Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help! Ramnit.E and .C removal


  • This topic is locked This topic is locked

#1
arthurdavis

arthurdavis

    New Member

  • Member
  • Pip
  • 2 posts
Hi there,

I somehow managed to get the Ramnit trojan on my computer yesterday. I run Avira AntiVir Desktop, and although the virus had managed to disable its monitor, I could still run a scan. It showed up roughly 3000 Ramnit infections, most .E variety, but some .C - and then claimed to have cleaned up about 700 of those. I then ran Malwarebytes which found just 7 infected objects, all of which I removed.

The virus is still clearly in my system, however. I've just come across this site and run OTL; the 2 log files it produced are below.

Any help in getting rid of this nasty virus would be greatly appreciated!

Thanks.

----------------------------------------------------------------------
OLT.txt follows:

OTL logfile created on: 12/09/2011 17:28:34 - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Stefan Smith\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.10% Memory free
3.85 Gb Paging File | 3.08 Gb Available in Paging File | 79.96% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 1.35 Gb Free Space | 6.92% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 36.23 Gb Free Space | 15.56% Space Free | Partition Type: NTFS
Drive E: | 74.55 Gb Total Space | 1.83 Gb Free Space | 2.45% Space Free | Partition Type: NTFS
Drive I: | 56.79 Gb Total Space | 0.10 Gb Free Space | 0.17% Space Free | Partition Type: NTFS

Computer Name: STEFAN | User Name: Stefan Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Stefan Smith\Desktop\OTL.exe (OldTimer Tools)
PRC - I:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - I:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - I:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - I:\Program Files\Java\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - I:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - E:\Program Files\Preton\PretonSaver\PretonClient.exe (Preton Ltd.)
PRC - E:\Program Files\Preton\PretonSaver\PretonClientService.exe ()
PRC - D:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\system32\bgsvcgen.exe (SOURCENEXT)
PRC - C:\WINDOWS\system32\afasrv32.exe ()
PRC - C:\WINDOWS\system32\Crypserv.exe (CrypKey (Canada) Ltd.)
PRC - C:\WINDOWS\system32\LiscadUpdate.exe (LISTECH Pty. Ltd.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - I:\Program Files\Samurize\Client.exe (Samurize.com)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe ()
PRC - C:\Program Files\ASUS\PC Probe II\Probe2.exe ()
PRC - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
PRC - I:\Program Files\Wireless LAN Utility\tiwlnsvc.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)


========== Modules (No Company Name) ==========

MOD - I:\Program Files\Mozilla Firefox\js3250.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357\System.Web.Services.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - E:\Program Files\Preton\PretonSaver\Client.XmlSerializers.dll ()
MOD - E:\Program Files\Preton\PretonSaver\PretonClientService.exe ()
MOD - E:\Program Files\Preton\PretonSaver\ManagedIpc.dll ()
MOD - D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll ()
MOD - C:\WINDOWS\system32\afasrv32.exe ()
MOD - I:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe ()
MOD - C:\Program Files\ASUS\PC Probe II\Probe2.exe ()
MOD - D:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll ()
MOD - D:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mkunicode.dll ()
MOD - C:\WINDOWS\system32\AsIO.dll ()
MOD - C:\Program Files\ASUS\PC Probe II\PowerDll.dll ()
MOD - C:\Program Files\ASUS\AASP\1.00.05\PowerDll.dll ()
MOD - C:\Program Files\ASUS\PC Probe II\AsHtmlEngine.dll ()
MOD - I:\Program Files\Wireless LAN Utility\tiwlnsvc.exe ()
MOD - C:\Program Files\ASUS\PC Probe II\SoundPlay.dll ()
MOD - C:\Program Files\ASUS\PC Probe II\cpuutil.dll ()
MOD - C:\Program Files\ASUS\AASP\1.00.05\cpuutil.dll ()
MOD - C:\WINDOWS\system32\virport.dll ()


========== Win32 Services (SafeList) ==========

SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- File not found
SRV - (cmdAgent) -- I:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (AntiVirService) -- I:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (JavaQuickStarterService) -- I:\Program Files\Java\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirSchedulerService) -- I:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (PretonClientService) -- E:\Program Files\Preton\PretonSaver\PretonClientService.exe ()
SRV - (bgsvcgen) -- C:\WINDOWS\System32\bgsvcgen.exe (SOURCENEXT)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AfaService) -- C:\WINDOWS\system32\afasrv32.exe ()
SRV - (Crypkey License) -- C:\WINDOWS\system32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (LISCADUpdate) -- C:\WINDOWS\system32\LiscadUpdate.exe (LISTECH Pty. Ltd.)
SRV - (CLPSLS) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
SRV - (SandraAgentSrv) -- D:\Program Files\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe (SiSoftware)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
SRV - (tiwlnsvc) -- I:\Program Files\Wireless LAN Utility\tiwlnsvc.exe ()
SRV - (ArcGIS License Manager) -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe ()


========== Driver Services (SafeList) ==========

DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)
DRV - (NetworkX) -- C:\WINDOWS\system32\Ckldrv.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ISODrive) -- D:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- D:\Program Files\Cyberlink\PowerDVD8\PowerDVD8\000.fcl (CyberLink Corp.)
DRV - (SANDRA) -- D:\Program Files\SiSoftware Sandra Lite 2011\WNt500x86\sandra.sys (SiSoftware)
DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (avgio) -- I:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (VL807) -- C:\WINDOWS\system32\drivers\VL807.sys ()
DRV - (GWHid) -- C:\WINDOWS\system32\drivers\GWHid.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (CLBStor) -- C:\WINDOWS\System32\drivers\CLBStor.sys (Cyberlink Co.,Ltd.)
DRV - (AtcL001) -- C:\WINDOWS\system32\drivers\atl01_xp.sys (Attansic Technology corporation.)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (JGOGO) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (TNET1130) -- C:\WINDOWS\system32\drivers\TNET1130.sys (Texas Instruments)
DRV - (FiltUSBEMPIA) -- C:\WINDOWS\system32\drivers\emFilter.sys (Windows ® Server 2003 DDK provider)
DRV - (DCamUSBEMPIA) -- C:\WINDOWS\system32\drivers\emDevice.sys (eMPIA Technology, Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (ScanUSBEMPIA) -- C:\WINDOWS\system32\drivers\emScan.sys (eMPIA Technology, Inc.)
DRV - (Pnp680) -- C:\WINDOWS\system32\DRIVERS\pnp680.sys (Silicon Image, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21}:1.10.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.2D
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.22
FF - prefs.js..network.proxy.autoconfig_url: "http://www.dur.ac.uk...n/proxy.config"
FF - prefs.js..network.proxy.backup.ftp: "204.85.191.10 "
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "204.85.191.10 "
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "204.85.191.10 "
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "204.85.191.10 "
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "68.199.83.207"
FF - prefs.js..network.proxy.ftp_port: 7212
FF - prefs.js..network.proxy.gopher: "68.199.83.207"
FF - prefs.js..network.proxy.gopher_port: 7212
FF - prefs.js..network.proxy.http: "68.199.83.207"
FF - prefs.js..network.proxy.http_port: 7212
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "68.199.83.207"
FF - prefs.js..network.proxy.socks_port: 7212
FF - prefs.js..network.proxy.ssl: "68.199.83.207"
FF - prefs.js..network.proxy.ssl_port: 7212
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: I:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: I:\Program Files\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: I:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: I:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: I:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Stefan Smith\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Stefan Smith\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/05/15 13:48:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/04/26 18:04:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: I:\Program Files\Java\lib\deploy\jqs\ff [2010/05/16 19:11:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/07/28 17:38:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2011/09/07 13:25:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2011/09/07 13:25:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/07/28 17:38:02 | 000,000,000 | ---D | M]

[2010/05/17 15:58:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stefan Smith\Application Data\Mozilla\Extensions
[2011/07/07 14:58:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stefan Smith\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/05/17 15:58:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stefan Smith\Application Data\Mozilla\Extensions\[email protected]
[2011/09/11 17:55:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stefan Smith\Application Data\Mozilla\Firefox\Profiles\6smzqgaz.default\extensions
[2010/05/16 17:25:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Stefan Smith\Application Data\Mozilla\Firefox\Profiles\6smzqgaz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/02 01:57:44 | 000,000,000 | ---D | M] (View Cookies) -- C:\Documents and Settings\Stefan Smith\Application Data\Mozilla\Firefox\Profiles\6smzqgaz.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
[2011/07/02 13:20:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Stefan Smith\Application Data\Mozilla\Firefox\Profiles\6smzqgaz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/06/23 22:23:13 | 000,000,000 | ---D | M] (Auto Shutdown) -- C:\Documents and Settings\Stefan Smith\Application Data\Mozilla\Firefox\Profiles\6smzqgaz.default\extensions\[email protected]
[2011/02/24 17:28:19 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Stefan Smith\Application Data\Mozilla\Firefox\Profiles\6smzqgaz.default\extensions\[email protected]
[2011/09/06 17:14:32 | 000,004,873 | ---- | M] () -- C:\Documents and Settings\Stefan Smith\Application Data\Mozilla\Firefox\Profiles\6smzqgaz.default\searchplugins\isohunt--bt-search.xml
[2010/05/25 17:25:57 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\Stefan Smith\Application Data\Mozilla\Firefox\Profiles\6smzqgaz.default\searchplugins\urban-dictionary.xml
[2010/10/07 18:54:10 | 000,001,328 | ---- | M] () -- C:\Documents and Settings\Stefan Smith\Application Data\Mozilla\Firefox\Profiles\6smzqgaz.default\searchplugins\wikipedia-de.xml
[2011/07/02 21:01:05 | 000,002,446 | ---- | M] () -- C:\Documents and Settings\Stefan Smith\Application Data\Mozilla\Firefox\Profiles\6smzqgaz.default\searchplugins\wiktionary-de.xml
[2010/05/14 11:36:32 | 000,001,336 | ---- | M] () -- C:\Documents and Settings\Stefan Smith\Application Data\Mozilla\Firefox\Profiles\6smzqgaz.default\searchplugins\wiktionary-en.xml
[2010/09/21 00:19:37 | 000,002,611 | ---- | M] () -- C:\Documents and Settings\Stefan Smith\Application Data\Mozilla\Firefox\Profiles\6smzqgaz.default\searchplugins\wookieepedia-en.xml
[2010/05/14 22:58:43 | 000,002,057 | ---- | M] () -- C:\Documents and Settings\Stefan Smith\Application Data\Mozilla\Firefox\Profiles\6smzqgaz.default\searchplugins\youtube-video-search.xml
[2011/02/27 17:48:54 | 000,000,000 | ---D | M] (General Crawler) -- C:\DOCUMENTS AND SETTINGS\STEFAN SMITH\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
[2011/07/28 17:38:02 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2011/04/26 18:04:20 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- D:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2010/05/16 19:11:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- I:\PROGRAM FILES\JAVA\LIB\DEPLOY\JQS\FF
[2010/05/16 19:11:58 | 000,000,000 | ---D | M] (Java Console) -- I:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/11 15:02:49 | 000,000,000 | ---D | M] (Java Console) -- I:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/12 23:58:01 | 000,000,000 | ---D | M] (Java Console) -- I:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/15 18:09:35 | 000,000,000 | ---D | M] (Java Console) -- I:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/26 15:45:11 | 000,000,000 | ---D | M] (Java Console) -- I:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/06 15:03:22 | 000,000,000 | ---D | M] (Java Console) -- I:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

O1 HOSTS File: ([2010/09/10 18:15:43 | 000,000,764 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - I:\Program Files\Java\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe ()
O4 - HKLM..\Run: [avgnt] I:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [COMODO Internet Security] I:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [HP Software Update] I:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PretonClient] E:\Program Files\Preton\PretonSaver\PretonClient.exe (Preton Ltd.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Stefan Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RckEfygo] C:\Documents and Settings\Stefan Smith\Local Settings\Application Data\mvsruvax\rckefygo.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Stefan Smith\Start Menu\Programs\Startup\StartupOrder.vbs ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = E0 FE FF 03 [binary data]
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - I:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FB37EF8-20AF-4BF0-AFB4-2A912EC6CEED}: NameServer = 129.234.4.13,129.234.4.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72174ADD-822B-4332-8BCD-6CF580E741B1}: NameServer = 129.234.4.13,129.234.4.9
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Stefan Smith\Local Settings\Application Data\mvsruvax\rckefygo.exe) -C:\Documents and Settings\Stefan Smith\Local Settings\Application Data\mvsruvax\rckefygo.exe File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: E:\Eigene Dateien\My Pictures\Super 8 bg.bmp
O24 - Desktop BackupWallPaper: E:\Eigene Dateien\My Pictures\Super 8 bg.bmp
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - I:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/13 14:49:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/12 17:20:29 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stefan Smith\Desktop\OTL.exe
[2011/09/12 16:23:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Stefan Smith\Recent
[2011/09/11 14:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stefan Smith\Local Settings\Application Data\mvsruvax
[2011/08/22 13:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/08/19 17:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CDRoller 6.50
[2011/08/19 17:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stefan Smith\Application Data\CDRoller
[2011/08/17 13:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stefan Smith\Start Menu\Programs\MKVtoolnix
[2011/08/17 13:04:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MKVtoolnix
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 E:\Eigene Dateien\*.tmp files -> E:\Eigene Dateien\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/12 17:20:29 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stefan Smith\Desktop\OTL.exe
[2011/09/12 17:00:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-448539723-839522115-1003UA.job
[2011/09/12 16:39:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/12 16:25:32 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/12 16:25:31 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-448539723-839522115-1003.job
[2011/09/12 16:25:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/11 23:00:02 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-448539723-839522115-1003Core.job
[2011/09/11 21:26:57 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2011/09/11 18:46:36 | 000,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2011/09/11 13:21:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stefan Smith\Ÿ¼Ÿ¼
[2011/09/11 13:15:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/10 17:25:33 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011/09/10 17:25:33 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2011/09/10 17:25:33 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2011/09/10 17:25:32 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2011/09/10 17:25:32 | 000,000,021 | ---- | M] () -- C:\WINDOWS\SurCode.INI
[2011/09/09 11:39:13 | 000,000,639 | ---- | M] () -- C:\StartupOrder.bat
[2011/09/08 13:25:02 | 000,008,220 | ---- | M] () -- C:\Documents and Settings\Stefan Smith\Desktop\Onlinebanking-Shop.pdf
[2011/09/08 11:25:45 | 000,433,580 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/08 11:25:45 | 000,068,218 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/28 21:09:17 | 000,000,840 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2011/08/28 16:47:45 | 000,000,121 | ---- | M] () -- C:\Documents and Settings\Stefan Smith\Start Menu\Programs\Startup\StartupOrder.vbs
[2011/08/27 18:27:19 | 000,000,096 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/08/25 13:58:27 | 000,176,953 | ---- | M] () -- C:\Documents and Settings\Stefan Smith\Desktop\Abtenau_Skimap_Karkogel_Dachstein-West_Skiverleih_Ski-Hire.jpg
[2011/08/19 20:12:22 | 000,000,115 | ---- | M] () -- C:\Documents and Settings\Stefan Smith\Desktop\Five freeware gems for Windows The Cheapskate - CNET News.URL
[2011/08/18 17:25:54 | 135,029,384 | ---- | M] () -- C:\Documents and Settings\Stefan Smith\Desktop\Air Travel to the Empire.avi
[2011/08/16 12:39:37 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 E:\Eigene Dateien\*.tmp files -> E:\Eigene Dateien\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/11 13:21:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stefan Smith\Ÿ¼Ÿ¼
[2011/09/08 13:25:02 | 000,008,220 | ---- | C] () -- C:\Documents and Settings\Stefan Smith\Desktop\Onlinebanking-Shop.pdf
[2011/08/28 15:29:02 | 000,000,121 | ---- | C] () -- C:\Documents and Settings\Stefan Smith\Start Menu\Programs\Startup\StartupOrder.vbs
[2011/08/28 15:27:49 | 000,000,639 | ---- | C] () -- C:\StartupOrder.bat
[2011/08/25 13:58:27 | 000,176,953 | ---- | C] () -- C:\Documents and Settings\Stefan Smith\Desktop\Abtenau_Skimap_Karkogel_Dachstein-West_Skiverleih_Ski-Hire.jpg
[2011/08/22 13:07:55 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight.lnk
[2011/08/19 20:12:22 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\Stefan Smith\Desktop\Five freeware gems for Windows The Cheapskate - CNET News.URL
[2011/08/18 16:55:52 | 135,029,384 | ---- | C] () -- C:\Documents and Settings\Stefan Smith\Desktop\Air Travel to the Empire.avi
[2011/07/31 17:00:19 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/06/23 14:20:53 | 011,120,640 | ---- | C] () -- C:\Documents and Settings\Stefan Smith\Application Data\Sandra.mdb
[2011/06/20 17:10:55 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011/05/28 16:26:51 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/23 19:08:37 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Stefan Smith\Application Data\winscp.rnd
[2011/05/20 13:17:53 | 000,000,162 | ---- | C] () -- C:\WINDOWS\dxm.INI
[2011/05/20 13:17:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FM.INI
[2011/05/20 13:16:54 | 000,000,157 | ---- | C] () -- C:\WINDOWS\clm.INI
[2011/05/20 13:14:54 | 000,000,138 | ---- | C] () -- C:\WINDOWS\crdedit.MfcX002.INI
[2011/05/20 13:14:32 | 000,000,162 | ---- | C] () -- C:\WINDOWS\crdedit.INI
[2011/05/18 17:51:38 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/04/26 18:52:20 | 000,000,353 | ---- | C] () -- C:\WINDOWS\FA123.INI
[2011/02/13 19:24:26 | 000,027,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\VL807.sys
[2011/02/13 19:24:25 | 000,064,048 | ---- | C] () -- C:\WINDOWS\System32\Hidhlp.dll
[2011/02/13 19:24:25 | 000,055,856 | ---- | C] () -- C:\WINDOWS\System32\iFT7195.dll
[2011/01/29 21:35:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/01/17 18:06:02 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/01/17 18:06:02 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011/01/17 18:06:02 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011/01/17 18:06:02 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011/01/17 18:06:02 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2011/01/17 18:06:02 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2010/12/06 21:16:49 | 000,157,407 | ---- | C] () -- C:\WINDOWS\hpoins27.dat
[2010/12/06 21:16:48 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl27.dat
[2010/10/27 18:56:03 | 000,000,068 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2010/10/27 14:20:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/13 18:00:32 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
[2010/09/20 17:32:58 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\xxconsole.ini
[2010/09/11 23:37:47 | 000,000,840 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2010/09/06 17:32:55 | 000,000,096 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/03 14:52:46 | 000,303,104 | ---- | C] () -- C:\WINDOWS\emunist.exe
[2010/09/03 14:52:46 | 000,002,199 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2010/08/15 23:21:45 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/08/11 13:14:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\afasrv32.exe
[2010/08/09 09:03:00 | 000,020,742 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2010/08/09 09:03:00 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2010/08/06 17:10:14 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2010/05/19 13:25:11 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/17 17:53:00 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/05/17 17:15:17 | 000,000,583 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/05/16 18:14:54 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM21.dll
[2010/05/16 18:14:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2010/05/14 00:41:12 | 000,150,528 | ---- | C] () -- C:\Documents and Settings\Stefan Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 21:53:01 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2010/05/13 21:37:29 | 000,237,600 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/05/13 21:34:13 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/05/13 20:22:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/05/13 18:07:53 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2010/05/13 18:01:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/13 17:16:35 | 000,094,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad17.bin
[2010/05/13 17:16:34 | 000,092,836 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad16.bin
[2010/05/13 17:16:34 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\TnetWCoInst.dll
[2010/05/13 16:29:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/13 16:28:26 | 002,235,040 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/13 16:21:04 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/05/13 16:21:04 | 000,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/05/13 16:21:01 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/05/13 16:21:01 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/05/13 16:08:01 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/05/13 16:07:55 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/05/13 15:50:49 | 000,020,184 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010/05/13 15:50:35 | 000,019,738 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/05/13 15:50:32 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/05/13 15:50:28 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/05/13 14:51:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/13 14:45:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/11 05:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/11 05:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/11/06 21:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/23 11:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 11:00:00 | 000,433,580 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 11:00:00 | 000,068,218 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 11:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1997/06/25 13:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll

========== LOP Check ==========

[2011/04/26 17:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/13 21:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2011/01/19 15:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESRI
[2010/12/16 20:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB
[2011/05/18 17:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LISCAD
[2011/01/17 18:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2010/09/11 16:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2011/06/25 02:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaAccount
[2010/09/11 16:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/09/11 16:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/02/28 21:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/07/31 17:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011/01/29 20:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/02/16 23:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/05/13 21:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\Bitdefender
[2010/10/17 18:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\BlueCove
[2011/08/19 17:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\CDRoller
[2011/07/18 12:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\CoreFTP
[2011/05/26 19:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\Digiarty
[2011/01/21 15:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\DualCoreTuner
[2011/05/18 18:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\ESRI
[2010/08/30 16:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\FreeAudioPack
[2011/03/03 14:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\General Downloader
[2010/05/17 17:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\GetRight Pro
[2011/03/06 02:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\GrabPro
[2010/10/27 18:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\ImgBurn
[2010/10/17 18:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\jamse
[2011/01/21 14:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\LEAPS
[2011/06/24 19:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\Nokia
[2010/09/11 17:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\Nokia Ovi Suite
[2011/08/19 15:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\Orbit
[2010/09/11 16:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\PC Suite
[2011/01/21 14:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\Pegasys Inc
[2011/03/05 17:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\ProgSense
[2011/02/01 18:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\Tific
[2010/10/06 19:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Smith\Application Data\VCDEasy

========== Purity Check ==========



< End of report >



---------------------------------------------------------------------------------
Extras.txt follows:

OTL Extras logfile created on: 12/09/2011 17:28:34 - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Stefan Smith\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.10% Memory free
3.85 Gb Paging File | 3.08 Gb Available in Paging File | 79.96% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 1.35 Gb Free Space | 6.92% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 36.23 Gb Free Space | 15.56% Space Free | Partition Type: NTFS
Drive E: | 74.55 Gb Total Space | 1.83 Gb Free Space | 2.45% Space Free | Partition Type: NTFS
Drive I: | 56.79 Gb Total Space | 0.10 Gb Free Space | 0.17% Space Free | Partition Type: NTFS

Computer Name: STEFAN | User Name: Stefan Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- I:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "I:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "I:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "I:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "I:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "I:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"16348:TCP" = 16348:TCP:*:Enabled:BitComet 16348 TCP
"16348:UDP" = 16348:UDP:*:Enabled:BitComet 16348 UDP
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"D:\Program Files\Cyberlink\PowerDVD8\PowerDVD8\PowerDVD8.exe" = D:\Program Files\Cyberlink\PowerDVD8\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"I:\Program Files\BitComet\BitComet.exe" = I:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = I:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = I:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = I:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"I:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = I:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server -- (SafeNet, Inc)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"D:\Program Files\Cyberlink\PowerDVD8\PowerDVD8\PowerDVD8.exe" = D:\Program Files\Cyberlink\PowerDVD8\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"D:\Program Files\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe" = D:\Program Files\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"D:\Program Files\SiSoftware Sandra Lite 2011\WNt500x86\RpcSandraSrv.exe" = D:\Program Files\SiSoftware Sandra Lite 2011\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{07035AB3-5C70-3315-35A9-CFFECA140880}" = BBC iPlayer Desktop
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{07DEC7A1-F8D2-4DBB-900B-A2F9302647BB}" = Wireless LAN Utility
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Giga Ethernet Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212D202D-487D-49C4-8A76-4D3BB91B8471}" = BOINC
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2C3255BF-647E-4250-86AF-D61B7F799ECC}" = Be.HexEditor
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD_3D Advisor 2.0
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{5033400B-0977-45AB-94CE-CC135A8E1BBB}" = ArcGIS Desktop
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{57B8B5EA-9933-48B8-BE83-85554BDC1033}" = Nero 7 Ultra Edition
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5B893587-00A8-4A4E-83F0-8AFA7BFC7C1A}" = PVR Plus
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7AFED294-F3EE-40F9-B0C2-0AD9C45DE7D3}" = Pegasus Imaging's PICVideo 3
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{819E24AA-DB15-4BA8-8D76-92BDF710610B}" = Adobe Setup
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9055D15D-BAB4-487A-BA0D-0CC302613455}" = PretonSaver Home Edition
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications ® Core - English
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A31A5DFC-3439-48FC-99BB-5174168AE471}" = COMODO livePCsupport
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1048-8780-7760-000000000005}" = Adobe Acrobat X Pro - English, Russian
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B8D91F6B-803A-4579-9DAD-1377B56DC657}" = TMPGEnc Authoring Works 4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP3
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D48EAA77-E526-41EB-894C-BD6A17EABD95}" = TMPGEnc 3.0 XPress
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications ® Core
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF1F9B7A-0900-2057-A0C4-2565E0F1AF50}" = LISCAD 9.0 (English UK)
"1489-3350-5074-6281" = JDownloader 0.9
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_6e02d32c7e5a9d9fc86bc91618cafda" = Adobe Premiere Pro CS4 Third Party Content
"All ATI Software" = ATI - Software Uninstall Utility
"AnyDVD" = AnyDVD
"A-PDF Restrictions Remover_is1" = A-PDF Restrictions Remover 1.6
"ArcGIS Desktop" = ArcGIS Desktop
"ArcGIS License Manager" = ArcGIS License Manager
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"ATI Display Driver" = ATI Display Driver
"Avi2Dvd" = Avi2Dvd 0.4.4 beta
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BitComet" = BitComet 1.20
"BitRecorder_is1" = BitRecorder
"Card Reader Driver and USIM Editor Program_is1" = USIM Editor 1.0.25.70
"CDRoller_is1" = CDRoller version 6.50
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"Core FTP LE 2.0" = Core FTP LE 2.0
"DivX Setup.divx.com" = DivX Setup
"DocLock" = DocLock
"DVD Region+CSS Free_is1" = DVD Region+CSS Free 5.9.8.1
"Encore 5.0.2" = Encore
"ffdshow_is1" = ffdshow v1.1.3861 [2011-05-27]
"Fraps" = Fraps (remove only)
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"FT7195" = USB FLYING STICK
"GetASFStream" = GetASFStream
"GoldWave v5.18" = GoldWave v5.18
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{7AFED294-F3EE-40F9-B0C2-0AD9C45DE7D3}" = Pegasus Imaging's PICVideo 3
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.0
"KWorld Editing Device Driver_is1" = KWorld Editing Device Driver
"Leica SurveyOffice" = Leica SurveyOffice
"LucasArts' Star Wars: Episode I Racer" = LucasArts' Star Wars: Episode I Racer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKVtoolnix" = MKVtoolnix 4.9.1
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"Nokia Ovi Suite" = Nokia Ovi Suite
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"Orbit_is1" = Orbit Downloader
"Prism" = Prism
"Python 2.1 combined Win32 extensions" = Python 2.1 combined Win32 extensions
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.263
"RealPlayer 6.0" = RealPlayer
"S.A.D. - DualCore Tuner_is1" = S.A.D. - DualCore Tuner
"Serious Samurize" = Serious Samurize
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TVEpaDrv" = KWorld USB 2800 WDM Drivers
"Ulead iPhoto Express 1.1" = Ulead iPhoto Express 1.1
"VCDEasy_is1" = VCDEasy
"VLC media player" = VLC media player 1.1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinFuture xp-Iso-Builder 3_is1" = WinFuture xp-Iso-Builder 3.0.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.3.1
"WinX HD Video Converter Deluxe_is1" = WinX HD Video Converter Deluxe 3.10.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XXConsole" = XXConsole: Super Console Generator ver 0.96

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/09/2011 11:32:03 | Computer Name = STEFAN | Source = Application Error | ID = 1000
Description = Faulting application ARCGIS.exe, version 0.0.0.0, faulting module
ARCGIS.exe, version 0.0.0.0, fault address 0x000e7ebc.

Error - 12/09/2011 11:37:33 | Computer Name = STEFAN | Source = Application Error | ID = 1000
Description = Faulting application ARCGIS.exe, version 0.0.0.0, faulting module
ARCGIS.exe, version 0.0.0.0, fault address 0x000e7ebc.

Error - 12/09/2011 11:43:03 | Computer Name = STEFAN | Source = Application Error | ID = 1000
Description = Faulting application ARCGIS.exe, version 0.0.0.0, faulting module
ARCGIS.exe, version 0.0.0.0, fault address 0x000e7ebc.

Error - 12/09/2011 11:48:33 | Computer Name = STEFAN | Source = Application Error | ID = 1000
Description = Faulting application ARCGIS.exe, version 0.0.0.0, faulting module
ARCGIS.exe, version 0.0.0.0, fault address 0x000e7ebc.

Error - 12/09/2011 11:54:03 | Computer Name = STEFAN | Source = Application Error | ID = 1000
Description = Faulting application ARCGIS.exe, version 0.0.0.0, faulting module
ARCGIS.exe, version 0.0.0.0, fault address 0x000e7ebc.

Error - 12/09/2011 11:59:33 | Computer Name = STEFAN | Source = Application Error | ID = 1000
Description = Faulting application ARCGIS.exe, version 0.0.0.0, faulting module
ARCGIS.exe, version 0.0.0.0, fault address 0x000e7ebc.

Error - 12/09/2011 12:05:03 | Computer Name = STEFAN | Source = Application Error | ID = 1000
Description = Faulting application ARCGIS.exe, version 0.0.0.0, faulting module
ARCGIS.exe, version 0.0.0.0, fault address 0x000e7ebc.

Error - 12/09/2011 12:09:18 | Computer Name = STEFAN | Source = Application Error | ID = 1000
Description = Faulting application ARCGIS.exe, version 0.0.0.0, faulting module
ARCGIS.exe, version 0.0.0.0, fault address 0x000e7ebc.

Error - 12/09/2011 12:09:32 | Computer Name = STEFAN | Source = MsiInstaller | ID = 11706
Description = Product: TrayApp -- Error 1706. An installation package for the product
TrayApp cannot be found. Try the installation again using a valid copy of the installation
package 'TrayApp.msi'.

Error - 12/09/2011 12:09:49 | Computer Name = STEFAN | Source = Application Error | ID = 1000
Description = Faulting application ARCGIS.exe, version 0.0.0.0, faulting module
ARCGIS.exe, version 0.0.0.0, fault address 0x000e7ebc.

[ System Events ]
Error - 11/09/2011 16:32:14 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7000
Description = The Cyberlink RichVideo Service(CRVS) service failed to start due
to the following error: %%2

Error - 11/09/2011 16:34:24 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 11/09/2011 16:34:25 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7034
Description = The ArcGIS License Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 11/09/2011 16:45:43 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7031
Description = The PretonSaver service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/09/2011 11:25:40 | Computer Name = STEFAN | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 12/09/2011 11:27:32 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Avira AntiVir Guard service
to connect.

Error - 12/09/2011 11:27:32 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
error: %%1053

Error - 12/09/2011 11:27:32 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7000
Description = The Cyberlink RichVideo Service(CRVS) service failed to start due
to the following error: %%2

Error - 12/09/2011 11:28:57 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/09/2011 12:09:25 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7034
Description = The ArcGIS License Manager service terminated unexpectedly. It has
done this 1 time(s).


< End of report >

Attached Files


Edited by arthurdavis, 12 September 2011 - 10:37 AM.

  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a various of malware and a major source of system infection.

In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

When should I re-format? How should I reinstall?
Where to draw the line? When to recommend a format and reinstall?

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:

  • Reimaging the system
  • Restoring the entire system using a full system backup from before the backdoor infection
  • Reformatting and reinstalling the system


Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That's right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


  • 0

#3
arthurdavis

arthurdavis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi Render,

Thank you very much for your information. This is indeed a nuisance, but luckily I have a fair amount of experience with reinstalling my OS.

I have one question though: my computer has 3 physical hard drives, one of which is partitioned into 2, so 4 partitions in total. One drive is exclusively for the OS. Will formatting that drive alone (and subsequently reinstalling my OS) definitely remove the virus? Or is there a chance that it exists on other partitions, where my files are located and programs are installed?

Thanks.
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

I would format all partitions where you have stored files with extensions .exe, .dll and .html/.htm as these are files which Ramnit infects.
Also I recommend you to scan with some antivirus programme all your removable drives (USB memory sticks, external/network HD drives etc.) to avoid reinfection.

Let me know if I can be of any more help.
  • 0

#5
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP