- I was fiddling around with a printing driver when it happened. I was installing the driver manually through Windows Vista, and the driver was located on an official CD from Lexmark.
Symptoms: Only a handful of programs startup with Windows. The rest is visible as processes (in task manager) but not in the tray, nor can I start or run them.
There is a cross over my network connection, indicating no network connection, but I can surf the internet from Opera (I can't start Firefox or Internet Explorer).
If I start Explorer or tries to look at the device manager, it freezes.
What I've done so far: As I couldn't run any programs in Windows, I had to boot in Safety Mode and run the designated programs from there. I ran TFC, ERUNT and MalwareBytes. This had the effect that after reboot and login in NORMAL MODE, I was left with a black screen. Task Manager shows only 6 or 7 processes running.
I then rebooted into SAFETY MODE and proceeded with the rest of the tests, which I have posted below.
NOTE: When running Gmer.exe, most of the options were grayed out, including the 'show all'. I don't know if that was the result of me running it in Safety Mode or what ever. Just thought I would point it out.
Currently I only have access via SAFETY MODE.
OTL.txt
OTL logfile created on: 1/21/2010 4:38:16 PM - Run 1
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Users\Kasper\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.75 Gb Total Space | 69.77 Gb Free Space | 58.26% Space Free | Partition Type: NTFS
Drive D: | 487.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 298.09 Gb Total Space | 234.91 Gb Free Space | 78.80% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 69.46 Gb Free Space | 14.91% Space Free | Partition Type: NTFS
Drive G: | 7.52 Gb Total Space | 4.93 Gb Free Space | 65.59% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KASPER-PC
Current User Name: Kasper
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2010/01/21 15:37:03 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Users\Kasper\Desktop\OTL.exe
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - [2010/01/21 15:37:03 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Users\Kasper\Desktop\OTL.exe
MOD - [2009/04/11 07:28:18 | 00,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2009/11/25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2009/11/25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV:[b]64bit:[/b] - [2009/11/25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV:[b]64bit:[/b] - [2009/11/25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV:[b]64bit:[/b] - [2009/10/28 20:21:28 | 00,660,256 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:[b]64bit:[/b] - [2009/09/25 02:26:26 | 01,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:[b]64bit:[/b] - [2009/06/04 22:03:49 | 01,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:[b]64bit:[/b] - [2009/04/11 08:11:27 | 00,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:[b]64bit:[/b] - [2009/04/11 08:11:14 | 00,604,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:[b]64bit:[/b] - [2009/04/11 08:11:04 | 01,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:[b]64bit:[/b] - [2008/05/16 16:39:34 | 01,040,552 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxdrcoms.exe -- (lxdr_device)
SRV:[b]64bit:[/b] - [2008/05/16 16:39:27 | 00,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdrserv.exe -- (lxdrCATSCustConnectService)
SRV:[b]64bit:[/b] - [2008/01/21 03:50:23 | 00,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2008/01/21 03:47:07 | 00,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fxssvc.exe -- (Fax)
SRV:[b]64bit:[/b] - [2008/01/21 03:46:39 | 00,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/15 08:50:03 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/06/04 22:03:42 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/30 05:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/05/16 16:39:15 | 00,594,600 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWow64\lxdrcoms.exe -- (lxdr_device)
SRV - [2006/11/02 14:34:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 07:35:15 | 00,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 07:35:15 | 00,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "http://www.google.dk/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.17
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:3.0.0.65223
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.7
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.6
FF - prefs.js..extensions.enabledItems: {39952c40-5197-11da-8cd6-0800200c9a66}:0.5.2
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.0rc2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2009/11/04 10:00:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/06 20:41:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/18 16:39:57 | 00,000,000 | ---D | M]
[2009/08/06 21:04:00 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Extensions
[2009/05/01 22:46:05 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/01/21 14:44:12 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions
[2009/08/24 08:20:16 | 00,000,000 | ---D | M] (Screengrab) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/10/22 09:22:21 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/01/18 10:28:01 | 00,000,000 | ---D | M] (Weave Sync) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2009/11/22 17:22:03 | 00,000,000 | ---D | M] (Linkification) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/11/22 17:22:03 | 00,000,000 | ---D | M] (Tab Control) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{39952c40-5197-11da-8cd6-0800200c9a66}
[2009/12/07 07:33:34 | 00,000,000 | ---D | M] (FireFTP) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/10/16 14:37:26 | 00,000,000 | ---D | M] (Web Developer) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/01/07 22:21:06 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/13 17:09:13 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/11/19 18:13:28 | 00,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2009/08/06 22:07:30 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\[email protected]
[2010/01/20 13:48:04 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\[email protected]
[2010/01/21 14:16:16 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\[email protected]
[2010/01/21 14:16:16 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\[email protected]\chrome
[2010/01/21 14:16:15 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\lkd5bp2g.default\extensions\[email protected]\defaults
[2010/01/21 14:44:12 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008/04/29 17:54:30 | 00,110,592 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npfronter_oes2.dll
O1 HOSTS File: ([2009/04/06 16:48:54 | 00,000,789 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4:[b]64bit:[/b] - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 4900 Series\ezprint.exe (Lexmark International Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [lxdrmon.exe] C:\Program Files (x86)\Lexmark 4900 Series\lxdrmon.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files (x86)\Ask & Record Toolbar\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LELA] C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Evernote] C:\Program Files (x86)\Evernote\Evernote3.5\Evernote.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - HKCU..\Run: [Google Update] C:\Users\Kasper\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [POEngine5] File not found
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Kasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:[b]64bit:[/b] - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:[b]64bit:[/b] - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:[b]64bit:[/b] - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8:[b]64bit:[/b] - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:[b]64bit:[/b] - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:[b]64bit:[/b] - ..Trusted Domains: danid.dk ([]http in Trusted sites)
O15:[b]64bit:[/b] - ..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.162.153.164 194.239.134.83
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/10 10:57:07 | 00,000,252 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{9c787204-ca0a-11de-a354-0000e8164786}\Shell - "" = AutoRun
O33 - MountPoints2\{9c787204-ca0a-11de-a354-0000e8164786}\Shell\AutoRun\command - "" = K:\MI.exe -- File not found
O33 - MountPoints2\{aa455136-2242-11de-b356-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{aa455136-2242-11de-b356-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2008/09/10 11:24:11 | 00,299,688 | R--- | M] ( )
O33 - MountPoints2\{bc32e8ed-c3bf-11de-8357-002215ed7c66}\Shell\AutoRun\command - "" = K:\MI.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[b]64bit:[/b] O35 - comfile [open] -- "%1" %* File not found
[b]64bit:[/b] O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs:[b]64bit:[/b] Ias - C:\Windows\SysNative\ias [2008/01/21 04:05:52 | 00,000,000 | ---D | M]
NetSvcs:[b]64bit:[/b] Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/21 04:07:48 | 00,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!
[color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color]
[2010/01/21 15:46:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/01/21 15:37:03 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Users\Kasper\Desktop\OTL.exe
[2010/01/21 15:36:00 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Kasper\Desktop\erunt_setup.exe
[2010/01/21 15:35:53 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Kasper\Desktop\TFC.exe
[2010/01/21 14:02:04 | 00,000,000 | ---D | C] -- C:\ProgramData\Lexmark 4900 Series
[2010/01/21 13:57:09 | 00,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrpmui.dll
[2010/01/21 13:57:09 | 00,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrinpa.dll
[2010/01/21 13:57:09 | 00,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdriesc.dll
[2010/01/21 13:57:09 | 00,126,976 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysWow64\lxdrlnks.dll
[2010/01/21 13:57:08 | 01,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrserv.dll
[2010/01/21 13:57:08 | 00,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrusb1.dll
[2010/01/21 13:57:08 | 00,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrlmpm.dll
[2010/01/21 13:57:07 | 00,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrcomc.dll
[2010/01/21 13:57:07 | 00,679,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrhbn3.dll
[2010/01/21 13:57:07 | 00,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrcoms.exe
[2010/01/21 13:57:07 | 00,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrcomm.dll
[2010/01/21 13:57:07 | 00,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrcfg.exe
[2010/01/21 13:57:07 | 00,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdrih.exe
[2010/01/21 13:56:57 | 00,680,960 | ---- | C] ( ) -- C:\Windows\SysNative\LXDRhcp.dll
[2010/01/21 13:56:56 | 00,896,000 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrlmpm.dll
[2010/01/21 13:56:54 | 01,291,264 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrcomc.dll
[2010/01/21 13:56:53 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 4900 Series
[2010/01/21 13:47:43 | 00,077,906 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\lxdrcfg.dll
[2010/01/21 13:46:47 | 00,000,000 | R--D | C] -- C:\Users\Kasper\Documents\Scanned Documents
[2010/01/21 13:46:46 | 00,000,000 | ---D | C] -- C:\Users\Kasper\Documents\Fax
[2010/01/20 15:44:10 | 00,000,000 | ---D | C] -- C:\ProgramData\Lx_cats
[2010/01/20 15:36:48 | 00,065,536 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\lxdrcfg.dll
[2010/01/20 15:35:54 | 01,660,928 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrserv.dll
[2010/01/20 15:35:54 | 00,982,016 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrpmui.dll
[2010/01/20 15:35:53 | 01,337,344 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrusb1.dll
[2010/01/20 15:35:53 | 01,090,560 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrhbn3.dll
[2010/01/20 15:35:53 | 00,581,632 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrcomm.dll
[2010/01/20 15:35:53 | 00,548,864 | ---- | C] ( ) -- C:\Windows\SysNative\lxdrinpa.dll
[2010/01/20 15:35:53 | 00,513,024 | ---- | C] ( ) -- C:\Windows\SysNative\lxdriesc.dll
[2010/01/20 15:34:23 | 00,065,536 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\lxdrcfg64.dll
[2010/01/20 15:34:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Ezprint
[2010/01/20 15:34:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark Toolbar
[2010/01/20 15:34:03 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark Printable Web
[2010/01/20 15:32:57 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark 4900 Series
[2010/01/19 11:59:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TI Education
[2010/01/19 11:57:42 | 00,000,000 | ---D | C] -- C:\Users\Kasper\Desktop\TiInteractive
[2010/01/17 14:28:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Hobbyist Software
[2010/01/17 13:28:52 | 27,386,256 | ---- | C] ( ) -- C:\Users\Kasper\Desktop\AdbeRdr930_en_US.exe
[2010/01/16 13:57:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Fronter AS
[2010/01/13 18:04:37 | 00,069,632 | ---- | C] ( ) -- C:\nporbit.dll
[2010/01/13 18:03:31 | 00,000,000 | ---D | C] -- C:\Downloads
[2010/01/13 18:01:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Orbitdownloader
[2010/01/13 18:01:36 | 00,000,000 | ---D | C] -- C:\Users\Kasper\AppData\Roaming\Orbit
[2010/01/13 17:43:03 | 00,000,000 | ---D | C] -- C:\Users\Kasper\AppData\Roaming\FlashGet
[2010/01/13 17:43:03 | 00,000,000 | ---D | C] -- C:\Users\Kasper\AppData\Roaming\BITS
[2010/01/13 17:42:59 | 00,000,000 | ---D | C] -- C:\Users\Kasper\AppData\Roaming\FlashGetBHO
[2010/01/13 17:42:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FlashGet Network
[color=#E56717]========== Files - Modified Within 14 Days ==========[/color]
[2010/01/21 16:38:31 | 03,932,160 | -HS- | M] () -- C:\Users\Kasper\NTUSER.DAT
[2010/01/21 16:36:56 | 01,459,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/21 16:36:56 | 00,652,310 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2010/01/21 16:36:56 | 00,594,698 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/21 16:36:56 | 00,125,186 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2010/01/21 16:36:56 | 00,100,766 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/21 16:09:53 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/21 16:06:42 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/21 16:06:09 | 00,524,288 | -HS- | M] () -- C:\Users\Kasper\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/21 16:06:09 | 00,065,536 | -HS- | M] () -- C:\Users\Kasper\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2010/01/21 16:06:07 | 00,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CB9FA888-C130-4BBD-AD9F-CF123505E53D}.job
[2010/01/21 16:04:56 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/21 16:04:47 | 00,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/21 16:04:46 | 00,034,990 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/01/21 16:04:46 | 00,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/21 16:04:45 | 00,034,990 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/01/21 15:46:45 | 00,000,943 | ---- | M] () -- C:\Users\Kasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/21 15:46:43 | 00,000,744 | ---- | M] () -- C:\Users\Kasper\Desktop\ERUNT.lnk
[2010/01/21 15:37:03 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Users\Kasper\Desktop\OTL.exe
[2010/01/21 15:36:56 | 00,284,915 | ---- | M] () -- C:\Users\Kasper\Desktop\gmer.zip
[2010/01/21 15:36:01 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Kasper\Desktop\erunt_setup.exe
[2010/01/21 15:35:53 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Kasper\Desktop\TFC.exe
[2010/01/21 15:30:28 | 00,460,388 | ---- | M] () -- C:\Users\Kasper\Desktop\kasper-sorensen-mat-25.jpg
[2010/01/21 15:10:00 | 00,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2356987698-3661441655-3655627599-1000UA.job
[2010/01/21 15:00:00 | 00,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/21 14:50:19 | 00,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/01/21 14:09:07 | 00,102,288 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/01/20 23:10:00 | 00,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2356987698-3661441655-3655627599-1000Core.job
[2010/01/20 17:40:49 | 00,116,224 | ---- | M] () -- C:\Users\Kasper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/20 13:20:30 | 00,056,352 | ---- | M] () -- C:\Users\Kasper\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/20 12:53:36 | 02,862,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/01/19 11:59:50 | 00,002,071 | ---- | M] () -- C:\Users\Kasper\Desktop\TI InterActive!.lnk
[2010/01/19 11:55:56 | 45,747,123 | ---- | M] () -- C:\Users\Kasper\Desktop\TI-interactive Vista.zip
[2010/01/17 13:29:18 | 27,386,256 | ---- | M] ( ) -- C:\Users\Kasper\Desktop\AdbeRdr930_en_US.exe
[2010/01/15 21:38:05 | 00,000,000 | ---- | M] () -- C:\Users\Kasper\temp.dat
[2010/01/13 17:51:52 | 00,000,305 | ---- | M] () -- C:\Windows\SysWow64\secushr.dat
[2010/01/13 17:45:09 | 00,002,360 | ---- | M] () -- C:\Windows\Opera.INI
[2010/01/13 17:43:07 | 00,000,025 | ---- | M] () -- C:\Windows\libem.INI
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010/01/21 15:46:45 | 00,000,943 | ---- | C] () -- C:\Users\Kasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/21 15:46:43 | 00,000,744 | ---- | C] () -- C:\Users\Kasper\Desktop\ERUNT.lnk
[2010/01/21 15:39:32 | 00,293,376 | ---- | C] () -- C:\Users\Kasper\Desktop\gmer.exe
[2010/01/21 15:36:55 | 00,284,915 | ---- | C] () -- C:\Users\Kasper\Desktop\gmer.zip
[2010/01/21 15:30:28 | 00,460,388 | ---- | C] () -- C:\Users\Kasper\Desktop\kasper-sorensen-mat-25.jpg
[2010/01/21 14:50:19 | 00,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/21 14:02:04 | 00,000,370 | ---- | C] () -- C:\ProgramData\lxdrDiagnostics.log
[2010/01/21 13:57:32 | 00,000,044 | ---- | C] () -- C:\Windows\SysNative\lxdrrwrd.ini
[2010/01/21 13:57:09 | 00,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDRinst.dll
[2010/01/21 13:57:09 | 00,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdrcomx.dll
[2010/01/21 13:57:07 | 00,002,043 | ---- | C] () -- C:\Windows\SysWow64\lxdr.loc
[2010/01/21 13:56:57 | 00,594,432 | ---- | C] () -- C:\Windows\SysNative\LXDRinst.dll
[2010/01/20 16:38:09 | 00,102,288 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/01/20 16:36:25 | 00,002,043 | ---- | C] () -- C:\Windows\SysNative\lxdr.loc
[2010/01/20 16:36:24 | 00,061,218 | ---- | C] () -- C:\Windows\SysNative\lxdrprpr.chm
[2010/01/20 16:18:14 | 00,001,045 | ---- | C] () -- C:\ProgramData\lxdr.log
[2010/01/20 15:36:49 | 00,617,984 | ---- | C] () -- C:\Windows\SysNative\lxdrcoin.dll
[2010/01/20 15:35:52 | 00,300,032 | ---- | C] () -- C:\Windows\SysNative\lxdrgrd.dll
[2010/01/20 15:35:51 | 00,109,056 | ---- | C] () -- C:\Windows\SysNative\lxdrvs.dll
[2010/01/20 15:34:23 | 01,416,192 | ---- | C] () -- C:\Windows\SysNative\lxdrdrs64.dll
[2010/01/20 15:34:23 | 01,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdrdrs.dll
[2010/01/20 15:34:23 | 00,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdrcaps.dll
[2010/01/20 15:34:23 | 00,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdrcnv4.dll
[2010/01/20 15:34:23 | 00,054,784 | ---- | C] () -- C:\Windows\SysNative\lxdrcnv464.dll
[2010/01/20 15:34:23 | 00,025,600 | ---- | C] () -- C:\Windows\SysNative\lxdrcaps64.dll
[2010/01/20 15:34:21 | 00,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010/01/20 15:27:46 | 00,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/01/19 11:59:50 | 00,002,071 | ---- | C] () -- C:\Users\Kasper\Desktop\TI InterActive!.lnk
[2010/01/19 11:52:23 | 45,747,123 | ---- | C] () -- C:\Users\Kasper\Desktop\TI-interactive Vista.zip
[2010/01/13 17:51:52 | 00,000,305 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2010/01/13 17:45:09 | 00,002,360 | ---- | C] () -- C:\Windows\Opera.INI
[2010/01/13 17:43:07 | 00,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2009/12/18 16:46:16 | 00,001,101 | ---- | C] () -- C:\ProgramData\afl.log
[2009/12/07 16:35:29 | 00,432,466 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistMSI3DC5.txt
[2009/12/07 16:35:29 | 00,011,714 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistUI3DC5.txt
[2009/12/03 14:59:33 | 00,415,708 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistMSI3BD0.txt
[2009/12/03 14:59:33 | 00,018,218 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistUI3BD0.txt
[2009/12/03 13:41:07 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 13:40:09 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/05 11:16:14 | 00,034,990 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/04 19:33:54 | 00,034,990 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/09/13 20:24:00 | 00,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/08/13 19:59:29 | 00,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/08/13 19:59:29 | 00,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/07/29 15:05:47 | 00,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/06/09 01:47:51 | 00,000,680 | ---- | C] () -- C:\Users\Kasper\AppData\Local\d3d9caps.dat
[2009/06/07 21:17:53 | 00,014,102 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistUI3B93.txt
[2009/06/06 15:16:42 | 00,412,822 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistMSI5900.txt
[2009/06/06 15:16:42 | 00,011,470 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistUI5900.txt
[2009/06/04 22:26:57 | 00,415,726 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistMSI0606.txt
[2009/06/04 22:26:56 | 00,011,386 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistUI0606.txt
[2009/06/04 20:38:17 | 00,418,676 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistMSI32DA.txt
[2009/06/04 20:38:16 | 00,018,774 | ---- | C] () -- C:\Users\Kasper\AppData\Local\dd_vcredistUI32DA.txt
[2009/04/05 22:25:12 | 00,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/04/05 22:25:11 | 00,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/04/05 22:25:11 | 00,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/04/05 22:25:10 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/04/05 22:25:10 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/04/05 22:25:09 | 00,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/04/05 21:08:58 | 00,116,224 | ---- | C] () -- C:\Users\Kasper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/05 18:03:35 | 00,028,551 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/04/05 17:49:46 | 00,000,732 | ---- | C] () -- C:\Users\Kasper\AppData\Local\d3d9caps64.dat
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/02/11 09:39:26 | 00,253,952 | ---- | C] () -- C:\Windows\SysWow64\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 00,237,568 | ---- | C] () -- C:\Windows\SysWow64\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 00,110,592 | ---- | C] () -- C:\Windows\SysWow64\OnlineScannerLang.dll
[2008/01/21 03:49:10 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/12/28 08:22:02 | 00,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/07/27 14:49:02 | 00,225,355 | ---- | C] () -- C:\Windows\SysWow64\lnod32apiW.dll
[2007/07/27 14:49:02 | 00,196,683 | ---- | C] () -- C:\Windows\SysWow64\lnod32apiA.dll
[2005/12/05 19:25:22 | 00,139,264 | ---- | C] () -- C:\Windows\SysWow64\lnod32umc.dll
[2005/12/05 12:37:10 | 00,106,496 | ---- | C] () -- C:\Windows\SysWow64\lnod32upd.dll
[2005/07/09 09:37:44 | 00,005,632 | ---- | C] () -- C:\Windows\SysWow64\dfsc.dll
[2000/10/30 10:04:00 | 00,000,209 | ---- | C] () -- C:\Windows\Ic32.ini
[color=#E56717]========== LOP Check ==========[/color]
[2009/04/23 22:18:04 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\AMPSoft
[2009/06/14 14:40:39 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Aptana
[2009/05/11 00:36:47 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Audacity
[2010/01/13 17:43:29 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\BITS
[2009/04/08 03:05:45 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2009/04/10 10:27:48 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\com.snippely.6E4C758165F11BBEC90F106AA88CF53EB51547B1.1
[2009/12/23 15:27:24 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Cryptomathic
[2009/12/04 00:44:06 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Cycling '74
[2009/04/05 23:43:16 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\DAEMON Tools
[2009/09/14 21:07:27 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\DAEMON Tools Lite
[2009/04/05 23:43:16 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\DAEMON Tools Pro
[2009/04/05 22:08:04 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2009/04/06 18:26:57 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\FireShot
[2010/01/13 17:43:03 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\FlashGet
[2010/01/13 17:43:00 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\FlashGetBHO
[2009/04/05 22:40:18 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Foxit
[2009/07/10 20:15:21 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\GetRightToGo
[2009/06/13 17:09:16 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\GHISLER
[2009/10/15 15:46:20 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\GrabIt
[2009/08/24 22:01:44 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\HDRsoft
[2009/07/08 20:04:53 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\ImgBurn
[2009/05/06 21:07:49 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Mp3tag
[2009/09/03 21:01:42 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Nokia
[2009/06/14 14:43:15 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Notepad++
[2009/04/07 20:26:45 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\OpenOffice.org
[2009/04/05 23:59:45 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Opera
[2010/01/20 14:33:59 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Orbit
[2009/06/04 20:18:25 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\OxelonMC
[2009/09/03 20:57:25 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\PC Suite
[2009/04/28 18:10:18 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Publish Providers
[2009/06/27 01:31:18 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\RawTherapee
[2009/05/01 22:46:04 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Songbird2
[2009/06/10 02:27:02 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Sony
[2009/12/08 01:03:40 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\Sony Creative Software
[2009/04/06 14:40:04 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\SystemRequirementsLab
[2009/04/05 22:03:19 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/12/03 22:43:30 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/01/21 15:27:52 | 00,000,000 | ---D | M] -- C:\Users\Kasper\AppData\Roaming\uTorrent
[2010/01/21 16:06:42 | 00,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/21 16:06:07 | 00,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CB9FA888-C130-4BBD-AD9F-CF123505E53D}.job
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008/01/21 03:45:58 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/21 03:45:58 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008/01/21 03:45:58 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 08:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color]
[2006/11/02 12:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
[color=#A23BEC]< MD5 for: IASTORV.SYS >[/color]
[2008/01/21 03:46:07 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/01/21 03:50:06 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 08:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/21 03:47:35 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color]
[2008/01/21 03:46:02 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2008/01/21 03:49:34 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/21 03:48:56 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 08:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 64 bytes -> C:\Users\Kasper\Desktop\aw-tutorial.mp4:TOC.WMV
@Alternate Data Stream - 24 bytes -> C:\Windows:6D16765549E8AE1E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >EXTRAS.txt
OTL Extras logfile created on: 1/21/2010 4:38:16 PM - Run 1
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Users\Kasper\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.75 Gb Total Space | 69.77 Gb Free Space | 58.26% Space Free | Partition Type: NTFS
Drive D: | 487.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 298.09 Gb Total Space | 234.91 Gb Free Space | 78.80% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 69.46 Gb Free Space | 14.91% Space Free | Partition Type: NTFS
Drive G: | 7.52 Gb Total Space | 4.93 Gb Free Space | 65.59% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KASPER-PC
Current User Name: Kasper
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = D1 DF 3A CB 24 74 CA 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08799CDB-CF48-490C-BFB2-73E83C92282B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B02296E-DC91-44CE-B4EE-17EC2E7F604C}" = lport=3390 | protocol=6 | dir=in | app=system |
"{111D2EAE-EBCE-42DC-B63A-149F027CBDE6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{359FAEA9-021D-41D6-B232-740E6F107E31}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{41736B84-4462-4D6C-B49B-C7FCD71743EB}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{457736F7-9F08-4438-96EC-AD59F133E20D}" = rport=137 | protocol=17 | dir=out | app=system |
"{473C31D3-9B55-45DD-A3EB-88877EB4DAD5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{48BA7790-50C1-43DD-8F68-3895A13DD4B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{493ECB99-ADDB-433F-B4CF-129D57033E74}" = rport=10243 | protocol=6 | dir=out | app=system |
"{56EF0291-4624-41BC-A5C9-65D2BD10EB5C}" = lport=138 | protocol=17 | dir=in | app=system |
"{59B84E97-46B2-4D46-8A44-FA4B46C7904B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{65BFE3FB-FDE4-4F49-8C33-7455746D6E7A}" = rport=445 | protocol=6 | dir=out | app=system |
"{67D2C285-CA49-450A-AAA1-4848A810D01E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6E249286-5033-40A5-AF5B-BCE394259DE6}" = lport=445 | protocol=6 | dir=in | app=system |
"{723A68FD-5243-490F-9E67-2157DF79C5B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{7F1A850D-D1CA-452D-B6D1-03121871B998}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F6EFCAC-7ABF-4D1A-B951-3E0BCACAD1A3}" = lport=10244 | protocol=6 | dir=in | app=system |
"{8419B4B6-53B6-46F5-B71D-A0952A5D5D74}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{88A6128B-07E6-48B4-93B5-05C12B0D1B64}" = lport=8081 | protocol=6 | dir=in | name=apache |
"{8DC001B2-C691-4B45-873A-637C5137AF25}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8FAF4469-0E43-4462-835D-36F1DF4E3426}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{90581F06-2BF6-4131-B138-010EE00D55DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{94968861-D158-41D4-9B5E-C60D8823BD5F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{9BCA0919-3642-410E-B7F5-ED957EADA4C0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E20993E-090E-425D-B274-4DFECB900640}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A288789E-869A-413A-9A1C-696C8245D517}" = rport=138 | protocol=17 | dir=out | app=system |
"{A318B251-6B0A-4460-9296-EC2615CF32D8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A4B16E3F-CC04-400A-86A4-B659A386C7E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A7F795F4-3C23-4E02-872B-47DB7E858F8E}" = lport=139 | protocol=6 | dir=in | app=system |
"{A91EB829-33B2-483A-ACE2-FA8069773D13}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AC500797-C2E5-422B-ACAB-E35315D519B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1A87A1D-375E-4502-8CA9-87F49AAEDEFE}" = rport=10244 | protocol=6 | dir=out | app=system |
"{B6728B0F-CAD7-417E-9DB2-5ABA0480862D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BC07D3A6-E06E-430F-AE0B-26DE8D8FB892}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BD627FA4-8BEF-4A59-A98E-71680FB3AD87}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C06C4160-DAE2-45FA-B719-4478A59C2047}" = rport=139 | protocol=6 | dir=out | app=system |
"{C943F84F-AAAE-47E9-87CB-3B966FE189CA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CFF28C63-3E37-403E-ACF3-7830C13682A3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EEBCC30E-6B16-49A0-A2A7-D785ADA7DA12}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F35C1DE6-63DE-4B5F-8B62-EFA0CE30F066}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C339BD-EC05-4F10-ACF4-6FBE6603D46B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{04FFA875-AAD3-4887-8D6A-8E72C48435C8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0F09299F-8D60-4BD6-A00C-79D2A10F2D37}" = protocol=1 | dir=in | [email protected],-28543 |
"{1D4149D5-66D6-498B-94DD-452950D65B6A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{20F8B8FC-0391-4B50-AA4A-552EA405CA9B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{21EFFD0F-BB86-423D-BD82-F8E6E98CE548}" = protocol=1 | dir=out | [email protected],-28544 |
"{22E48A55-0D03-4115-9DB8-A2D37571AE73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23C06D95-6C10-4D18-A658-A94DC1CD7CB1}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{2605112B-06D9-485F-8A27-698937CA2396}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{2856EB79-441E-46D9-AAAC-823C85C8C78E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{39F4A917-7556-480F-95BF-000D9B3D13B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4399C02C-6CB9-4EB0-9E89-DFCA78A5E7FE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{45088889-3EA2-467F-B1C6-55E8C7505EEE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{584422B9-5BE4-44BF-B561-CDA2D85F833D}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{5A2830C8-D188-426C-ACA3-FC8A2251AC20}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdrpswx.exe |
"{5DFF3DD2-DE75-46A0-8004-FC30B20AACEF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66B076B6-BC01-49D8-BC68-58160D3D894C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{68741E4C-C2EB-4EC6-9DBB-B7BA1F539666}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6995692E-2D97-4B39-B77E-D0CE154CF281}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdrpswx.exe |
"{906F74F7-4FE2-43C4-B1F0-BD2364DEDF87}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9279EC1F-0EA7-4B82-9C1F-4FEAABB9BD20}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{963FC46E-10BA-4413-B193-C2BFE654D712}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9D4DCEB2-C2E3-4D68-BD23-378005B798FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A12343E8-84E1-4C86-A9CC-E704F2A4DE6E}" = protocol=17 | dir=in | app=c:\windows\system32\lxdrcoms.exe |
"{A80D093C-2E33-46CB-AC58-C06E663A0D9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B08B58EF-47E5-41A2-A2A7-7114409214ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B263EF11-68AF-4133-A165-394421DF0C23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2CC66A5-9CE1-4BFA-BBA7-2C6327A39A70}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B677A08C-952F-47B9-A1F9-A94D9664AACA}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{B711B1A1-822A-4131-9131-AE6460B8A883}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{BA1AB993-3D41-49B9-8196-AD5EC60EE04C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{BED019A6-C133-4C7E-B786-B4F7580FF52A}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{D195588E-F552-4AE7-A187-A95E87E7AF5F}" = protocol=58 | dir=in | [email protected],-28545 |
"{D1D64309-2704-4285-A9B6-06C9BDEE1170}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdrcoms.exe |
"{DA26C093-BD58-4128-A03D-BAC2D1CB879B}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdrcoms.exe |
"{DC5087F4-29CB-4F1E-800D-D268549E8801}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DC80D081-0E2E-43B6-9451-84463A179E47}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E298160F-D0DC-40AE-AD7C-C505B1DD3848}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{E4168052-C572-475C-B8F0-40BB58E80ADC}" = protocol=6 | dir=out | app=system |
"{E4A46FC0-74A8-4083-838E-6D4E30DAA8CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E52ACA98-FACA-4A74-9321-7A88447C10B3}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{EAC50F99-2885-43C3-834D-92E236EE381E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F705FC83-152C-43CB-B2E4-14242A70F4F9}" = protocol=6 | dir=in | app=c:\windows\system32\lxdrcoms.exe |
"{F823CDEE-EF45-42C8-9959-8EC67A0EC04C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F8535E8B-6DC3-4081-B72A-9B80597F3757}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA29DC4B-C6E6-4454-87B8-DDE182DA8C05}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{FB73D63D-58BC-4B3A-AB9B-B7930541CC8C}" = protocol=58 | dir=out | [email protected],-28546 |
"TCP Query User{04A9643E-8BFB-4FDF-9BA0-23ACFBAD2B55}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{29EBF25B-A358-409F-89B4-D35EC14B3F56}E:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=e:\xampp\apache\bin\apache.exe |
"TCP Query User{38E83A72-037A-447D-95D3-263D37B61321}E:\production\websites\wos\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=e:\production\websites\wos\mysql\bin\mysqld-nt.exe |
"TCP Query User{43E03727-77BF-4196-8488-5D8A01AD8C3F}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"TCP Query User{4DCEC423-EC9C-4463-BE7A-F33034CB5190}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{54CD1A6E-8D00-4115-B5E5-D78CF4E9C410}E:\production\websites\resources\local software\wos\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=e:\production\websites\resources\local software\wos\apache2\bin\httpd.exe |
"TCP Query User{59F632F4-CDD4-48D7-B93C-13FB5EE298DA}E:\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=e:\xampplite\apache\bin\httpd.exe |
"TCP Query User{6956B191-5B33-4862-A89B-035F43604E21}E:\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\xampplite\mysql\bin\mysqld.exe |
"TCP Query User{7179007A-3D27-4957-820B-FF776A237761}C:\program files (x86)\pokeroffice5\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pokeroffice5\bin\javaw.exe |
"TCP Query User{71914AF9-2C4C-4B11-AEC8-68AFC0BCFDD3}G:\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=g:\xampplite\mysql\bin\mysqld.exe |
"TCP Query User{76E4BA04-0B9F-4407-8EBF-BCBB6F64AEAF}G:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=g:\xampp\apache\bin\apache.exe |
"TCP Query User{871D9F88-69FB-4133-A751-FEA85D149E3C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{898B48B7-4235-4E8A-9DED-77162ADCE3FD}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"TCP Query User{96C2F499-B56D-4F3B-A443-4E196A451AF2}E:\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=e:\xampplite\apache\bin\httpd.exe |
"TCP Query User{9CC3B15F-66C4-4CF7-8143-8097172E8C66}G:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=g:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{9D641DBD-5629-42C2-A492-D243E6C79EAB}C:\program files (x86)\aptana studio 1.2\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aptana studio 1.2\jre\bin\javaw.exe |
"TCP Query User{A4CA78BA-C1B7-45A6-BC4E-A25327101400}E:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{ACB2BCFB-6692-4EC4-84FA-6607CF571082}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{AD6E1349-5752-4E4A-A12F-F717B58C59FC}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{B672D476-FE55-466D-9811-8FEF26720D53}C:\program files (x86)\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files (x86)\safari\safari.exe |
"TCP Query User{BD1C79CD-A4A2-4383-B8C5-9B64B4E11902}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{C6CB4671-4976-4072-9505-9B8DE6BADF4D}E:\production\websites\resources\local software\wos\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=e:\production\websites\resources\local software\wos\mysql\bin\mysqld-nt.exe |
"TCP Query User{D7239D15-0B13-47B0-958F-A34D573AFD28}G:\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=g:\xampplite\apache\bin\httpd.exe |
"TCP Query User{D7270B04-6FBC-421E-83E2-7D87B7F5CEF7}E:\production\websites\wos\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=e:\production\websites\wos\apache2\bin\httpd.exe |
"TCP Query User{E1CA9881-9489-4228-BF9B-DB51031340C1}C:\program files (x86)\smartcam\smartcam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smartcam\smartcam.exe |
"TCP Query User{E63392F3-5BE3-40CB-91EA-BAC6440166E0}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{EA2A30B9-287B-4FBE-95B5-41EDEC07B7EA}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{EDB80D3A-9076-4992-A4D4-416E4ACD2EFB}E:\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\xampplite\mysql\bin\mysqld.exe |
"UDP Query User{009D3239-F0AC-4545-BEEB-FCC6DE1AED44}C:\program files (x86)\smartcam\smartcam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smartcam\smartcam.exe |
"UDP Query User{011B0BD2-9104-41BD-ADFC-55156F98F237}E:\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=e:\xampplite\apache\bin\httpd.exe |
"UDP Query User{01EEDA18-E518-46A1-A32F-C830F5704FED}E:\production\websites\resources\local software\wos\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=e:\production\websites\resources\local software\wos\mysql\bin\mysqld-nt.exe |
"UDP Query User{1DB1FAC1-3666-40CC-958F-70C3334B9CCC}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"UDP Query User{2B714DD2-FA37-4F85-AA62-217092B9B91C}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{2D29AB27-B5DC-4D1B-8CFB-513FAB5BC99A}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{3715298D-3A3F-42D3-A4C4-AC89B11A3969}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{37E9EF72-3AC8-44F3-93FE-C5351113B246}G:\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=g:\xampplite\mysql\bin\mysqld.exe |
"UDP Query User{3EAB1757-80C5-4A0B-ABEE-3C3C244E0F67}C:\program files (x86)\aptana studio 1.2\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aptana studio 1.2\jre\bin\javaw.exe |
"UDP Query User{4A320479-0181-4287-B31D-FB66C9D5FC76}G:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=g:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{62DA1376-3237-4740-8B1D-0936101FC1C2}E:\production\websites\resources\local software\wos\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=e:\production\websites\resources\local software\wos\apache2\bin\httpd.exe |
"UDP Query User{67DE43C0-52E7-4D12-B03D-C27995A09031}C:\program files (x86)\pokeroffice5\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pokeroffice5\bin\javaw.exe |
"UDP Query User{69D227EB-729C-444F-8642-5CD4EDDED2CC}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{7B18DEBA-E3A7-4A16-9AD7-44AD953E7C53}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{7C73BDBF-9CBE-4A3A-AC46-375B58B4D494}E:\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=e:\xampplite\apache\bin\httpd.exe |
"UDP Query User{80DA8BBD-0C0F-41EB-9047-4ACEB2CA1855}E:\production\websites\wos\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=e:\production\websites\wos\apache2\bin\httpd.exe |
"UDP Query User{87955E74-5574-4914-9B07-9C9461457268}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{AD727ED4-3585-4A93-9540-45F198A5F104}G:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=g:\xampp\apache\bin\apache.exe |
"UDP Query User{AFBDEAA1-8386-4970-A5D0-25B9DFFF345F}G:\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=g:\xampplite\apache\bin\httpd.exe |
"UDP Query User{AFF67C51-B5CC-40D2-90ED-E188BBB68216}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"UDP Query User{B3CCE230-5DA1-4C32-A7C7-EC244B5D2C2D}E:\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\xampplite\mysql\bin\mysqld.exe |
"UDP Query User{BFFAA78A-8812-4BAC-9376-BA0C7DCEAA3E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{C9CDD1A3-B6D4-4FE1-A9C6-3DEB24BBC922}E:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=e:\xampp\apache\bin\apache.exe |
"UDP Query User{CAA6B652-3B5B-46C8-9BE9-1A70E76EB951}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{D07F9EA1-C50C-4B3B-AE9F-F1625D70C9C5}E:\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\xampplite\mysql\bin\mysqld.exe |
"UDP Query User{D335671E-1494-40A5-811C-3EDCF0CDCEDF}E:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{EB56EB39-BE68-453B-9ED1-0044EE145B52}E:\production\websites\wos\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=e:\production\websites\wos\mysql\bin\mysqld-nt.exe |
"UDP Query User{EF4BF41F-19FC-41BF-8D39-45AE8BC1C20F}C:\program files (x86)\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files (x86)\safari\safari.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{7523EFAC-5445-4E89-BD90-84E0D0110690}" = Adobe Photoshop Lightroom 2.6 64-bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8BADD53C-3A6D-4D22-B8C5-56ACD699C17D}" = Digital Signatur
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"CS464_is1" = Tone Mapping Plug-In 1.2
"CutePDF Writer Installation" = CutePDF Writer 2.8
"LameACM" = Lame ACM MP3 Codec
"Lexmark 4900 Series" = Lexmark 4900 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"PhotomatixPro3x64_is1" = Photomatix Pro version 3.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{51E43DA1-CAEA-4264-9BB8-3F47ED57E2A4}" = TI InterActive!(TM)
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{755C5628-7C85-C99A-4035-1B89D6D43BD8}" = TweetDeck
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8BADD53C-3A6D-4D22-B8C5-56ACD699C17D}" = Digital Signatur
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5D38531-2B11-45AA-8D35-8E30338B4DC8}" = Fronter OES2 Firefox
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F9F327-2274-B414-B3CA-A2A1084E2E24}" = iTunes Export
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Ask & Record Toolbar4.00 Public Beta 1" = Ask & Record Toolbar 4.00 Public Beta 1
"Ask Toolbar_is1" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DebugMode FrameServer" = DebugMode FrameServer
"Digital Editions" = Adobe Digital Editions
"Digital Signatur" = Digital Signatur
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1" = iTunes Export
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Standard)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mp3tag" = Mp3tag v2.45a
"Orbit_is1" = Orbit Downloader
"PokerStars" = PokerStars
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SystemRequirementsLab" = System Requirements Lab
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"uTorrent" = µTorrent
"VLC Connection Utility_is1" = VLC Connection Utility 2.11
"VLC media player" = VLC media player 1.0.0
"WinRAR archiver" = WinRAR archiver
"Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter
"Xvid_is1" = Xvid 1.2.1 final uninstall
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"PokerOffice5" = PokerOffice 5 (remove only)
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Antivirus Events ]
Error - 11/13/2009 7:54:31 AM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Kasper\AppData\Local\FLVService\MILF Wendy Taylor´s Hot Porn Debut - spankwire.com(10).bin
failed, 00000005.
Error - 11/13/2009 6:16:10 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Kasper\AppData\Roaming\Skype\kasper.bs\main.db failed, 00000005.
Error - 11/18/2009 8:07:59 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Kasper\AppData\Roaming\Skype\kasper.bs\main.db failed, 00000005.
Error - 11/21/2009 9:20:00 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.
Error - 11/21/2009 9:20:12 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Kasper\AppData\Roaming\Skype\kasper.bs\main.db failed, 00000005.
Error - 11/22/2009 5:47:07 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Kasper\AppData\Roaming\Skype\kasper.bs\etilqs_wTKUPGlfN6atZBMBuy11 failed,
00000005.
Error - 11/28/2009 9:20:00 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.
Error - 12/7/2009 9:52:00 AM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Kasper\AppData\Roaming\Skype\kasper.bs\main.db failed, 00000005.
Error - 12/11/2009 9:20:00 PM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.
Error - 1/21/2010 9:12:33 AM | Computer Name = Kasper-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Kasper\AppData\Roaming\Skype\kasper.bs\main.db failed, 00000005.
[ Application Events ]
Error - 1/20/2010 7:54:57 AM | Computer Name = Kasper-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/21/2010 3:36:47 AM | Computer Name = Kasper-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/21/2010 9:43:06 AM | Computer Name = Kasper-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/21/2010 9:43:48 AM | Computer Name = Kasper-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e041cf,
exception code 0xc0000005, fault offset 0x000000000002ce25, process id 0x768, application
start time 0x01ca9a9ef301e45b.
Error - 1/21/2010 10:44:05 AM | Computer Name = Kasper-PC | Source = EventSystem | ID = 4609
Description =
Error - 1/21/2010 10:44:45 AM | Computer Name = Kasper-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/21/2010 10:52:59 AM | Computer Name = Kasper-PC | Source = EventSystem | ID = 4609
Description =
Error - 1/21/2010 10:53:41 AM | Computer Name = Kasper-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/21/2010 11:10:25 AM | Computer Name = Kasper-PC | Source = EventSystem | ID = 4609
Description =
Error - 1/21/2010 11:11:06 AM | Computer Name = Kasper-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 9/9/2009 7:48:28 AM | Computer Name = Kasper-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort4.
Error - 9/9/2009 7:48:28 AM | Computer Name = Kasper-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort4.
Error - 9/9/2009 7:50:23 AM | Computer Name = Kasper-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort4.
Error - 9/9/2009 7:50:23 AM | Computer Name = Kasper-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort4.
Error - 9/9/2009 9:10:09 AM | Computer Name = Kasper-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 9/9/2009 9:10:09 AM | Computer Name = Kasper-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.
Error - 9/9/2009 9:11:21 AM | Computer Name = Kasper-PC | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume F: encountered
a non-retryable error and could not start. The data contains the error code.
Error - 9/9/2009 9:11:27 AM | Computer Name = Kasper-PC | Source = HTTP | ID = 15016
Description =
Error - 9/9/2009 9:11:33 AM | Computer Name = Kasper-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer WebEx Document Loader with
shared resource name WebEx Document Loader. Error 2114. The printer cannot be used
by others on the network.
Error - 9/9/2009 9:11:54 AM | Computer Name = Kasper-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >ARK.txt
GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-21 16:34:23 Windows 6.0.6002 Service Pack 2 Running: gmer.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x57 0xE4 0xC3 0x7C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x67 0x78 0x93 0xE4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x74 0x62 0xC1 0x7E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7B 0x79 0xAA 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6B 0x3F 0x27 0xAD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x73 0x50 0xD8 0x35 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x57 0xE4 0xC3 0x7C ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x67 0x78 0x93 0xE4 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x74 0x62 0xC1 0x7E ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7B 0x79 0xAA 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6B 0x3F 0x27 0xAD ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x73 0x50 0xD8 0x35 ... ---- EOF - GMER 1.0.15 ----
MBAM LOG.txt
Malwarebytes' Anti-Malware 1.44 Database version: 3510 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18865 1/21/2010 3:58:00 PM mbam-log-2010-01-21 (15-58-00).txt Scan type: Quick Scan Objects scanned: 89298 Time elapsed: 2 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Thanks in advance
Edited by kasperbs, 21 January 2010 - 10:08 AM.
Sign In
Create Account
