\BITS
[2009/04/08 03:05:45 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2009/04/10 10:27:48 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\com.snippely.6E4C758165F11BBEC90F106AA88CF53EB51547B1.1
[2009/12/23 15:27:24 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Cryptomathic
[2009/12/04 00:44:06 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Cycling '74
[2009/04/05 23:43:16 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\DAEMON Tools
[2009/09/14 21:07:27 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\DAEMON Tools Lite
[2009/04/05 23:43:16 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\DAEMON Tools Pro
[2009/04/05 22:08:04 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2009/04/06 18:26:57 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\FireShot
[2010/01/13 17:43:03 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\FlashGet
[2010/01/13 17:43:00 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\FlashGetBHO
[2009/04/05 22:40:18 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Foxit
[2009/07/10 20:15:21 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\GetRightToGo
[2009/06/13 17:09:16 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\GHISLER
[2009/10/15 15:46:20 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\GrabIt
[2009/08/24 22:01:44 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\HDRsoft
[2009/07/08 20:04:53 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\ImgBurn
[2009/05/06 21:07:49 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mp3tag
[2009/09/03 21:01:42 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Nokia
[2009/06/14 14:43:15 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Notepad++
[2009/04/07 20:26:45 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\OpenOffice.org
[2009/04/05 23:59:45 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Opera
[2010/01/20 14:33:59 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Orbit
[2009/06/04 20:18:25 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\OxelonMC
[2009/09/03 20:57:25 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\PC Suite
[2009/04/28 18:10:18 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Publish Providers
[2009/06/27 01:31:18 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\RawTherapee
[2009/05/01 22:46:04 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Songbird2
[2009/06/10 02:27:02 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Sony
[2009/12/08 01:03:40 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Sony Creative Software
[2009/04/06 14:40:04 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\SystemRequirementsLab
[2009/04/05 22:03:19 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/12/03 22:43:30 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/01/21 15:27:52 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\uTorrent
[2010/01/21 16:06:42 | 00,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/21 16:06:07 | 00,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CB9FA888-C130-4BBD-AD9F-CF123505E53D}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2008/01/21 03:45:58 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/21 03:45:58 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2008/01/21 03:45:58 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 08:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2006/11/02 12:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2008/01/21 03:46:07 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2008/01/21 03:50:06 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 08:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/21 03:47:35 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2008/01/21 03:46:02 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2008/01/21 03:49:34 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/21 03:48:56 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 08:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 64 bytes -> C:\Users\Kasper\Desktop\aw-tutorial.mp4:TOC.WMV
@Alternate Data Stream - 24 bytes -> C:\Windows:6D16765549E8AE1E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >

EXTRAS.txt
OTL Extras logfile created on: 1/21/2010 4:38:16 PM - Run 1
OTL by OldTimer - Version 3.1.25.3	 Folder = C:\Users\Kasper\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.75 Gb Total Space | 69.77 Gb Free Space | 58.26% Space Free | Partition Type: NTFS
Drive D: | 487.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 298.09 Gb Total Space | 234.91 Gb Free Space | 78.80% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 69.46 Gb Free Space | 14.91% Space Free | Partition Type: NTFS
Drive G: | 7.52 Gb Total Space | 4.93 Gb Free Space | 65.59% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KASPER-PC
Current User Name: Kasper
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01  [binary data]
"VistaSp2" = D1 DF 3A CB 24 74 CA 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08799CDB-CF48-490C-BFB2-73E83C92282B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0B02296E-DC91-44CE-B4EE-17EC2E7F604C}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{111D2EAE-EBCE-42DC-B63A-149F027CBDE6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{359FAEA9-021D-41D6-B232-740E6F107E31}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{41736B84-4462-4D6C-B49B-C7FCD71743EB}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{457736F7-9F08-4438-96EC-AD59F133E20D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{473C31D3-9B55-45DD-A3EB-88877EB4DAD5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{48BA7790-50C1-43DD-8F68-3895A13DD4B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{493ECB99-ADDB-433F-B4CF-129D57033E74}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{56EF0291-4624-41BC-A5C9-65D2BD10EB5C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{59B84E97-46B2-4D46-8A44-FA4B46C7904B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{65BFE3FB-FDE4-4F49-8C33-7455746D6E7A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{67D2C285-CA49-450A-AAA1-4848A810D01E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{6E249286-5033-40A5-AF5B-BCE394259DE6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{723A68FD-5243-490F-9E67-2157DF79C5B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{7F1A850D-D1CA-452D-B6D1-03121871B998}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7F6EFCAC-7ABF-4D1A-B951-3E0BCACAD1A3}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{8419B4B6-53B6-46F5-B71D-A0952A5D5D74}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{88A6128B-07E6-48B4-93B5-05C12B0D1B64}" = lport=8081 | protocol=6 | dir=in | name=apache | 
"{8DC001B2-C691-4B45-873A-637C5137AF25}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8FAF4469-0E43-4462-835D-36F1DF4E3426}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{90581F06-2BF6-4131-B138-010EE00D55DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{94968861-D158-41D4-9B5E-C60D8823BD5F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{9BCA0919-3642-410E-B7F5-ED957EADA4C0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9E20993E-090E-425D-B274-4DFECB900640}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A288789E-869A-413A-9A1C-696C8245D517}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A318B251-6B0A-4460-9296-EC2615CF32D8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A4B16E3F-CC04-400A-86A4-B659A386C7E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A7F795F4-3C23-4E02-872B-47DB7E858F8E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A91EB829-33B2-483A-ACE2-FA8069773D13}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AC500797-C2E5-422B-ACAB-E35315D519B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B1A87A1D-375E-4502-8CA9-87F49AAEDEFE}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{B6728B0F-CAD7-417E-9DB2-5ABA0480862D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{BC07D3A6-E06E-430F-AE0B-26DE8D8FB892}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BD627FA4-8BEF-4A59-A98E-71680FB3AD87}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C06C4160-DAE2-45FA-B719-4478A59C2047}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C943F84F-AAAE-47E9-87CB-3B966FE189CA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CFF28C63-3E37-403E-ACF3-7830C13682A3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{EEBCC30E-6B16-49A0-A2A7-D785ADA7DA12}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F35C1DE6-63DE-4B5F-8B62-EFA0CE30F066}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C339BD-EC05-4F10-ACF4-6FBE6603D46B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{04FFA875-AAD3-4887-8D6A-8E72C48435C8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{0F09299F-8D60-4BD6-A00C-79D2A10F2D37}" = protocol=1 | dir=in | [email protected],-28543 | 
"{1D4149D5-66D6-498B-94DD-452950D65B6A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{20F8B8FC-0391-4B50-AA4A-552EA405CA9B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{21EFFD0F-BB86-423D-BD82-F8E6E98CE548}" = protocol=1 | dir=out | [email protected],-28544 | 
"{22E48A55-0D03-4115-9DB8-A2D37571AE73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{23C06D95-6C10-4D18-A658-A94DC1CD7CB1}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{2605112B-06D9-485F-8A27-698937CA2396}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | 
"{2856EB79-441E-46D9-AAAC-823C85C8C78E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{39F4A917-7556-480F-95BF-000D9B3D13B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4399C02C-6CB9-4EB0-9E89-DFCA78A5E7FE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{45088889-3EA2-467F-B1C6-55E8C7505EEE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{584422B9-5BE4-44BF-B561-CDA2D85F833D}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{5A2830C8-D188-426C-ACA3-FC8A2251AC20}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdrpswx.exe | 
"{5DFF3DD2-DE75-46A0-8004-FC30B20AACEF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{66B076B6-BC01-49D8-BC68-58160D3D894C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{68741E4C-C2EB-4EC6-9DBB-B7BA1F539666}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6995692E-2D97-4B39-B77E-D0CE154CF281}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdrpswx.exe | 
"{906F74F7-4FE2-43C4-B1F0-BD2364DEDF87}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9279EC1F-0EA7-4B82-9C1F-4FEAABB9BD20}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{963FC46E-10BA-4413-B193-C2BFE654D712}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9D4DCEB2-C2E3-4D68-BD23-378005B798FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A12343E8-84E1-4C86-A9CC-E704F2A4DE6E}" = protocol=17 | dir=in | app=c:\windows\system32\lxdrcoms.exe | 
"{A80D093C-2E33-46CB-AC58-C06E663A0D9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B08B58EF-47E5-41A2-A2A7-7114409214ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B263EF11-68AF-4133-A165-394421DF0C23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B2CC66A5-9CE1-4BFA-BBA7-2C6327A39A70}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B677A08C-952F-47B9-A1F9-A94D9664AACA}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{B711B1A1-822A-4131-9131-AE6460B8A883}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{BA1AB993-3D41-49B9-8196-AD5EC60EE04C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{BED019A6-C133-4C7E-B786-B4F7580FF52A}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{D195588E-F552-4AE7-A187-A95E87E7AF5F}" = protocol=58 | dir=in | [email protected],-28545 | 
"{D1D64309-2704-4285-A9B6-06C9BDEE1170}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdrcoms.exe | 
"{DA26C093-BD58-4128-A03D-BAC2D1CB879B}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdrcoms.exe | 
"{DC5087F4-29CB-4F1E-800D-D268549E8801}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DC80D081-0E2E-43B6-9451-84463A179E47}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E298160F-D0DC-40AE-AD7C-C505B1DD3848}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | 
"{E4168052-C572-475C-B8F0-40BB58E80ADC}" = protocol=6 | dir=out | app=system | 
"{E4A46FC0-74A8-4083-838E-6D4E30DAA8CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E52ACA98-FACA-4A74-9321-7A88447C10B3}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{EAC50F99-2885-43C3-834D-92E236EE381E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F705FC83-152C-43CB-B2E4-14242A70F4F9}" = protocol=6 | dir=in | app=c:\windows\system32\lxdrcoms.exe | 
"{F823CDEE-EF45-42C8-9959-8EC67A0EC04C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{F8535E8B-6DC3-4081-B72A-9B80597F3757}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FA29DC4B-C6E6-4454-87B8-DDE182DA8C05}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{FB73D63D-58BC-4B3A-AB9B-B7930541CC8C}" = protocol=58 | dir=out | [email protected],-28546 | 
"TCP Query User{04A9643E-8BFB-4FDF-9BA0-23ACFBAD2B55}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{29EBF25B-A358-409F-89B4-D35EC14B3F56}E:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=e:\xampp\apache\bin\apache.exe | 
"TCP Query User{38E83A72-037A-447D-95D3-263D37B61321}E:\production\websites\wos\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=e:\production\websites\wos\mysql\bin\mysqld-nt.exe | 
"TCP Query User{43E03727-77BF-4196-8488-5D8A01AD8C3F}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"TCP Query User{4DCEC423-EC9C-4463-BE7A-F33034CB5190}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{54CD1A6E-8D00-4115-B5E5-D78CF4E9C410}E:\production\websites\resources\local software\wos\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=e:\production\websites\resources\local software\wos\apache2\bin\httpd.exe | 
"TCP Query User{59F632F4-CDD4-48D7-B93C-13FB5EE298DA}E:\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=e:\xampplite\apache\bin\httpd.exe | 
"TCP Query User{6956B191-5B33-4862-A89B-035F43604E21}E:\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\xampplite\mysql\bin\mysqld.exe | 
"TCP Query User{7179007A-3D27-4957-820B-FF776A237761}C:\program files (x86)\pokeroffice5\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pokeroffice5\bin\javaw.exe | 
"TCP Query User{71914AF9-2C4C-4B11-AEC8-68AFC0BCFDD3}G:\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=g:\xampplite\mysql\bin\mysqld.exe | 
"TCP Query User{76E4BA04-0B9F-4407-8EBF-BCBB6F64AEAF}G:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=g:\xampp\apache\bin\apache.exe | 
"TCP Query User{871D9F88-69FB-4133-A751-FEA85D149E3C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{898B48B7-4235-4E8A-9DED-77162ADCE3FD}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe | 
"TCP Query User{96C2F499-B56D-4F3B-A443-4E196A451AF2}E:\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=e:\xampplite\apache\bin\httpd.exe | 
"TCP Query User{9CC3B15F-66C4-4CF7-8143-8097172E8C66}G:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=g:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{9D641DBD-5629-42C2-A492-D243E6C79EAB}C:\program files (x86)\aptana studio 1.2\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aptana studio 1.2\jre\bin\javaw.exe | 
"TCP Query User{A4CA78BA-C1B7-45A6-BC4E-A25327101400}E:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{ACB2BCFB-6692-4EC4-84FA-6607CF571082}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{AD6E1349-5752-4E4A-A12F-F717B58C59FC}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"TCP Query User{B672D476-FE55-466D-9811-8FEF26720D53}C:\program files (x86)\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files (x86)\safari\safari.exe | 
"TCP Query User{BD1C79CD-A4A2-4383-B8C5-9B64B4E11902}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{C6CB4671-4976-4072-9505-9B8DE6BADF4D}E:\production\websites\resources\local software\wos\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=e:\production\websites\resources\local software\wos\mysql\bin\mysqld-nt.exe | 
"TCP Query User{D7239D15-0B13-47B0-958F-A34D573AFD28}G:\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=g:\xampplite\apache\bin\httpd.exe | 
"TCP Query User{D7270B04-6FBC-421E-83E2-7D87B7F5CEF7}E:\production\websites\wos\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=e:\production\websites\wos\apache2\bin\httpd.exe | 
"TCP Query User{E1CA9881-9489-4228-BF9B-DB51031340C1}C:\program files (x86)\smartcam\smartcam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smartcam\smartcam.exe | 
"TCP Query User{E63392F3-5BE3-40CB-91EA-BAC6440166E0}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{EA2A30B9-287B-4FBE-95B5-41EDEC07B7EA}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{EDB80D3A-9076-4992-A4D4-416E4ACD2EFB}E:\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\xampplite\mysql\bin\mysqld.exe | 
"UDP Query User{009D3239-F0AC-4545-BEEB-FCC6DE1AED44}C:\program files (x86)\smartcam\smartcam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smartcam\smartcam.exe | 
"UDP Query User{011B0BD2-9104-41BD-ADFC-55156F98F237}E:\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=e:\xampplite\apache\bin\httpd.exe | 
"UDP Query User{01EEDA18-E518-46A1-A32F-C830F5704FED}E:\production\websites\resources\local software\wos\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=e:\production\websites\resources\local software\wos\mysql\bin\mysqld-nt.exe | 
"UDP Query User{1DB1FAC1-3666-40CC-958F-70C3334B9CCC}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe | 
"UDP Query User{2B714DD2-FA37-4F85-AA62-217092B9B91C}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{2D29AB27-B5DC-4D1B-8CFB-513FAB5BC99A}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{3715298D-3A3F-42D3-A4C4-AC89B11A3969}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{37E9EF72-3AC8-44F3-93FE-C5351113B246}G:\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=g:\xampplite\mysql\bin\mysqld.exe | 
"UDP Query User{3EAB1757-80C5-4A0B-ABEE-3C3C244E0F67}C:\program files (x86)\aptana studio 1.2\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aptana studio 1.2\jre\bin\javaw.exe | 
"UDP Query User{4A320479-0181-4287-B31D-FB66C9D5FC76}G:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=g:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{62DA1376-3237-4740-8B1D-0936101FC1C2}E:\production\websites\resources\local software\wos\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=e:\production\websites\resources\local software\wos\apache2\bin\httpd.exe | 
"UDP Query User{67DE43C0-52E7-4D12-B03D-C27995A09031}C:\program files (x86)\pokeroffice5\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pokeroffice5\bin\javaw.exe | 
"UDP Query User{69D227EB-729C-444F-8642-5CD4EDDED2CC}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{7B18DEBA-E3A7-4A16-9AD7-44AD953E7C53}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{7C73BDBF-9CBE-4A3A-AC46-375B58B4D494}E:\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=e:\xampplite\apache\bin\httpd.exe | 
"UDP Query User{80DA8BBD-0C0F-41EB-9047-4ACEB2CA1855}E:\production\websites\wos\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=e:\production\websites\wos\apache2\bin\httpd.exe | 
"UDP Query User{87955E74-5574-4914-9B07-9C9461457268}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{AD727ED4-3585-4A93-9540-45F198A5F104}G:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=g:\xampp\apache\bin\apache.exe | 
"UDP Query User{AFBDEAA1-8386-4970-A5D0-25B9DFFF345F}G:\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=g:\xampplite\apache\bin\httpd.exe | 
"UDP Query User{AFF67C51-B5CC-40D2-90ED-E188BBB68216}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"UDP Query User{B3CCE230-5DA1-4C32-A7C7-EC244B5D2C2D}E:\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\xampplite\mysql\bin\mysqld.exe | 
"UDP Query User{BFFAA78A-8812-4BAC-9376-BA0C7DCEAA3E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{C9CDD1A3-B6D4-4FE1-A9C6-3DEB24BBC922}E:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=e:\xampp\apache\bin\apache.exe | 
"UDP Query User{CAA6B652-3B5B-46C8-9BE9-1A70E76EB951}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"UDP Query User{D07F9EA1-C50C-4B3B-AE9F-F1625D70C9C5}E:\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\xampplite\mysql\bin\mysqld.exe | 
"UDP Query User{D335671E-1494-40A5-811C-3EDCF0CDCEDF}E:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{EB56EB39-BE68-453B-9ED1-0044EE145B52}E:\production\websites\wos\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=e:\production\websites\wos\mysql\bin\mysqld-nt.exe | 
"UDP Query User{EF4BF41F-19FC-41BF-8D39-45AE8BC1C20F}C:\program files (x86)\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files (x86)\safari\safari.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{7523EFAC-5445-4E89-BD90-84E0D0110690}" = Adobe Photoshop Lightroom 2.6 64-bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8BADD53C-3A6D-4D22-B8C5-56ACD699C17D}" = Digital Signatur
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"CS464_is1" = Tone Mapping Plug-In 1.2
"CutePDF Writer Installation" = CutePDF Writer 2.8
"LameACM" = Lame ACM MP3 Codec
"Lexmark 4900 Series" = Lexmark 4900 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"PhotomatixPro3x64_is1" = Photomatix Pro version 3.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{51E43DA1-CAEA-4264-9BB8-3F47ED57E2A4}" = TI InterActive!(TM)
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{755C5628-7C85-C99A-4035-1B89D6D43BD8}" = TweetDeck
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8BADD53C-3A6D-4D22-B8C5-56ACD699C17D}" = Digital Signatur
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5D38531-2B11-45AA-8D35-8E30338B4DC8}" = Fronter OES2 Firefox
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F9F327-2274-B414-B3CA-A2A1084E2E24}" = iTunes Export
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Ask & Record Toolbar4.00 Public Beta 1" = Ask & Record Toolbar 4.00 Public Beta 1 
"Ask Toolbar_is1" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DebugMode FrameServer" = DebugMode FrameServer
"Digital Editions" = Adobe Digital Editions
"Digital Signatur" = Digital Signatur
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1" = iTunes Export
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Standard)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mp3tag" = Mp3tag v2.45a
"Orbit_is1" = Orbit Downloader
"PokerStars" = PokerStars
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SystemRequirementsLab" = System Requirements Lab
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"uTorrent" = µTorrent
"VLC Connection Utility_is1" = VLC Connection Utility 2.11
"VLC media player" = VLC media player 1.0.0
"WinRAR archiver" = WinRAR archiver
"Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter
"Xvid_is1" = Xvid 1.2.1 final uninstall
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"PokerOffice5" = PokerOffice 5 (remove only)
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Antivirus Events ]
Error - 11/13/2009 7:54:31 AM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\Users\Kasper\AppData\Local\FLVService\MILF Wendy Taylor´s Hot Porn Debut - spankwire.com(10).bin
 failed, 00000005.  
 
Error - 11/13/2009 6:16:10 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\Users\Kasper\AppData\Roaming\Skype\kasper.bs\main.db failed, 00000005.  
 
Error - 11/18/2009 8:07:59 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\Users\Kasper\AppData\Roaming\Skype\kasper.bs\main.db failed, 00000005.  
 
Error - 11/21/2009 9:20:00 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\Windows\System32\conime.exe failed, 00000005.  
 
Error - 11/21/2009 9:20:12 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\Users\Kasper\AppData\Roaming\Skype\kasper.bs\main.db failed, 00000005.  
 
Error - 11/22/2009 5:47:07 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\Users\Kasper\AppData\Roaming\Skype\kasper.bs\etilqs_wTKUPGlfN6atZBMBuy11 failed,
 00000005.  
 
Error - 11/28/2009 9:20:00 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\Windows\System32\conime.exe failed, 00000005.  
 
Error - 12/7/2009 9:52:00 AM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\Users\Kasper\AppData\Roaming\Skype\kasper.bs\main.db failed, 00000005.  
 
Error - 12/11/2009 9:20:00 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\Windows\System32\conime.exe failed, 00000005.  
 
Error - 1/21/2010 9:12:33 AM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\Users\Kasper\AppData\Roaming\Skype\kasper.bs\main.db failed, 00000005.  
 
[ Application Events ]
Error - 1/20/2010 7:54:57 AM | Computer Name = Kasper-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 1/21/2010 3:36:47 AM | Computer Name = Kasper-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 1/21/2010 9:43:06 AM | Computer Name = Kasper-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 1/21/2010 9:43:48 AM | Computer Name = Kasper-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
 0x49e02a1e, faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e041cf,
 exception code 0xc0000005, fault offset 0x000000000002ce25,  process id 0x768, application
 start time 0x01ca9a9ef301e45b.
 
Error - 1/21/2010 10:44:05 AM | Computer Name = Kasper-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 1/21/2010 10:44:45 AM | Computer Name = Kasper-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 1/21/2010 10:52:59 AM | Computer Name = Kasper-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 1/21/2010 10:53:41 AM | Computer Name = Kasper-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 1/21/2010 11:10:25 AM | Computer Name = Kasper-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 1/21/2010 11:11:06 AM | Computer Name = Kasper-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 9/9/2009 7:48:28 AM | Computer Name = Kasper-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort4.
 
Error - 9/9/2009 7:48:28 AM | Computer Name = Kasper-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort4.
 
Error - 9/9/2009 7:50:23 AM | Computer Name = Kasper-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort4.
 
Error - 9/9/2009 7:50:23 AM | Computer Name = Kasper-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort4.
 
Error - 9/9/2009 9:10:09 AM | Computer Name = Kasper-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been 
blocked from loading due to incompatibility with this system. Please contact your
 software vendor for a compatible version of the driver.
 
Error - 9/9/2009 9:10:09 AM | Computer Name = Kasper-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been 
blocked from loading due to incompatibility with this system. Please contact your
 software vendor for a compatible version of the driver.
 
Error - 9/9/2009 9:11:21 AM | Computer Name = Kasper-PC | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume F: encountered 
a non-retryable error and could not start.  The data contains the error code.
 
Error - 9/9/2009 9:11:27 AM | Computer Name = Kasper-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 9/9/2009 9:11:33 AM | Computer Name = Kasper-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer WebEx Document Loader with
 shared resource name WebEx Document Loader. Error 2114. The printer cannot be used
 by others on the network.
 
Error - 9/9/2009 9:11:54 AM | Computer Name = Kasper-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

ARK.txt
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-21 16:34:23
Windows 6.0.6002 Service Pack 2
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]																   771343423
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]																   285507792
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]																   2
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC									 
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]								  C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]								  1
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]							   0x57 0xE4 0xC3 0x7C ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001							
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\0[email protected]						 0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\0[email protected]					  0x67 0x78 0x93 0xE4 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0					   
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected]				 0x74 0x62 0xC1 0x7E ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4									 
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]								  0
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]							   0x7B 0x79 0xAA 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001							
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected]					  0x6B 0x3F 0x27 0xAD ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40					  
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected]				0x73 0x50 0xD8 0x35 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)				 
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected]									  C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected]									  1
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected]								   0x57 0xE4 0xC3 0x7C ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)		
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\0[email protected]							 0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\0[email protected]						  0x67 0x78 0x93 0xE4 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)   
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected]					 0x74 0x62 0xC1 0x7E ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)				 
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected]									  0
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected]								   0x7B 0x79 0xAA 0x00 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)		
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected]						  0x6B 0x3F 0x27 0xAD ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected]					0x73 0x50 0xD8 0x35 ...

---- EOF - GMER 1.0.15 ----

MBAM LOG.txt
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18865

1/21/2010 3:58:00 PM
mbam-log-2010-01-21 (15-58-00).txt

Scan type: Quick Scan
Objects scanned: 89298
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks in advance

Edited by kasperbs, 21 January 2010 - 10:08 AM.

  • 0

Advertisements


#2
kasperbs

kasperbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I'm taken this opportunity to update my OS to Windows 7. Meaning I will wipe out C:\. I'm expecting this will kill the malware as well.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP